python/samba/tests/test_pam_winbind_chauthtok.sh

   1 #!/bin/sh
   2
   3 PYTHON="$1"
   4 PAM_WRAPPER_SO_PATH="$2"
   5 PAM_SET_ITEMS_SO_PATH="$3"
   6 shift 3
   7
   8 DOMAIN="$1"
   9 export DOMAIN
  10 USERNAME="$2"
  11 export USERNAME
  12 PASSWORD="$3"
  13 export PASSWORD
  14 NEWPASSWORD="$4"
  15 export NEWPASSWORD
  16 PAM_OPTIONS="$5"
  17 export PAM_OPTIONS
  18 CREATE_USER="$6"
  19 shift 6
  20
  21 samba_bindir="$BINDIR"
  22 samba_tool="$samba_bindir/samba-tool"
  23
  24 if [ "$CREATE_USER" = yes ]; then
  25     CREATE_SERVER="$1"
  26     CREATE_USERNAME="$2"
  27     CREATE_PASSWORD="$3"
  28     shift 3
  29     $samba_tool user create "$USERNAME" "$PASSWORD" -H "ldap://$CREATE_SERVER" -U "$CREATE_USERNAME%$CREATE_PASSWORD"
  30     # reset password policies beside of minimum password age of 0 days
  31     $samba_tool domain passwordsettings set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default -H "ldap://$CREATE_SERVER" -U "$CREATE_USERNAME%$CREATE_PASSWORD"
  32 fi
  33
  34 PAM_WRAPPER_PATH="$BINDIR/default/third_party/pam_wrapper"
  35
  36 pam_winbind="$BINDIR/shared/pam_winbind.so"
  37 service_dir="$SELFTEST_TMPDIR/pam_services"
  38 service_file="$service_dir/samba"
  39
  40 mkdir $service_dir
  41 echo "auth        required    $pam_winbind debug debug_state $PAM_OPTIONS" > $service_file
  42 echo "account     required    $pam_winbind debug debug_state $PAM_OPTIONS" >> $service_file
  43 echo "password    required    $PAM_SET_ITEMS_SO_PATH" >> $service_file
  44 echo "password    required    $pam_winbind debug debug_state $PAM_OPTIONS" >> $service_file
  45 echo "session     required    $pam_winbind debug debug_state $PAM_OPTIONS" >> $service_file
  46
  47 PAM_WRAPPER_SERVICE_DIR="$service_dir"
  48 export PAM_WRAPPER_SERVICE_DIR
  49 LD_PRELOAD="$LD_PRELOAD:$PAM_WRAPPER_SO_PATH"
  50 export LD_PRELOAD
  51
  52 PAM_WRAPPER_DEBUGLEVEL=${PAM_WRAPPER_DEBUGLEVEL:="2"}
  53 export PAM_WRAPPER_DEBUGLEVEL
  54
  55 case $PAM_OPTIONS in
  56     use_authtok)
  57         PAM_AUTHTOK="$NEWPASSWORD"
  58         export PAM_AUTHTOK
  59     ;;
  60     try_authtok)
  61         PAM_AUTHTOK="$NEWPASSWORD"
  62         export PAM_AUTHTOK
  63     ;;
  64 esac
  65
  66 PAM_WRAPPER="1" PYTHONPATH="$PYTHONPATH:$PAM_WRAPPER_PATH:$(dirname $0)" $PYTHON -m samba.subunit.run samba.tests.pam_winbind_chauthtok
  67 exit_code=$?
  68
  69 rm -rf $service_dir
  70
  71 if [ "$CREATE_USER" = yes ]; then
  72     $samba_tool user delete "$USERNAME" -H "ldap://$CREATE_SERVER" -U "$CREATE_USERNAME%$CREATE_PASSWORD"
  73     # reset password policies
  74     $samba_tool domain passwordsettings set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default -H "ldap://$CREATE_SERVER" -U "$CREATE_USERNAME%$CREATE_PASSWORD"
  75 fi
  76
  77 exit $exit_code