--- /dev/null
+# Unix SMB/CIFS implementation.
+#
+# Copyright (C) 2017 Andreas Schneider <asn@samba.org>
+# Copyright (C) 2018 Mathieu Parent <math.parent@gmail.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import samba.tests
+import pypamtest
+import os
+
+class PamChauthtokTests(samba.tests.TestCase):
+ def test_chauthtok(self):
+ domain = os.environ["DOMAIN"]
+ username = os.environ["USERNAME"]
+ password = os.environ["PASSWORD"]
+ newpassword = os.environ["NEWPASSWORD"]
+ unix_username = "%s/%s" % (domain, username)
+ expected_rc = 0 # PAM_SUCCESS
+
+ tc = pypamtest.TestCase(pypamtest.PAMTEST_CHAUTHTOK, expected_rc)
+ res = pypamtest.run_pamtest(unix_username, "samba", [tc], [password, newpassword, newpassword])
+
+ self.assertTrue(res is not None)
--- /dev/null
+#!/bin/sh
+
+PYTHON="$1"
+PAM_WRAPPER_SO_PATH="$2"
+PAM_SET_ITEMS_SO_PATH="$3"
+shift 3
+
+DOMAIN="$1"
+export DOMAIN
+USERNAME="$2"
+export USERNAME
+PASSWORD="$3"
+export PASSWORD
+NEWPASSWORD="$4"
+export NEWPASSWORD
+PAM_OPTIONS="$5"
+export PAM_OPTIONS
+CREATE_USER="$6"
+shift 6
+
+samba_bindir="$BINDIR"
+samba_tool="$samba_bindir/samba-tool"
+
+if [ "$CREATE_USER" = yes ]; then
+ CREATE_SERVER="$1"
+ CREATE_USERNAME="$2"
+ CREATE_PASSWORD="$3"
+ shift 3
+ $samba_tool user create "$USERNAME" "$PASSWORD" -H "ldap://$CREATE_SERVER" -U "$CREATE_USERNAME%$CREATE_PASSWORD"
+ # reset password policies beside of minimum password age of 0 days
+ $samba_tool domain passwordsettings set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default -H "ldap://$CREATE_SERVER" -U "$CREATE_USERNAME%$CREATE_PASSWORD"
+fi
+
+PAM_WRAPPER_PATH="$BINDIR/default/third_party/pam_wrapper"
+
+pam_winbind="$BINDIR/shared/pam_winbind.so"
+service_dir="$SELFTEST_TMPDIR/pam_services"
+service_file="$service_dir/samba"
+
+mkdir $service_dir
+echo "auth required $pam_winbind debug debug_state $PAM_OPTIONS" > $service_file
+echo "account required $pam_winbind debug debug_state $PAM_OPTIONS" >> $service_file
+echo "password required $PAM_SET_ITEMS_SO_PATH" >> $service_file
+echo "password required $pam_winbind debug debug_state $PAM_OPTIONS" >> $service_file
+echo "session required $pam_winbind debug debug_state $PAM_OPTIONS" >> $service_file
+
+PAM_WRAPPER_SERVICE_DIR="$service_dir"
+export PAM_WRAPPER_SERVICE_DIR
+LD_PRELOAD="$LD_PRELOAD:$PAM_WRAPPER_SO_PATH"
+export LD_PRELOAD
+
+PAM_WRAPPER_DEBUGLEVEL=${PAM_WRAPPER_DEBUGLEVEL:="2"}
+export PAM_WRAPPER_DEBUGLEVEL
+
+case $PAM_OPTIONS in
+ use_authtok)
+ PAM_AUTHTOK="$NEWPASSWORD"
+ export PAM_AUTHTOK
+ ;;
+ try_authtok)
+ PAM_AUTHTOK="$NEWPASSWORD"
+ export PAM_AUTHTOK
+ ;;
+esac
+
+PAM_WRAPPER="1" PYTHONPATH="$PYTHONPATH:$PAM_WRAPPER_PATH:$(dirname $0)" $PYTHON -m samba.subunit.run samba.tests.pam_winbind_chauthtok
+exit_code=$?
+
+rm -rf $service_dir
+
+if [ "$CREATE_USER" = yes ]; then
+ $samba_tool user delete "$USERNAME" -H "ldap://$CREATE_SERVER" -U "$CREATE_USERNAME%$CREATE_PASSWORD"
+ # reset password policies
+ $samba_tool domain passwordsettings set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default -H "ldap://$CREATE_SERVER" -U "$CREATE_USERNAME%$CREATE_PASSWORD"
+fi
+
+exit $exit_code
have_man_pages_support = ("XSLTPROC_MANPAGES" in config_hash)
with_pam = ("WITH_PAM" in config_hash)
pam_wrapper_so_path = config_hash["LIBPAM_WRAPPER_SO_PATH"]
+pam_set_items_so_path = config_hash["PAM_SET_ITEMS_SO_PATH"]
planpythontestsuite("none", "samba.tests.source", py3_compatible=True)
if have_man_pages_support:
[os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"),
valgrindify(python), pam_wrapper_so_path,
"$DOMAIN", "$DC_USERNAME", "$DC_PASSWORD"])
+
+ for pam_options in ["''", "use_authtok", "try_authtok"]:
+ plantestsuite("samba.tests.pam_winbind_chauthtok with options %s" % pam_options, "ad_member",
+ [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind_chauthtok.sh"),
+ valgrindify(python), pam_wrapper_so_path, pam_set_items_so_path,
+ "$DOMAIN", "TestPamOptionsUser", "oldp@ssword0", "newp@ssword0",
+ pam_options, 'yes',
+ "$DC_SERVER", "$DC_USERNAME", "$DC_PASSWORD"])
+
plantestsuite("samba.tests.pam_winbind_warn_pwd_expire(domain)", "ad_member",
[os.path.join(srcdir(), "python/samba/tests/test_pam_winbind_warn_pwd_expire.sh"),
valgrindify(python), pam_wrapper_so_path,
git.samba.org / garming / samba-autobuild / .git / commitdiff