From eb691cd024260f0bc97dbd1260a14575af0fb547 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 1 Aug 2017 16:07:58 +0200 Subject: [PATCH 1/1] python:tests: Add test for warn_pwd_expire Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Mon Aug 7 19:11:02 CEST 2017 on sn-devel-144 --- .../tests/pam_winbind_warn_pwd_expire.py | 41 +++++++++++ .../tests/test_pam_winbind_warn_pwd_expire.sh | 71 +++++++++++++++++++ selftest/tests.py | 4 ++ 3 files changed, 116 insertions(+) create mode 100644 python/samba/tests/pam_winbind_warn_pwd_expire.py create mode 100755 python/samba/tests/test_pam_winbind_warn_pwd_expire.sh diff --git a/python/samba/tests/pam_winbind_warn_pwd_expire.py b/python/samba/tests/pam_winbind_warn_pwd_expire.py new file mode 100644 index 00000000000..c78cf58c171 --- /dev/null +++ b/python/samba/tests/pam_winbind_warn_pwd_expire.py @@ -0,0 +1,41 @@ +# Unix SMB/CIFS implementation. +# +# Copyright (C) 2017 Andreas Schneider +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import samba.tests +import pypamtest +import os + +class PasswordExpirePamTests(samba.tests.TestCase): + def test_auth_expire_warning(self): + domain = os.environ["DOMAIN"] + username = os.environ["USERNAME"] + password = os.environ["PASSWORD"] + warn_pwd_expire = int(os.environ["WARN_PWD_EXPIRE"]) + unix_username = "%s/%s" % (domain, username) + expected_rc = 0 # PAM_SUCCESS + + tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rc) + res = pypamtest.run_pamtest(unix_username, "samba", [tc], [password]) + + self.assertTrue(res != None) + if warn_pwd_expire == 0: + self.assertTrue(res.info == ()) + elif warn_pwd_expire == 50: + self.assertEqual(res.info[0], u"Your password will expire in 42 days.\n") + else: + self.assertEqual(warn_pwd_expire, 0) diff --git a/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh b/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh new file mode 100755 index 00000000000..305633d5a31 --- /dev/null +++ b/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh @@ -0,0 +1,71 @@ +#!/bin/sh + +PYTHON="$1" +PAM_WRAPPER_SO_PATH="$2" +shift 2 + +DOMAIN="$1" +export DOMAIN +USERNAME="$2" +export USERNAME +PASSWORD="$3" +export PASSWORD +shift 3 + +PAM_WRAPPER_PATH="$BINDIR/default/lib/pam_wrapper" + +pam_winbind="$BINDIR/shared/pam_winbind.so" +service_dir="$SELFTEST_TMPDIR/pam_services" +service_file="$service_dir/samba" + +mkdir $service_dir + +PAM_WRAPPER="1" +export PAM_WRAPPER +PAM_WRAPPER_SERVICE_DIR="$service_dir" +export PAM_WRAPPER_SERVICE_DIR +LD_PRELOAD="$LD_PRELOAD:$PAM_WRAPPER_SO_PATH" +export LD_PRELOAD + +PAM_WRAPPER_DEBUGLEVEL=${PAM_WRAPPER_DEBUGLEVEL:="2"} +export PAM_WRAPPER_DEBUGLEVEL + +# TEST with warn_pwd_expire=50 +# +# This should produce a warning that the password will expire in 42 days +# +WARN_PWD_EXPIRE="50" +export WARN_PWD_EXPIRE + +echo "auth required $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" > $service_file +echo "account required $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file +echo "password required $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file +echo "session required $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file + +PYTHONPATH="$PYTHONPATH:$PAM_WRAPPER_PATH:$(dirname $0)" $PYTHON -m samba.subunit.run samba.tests.pam_winbind_warn_pwd_expire +exit_code=$? +if [ $exit_code -ne 0 ]; then + rm -rf $service_dir + exit $exit_code +fi + +# TEST with warn_pwd_expire=0 +# +WARN_PWD_EXPIRE="0" +export WARN_PWD_EXPIRE + +echo "auth required $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" > $service_file +echo "account required $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file +echo "password required $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file +echo "session required $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file + +PYTHONPATH="$PYTHONPATH:$PAM_WRAPPER_PATH:$(dirname $0)" $PYTHON -m samba.subunit.run samba.tests.pam_winbind_warn_pwd_expire +exit_code=$? +if [ $exit_code -ne 0 ]; then + rm -rf $service_dir + exit $exit_code +fi + +rm -rf $service_dir + +exit $exit_code diff --git a/selftest/tests.py b/selftest/tests.py index 40ae20b587d..a9e01ee9417 100644 --- a/selftest/tests.py +++ b/selftest/tests.py @@ -148,6 +148,10 @@ if with_pam: [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), valgrindify(python), pam_wrapper_so_path, "$DOMAIN", "$DC_USERNAME", "$DC_PASSWORD"]) + plantestsuite("samba.tests.pam_winbind_warn_pwd_expire(domain)", "ad_member", + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind_warn_pwd_expire.sh"), + valgrindify(python), pam_wrapper_so_path, + "$DOMAIN", "alice", "Secret007"]) if with_cmocka: plantestsuite("samba.unittests.krb5samba", "none", -- 2.34.1