tests/user_check_password_script: add a test do disallow the username as password

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/samba_tool/user_check_password_script.py b/python/samba/tests/samba_tool/user_check_password_script.py
index aaf791aff9ef32e6ec8e8fde476c43eb423b5966..06afbade6bd5498b79142b28e62bdfa70ba63c87 100644 (file)
--- a/python/samba/tests/samba_tool/user_check_password_script.py
+++ b/python/samba/tests/samba_tool/user_check_password_script.py
@@ -42,20 +42,16 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
         super(UserCheckPwdTestCase, self).tearDown()
         self.samdb.set_minPwdAge(self.old_min_pwd_age)
 
-    def test_checkpassword(self):
-        # Add
-        user = self._randomUser()
-        bad_password = os.environ["UNACCEPTABLE_PASSWORD"]
-        good_password = bad_password[:-1]
+    def _test_checkpassword(self, user, bad_password, good_password, desc):
 
         (result, out, err) = self.runsubcmd("user", "add", user["name"], bad_password,
                                             "-H", "ldap://%s" % os.environ["DC_SERVER"],
                                             "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
-        self.assertCmdFail(result, "Should fail adding a user with bad password.")
+        self.assertCmdFail(result, "Should fail adding a user with %s password." % desc)
         (result, out, err) = self.runsubcmd("user", "delete", user["name"],
                                             "-H", "ldap://%s" % os.environ["DC_SERVER"],
                                             "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
-        self.assertCmdSuccess(result, out, err, "Should delete user with bad password.")
+        self.assertCmdSuccess(result, out, err, "Should delete user with %s password." % desc)
 
         (result, out, err) = self.runsubcmd("user", "add", user["name"], good_password,
                                             "-H", "ldap://%s" % os.environ["DC_SERVER"],
@@ -67,7 +63,7 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
                                             "--newpassword=%s" % bad_password,
                                             "-H", "ldap://%s" % os.environ["DC_SERVER"],
                                             "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
-        self.assertCmdFail(result, "Should fail setting a user's password to a bad one.")
+        self.assertCmdFail(result, "Should fail setting a user's password to a %s password." % desc)
 
         (result, out, err) = self.runsubcmd("user", "setpassword", user["name"],
                                             "--newpassword=%s" % good_password,
@@ -81,7 +77,7 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
                                             "--newpassword=%s" % bad_password,
                                             "--ipaddress", os.environ["DC_SERVER_IP"],
                                             "-U%s%%%s" % (user["name"], good_password))
-        self.assertCmdFail(result, "A user setting their own password to a bad one should fail.")
+        self.assertCmdFail(result, "A user setting their own password to a %s password should fail." % desc)
 
         (result, out, err) = self.runsubcmd("user", "password",
                                             "--newpassword=%s" % good_password + 'XYZ',
@@ -89,6 +85,26 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
                                             "-U%s%%%s" % (user["name"], good_password))
         self.assertCmdSuccess(result, out, err, "A user setting their own password to a good one should succeed.")
 
+    def test_checkpassword_unacceptable(self):
+        # Add
+        user = self._randomUser()
+        bad_password = os.environ["UNACCEPTABLE_PASSWORD"]
+        good_password = bad_password[:-1]
+        return self._test_checkpassword(user,
+                                        bad_password,
+                                        good_password,
+                                        "unacceptable")
+
+    def test_checkpassword_username(self):
+        # Add
+        user = self._randomUser()
+        bad_password = user["name"]
+        good_password = bad_password[:-1]
+        return self._test_checkpassword(user,
+                                        bad_password,
+                                        good_password,
+                                        "username")
+
     def _randomUser(self, base={}):
         """create a user with random attribute values, you can specify base attributes"""
         user = {

diff --git a/selftest/checkpassword_arg1.sh b/selftest/checkpassword_arg1.sh
index 9cb28ef198cf1db4c3f51061f2bf7aac72b2698a..8bb2aad972b19d650e6c98a6ddccf26c1d369a1d 100755 (executable)
--- a/selftest/checkpassword_arg1.sh
+++ b/selftest/checkpassword_arg1.sh
@@ -4,6 +4,7 @@
 set -e
 set -u
 
+ACCOUNT_NAME="${SAMBA_CPS_ACCOUNT_NAME-}"
 INVALIDPW="$1"
 NEWPW=`cat -`
 
@@ -12,4 +13,9 @@ echo -n "${NEWPW}" | grep -q "^${INVALIDPW}\$" && {
        exit 1
 }
 
+echo -n "${NEWPW}" | grep -q "^${ACCOUNT_NAME}\$" && {
+       echo "Password includes ACCOUNT_NAME" >&1
+       exit 1
+}
+
 exit 0

diff --git a/selftest/knownfail.d/user_check_password_script b/selftest/knownfail.d/user_check_password_script
new file mode 100644 (file)
index 0000000..7d6e082
--- /dev/null
+++ b/selftest/knownfail.d/user_check_password_script
@@ -0,0 +1 @@
+^samba.tests.samba_tool.user_check_password_script.*samba.tests.samba_tool.user_check_password_script.UserCheckPwdTestCase.test_checkpassword_username