[PATCH] Add tests for the warn_pwd_expire option of pam_winbind

Andreas Schneider asn at samba.org
Wed Aug 2 12:34:24 UTC 2017 

Hi,

topic says it all. Review and push much appreciated!


Thanks,


	Andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org
-------------- next part --------------
>From ce97562ea1519c67aba88133fa348c74d1532bd8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Tue, 1 Aug 2017 16:05:57 +0200
Subject: [PATCH 1/2] python:tests: Do not overwrite exit code

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 python/samba/tests/test_pam_winbind.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/python/samba/tests/test_pam_winbind.sh b/python/samba/tests/test_pam_winbind.sh
index fdd2870dff4..c535759885c 100755
--- a/python/samba/tests/test_pam_winbind.sh
+++ b/python/samba/tests/test_pam_winbind.sh
@@ -39,5 +39,4 @@ exit_code=$?
 
 rm -rf $service_dir
 
-exit_code=0
 exit $exit_code
-- 
2.13.3


>From 3c4499fb6191a4d0a0d4fa91680863e7b044c081 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Tue, 1 Aug 2017 16:07:58 +0200
Subject: [PATCH 2/2] python:tests: Add test for warn_pwd_expire

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 python/samba/tests/pam_winbind_warn_pwd_expire.py  | 39 ++++++++++++
 .../tests/test_pam_winbind_warn_pwd_expire.sh      | 71 ++++++++++++++++++++++
 selftest/tests.py                                  |  4 ++
 3 files changed, 114 insertions(+)
 create mode 100644 python/samba/tests/pam_winbind_warn_pwd_expire.py
 create mode 100755 python/samba/tests/test_pam_winbind_warn_pwd_expire.sh

diff --git a/python/samba/tests/pam_winbind_warn_pwd_expire.py b/python/samba/tests/pam_winbind_warn_pwd_expire.py
new file mode 100644
index 00000000000..19e2bd61cfd
--- /dev/null
+++ b/python/samba/tests/pam_winbind_warn_pwd_expire.py
@@ -0,0 +1,39 @@
+# Unix SMB/CIFS implementation.
+#
+# Copyright (C) 2017      Andreas Schneider <asn at samba.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import samba.tests
+import pypamtest
+import os
+
+class PasswordExpirePamTests(samba.tests.TestCase):
+    def test_auth_expire_warning(self):
+        domain = os.environ["DOMAIN"]
+        username = os.environ["USERNAME"]
+        password = os.environ["PASSWORD"]
+        warn_pwd_expire = os.environ["WARN_PWD_EXPIRE"]
+        unix_username = "%s/%s" % (domain, username)
+        expected_rc = 0 # PAM_SUCCESS
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rc)
+        res = pypamtest.run_pamtest(unix_username, "samba", [tc], [password])
+
+        self.assertTrue(res != None)
+        if int(warn_pwd_expire) == 0:
+            self.assertTrue(res.info == ())
+        if int(warn_pwd_expire) == 50:
+            self.assertEqual(res.info[0], u"Your password will expire in 42 days.\n")
diff --git a/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh b/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh
new file mode 100755
index 00000000000..305633d5a31
--- /dev/null
+++ b/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+
+PYTHON="$1"
+PAM_WRAPPER_SO_PATH="$2"
+shift 2
+
+DOMAIN="$1"
+export DOMAIN
+USERNAME="$2"
+export USERNAME
+PASSWORD="$3"
+export PASSWORD
+shift 3
+
+PAM_WRAPPER_PATH="$BINDIR/default/lib/pam_wrapper"
+
+pam_winbind="$BINDIR/shared/pam_winbind.so"
+service_dir="$SELFTEST_TMPDIR/pam_services"
+service_file="$service_dir/samba"
+
+mkdir $service_dir
+
+PAM_WRAPPER="1"
+export PAM_WRAPPER
+PAM_WRAPPER_SERVICE_DIR="$service_dir"
+export PAM_WRAPPER_SERVICE_DIR
+LD_PRELOAD="$LD_PRELOAD:$PAM_WRAPPER_SO_PATH"
+export LD_PRELOAD
+
+PAM_WRAPPER_DEBUGLEVEL=${PAM_WRAPPER_DEBUGLEVEL:="2"}
+export PAM_WRAPPER_DEBUGLEVEL
+
+# TEST with warn_pwd_expire=50
+#
+# This should produce a warning that the password will expire in 42 days
+#
+WARN_PWD_EXPIRE="50"
+export WARN_PWD_EXPIRE
+
+echo "auth        required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" > $service_file
+echo "account     required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+echo "password    required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+echo "session     required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+
+PYTHONPATH="$PYTHONPATH:$PAM_WRAPPER_PATH:$(dirname $0)" $PYTHON -m samba.subunit.run samba.tests.pam_winbind_warn_pwd_expire
+exit_code=$?
+if [ $exit_code -ne 0 ]; then
+	rm -rf $service_dir
+	exit $exit_code
+fi
+
+# TEST with warn_pwd_expire=0
+#
+WARN_PWD_EXPIRE="0"
+export WARN_PWD_EXPIRE
+
+echo "auth        required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" > $service_file
+echo "account     required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+echo "password    required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+echo "session     required    $pam_winbind debug debug_state warn_pwd_expire=$WARN_PWD_EXPIRE" >> $service_file
+
+PYTHONPATH="$PYTHONPATH:$PAM_WRAPPER_PATH:$(dirname $0)" $PYTHON -m samba.subunit.run samba.tests.pam_winbind_warn_pwd_expire
+exit_code=$?
+if [ $exit_code -ne 0 ]; then
+	rm -rf $service_dir
+	exit $exit_code
+fi
+
+rm -rf $service_dir
+
+exit $exit_code
diff --git a/selftest/tests.py b/selftest/tests.py
index 40ae20b587d..a9e01ee9417 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -148,6 +148,10 @@ if with_pam:
                   [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"),
                    valgrindify(python), pam_wrapper_so_path,
                    "$DOMAIN", "$DC_USERNAME", "$DC_PASSWORD"])
+    plantestsuite("samba.tests.pam_winbind_warn_pwd_expire(domain)", "ad_member",
+                  [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind_warn_pwd_expire.sh"),
+                   valgrindify(python), pam_wrapper_so_path,
+                   "$DOMAIN", "alice", "Secret007"])
 
 if with_cmocka:
     plantestsuite("samba.unittests.krb5samba", "none",
-- 
2.13.3

More information about the samba-technical mailing list