3 # Test suite wrapper for the Heimdal shared module API.
5 # Written by Russ Allbery <rra@stanford.edu>
7 # The Board of Trustees of the Leland Stanford Junior University
9 # See LICENSE for licensing terms.
11 . "$SOURCE/tap/libtap.sh"
14 # Run the plugin program to check a password. Takes the test description,
15 # the principal, the password, the expected exit status, and the expected
16 # output to standard error.
23 stderr=`"$BUILD/heimdal/plugin" "$princ" "$password" 2>&1`
25 echo "# status: $status"
26 echo "# stderr: $stderr"
27 ok "$desc: status" [ "$status" -eq "$w_status" ]
28 ok "$desc: stderr" [ "$stderr" = "$w_stderr" ]
31 # We need a modified krb5.conf file to add the password_dictionary setting.
32 # We first generate a modified copy of the krb5.conf file that doesn't contain
33 # this setting so that we can test error handling.
35 for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do
38 sed -e '/^[ ]*password_dictionary[ ]*=/d' "$p" > ./krb5.conf
39 KRB5_CONFIG="./krb5.conf"
44 if [ -z "$krb5conf" ] ; then
45 skip_all 'no krb5.conf found, put one in tests/data/krb5.conf'
48 # Check whether we can run the test at all.
49 "$BUILD/heimdal/plugin" 'test@EXAMPLE.COM' 'test' >/dev/null 2>&1
52 skip_all 'not built against Heimdal libraries'
55 # Okay, we should be good to run the test suite.
58 # We don't have a password_dictionary setting, so we should fail with an
59 # initialization error.
60 ok_password "no dictionary configured" 'test@EXAMPLE.ORG' 'password' 1 \
61 'password_dictionary not configured in krb5.conf'
63 # Now add the password dictionary configuration.
64 cat <<EOF >> ./krb5.conf
68 password_dictionary = $BUILD/data/dictionary
73 # Check the basic functionality.
74 ok_password "good password" 'test@EXAMPLE.ORG' 'known good password' 0 ''
75 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'password' 1 \
76 'it is based on a dictionary word'
77 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'bitterbane' 1 \
78 'it is based on a dictionary word'
79 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'enabrettib' 1 \
80 'it is based on a (reversed) dictionary word'
81 ok_password "password too short" 'test@EXAMPLE.ORG' 'food' 1 \
83 ok_password "password way too short" 'test@EXAMPLE.ORG' 'foo' 1 \
85 ok_password "password empty" 'test@EXAMPLE.ORG' '' 1 \
87 ok_password "password all whitespace" 'test@EXAMPLE.ORG' ' ' 1 \
88 'it does not contain enough DIFFERENT characters'
89 ok_password "password too simplistic" 'test@EXAMPLE.ORG' 'abcdefghi' 1 \
90 'it is too simplistic/systematic'
91 ok_password "not enough characters" 'test@EXAMPLE.ORG' '22413411' 1 \
92 'it does not contain enough DIFFERENT characters'
93 ok_password "password based on principal" 'someuser@EXAMPLE.ORG' 'someuser' \
94 1 'Password based on username'
95 ok_password "password based on principal" 'someuser@EXAMPLE.ORG' 'resuemos' \
96 1 'Password based on username'
97 ok_password "password is principal" 'test@EXAMPLE.ORG' 'test@EXAMPLE.ORG' \
98 1 'Password based on username'