3 # Test suite wrapper for the Heimdal shared module API.
5 # Written by Russ Allbery <rra@stanford.edu>
6 # Copyright 2009 Board of Trustees, Leland Stanford Jr. University
8 # See LICENSE for licensing terms.
10 . "$SOURCE/tap/libtap.sh"
13 # Run the plugin program to check a password. Takes the test description,
14 # the principal, the password, the expected exit status, and the expected
15 # output to standard error.
17 local desc princ password w_status w_stderr status stderr
23 stderr=`"$BUILD/heimdal/plugin" "$princ" "$password" 2>&1`
25 echo "# status: $status"
26 echo "# stderr: $stderr"
27 ok "$desc: status" [ "$status" -eq "$w_status" ]
28 ok "$desc: stderr" [ "$stderr" = "$w_stderr" ]
31 # We need a modified krb5.conf file to add the password_dictionary setting.
32 # We first generate a modified copy of the krb5.conf file that doesn't contain
33 # this setting so that we can test error handling.
35 for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do
38 sed -e '/^[ ]*password_dictionary[ ]*=/d' "$p" > ./krb5.conf
39 KRB5_CONFIG="./krb5.conf"
44 if [ -z "$krb5conf" ] ; then
45 skip_all 'no krb5.conf found, put one in tests/data/krb5.conf'
48 # Okay, we should be good to run the test suite.
51 # We don't have a password_dictionary setting, so we should fail with an
52 # initialization error.
53 ok_password "no dictionary configured" 'test@EXAMPLE.ORG' 'password' 1 \
54 'password_dictionary not configured in krb5.conf'
56 # Now add the password dictionary configuration.
57 cat <<EOF >> ./krb5.conf
61 password_dictionary = $BUILD/data/dictionary
66 # Check the basic functionality.
67 ok_password "good password" 'test@EXAMPLE.ORG' 'known good password' 0 ''
68 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'password' 1 \
69 'it is based on a dictionary word'
70 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'bitter' 1 \
71 'it is based on a dictionary word'
72 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'rettib' 1 \
73 'it is based on a (reversed) dictionary word'
74 ok_password "password too short" 'test@EXAMPLE.ORG' 'food' 1 \
76 ok_password "password way too short" 'test@EXAMPLE.ORG' 'foo' 1 \
78 ok_password "password empty" 'test@EXAMPLE.ORG' '' 1 \
80 ok_password "password all whitespace" 'test@EXAMPLE.ORG' ' ' 1 \
81 'it does not contain enough DIFFERENT characters'
82 ok_password "password too simplistic" 'test@EXAMPLE.ORG' 'abcdefghi' 1 \
83 'it is too simplistic/systematic'
84 ok_password "not enough characters" 'test@EXAMPLE.ORG' '22413411' 1 \
85 'it does not contain enough DIFFERENT characters'
86 ok_password "password based on principal" 'someuser@EXAMPLE.ORG' 'someuser' \
87 1 'Password based on username'
88 ok_password "password based on principal" 'someuser@EXAMPLE.ORG' 'resuemos' \
89 1 'Password based on username'
90 ok_password "password is principal" 'test@EXAMPLE.ORG' 'test@EXAMPLE.ORG' \
91 1 'Password based on username'