3 # Test suite wrapper for the MIT Kerberos shared module API.
5 # Written by Russ Allbery <rra@stanford.edu>
7 # The Board of Trustees of the Leland Stanford Junior University
9 # See LICENSE for licensing terms.
11 . "$SOURCE/tap/libtap.sh"
14 # Run the plugin program to check a password. Takes the test description,
15 # the principal, the password, the expected exit status, and the expected
16 # output to standard error.
18 local desc princ password w_status w_stderr status stderr
24 stderr=`"$BUILD/mit/plugin" "$princ" "$password" 2>&1`
26 echo "# status: $status"
27 echo "# stderr: $stderr"
28 ok "$desc: status" [ "$status" -eq "$w_status" ]
29 ok "$desc: stderr" [ "$stderr" = "$w_stderr" ]
32 # We need a modified krb5.conf file to add the password_dictionary setting.
33 # We first generate a modified copy of the krb5.conf file that doesn't contain
34 # this setting so that we can test error handling.
36 for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do
39 sed -e '/^[ ]*password_dictionary[ ]*=/d' "$p" > ./krb5.conf
40 KRB5_CONFIG="./krb5.conf"
45 if [ -z "$krb5conf" ] ; then
46 skip_all 'no krb5.conf found, put one in tests/data/krb5.conf'
49 # Check whether we can run the test at all.
50 "$BUILD/mit/plugin" 'test@EXAMPLE.COM' 'test' >/dev/null 2>&1
53 skip_all 'not built against MIT Kerberos libraries'
56 # Okay, we should be good to run the test suite.
59 # We don't have a password_dictionary setting, so we should fail with an
60 # initialization error.
61 ok_password "no dictionary configured" 'test@EXAMPLE.ORG' 'password' 1 \
62 'password_dictionary not configured in krb5.conf'
64 # Now add the password dictionary configuration.
65 cat <<EOF >> ./krb5.conf
69 password_dictionary = $BUILD/data/dictionary
74 # Check the basic functionality.
75 ok_password "good password" 'test@EXAMPLE.ORG' 'known good password' 0 ''
76 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'password' 1 \
77 'it is based on a dictionary word'
78 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'bitterbane' 1 \
79 'it is based on a dictionary word'
80 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'enabrettib' 1 \
81 'it is based on a (reversed) dictionary word'
82 ok_password "password too short" 'test@EXAMPLE.ORG' 'food' 1 \
84 ok_password "password way too short" 'test@EXAMPLE.ORG' 'foo' 1 \
86 ok_password "password empty" 'test@EXAMPLE.ORG' '' 1 \
88 ok_password "password all whitespace" 'test@EXAMPLE.ORG' ' ' 1 \
89 'it does not contain enough DIFFERENT characters'
90 ok_password "password too simplistic" 'test@EXAMPLE.ORG' 'abcdefghi' 1 \
91 'it is too simplistic/systematic'
92 ok_password "not enough characters" 'test@EXAMPLE.ORG' '22413411' 1 \
93 'it does not contain enough DIFFERENT characters'
94 ok_password "password based on principal" 'someuser@EXAMPLE.ORG' 'someuser' \
95 1 'Password based on username'
96 ok_password "password based on principal" 'someuser@EXAMPLE.ORG' 'resuemos' \
97 1 'Password based on username'
98 ok_password "password is principal" 'test@EXAMPLE.ORG' 'test@EXAMPLE.ORG' \
99 1 'Password based on username'