3 # Test suite wrapper for the MIT Kerberos shared module API.
5 # Written by Russ Allbery <rra@stanford.edu>
6 # Copyright 2009, 2010, 2013
7 # The Board of Trustees of the Leland Stanford Junior University
9 # See LICENSE for licensing terms.
11 . "$SOURCE/tap/libtap.sh"
14 # Run the plugin program to check a password. Takes the test description,
15 # the principal, the password, the expected exit status, and the expected
16 # output to standard error.
23 dict="${BUILD}/data/dictionary"
24 stderr=`"$BUILD/mit/plugin" "$princ" "$password" "$dict" 2>&1`
26 echo "# status: $status"
27 echo "# stderr: $stderr"
28 ok "$desc: status" [ "$status" -eq "$w_status" ]
29 ok "$desc: stderr" [ "$stderr" = "$w_stderr" ]
32 # We need a modified krb5.conf file to add the password_dictionary setting.
33 # We first generate a modified copy of the krb5.conf file that doesn't contain
34 # this setting so that we can test error handling.
36 for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do
39 sed -e '/^[ ]*password_dictionary[ ]*=/d' "$p" > ./krb5.conf
40 KRB5_CONFIG="./krb5.conf"
45 if [ -z "$krb5conf" ] ; then
46 skip_all 'no krb5.conf found, put one in tests/data/krb5.conf'
49 # Check whether we can run the test at all.
50 "$BUILD/mit/plugin" 'test@EXAMPLE.COM' 'test' >/dev/null 2>&1
53 skip_all 'not built against MIT Kerberos libraries'
56 # Okay, we should be good to run the test suite.
59 # Check the basic functionality.
60 ok_password "good password" 'test@EXAMPLE.ORG' 'known good password' 0 ''
61 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'password' 1 \
62 'it is based on a dictionary word'
63 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'bitterbane' 1 \
64 'it is based on a dictionary word'
65 ok_password "password in dictionary" 'test@EXAMPLE.ORG' 'enabrettib' 1 \
66 'it is based on a (reversed) dictionary word'
67 ok_password "password too short" 'test@EXAMPLE.ORG' 'food' 1 \
69 ok_password "password way too short" 'test@EXAMPLE.ORG' 'foo' 1 \
71 ok_password "password empty" 'test@EXAMPLE.ORG' '' 1 \
73 ok_password "password all whitespace" 'test@EXAMPLE.ORG' ' ' 1 \
74 'it does not contain enough DIFFERENT characters'
75 ok_password "password too simplistic" 'test@EXAMPLE.ORG' 'abcdefghi' 1 \
76 'it is too simplistic/systematic'
77 ok_password "not enough characters" 'test@EXAMPLE.ORG' '22413411' 1 \
78 'it does not contain enough DIFFERENT characters'
79 ok_password "password based on principal" 'someuser@EXAMPLE.ORG' 'someuser' \
80 1 'Password based on username'
81 ok_password "password based on principal" 'someuser@EXAMPLE.ORG' 'resuemos' \
82 1 'Password based on username'
83 ok_password "password is principal" 'test@EXAMPLE.ORG' 'test@EXAMPLE.ORG' \
84 1 'Password based on username'