--- /dev/null
+# Unix SMB/CIFS implementation.
+#
+# Copyright (C) 2022 Samuel Cabrero <scabrero@samba.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import samba.tests
+import pypamtest
+import os
+
+class PamChauthtokTests(samba.tests.TestCase):
+ def test_setcred_delete_cred(self):
+ domain = os.environ["DOMAIN"]
+ username = os.environ["USERNAME"]
+ password = os.environ["PASSWORD"]
+
+ if domain != "":
+ unix_username = "%s/%s" % (domain, username)
+ else:
+ unix_username = "%s" % username
+ expected_rc = 0 # PAM_SUCCESS
+
+ tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rc)
+ tc1 = pypamtest.TestCase(pypamtest.PAMTEST_GETENVLIST, expected_rc)
+ tc2 = pypamtest.TestCase(pypamtest.PAMTEST_KEEPHANDLE, expected_rc)
+ try:
+ res = pypamtest.run_pamtest(unix_username, "samba", [tc, tc1, tc2], [password])
+ except pypamtest.PamTestError as e:
+ raise AssertionError(str(e))
+
+ self.assertTrue(res is not None)
+
+ ccache = tc1.pam_env["KRB5CCNAME"]
+ ccache = ccache[ccache.index(":") + 1:]
+ self.assertTrue(os.path.exists(ccache))
+
+ handle = tc2.pam_handle
+ tc3 = pypamtest.TestCase(pypamtest.PAMTEST_SETCRED, expected_rc, pypamtest.PAMTEST_FLAG_DELETE_CRED)
+ try:
+ res = pypamtest.run_pamtest(unix_username, "samba", [tc3], handle=handle)
+ except pypamtest.PamTestError as e:
+ raise AssertionError(str(e))
+
+ self.assertFalse(os.path.exists(ccache))
--- /dev/null
+#!/bin/sh
+
+PYTHON="$1"
+PAM_WRAPPER_SO_PATH="$2"
+shift 2
+
+DOMAIN="$1"
+export DOMAIN
+USERNAME="$2"
+export USERNAME
+PASSWORD="$3"
+export PASSWORD
+shift 3
+
+PAM_OPTIONS="$1"
+export PAM_OPTIONS
+shift 1
+
+PAM_WRAPPER_PATH="$BINDIR/default/third_party/pam_wrapper"
+
+pam_winbind="$BINDIR/plugins/pam_winbind.so"
+service_dir="$SELFTEST_TMPDIR/pam_services"
+service_file="$service_dir/samba"
+
+mkdir $service_dir
+echo "auth required $pam_winbind debug debug_state $PAM_OPTIONS" > $service_file
+echo "account required $pam_winbind debug debug_state $PAM_OPTIONS" >> $service_file
+echo "password required $pam_winbind debug debug_state $PAM_OPTIONS" >> $service_file
+echo "session required $pam_winbind debug debug_state $PAM_OPTIONS" >> $service_file
+
+PAM_WRAPPER="1"
+export PAM_WRAPPER
+PAM_WRAPPER_SERVICE_DIR="$service_dir"
+export PAM_WRAPPER_SERVICE_DIR
+LD_PRELOAD="$LD_PRELOAD:$PAM_WRAPPER_SO_PATH"
+export LD_PRELOAD
+
+PAM_WRAPPER_DEBUGLEVEL=${PAM_WRAPPER_DEBUGLEVEL:="3"}
+export PAM_WRAPPER_DEBUGLEVEL
+
+PYTHONPATH="$PYTHONPATH:$PAM_WRAPPER_PATH:$(dirname $0)" $PYTHON -m samba.subunit.run samba.tests.pam_winbind_setcred
+exit_code=$?
+
+rm -rf $service_dir
+
+exit $exit_code
"$DOMAIN", "alice", "Secret007",
pam_options])
+ description = "krb5"
+ pam_options = "'krb5_auth krb5_ccache_type=FILE:/tmp/krb5cc_pam_test_%u'"
+ plantestsuite("samba.tests.pam_winbind_setcred(domain+%s)" % description, "ad_dc:local",
+ [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind_setcred.sh"),
+ valgrindify(python), pam_wrapper_so_path,
+ "${DOMAIN}", "${DC_USERNAME}", "${DC_PASSWORD}",
+ pam_options])
+
plantestsuite("samba.unittests.krb5samba", "none",
[os.path.join(bindir(), "default/testsuite/unittests/test_krb5samba")])
projects / thirdparty / samba.git / commitdiff
