Univention Bugzilla – Attachment 2478 Details for
Bug 18838
ucs-test: Sperrung des Benutzerkontos nach X erfolglosen Anmeldeversuchen
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
WIP Version
47faillog (text/plain), 4.73 KB, created by
Philipp Hahn
on 2010-07-01 20:40:35 CEST
(
hide
)
Description:
WIP Version
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2010-07-01 20:40:35 CEST
Size:
4.73 KB
patch
obsolete
>#!/bin/bash > >source "$TESTLIBPATH/user.lib" >source "$TESTLIBPATH/base.lib" > >#if ! current_ucs_version_greater_equal 2.4; then ># exit 132 >#fi > >INFO_LINE="Test faillog via ssh" >TEST_SERVER_ROLE="domaincontroller_master" >TEST_BASIC=true >TEST_PACKAGES="univention-config univention-directory-manager-tools" > >RETURNCODE=100 > >NAME=$(getusername) > ># it takes some time before all ssh connections complete >SSH_SLEEP=15 > >eval "$(ucr shell)" > >old_auth_faillog="$auth_faillog" >old_auth_faillog_limit="$auth_faillog_limit" >old_auth_faillog_root="$auth_faillog_root" >old_auth_faillog_unlock_time="$auth_faillog_unlock_time" >old_auth_faillog_lock_global="$auth_faillog_lock_global" > >ucr set auth/faillog=no auth/faillog/lock_global=no > >ssh_test () { > local passwd="${1}" > univention-ssh -timeout 3 "$passwd" "$NAME@$hostname.$domainname" /usr/sbin/ucr get hostname >} > >fake_passwd=$(mktemp) >echo "foobar1234" >"$fake_passwd" >passwd=$(mktemp) >echo "univention" >"$passwd" > >info "Create user $NAME" >univention-directory-manager users/user create --position "cn=users,$ldap_base" --set username="$NAME" --set lastname="$NAME" --set password="univention" > ># univention-ssh tries it 3 times >info "Login with wrong password via ssh" >ssh_test "$fake_passwd" >ssh_test "$fake_passwd" >ssh_test "$fake_passwd" >sleep $SSH_SLEEP >ssh_hostname="$(ssh_test "$passwd")" >if [ "$ssh_hostname" != "$hostname" ]; then > error "The login wasn't successful, but faillog is disabled" > RETURNCODE=110 >fi > >#activate >ucr set auth/faillog=yes auth/faillog/lock_global=no >pam_tally --user "$NAME" --reset > >info "Login via ssh" >ssh_hostname="$(ssh_test "$passwd")" >if [ "$ssh_hostname" != "$hostname" ]; then > error "The login wasn't successful" > error "$ssh_hostname" > error "$hostname" > RETURNCODE=110 >fi > ># univention-ssh tries it 3 times >info "Login with wrong password via ssh" >ssh_test "$fake_passwd" >ssh_test "$fake_passwd" >sleep $SSH_SLEEP > ># by default the user should be disabled >failCount=$(pam_tally --user="$NAME" | awk '{print $NF}') >if [ "$failCount" != "6" ]; then > error "failCount is $failCount and should be 6" > RETURNCODE=110 >fi > >ssh_hostname="$(ssh_test "$passwd")" >if [ "$ssh_hostname" = "$hostname" ]; then > error "The login was successful, but the user should be locked" > RETURNCODE=110 >fi > >info "Reset counter for $NAME" >pam_tally --user="$NAME" --reset > >info "Normal ssh login" >ssh_hostname="$(ssh_test "$passwd")" >if [ "$ssh_hostname" != "$hostname" ]; then > error "The login wasn't successful, but the user faillog is resetted" > error "$ssh_hostname" > error "$hostname" > RETURNCODE=110 >fi > >info "Login with wrong password" >ssh_test "$fake_passwd" >sleep $SSH_SLEEP >failCount=$(pam_tally --user="$NAME" | awk '{print $NF}') >if [ "$failCount" != "3" ]; then > error "failCount is $failCount and should be 3" > RETURNCODE=110 >fi > >pam_tally --user="$NAME" ># reset failCount >info "Reset counter with a success login" >ssh_hostname="$(ssh_test "$passwd")" >if [ "$ssh_hostname" != "$hostname" ]; then > error "The login wasn't successful, but the user faillog is lower than the maximum" > RETURNCODE=110 >fi >failCount=$(pam_tally --user="$NAME" | awk '{print $NF}') >if [ "$failCount" != "0" ]; then > error "failCount should be empty" > RETURNCODE=110 >fi > >info "Activate global lock and a diffrent limit" >ucr set auth/faillog/limit=6 auth/faillog/lock_global=yes >ssh_test "$fake_passwd" >sleep $SSH_SLEEP >ssh_hostname="$(ssh_test "$passwd")" >if [ "$ssh_hostname" != "$hostname" ]; then > error "The login wasn't successful, but the users faillog is lower than the maximum" > RETURNCODE=110 >fi >ssh_test "$fake_passwd" >ssh_test "$fake_passwd" >sleep $SSH_SLEEP >ssh_hostname="$(ssh_test "$passwd")" >if [ "$ssh_hostname" = "$hostname" ]; then > error "The login was successful, but the user should be locked" > RETURNCODE=110 >fi >sleep $SSH_SLEEP > >udm_locked=$(univention-directory-manager users/user list --filter "uid=$NAME" | grep "^ locked: all") >if [ "$udm_locked" != " locked: all" ]; then > error "user was not locked in UDM" > univention-directory-manager users/user list --filter "uid=$NAME" > RETURNCODE=110 >fi > >univention-directory-manager users/user modify --dn "uid=$NAME,cn=users,$ldap_base" --set locked=none >sleep 5 #wait for the replication >ssh_hostname="$(ssh_test "$passwd")" >if [ "$ssh_hostname" != "$hostname" ]; then > error "The login wasn't successful, but the fail counter should be resetted" > RETURNCODE=110 >fi > >info "Remove user" >removeuser "$NAME" >function ucr_reset () { > declare -a reset unset > while [ $# -ge 1 ] > do > local var="old_${1//[^a-zA-Z0-9]/_}" > if [ "${!var}" ] > then > reset+=("$1"="${!var}") > else > unset+=("$1") > fi > shift > done > [ -n "${reset}" ] && ucr set "${reset[@]}" > [ -n "${unset}" ] && ucr unset "${unset[@]}" >} >ucr_reset auth/faillog auth/faillog/lock_global auth/faillog/limit >rm -f "$fake_passwd" "$passwd" > >exit $RETURNCODE
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2478">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 18838
: 2478