#!/bin/bash source "$TESTLIBPATH/user.lib" source "$TESTLIBPATH/base.lib" #if ! current_ucs_version_greater_equal 2.4; then # exit 132 #fi INFO_LINE="Test faillog via ssh" TEST_SERVER_ROLE="domaincontroller_master" TEST_BASIC=true TEST_PACKAGES="univention-config univention-directory-manager-tools openssh-server" RETURNCODE=100 NAME=$(getusername) eval "$(ucr shell)" old_auth_faillog="$auth_faillog" old_auth_faillog_limit="$auth_faillog_limit" old_auth_faillog_root="$auth_faillog_root" old_auth_faillog_unlock_time="$auth_faillog_unlock_time" old_auth_faillog_lock_global="$auth_faillog_lock_global" old_sshd_challengeresponse="$sshd_challengeresponse" old_sshd_passwordauthentication="$sshd_passwordauthentication" ucr set \ auth/faillog=yes \ auth/faillog/lock_global=yes \ auth/faillog/limit=6 \ sshd/challengeresponse=yes \ sshd/passwordauthentication=no /etc/init.d/ssh restart fake_passwd=$(mktemp) echo "foobar1234" >"$fake_passwd" passwd=$(mktemp) echo "univention" >"$passwd" ssh_login () { univention-ssh -timeout 10 "$1" -o NumberOfPasswordPrompts=3 "$NAME@$hostname.$domainname" /usr/sbin/ucr get hostname } info "Create user $NAME" univention-directory-manager users/user create \ --position "cn=users,$ldap_base" \ --set username="$NAME" \ --set lastname="$NAME" \ --set password="univention" \ --set locked=none info "Lock none" ssh_hostname="$(ssh_login "$passwd")" if [ "$ssh_hostname" != "$hostname" ]; then error "The login wasn't successful" RETURNCODE=110 fi ssh_login "$fake_passwd" # 3 ssh_login "$fake_passwd" # 6 ssh_hostname="$(ssh_login "$passwd")" if [ "$ssh_hostname" = "$hostname" ]; then error "The login was successful, but the user should be locked" RETURNCODE=110 fi info "Lock windows" univention-directory-manager users/user modify --dn "uid=$NAME,cn=users,$ldap_base" --set locked=windows sleep 5 #wait for the replication ssh_hostname="$(ssh_login "$passwd")" if [ "$ssh_hostname" != "$hostname" ]; then error "The login wasn't successful" RETURNCODE=110 fi info "Lock posix" univention-directory-manager users/user modify --dn "uid=$NAME,cn=users,$ldap_base" --set locked=posix sleep 5 #wait for the replication ssh_hostname="$(ssh_login "$passwd")" if [ "$ssh_hostname" = "$hostname" ]; then error "The login was successful, but the user should be locked" RETURNCODE=110 fi info "Lock all" univention-directory-manager users/user modify --dn "uid=$NAME,cn=users,$ldap_base" --set locked=all sleep 5 #wait for the replication ssh_hostname="$(ssh_login "$passwd")" if [ "$ssh_hostname" = "$hostname" ]; then error "The login was successful, but the user should be locked" RETURNCODE=110 fi info "Remove user" removeuser "$NAME" function ucr_reset () { declare -a reset unset while [ $# -ge 1 ] do local var="old_${1//[^a-zA-Z0-9]/_}" if [ "${!var}" ] then reset+=("$1"="${!var}") else unset+=("$1") fi shift done [ -n "${reset}" ] && ucr set "${reset[@]}" [ -n "${unset}" ] && ucr unset "${unset[@]}" } ucr_reset \ auth/faillog \ auth/faillog/lock_global \ auth/faillog/limit \ sshd/challengeresponse \ sshd/passwordauthentication /etc/init.d/ssh restart rm -f "$fake_passwd" "$passwd" exit $RETURNCODE