|
34 |
|
34 |
|
35 |
echo "----initial connection" |
35 |
echo "----initial connection" |
36 |
#wait for the user to be created |
36 |
#wait for the user to be created |
|
|
37 |
max_i=10 |
38 |
delta_t=1 |
37 |
i=0 |
39 |
i=0 |
38 |
while ! ldbsearch -U "$username%$first_password" -H ldap://localhost "samaccountname=$username" dn 2>&1 | grep -q '^dn:' |
40 |
while ! ldbsearch -U "$username%$first_password" -H ldap://localhost "sAMAccountName=$username" userPrincipalName 2>&1 | grep -q '^userPrincipalName:' |
39 |
do |
41 |
do |
40 |
let i="$i"+1 |
42 |
let i="$i"+1 |
41 |
if [ "$i" = 10 ]; then |
43 |
if [ "$i" = "$max_i" ]; then |
42 |
fail_fast 1 "Could not authenticate against samba." |
44 |
fail_fast 1 "User not replicated to samba directory within $max_i seconds." |
43 |
fi |
45 |
fi |
44 |
sleep 1 |
46 |
sleep "$delta_t" |
45 |
done |
47 |
done |
|
|
48 |
echo "User replicated from UDM to Samba after waiting about $(($i * $delta_t)) seconds." |
46 |
|
49 |
|
|
|
50 |
max_i=10 |
51 |
delta_t=1 |
47 |
i=0 |
52 |
i=0 |
48 |
while ! echo "$first_password" | kinit --password-file=STDIN "$username" > /dev/null |
53 |
while ! command_output=$(echo "$first_password" | kinit --password-file=STDIN "$username" 2>&1) |
49 |
do |
54 |
do |
50 |
let i="$i"+1 |
55 |
let i="$i"+1 |
51 |
if [ "$i" = 10 ]; then |
56 |
if [ "$i" = "$max_i" ]; then |
52 |
fail_test 1 "Could not authenticate against kinit." |
57 |
fail_test 1 "Could not authenticate against kinit. Last command output:" |
|
|
58 |
echo "$command_output" |
53 |
break |
59 |
break |
54 |
fi |
60 |
fi |
55 |
sleep 2 |
61 |
sleep "$delta_t" |
56 |
done |
62 |
done |
|
|
63 |
echo "Authentication against kinit succeeded at attempt $((i+1))." |
57 |
|
64 |
|
58 |
USER_DN=$(/usr/sbin/univention-directory-manager users/user list --filter uid="$username" | sed -ne 's/^DN: //p') |
65 |
USER_DN=$(/usr/sbin/univention-directory-manager users/user list --filter uid="$username" | sed -ne 's/^DN: //p') |
59 |
|
66 |
|
|
64 |
samba-tool user setpassword "$username" --newpassword="$second_password" |
71 |
samba-tool user setpassword "$username" --newpassword="$second_password" |
65 |
|
72 |
|
66 |
## first check trivial case: Samba4 password must work |
73 |
## first check trivial case: Samba4 password must work |
|
|
74 |
max_i=10 |
75 |
delta_t=1 |
67 |
i=0 |
76 |
i=0 |
68 |
while ! ldbsearch -U "$username%$second_password" -H ldap://localhost "samaccountname=$username" dn 2>&1 | grep -q '^dn:' |
77 |
while ! ldbsearch -U "$username%$second_password" -H ldap://localhost "sAMAccountName=$username" dn 2>&1 | grep -q '^dn:' |
69 |
do |
78 |
do |
70 |
let i="$i"+1 |
79 |
let i="$i"+1 |
71 |
if [ "$i" = 10 ]; then |
80 |
if [ "$i" = "$max_i" ]; then |
72 |
fail_test 1 "Could not authenticate against samba after password change with samba." |
81 |
fail_test 1 "Could not authenticate against samba after password change with samba." |
73 |
break |
82 |
break |
74 |
fi |
83 |
fi |
75 |
sleep 1 |
84 |
sleep "$delta_t" |
76 |
done |
85 |
done |
|
|
86 |
if [ "$i" -ne 0 ]; then |
87 |
echo -n "WARNING: " |
88 |
fi |
89 |
echo "Authentication against samba after password change with samba succeeded at attempt $((i+1))." |
77 |
|
90 |
|
78 |
## second check complex case: UDM password must work after replication |
91 |
## second check complex case: UDM password must work after replication |
|
|
92 |
max_i=15 |
93 |
delta_t=2 |
79 |
i=0 |
94 |
i=0 |
80 |
while ! output="$(univention-ldapsearch -x -D "$USER_DN" -w "$second_password" 2>&1 )" |
95 |
while ! output="$(univention-ldapsearch -x -D "$USER_DN" -w "$second_password" 2>&1 )" |
81 |
do |
96 |
do |
82 |
let i="$i"+1 |
97 |
let i="$i"+1 |
83 |
if [ "$i" = 15 ]; then |
98 |
if [ "$i" = "$max_i" ]; then |
84 |
echo "$output" |
99 |
echo "$output" |
85 |
fail_test 1 "Could not authenticate against UDM after password change with samba." |
100 |
fail_test 1 "Could not authenticate against LDAP after password change with samba after $i attempts." |
86 |
break |
101 |
break |
87 |
fi |
102 |
fi |
88 |
sleep 2 |
103 |
sleep "$delta_t" |
89 |
done |
104 |
done |
|
|
105 |
echo "Authentication against LDAP after password change with samba succeeded at attempt $((i+1))." |
90 |
|
106 |
|
91 |
## cross check |
107 |
## cross check |
|
|
108 |
max_i=10 |
109 |
delta_t=1 |
92 |
i=0 |
110 |
i=0 |
93 |
while ! echo "$second_password" | kinit --password-file=STDIN "$username" > /dev/null |
111 |
while ! command_output=$(echo "$second_password" | kinit --password-file=STDIN "$username" 2>&1) |
94 |
do |
112 |
do |
95 |
let i="$i"+1 |
113 |
let i="$i"+1 |
96 |
if [ "$i" = 10 ]; then |
114 |
if [ "$i" = "$max_i" ]; then |
97 |
fail_test 1 "Could not authenticate against kinit after password change with samba." |
115 |
fail_test 1 "Could not authenticate against kinit after password change with samba after $i attempts." |
|
|
116 |
echo "$command_output" |
98 |
break |
117 |
break |
99 |
fi |
118 |
fi |
100 |
sleep 1 |
119 |
sleep "$delta_t" |
101 |
done |
120 |
done |
|
|
121 |
echo "Authentication against kinit after password change with samba succeeded at attempt $((i+1))." |
102 |
|
122 |
|
103 |
echo "----password change with udm" |
123 |
echo "----password change with udm" |
104 |
#----password change with udm |
124 |
#----password change with udm |
|
109 |
fi |
129 |
fi |
110 |
|
130 |
|
111 |
## first check trivial case: UDM password must work |
131 |
## first check trivial case: UDM password must work |
|
|
132 |
max_i=10 |
133 |
delta_t=1 |
112 |
i=0 |
134 |
i=0 |
113 |
while ! output="$(univention-ldapsearch -x -D "$USER_DN" -w "$third_password" 2>&1)" |
135 |
while ! output="$(univention-ldapsearch -x -D "$USER_DN" -w "$third_password" 2>&1)" |
114 |
do |
136 |
do |
115 |
let i="$i"+1 |
137 |
let i="$i"+1 |
116 |
if [ "$i" = 10 ]; then |
138 |
if [ "$i" = "$max_i" ]; then |
117 |
echo "$output" |
139 |
echo "$output" |
118 |
fail_test 1 "Could not authenticate against UDM after password change with UDM." |
140 |
fail_test 1 "Could not authenticate against LDAP after password change with UDM after $i attempts." |
119 |
break |
141 |
break |
120 |
fi |
142 |
fi |
121 |
sleep 1 |
143 |
sleep "$delta_t" |
122 |
done |
144 |
done |
|
|
145 |
if [ "$i" -ne 0 ]; then |
146 |
echo -n "WARNING: " |
147 |
fi |
148 |
echo "Authentication against LDAP after password change with UDM succeeded at attempt $((i+1))." |
123 |
|
149 |
|
124 |
## second check complex case: Samba4 password must work after replication |
150 |
## second check complex case: Samba4 password must work after replication |
|
|
151 |
max_i=15 |
152 |
delta_t=2 |
125 |
i=0 |
153 |
i=0 |
126 |
while ! ldbsearch -U "$username%$third_password" -H ldap://localhost "samaccountname=$username" dn 2>&1 | grep -q '^dn:' |
154 |
while ! ldbsearch -U "$username%$third_password" -H ldap://localhost "sAMAccountName=$username" dn 2>&1 | grep -q '^dn:' |
127 |
do |
155 |
do |
128 |
let i="$i"+1 |
156 |
let i="$i"+1 |
129 |
if [ "$i" = 15 ]; then |
157 |
if [ "$i" = "$max_i" ]; then |
130 |
fail_test 1 "Could not authenticate against samba after password change with UDM." |
158 |
fail_test 1 "Could not authenticate against samba after password change with UDM after $i attempts." |
131 |
break |
159 |
break |
132 |
fi |
160 |
fi |
133 |
sleep 2 |
161 |
sleep "$delta_t" |
134 |
done |
162 |
done |
|
|
163 |
echo "Authentication against samba after password change with UDM succeeded at attempt $((i+1))." |
135 |
|
164 |
|
136 |
## cross check |
165 |
## cross check |
|
|
166 |
max_i=10 |
167 |
delta_t=1 |
137 |
i=0 |
168 |
i=0 |
138 |
while ! output="$(echo "$third_password" | kinit --password-file=STDIN "$username" 2>&1)" |
169 |
while ! output="$(echo "$third_password" | kinit --password-file=STDIN "$username" 2>&1)" |
139 |
do |
170 |
do |
140 |
let i="$i"+1 |
171 |
let i="$i"+1 |
141 |
if [ "$i" = 10 ]; then |
172 |
if [ "$i" = "$max_i" ]; then |
142 |
echo "$output" |
173 |
echo "$output" |
143 |
fail_test 1 "Could not authenticate against kinit after password change with UDM." |
174 |
fail_test 1 "Could not authenticate against kinit after password change with UDM after $i attempts." |
144 |
break |
175 |
break |
145 |
fi |
176 |
fi |
146 |
sleep 1 |
177 |
sleep "$delta_t" |
147 |
done |
178 |
done |
|
|
179 |
echo "Authentication against kinit after password change with UDM succeeded at attempt $((i+1))." |
148 |
|
180 |
|
149 |
echo "----password change with kpasswd" |
181 |
echo "----password change with kpasswd" |
150 |
#----password change with kpassword |
182 |
#----password change with kpassword |
|
|
183 |
max_i=20 |
184 |
delta_t=5 |
151 |
i=0 |
185 |
i=0 |
152 |
while true |
186 |
while true |
153 |
do |
187 |
do |
154 |
## in case passwort is not the default one |
188 |
retval="$(python kpasswd_change_pwd.py -u "$username" -n "$fourth_password" -p "$third_password")" |
155 |
if [ $(univention-config-registry get server/role) = "domaincontroller_master" -a -e /root/root.secret ];then |
|
|
156 |
echo "Found /root/root.secret, using that secret for Administrator access" |
157 |
ADMINISTRATOR_PASSWORD="$(cat /root/root.secret)" |
158 |
fi |
159 |
|
160 |
retval="$(python kpasswd_change_pwd.py -u "$username" -r "$ADMINISTRATOR_PASSWORD" -n "$fourth_password" -p "$third_password" -a "$ADMINISTRATOR_USER")" |
161 |
echo "$retval" | grep "nSoft" || break |
189 |
echo "$retval" | grep "nSoft" || break |
162 |
let i="$i"+1 |
190 |
let i="$i"+1 |
163 |
if [ "$i" = 20 ]; then |
191 |
if [ "$i" = "$max_i" ]; then |
164 |
echo "Password change with kpasswd: Soft error." |
192 |
echo "Password change with kpasswd: Soft error." |
165 |
break |
193 |
break |
166 |
fi |
194 |
fi |
167 |
sleep 5 |
195 |
sleep "$delta_t" |
168 |
done |
196 |
done |
169 |
|
197 |
|
170 |
## first check trivial case: Samba4 password must work |
198 |
## first check trivial case: Samba4 password must work |
|
|
199 |
max_i=10 |
200 |
delta_t=1 |
171 |
i=0 |
201 |
i=0 |
172 |
while ! ldbsearch -U "$username%$fourth_password" -H ldap://localhost "samaccountname=$username" dn 2>&1 | grep -q '^dn:' |
202 |
while ! ldbsearch -U "$username%$fourth_password" -H ldap://localhost "sAMAccountName=$username" dn 2>&1 | grep -q '^dn:' |
173 |
do |
203 |
do |
174 |
let i=$i+1 |
204 |
let i=$i+1 |
175 |
if [ "$i" = 10 ]; then |
205 |
if [ "$i" = "$max_i" ]; then |
176 |
fail_test 1 "Could not authenticate against samba after password change with kpasswd." |
206 |
fail_test 1 "Could not authenticate against samba after password change with kpasswd after $i attempts." |
177 |
break |
207 |
break |
178 |
fi |
208 |
fi |
179 |
sleep 1 |
209 |
sleep "$delta_t" |
180 |
done |
210 |
done |
|
|
211 |
if [ "$i" -ne 0 ]; then |
212 |
echo -n "WARNING: " |
213 |
fi |
214 |
echo "Authentication against samba after password change with kpasswd succeeded at attempt $((i+1))." |
181 |
|
215 |
|
182 |
## second check complex case: UDM password must work after replication |
216 |
## second check complex case: UDM password must work after replication |
|
|
217 |
max_i=15 |
218 |
delta_t=2 |
183 |
i=0 |
219 |
i=0 |
184 |
while ! output="$(univention-ldapsearch -x -D "$USER_DN" -w "$fourth_password" 2>&1)" |
220 |
while ! output="$(univention-ldapsearch -x -D "$USER_DN" -w "$fourth_password" 2>&1)" |
185 |
do |
221 |
do |
186 |
let i="$i"+1 |
222 |
let i="$i"+1 |
187 |
if [ "$i" = 15 ]; then |
223 |
if [ "$i" = "$max_i" ]; then |
188 |
echo "$output" |
224 |
echo "$output" |
189 |
fail_test 1 "Could not authenticate against UDM after password change with kpasswd." |
225 |
fail_test 1 "Could not authenticate against UDM after password change with kpasswd after $i attempts." |
190 |
break |
226 |
break |
191 |
fi |
227 |
fi |
192 |
sleep 2 |
228 |
sleep "$delta_t" |
193 |
done |
229 |
done |
|
|
230 |
echo "Authentication against LDAP after password change with kpasswd succeeded at attempt $((i+1))." |
194 |
|
231 |
|
195 |
## cross check |
232 |
## cross check |
|
|
233 |
max_i=10 |
234 |
delta_t=1 |
196 |
i=0 |
235 |
i=0 |
197 |
while ! output="$(echo "$fourth_password" | kinit --password-file=STDIN "$username" 2>&1)" |
236 |
while ! output="$(echo "$fourth_password" | kinit --password-file=STDIN "$username" 2>&1)" |
198 |
do |
237 |
do |
199 |
let i="$i"+1 |
238 |
let i="$i"+1 |
200 |
if [ "$i" = 10 ]; then |
239 |
if [ "$i" = "$max_i" ]; then |
201 |
echo "$output" |
240 |
echo "$output" |
202 |
fail_test 1 "Could not authenticate against kinit after password change with kpasswd." |
241 |
fail_test 1 "Could not authenticate against kinit after password change with kpasswd after $i attempts." |
203 |
break |
242 |
break |
204 |
fi |
243 |
fi |
205 |
sleep 1 |
244 |
sleep "$delta_t" |
206 |
done |
245 |
done |
|
|
246 |
echo "Authentication against kinit after password change with kpasswd succeeded at attempt $((i+1))." |
207 |
|
247 |
|
208 |
exit $RETVAL |
248 |
exit $RETVAL |