2  * Authentication tests for the pam-krb5 module with ticket cache.
4  * This test case includes all tests that require Kerberos to be configured, a
11  * Copyright 2011-2012, 2014
14  * SPDX-License-Identifier: BSD-3-clause or GPL-1+
17 #include <config.h>
36 check_authtok(pam_handle_t *pamh, const struct script_config *config,  in check_authtok()  argument
44     is_string(config->newpass, authtok, "...and it is correct");  in check_authtok()
51     struct script_config config;  in main()  local
57     memset(&config, 0, sizeof(config));  in main()
58     config.user = krbconf->username;  in main()
59     config.password = krbconf->password;  in main()
60     config.extra[0] = krbconf->userprinc;  in main()
63     kerberos_generate_conf(krbconf->realm);  in main()
68      * First test trying to change the password to something that's  in main()
73     config.newpass = newpass;  in main()
74     run_script("data/scripts/password/too-long", &config);  in main()
75     run_script("data/scripts/password/too-long-debug", &config);  in main()
77     /* Test use_authtok with an excessively long password. */  in main()
78     config.newpass = NULL;  in main()
79     config.authtok = newpass;  in main()
80     run_script("data/scripts/password/authtok-too-long", &config);  in main()
81     run_script("data/scripts/password/authtok-too-long-debug", &config);  in main()
88     config.authtok = NULL;  in main()
91     config.newpass = newpass;  in main()
92     run_script("data/scripts/password/basic", &config);  in main()
93     config.password = newpass;  in main()
94     config.newpass = krbconf->password;  in main()
95     run_script("data/scripts/password/basic-debug", &config);  in main()
97     /* Test prompt_principal with password change. */  in main()
98     config.password = krbconf->password;  in main()
99     config.newpass = newpass;  in main()
100     run_script("data/scripts/password/prompt-principal", &config);  in main()
102     /* Change the password back and test expose-account. */  in main()
103     config.password = newpass;  in main()
104     config.newpass = krbconf->password;  in main()
105     run_script("data/scripts/password/expose", &config);  in main()
108      * Test two banner settings by changing the password and then changing it  in main()
111     config.password = krbconf->password;  in main()
112     config.newpass = newpass;  in main()
113     run_script("data/scripts/password/banner", &config);  in main()
114     config.password = newpass;  in main()
115     config.newpass = krbconf->password;  in main()
116     run_script("data/scripts/password/no-banner", &config);  in main()
119     config.password = krbconf->password;  in main()
120     config.newpass = newpass;  in main()
121     run_script("data/scripts/password/banner-expose", &config);  in main()
122     config.password = newpass;  in main()
123     config.newpass = krbconf->password;  in main()
124     run_script("data/scripts/password/no-banner-expose", &config);  in main()
126     /* Test use_authtok. */  in main()
127     config.password = krbconf->password;  in main()
128     config.newpass = NULL;  in main()
129     config.authtok = newpass;  in main()
130     run_script("data/scripts/password/authtok", &config);  in main()
132     /* Test use_authtok with force_first_pass. */  in main()
133     config.password = NULL;  in main()
134     config.authtok = krbconf->password;  in main()
135     config.oldauthtok = newpass;  in main()
136     run_script("data/scripts/password/authtok-force", &config);  in main()
142     config.user = "root";  in main()
143     config.authtok = NULL;  in main()
144     config.oldauthtok = NULL;  in main()
145     config.password = "old-password";  in main()
146     config.newpass = "new-password";  in main()
147     config.callback = check_authtok;  in main()
148     run_script("data/scripts/password/ignore", &config);  in main()