···
-
import ./make-test.nix ({ pkgs, lib, ...} :
unlines = lib.concatStringsSep "\n";
···
client1 = mkClient true; # use nss_pam_ldapd
client2 = mkClient false; # use nss_ldap and pam_ldap
-
$server->waitForUnit("default.target");
-
subtest "auth as database admin with SASL and check a POSIX account", sub {
-
$server->succeed(join ' ', 'test',
-
'"$(ldapsearch -LLL -H ldapi:// -Y EXTERNAL',
-
'-b \'uid=${ldapUser},ou=accounts,ou=posix,${dbSuffix}\' ',
-
'sed -ne \'s/^uidNumber: \\(.*\\)/\\1/p\' ',
-
')" -eq ${toString ldapUserId}');
-
subtest "auth as database admin with password and check a POSIX account", sub {
-
$server->succeed(join ' ', 'test',
-
'"$(ldapsearch -LLL -H ldap://server',
-
'-D \'cn=admin,${dbSuffix}\' -w \'${dbAdminPwd}\' ',
-
'-b \'uid=${ldapUser},ou=accounts,ou=posix,${dbSuffix}\' ',
-
'sed -ne \'s/^uidNumber: \\(.*\\)/\\1/p\' ',
-
')" -eq ${toString ldapUserId}');
-
$client1->waitForUnit("default.target");
-
subtest "password", sub {
-
subtest "su with password to a POSIX account", sub {
-
$client1->succeed("${pkgs.expect}/bin/expect -c '" . join ';',
-
'spawn su "${ldapUser}"',
-
'send "${ldapUserPwd}\n"',
-
'expect -ex "${ldapUser}" {exit}',
-
subtest "change password of a POSIX account as root", sub {
-
$client1->succeed("chpasswd <<<'${ldapUser}:new-password'");
-
$client1->succeed("${pkgs.expect}/bin/expect -c '" . join ';',
-
'spawn su "${ldapUser}"',
-
'send "new-password\n"',
-
'expect -ex "${ldapUser}" {exit}',
-
$client1->succeed('chpasswd <<<\'${ldapUser}:${ldapUserPwd}\' ');
-
subtest "change password of a POSIX account from itself", sub {
-
$client1->succeed('chpasswd <<<\'${ldapUser}:${ldapUserPwd}\' ');
-
$client1->succeed("${pkgs.expect}/bin/expect -c '" . join ';',
-
'spawn su --login ${ldapUser} -c passwd',
-
'send "${ldapUserPwd}\n"',
-
'expect "(current) UNIX password: "',
-
'send "${ldapUserPwd}\n"',
-
'expect "New password: "',
-
'send "new-password\n"',
-
'expect "Retype new password: "',
-
'send "new-password\n"',
-
'expect "passwd: password updated successfully" {exit}',
-
$client1->succeed("${pkgs.expect}/bin/expect -c '" . join ';',
-
'spawn su "${ldapUser}"',
-
'send "${ldapUserPwd}\n"',
-
'expect "su: Authentication failure" {exit}',
-
$client1->succeed("${pkgs.expect}/bin/expect -c '" . join ';',
-
'spawn su "${ldapUser}"',
-
'send "new-password\n"',
-
'expect -ex "${ldapUser}" {exit}',
-
$client1->succeed('chpasswd <<<\'${ldapUser}:${ldapUserPwd}\' ');
-
$client2->waitForUnit("default.target");
-
$client1->succeed("test \"\$(id -u '${ldapUser}')\" -eq ${toString ldapUserId}");
-
$client1->succeed("test \"\$(id -u -n '${ldapUser}')\" = '${ldapUser}'");
-
$client1->succeed("test \"\$(id -g '${ldapUser}')\" -eq ${toString ldapGroupId}");
-
$client1->succeed("test \"\$(id -g -n '${ldapUser}')\" = '${ldapGroup}'");
-
$client2->succeed("test \"\$(id -u '${ldapUser}')\" -eq ${toString ldapUserId}");
-
$client2->succeed("test \"\$(id -u -n '${ldapUser}')\" = '${ldapUser}'");
-
$client2->succeed("test \"\$(id -g '${ldapUser}')\" -eq ${toString ldapGroupId}");
-
$client2->succeed("test \"\$(id -g -n '${ldapUser}')\" = '${ldapGroup}'");
-
$client1->succeed("echo ${ldapUserPwd} | su -l '${ldapUser}' -c true");
-
$client2->succeed("echo ${ldapUserPwd} | su -l '${ldapUser}' -c true");
···
+
import ./make-test-python.nix ({ pkgs, lib, ...} :
unlines = lib.concatStringsSep "\n";
···
client1 = mkClient true; # use nss_pam_ldapd
client2 = mkClient false; # use nss_ldap and pam_ldap
+
def expect_script(*commands):
+
script = ";".join(commands)
+
return f"${pkgs.expect}/bin/expect -c '{script}'"
+
server.wait_for_unit("default.target")
+
with subtest("slapd: auth as database admin with SASL and check a POSIX account"):
+
'test "$(ldapsearch -LLL -H ldapi:// -Y EXTERNAL '
+
+ "-b 'uid=${ldapUser},ou=accounts,ou=posix,${dbSuffix}' "
+
+ "-s base uidNumber | "
+
+ "sed -ne 's/^uidNumber: \\(.*\\)/\\1/p')\" -eq ${toString ldapUserId}"
+
with subtest("slapd: auth as database admin with password and check a POSIX account"):
+
"test \"$(ldapsearch -LLL -H ldap://server -D 'cn=admin,${dbSuffix}' "
+
+ "-w '${dbAdminPwd}' -b 'uid=${ldapUser},ou=accounts,ou=posix,${dbSuffix}' "
+
+ "-s base uidNumber | "
+
+ "sed -ne 's/^uidNumber: \\(.*\\)/\\1/p')\" -eq ${toString ldapUserId}"
+
client1.wait_for_unit("default.target")
+
with subtest("password: su with password to a POSIX account"):
+
'spawn su "${ldapUser}"',
+
'send "${ldapUserPwd}\n"',
+
'expect -ex "${ldapUser}" {exit}',
+
with subtest("password: change password of a POSIX account as root"):
+
"chpasswd <<<'${ldapUser}:new-password'",
+
'spawn su "${ldapUser}"',
+
'send "new-password\n"',
+
'expect -ex "${ldapUser}" {exit}',
+
"chpasswd <<<'${ldapUser}:${ldapUserPwd}'",
+
with subtest("password: change password of a POSIX account from itself"):
+
"chpasswd <<<'${ldapUser}:${ldapUserPwd}' ",
+
"spawn su --login ${ldapUser} -c passwd",
+
'send "${ldapUserPwd}\n"',
+
'expect "(current) UNIX password: "',
+
'send "${ldapUserPwd}\n"',
+
'expect "New password: "',
+
'send "new-password\n"',
+
'expect "Retype new password: "',
+
'send "new-password\n"',
+
'expect "passwd: password updated successfully" {exit}',
+
'spawn su "${ldapUser}"',
+
'send "${ldapUserPwd}\n"',
+
'expect "su: Authentication failure" {exit}',
+
'spawn su "${ldapUser}"',
+
'send "new-password\n"',
+
'expect -ex "${ldapUser}" {exit}',
+
"chpasswd <<<'${ldapUser}:${ldapUserPwd}'",
+
client2.wait_for_unit("default.target")
+
"test \"$(id -u '${ldapUser}')\" -eq ${toString ldapUserId}",
+
"test \"$(id -u -n '${ldapUser}')\" = '${ldapUser}'",
+
"test \"$(id -g '${ldapUser}')\" -eq ${toString ldapGroupId}",
+
"test \"$(id -g -n '${ldapUser}')\" = '${ldapGroup}'",
+
"test \"$(id -u '${ldapUser}')\" -eq ${toString ldapUserId}",
+
"test \"$(id -u -n '${ldapUser}')\" = '${ldapUser}'",
+
"test \"$(id -g '${ldapUser}')\" -eq ${toString ldapGroupId}",
+
"test \"$(id -g -n '${ldapUser}')\" = '${ldapGroup}'",
+
"echo ${ldapUserPwd} | su -l '${ldapUser}' -c true",
+
"echo ${ldapUserPwd} | su -l '${ldapUser}' -c true",
pyrox.dev