diff options
| author | Jan Pazdziora <jpazdziora@redhat.com> | 2022-01-21 21:01:08 +0100 |
|---|---|---|
| committer | Jan Pazdziora <jpazdziora@redhat.com> | 2022-01-21 21:01:42 +0100 |
| commit | 7b12978039208e4c59c294baeee877b4d122d747 (patch) | |
| tree | 12be451ea016e61bd94f4151592a60e91a19d7fb /tests | |
| parent | afc59eba4abb2f05bd935b585b60ee2aa4cf2115 (diff) | |
| download | mod_authnz_pam-7b12978039208e4c59c294baeee877b4d122d747.tar.gz mod_authnz_pam-7b12978039208e4c59c294baeee877b4d122d747.tar.xz mod_authnz_pam-7b12978039208e4c59c294baeee877b4d122d747.zip | |
Add testing of AuthPAMExpiredRedirect, using pam_unix and sp_max in shadow.
The chmod g+r /etc/shadow approach is obviously only for testing.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/auth.conf | 19 | ||||
| -rwxr-xr-x | tests/config.sh | 5 | ||||
| -rw-r--r-- | tests/pam-webl | 2 | ||||
| -rwxr-xr-x | tests/run.sh | 11 |
4 files changed, 37 insertions, 0 deletions
diff --git a/tests/auth.conf b/tests/auth.conf index 481db08..1e41de9 100644 --- a/tests/auth.conf +++ b/tests/auth.conf @@ -35,3 +35,22 @@ ScriptAlias /authnp2 /var/www/cgi-bin/auth.cgi AuthPAMService web Require pam-account web2 </LocationMatch> + +ScriptAlias /authnp3 /var/www/cgi-bin/auth.cgi +<LocationMatch ^/authnp3> + AuthType Basic + AuthName "private area" + AuthBasicProvider PAM + AuthPAMService webl + Require pam-account webl +</LocationMatch> + +ScriptAlias /authnp4 /var/www/cgi-bin/auth.cgi +<LocationMatch ^/authnp4> + AuthType Basic + AuthName "private area" + AuthBasicProvider PAM + AuthPAMService webl + AuthPAMExpiredRedirect http://localhost/fix-password + Require pam-account webl +</LocationMatch> diff --git a/tests/config.sh b/tests/config.sh index 131767e..255c0dd 100755 --- a/tests/config.sh +++ b/tests/config.sh @@ -11,6 +11,7 @@ cp -p tests/auth.cgi /var/www/cgi-bin/auth.cgi cp -p tests/pam-exec /usr/bin/pam-exec cp tests/pam-web /etc/pam.d/web cp tests/pam-web /etc/pam.d/web2 +cp tests/pam-webl /etc/pam.d/webl chmod a+x /var/log/httpd touch /var/log/httpd/pam_exec.log chown apache /var/log/httpd/pam_exec.log @@ -19,3 +20,7 @@ if rpm -ql httpd | grep mod_authn_socache ; then cat tests/auth-socache.conf >> /etc/httpd/conf.d/auth.conf fi htpasswd -bc /etc/htpasswd alice Tajnost +useradd user1 +echo user1:heslo1 | chpasswd +chgrp apache /etc/shadow +chmod g+r /etc/shadow diff --git a/tests/pam-webl b/tests/pam-webl new file mode 100644 index 0000000..7ae90c8 --- /dev/null +++ b/tests/pam-webl @@ -0,0 +1,2 @@ +auth sufficient pam_unix.so +account required pam_unix.so diff --git a/tests/run.sh b/tests/run.sh index 521652e..ed51b6f 100755 --- a/tests/run.sh +++ b/tests/run.sh @@ -49,6 +49,17 @@ next_log | grep 'account .bob. ok' | wc -l | grep '^2$' echo Secret2 > /etc/pam-auth/bob curl -u bob:Secret -s -D /dev/stdout -o /dev/null http://localhost/authn | tee /dev/stderr | grep 401 +curl -u userx:heslox -s http://localhost/authnp3 | tee /dev/stderr | grep 401 +curl -u user1:heslox -s http://localhost/authnp3 | tee /dev/stderr | grep 401 +curl -u user1:heslo1 -s http://localhost/authnp3 | tee /dev/stderr | grep 'User user1' +curl -u user1:heslo1 -s http://localhost/authnp4 | tee /dev/stderr | grep 'User user1' +chage -d $(date -d -2days +%Y-%m-%d) -M 1 user1 +curl -u user1:heslo1 -s http://localhost/authnp3 | tee /dev/stderr | grep 401 +curl -i -u user1:heslo1 -s http://localhost/authnp4 | tee /dev/stderr | grep 'Location: http://localhost/fix-password' +chage -d $(date -d -2days +%Y-%m-%d) -M 3 user1 +curl -u user1:heslo1 -s http://localhost/authnp3 | tee /dev/stderr | grep 'User user1' +curl -u user1:heslo1 -s http://localhost/authnp4 | tee /dev/stderr | grep 'User user1' + if rpm -ql httpd | grep mod_authn_socache ; then echo "Testing AuthBasicProvider socache PAM + AuthnCacheProvideFor PAM" rm /etc/pam-account/bob |