From aeb22f78a42119ba75252039af555eb643545813 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 29 Aug 2010 15:39:08 +0000 Subject: [PATCH] Add simple automated tests for account lockout support git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24269 dc483132-0cff-0310-8789-dd5450dbe970 --- src/tests/Makefile.in | 1 + src/tests/t_lockout.py | 48 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 src/tests/t_lockout.py diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index df2c808cd..1cf25f19a 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -63,6 +63,7 @@ kdb_check: kdc.conf krb5.conf check-pytests:: $(RUNPYTEST) $(srcdir)/t_general.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_anonpkinit.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_lockout.py $(PYTESTFLAGS) clean:: $(RM) kdc.conf diff --git a/src/tests/t_lockout.py b/src/tests/t_lockout.py new file mode 100644 index 000000000..3d08fbc56 --- /dev/null +++ b/src/tests/t_lockout.py @@ -0,0 +1,48 @@ +# Copyright (C) 2010 by the Massachusetts Institute of Technology. +# All rights reserved. + +# Export of this software from the United States of America may +# require a specific license from the United States Government. +# It is the responsibility of any person or organization contemplating +# export to obtain such a license before exporting. +# +# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +# distribute this software and its documentation for any purpose and +# without fee is hereby granted, provided that the above copyright +# notice appear in all copies and that both that copyright notice and +# this permission notice appear in supporting documentation, and that +# the name of M.I.T. not be used in advertising or publicity pertaining +# to distribution of the software without specific, written prior +# permission. Furthermore if you modify this software you must label +# your software as modified software and not distribute it in such a +# fashion that it might be confused with the original M.I.T. software. +# M.I.T. makes no representations about the suitability of +# this software for any purpose. It is provided "as is" without express +# or implied warranty. + +#!/usr/bin/python +from k5test import * + +realm = K5Realm(create_host=False) + +realm.run_kadminl('addpol -maxfailure 2 -failurecountinterval 5m lockout') +realm.run_kadminl('modprinc +requires_preauth -policy lockout user') + +# kinit twice with the wrong password. +output = realm.run_as_client([kinit, realm.user_princ], input='wrong\n', + expected_code=1) +if 'Password incorrect while getting initial credentials' not in output: + fail('Expected error message not seen in kinit output') +output = realm.run_as_client([kinit, realm.user_princ], input='wrong\n', + expected_code=1) +if 'Password incorrect while getting initial credentials' not in output: + fail('Expected error message not seen in kinit output') + +# Now the account should be locked out. +output = realm.run_as_client([kinit, realm.user_princ], expected_code=1) +if 'Clients credentials have been revoked while getting initial credentials' \ + not in output: + fail('Expected lockout error message not seen in kinit output') + +success('Account lockout.') + -- 2.26.2