libpam-python-pgsql/test.Dockerfile-buster at main · nilcons/libpam-python-pgsql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
FROM debian:buster

RUN apt-get update
RUN apt-get install -y pamtester libpam-python postgresql postgresql-client gosu db-util python-pygresql

RUN pg_ctlcluster 11 main start && \
        gosu postgres psql -c 'create database pamtest' postgres && \
        gosu postgres psql -c 'CREATE TABLE pamauth (username TEXT, pwd TEXT);' pamtest && \
        gosu postgres psql -c "INSERT INTO pamauth VALUES ('testuser', 'topsecret');" pamtest && \
        gosu postgres psql -c 'SELECT * FROM pamauth;' pamtest

RUN echo -n | db_load -T -t hash /etc/empty_fake_userdb.db
RUN echo auth optional pam_userdb.so crypt=none db=/etc/empty_fake_userdb > /etc/pam.d/pampypgsql && \
    echo auth requisite pam_python.so /usr/local/lib/pampypgsql.py db=pamtest dbuser=postgres table=pamauth usercolumn=username pwdcolumn=pwd >> /etc/pam.d/pampypgsql && \
    echo account requisite pam_permit.so >> /etc/pam.d/pampypgsql && \
    echo password requisite pam_deny.so >> /etc/pam.d/pampypgsql && \
    echo session requisite pam_permit.so >> /etc/pam.d/pampypgsql

COPY pampypgsql.py /usr/local/lib

ARG CACHEBUST=1

# good username and password succeeds
RUN /bin/bash -c "pg_ctlcluster 11 main start && gosu postgres pamtester pampypgsql testuser authenticate <<<topsecret"

# bad password fails
RUN /bin/bash -c "pg_ctlcluster 11 main start && gosu postgres pamtester pampypgsql testuser authenticate <<<badguy" 2>&1 | tee /dev/stderr | grep Authentication\ failure

# bad username fails
RUN /bin/bash -c "pg_ctlcluster 11 main start && gosu postgres pamtester pampypgsql nonexistent authenticate <<<badguy" 2>&1 | tee /dev/stderr | grep Authentication\ failure

# even with good passowrd
RUN /bin/bash -c "pg_ctlcluster 11 main start && gosu postgres pamtester pampypgsql nonexistent authenticate <<<topsecret" 2>&1 | tee /dev/stderr | grep Authentication\ failure