From 454af0c5d5126e7e333280a4634162e85b0ecf88 Mon Sep 17 00:00:00 2001 From: "Brian C. Lane" Date: Thu, 31 Oct 2019 11:05:02 -0700 Subject: [PATCH] tests: Fix check_root_account when used with tar liveimg test passwd and openssh-clients need to be installed, and there is no need to use sudo when you are connecting to the system as root. --- tests/cli/lib/lib.sh | 15 +++++++++++---- tests/cli/test_compose_tar_kickstart.sh | 8 ++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/tests/cli/lib/lib.sh b/tests/cli/lib/lib.sh index 0ae77577..06df67a9 100755 --- a/tests/cli/lib/lib.sh +++ b/tests/cli/lib/lib.sh @@ -121,20 +121,27 @@ check_root_account() { return 1 fi + # If you are connected as root you do not need sudo + if [[ "$SSH_USER" == "root" ]]; then + SUDO="" + else + SUDO="sudo" + fi + if [ $ROOT_ACCOUNT_LOCKED == 0 ]; then - rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"sudo passwd --status root | grep -E '^root\s+NP?'\"" \ + rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"$SUDO passwd --status root | grep -E '^root\s+NP?'\"" \ 0 "Password for root account in /etc/shadow is empty" else # ssh returns 255 in case of any ssh error, so it's better to grep the specific error message rlRun -t -c "ssh $SSH_OPTS -o PubkeyAuthentication=no root@${SSH_MACHINE} 2>&1 | grep -i 'permission denied ('" \ 0 "Can't ssh to '$SSH_MACHINE' as root using password-based auth" - rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"sudo passwd --status root | grep -E '^root\s+LK?'\"" \ + rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"$SUDO passwd --status root | grep -E '^root\s+LK?'\"" \ 0 "root account is disabled in /etc/shadow" - rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"sudo grep 'USER_LOGIN.*acct=\\\"root\\\".*terminal=ssh.*res=failed' /var/log/audit/audit.log\"" \ + rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} \"$SUDO grep 'USER_LOGIN.*acct=\\\"root\\\".*terminal=ssh.*res=failed' /var/log/audit/audit.log\"" \ 0 "audit.log contains entry about unsuccessful root login" # We modify the default sshd settings on live ISO, so we can only check the default empty password setting # outside of live ISO - rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} 'sudo grep -E \"^[[:blank:]]*PermitEmptyPasswords[[:blank:]]*yes\" /etc/ssh/sshd_config'" 1 \ + rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} '$SUDO grep -E \"^[[:blank:]]*PermitEmptyPasswords[[:blank:]]*yes\" /etc/ssh/sshd_config'" 1 \ "Login with empty passwords is disabled in sshd config file" fi rlRun -t -c "ssh $SSH_OPTS ${SSH_USER}@${SSH_MACHINE} 'cat /etc/redhat-release'" diff --git a/tests/cli/test_compose_tar_kickstart.sh b/tests/cli/test_compose_tar_kickstart.sh index 23dddad1..eda8fd1d 100755 --- a/tests/cli/test_compose_tar_kickstart.sh +++ b/tests/cli/test_compose_tar_kickstart.sh @@ -43,6 +43,14 @@ version = "*" name = "openssh-server" version = "*" +[[packages]] +name = "openssh-clients" +version = "*" + +[[packages]] +name = "passwd" +version = "*" + [[customizations.user]] name = "root" key = "$PUB_KEY"