rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

remove tests directory

Browse Source
This commit is contained in:
Miluse Bezo Konecna 2024-08-06 14:09:01 +02:00
parent ba81972425
commit acc18112a5
8 changed files with 0 additions and 577 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
tests/pam_ssh_agent_auth/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/openssh/Sanity/pam_ssh_agent_auth
# Description: This is a basic sanity test for pam_ssh_agent_auth
# Author: Jakub Jelen <jjelen@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2015 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/openssh/Sanity/pam_ssh_agent_auth
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE pam_save_ssh_var.c
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
-include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Jakub Jelen <jjelen@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: This is basic sanity test for pam_ssh_agent_auth" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: openssh" >> $(METADATA)
@echo "Requires: openssh pam_ssh_agent_auth pam-devel expect" >> $(METADATA)
@echo "RhtsRequires: library(distribution/fips)" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

7
tests/pam_ssh_agent_auth/PURPOSE
View File

@ -1,7 +0,0 @@
PURPOSE of /CoreOS/openssh/Sanity/pam_ssh_agent_auth
Description: This is basic sanity test for pam_ssh_agent_auth
Author: Jakub Jelen <jjelen@redhat.com>
Created as a response to rhbz#1251777 and previous one rhbz#1225106.
The code of pam module is outdated and compiled with current openssh
version which went through quite enough refactoring.

73
tests/pam_ssh_agent_auth/pam_save_ssh_var.c
View File

@ -1,73 +0,0 @@
/*
This simple pam module saves the content of SSH_USER_AUTH variable to /tmp/SSH_USER_AUTH
file.
Setup:
- gcc -fPIC -DPIC -shared -rdynamic -o pam_save_ssh_var.o pam_save_ssh_var.c
- copy pam_save_ssh_var.o to /lib/security resp. /lib64/security
- add to /etc/pam.d/sshd
auth requisite pam_save_ssh_var.o
*/
/* Define which PAM interfaces we provide */
#define PAM_SM_ACCOUNT
#define PAM_SM_AUTH
#define PAM_SM_PASSWORD
#define PAM_SM_SESSION
/* Include PAM headers */
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <stdlib.h>
#include <stdio.h>
int save_ssh_var(pam_handle_t *pamh, const char *phase) {
FILE *fp;
const char *var;
fp = fopen("/tmp/SSH_USER_AUTH","a");
fprintf(fp, "BEGIN (%s)\n", phase);
var = pam_getenv(pamh, "SSH_USER_AUTH");
if (var != NULL) {
fprintf(fp, "SSH_USER_AUTH: '%s'\n", var);
}
fprintf(fp, "END (%s)\n", phase);
fclose(fp);
return 0;
}
/* PAM entry point for session creation */
int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return(PAM_IGNORE);
}
/* PAM entry point for session cleanup */
int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return(PAM_IGNORE);
}
/* PAM entry point for accounting */
int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return(PAM_IGNORE);
}
/* PAM entry point for authentication verification */
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
save_ssh_var(pamh, "auth");
return(PAM_IGNORE);
}
/*
PAM entry point for setting user credentials (that is, to actually
establish the authenticated user's credentials to the service provider)
*/
int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return(PAM_IGNORE);
}
/* PAM entry point for authentication token (password) changes */
int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return(PAM_IGNORE);
}

184
tests/pam_ssh_agent_auth/runtest.sh
View File

@ -1,184 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/openssh/Sanity/pam_ssh_agent_auth
# Description: This is a basic sanity test for pam_ssh_agent_auth
# Author: Jakub Jelen <jjelen@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2015 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="openssh"
PAM_SUDO="/etc/pam.d/sudo"
PAM_SSHD="/etc/pam.d/sshd"
PAM_MODULE="pam_save_ssh_var"
SUDOERS_CFG="/etc/sudoers.d/01_pam_ssh_auth"
SSHD_CFG="/etc/ssh/sshd_config"
USER="testuser$RANDOM"
PASS="testpassxy4re.3298fhdsaf"
AUTH_KEYS="/etc/security/authorized_keys"
AK_COMMAND_BIN="/root/ak.sh"
AK_COMMAND_KEYS="/root/akeys"
declare -a KEYS=("rsa" "ecdsa")
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlAssertRpm pam_ssh_agent_auth
rlImport distribution/fips
rlServiceStart sshd
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "cp ${PAM_MODULE}.c $TmpDir/"
rlRun "pushd $TmpDir"
rlFileBackup --clean $PAM_SUDO /etc/sudoers /etc/sudoers.d/ /etc/security/ $AUTH_KEYS
rlRun "sed -i '1 a\
auth sufficient pam_ssh_agent_auth.so file=$AUTH_KEYS' $PAM_SUDO"
rlRun "echo 'Defaults env_keep += \"SSH_AUTH_SOCK\"' > $SUDOERS_CFG"
rlRun "echo 'Defaults !requiretty' >> $SUDOERS_CFG"
grep '^%wheel' /etc/sudoers || \
rlRun "echo '%wheel ALL=(ALL) ALL' >> $SUDOERS_CFG"
rlRun "useradd $USER -G wheel"
rlRun "echo $PASS |passwd --stdin $USER"
rlPhaseEnd
if ! fipsIsEnabled; then
KEYS+=("dsa")
fi
for KEY in "${KEYS[@]}"; do
rlPhaseStartTest "Test with key type $KEY"
rlRun "su $USER -c 'ssh-keygen -t $KEY -f ~/.ssh/my_id_$KEY -N \"\"'" 0
# Without authorized_keys, the authentication should fail
rlRun -s "su $USER -c 'eval \`ssh-agent\`; sudo id; ssh-agent -k'" 0
rlAssertNotGrep "uid=0(root) gid=0(root)" $rlRun_LOG
# Append the keys only to make sure we can match also the non-first line
rlRun "cat ~$USER/.ssh/my_id_${KEY}.pub >> $AUTH_KEYS"
rlRun -s "su $USER -c 'eval \`ssh-agent\`; ssh-add ~/.ssh/my_id_$KEY; sudo id; ssh-agent -k'"
rlAssertGrep "uid=0(root) gid=0(root)" $rlRun_LOG
rlPhaseEnd
done
if rlIsRHEL '<6.8' || ( rlIsRHEL '<7.3' && rlIsRHEL 7 ) ; then
: # not available
else
rlPhaseStartSetup "Setup for authorized_keys_command"
rlFileBackup --namespace ak_command $PAM_SUDO
rlRun "rm -f $AUTH_KEYS"
cat >$AK_COMMAND_BIN <<_EOF
#!/bin/bash
cat $AK_COMMAND_KEYS
_EOF
rlRun "chmod +x $AK_COMMAND_BIN"
rlRun "sed -i 's|.*pam_ssh_agent_auth.*|auth sufficient pam_ssh_agent_auth.so authorized_keys_command=$AK_COMMAND_BIN authorized_keys_command_user=root|' $PAM_SUDO"
rlRun "cat $PAM_SUDO"
rlPhaseEnd
for KEY in "${KEYS[@]}"; do
rlPhaseStartTest "Test authorized_keys_command with key type $KEY (bz1299555, bz1317858)"
rlRun "cat ~$USER/.ssh/my_id_${KEY}.pub >$AK_COMMAND_KEYS"
rlRun -s "su $USER -c 'eval \`ssh-agent\`; ssh-add ~/.ssh/my_id_$KEY; sudo id; ssh-agent -k'"
rlAssertGrep "uid=0(root) gid=0(root)" $rlRun_LOG
rlPhaseEnd
done
rlPhaseStartCleanup "Cleanup for authorized_keys_command"
rlFileRestore --namespace ak_command
rlRun "rm -f $AK_COMMAND_BIN $AK_COMMAND_KEYS"
rlPhaseEnd
fi
if rlIsRHEL '>=7.3'; then # not in Fedora anymore
rlPhaseStartTest "bz1312304 - Exposing information about succesful auth"
rlRun "rlFileBackup --namespace exposing $PAM_SSHD"
rlRun "rlFileBackup --namespace exposing $SSHD_CFG"
rlRun "rlFileBackup --namespace exposing /root/.ssh/"
rlRun "rm -f ~/.ssh/id_rsa*"
rlRun "ssh-keygen -f ~/.ssh/id_rsa -N \"\"" 0
rlRun "ssh-keyscan localhost >~/.ssh/known_hosts" 0
USER_AK_FILE=~$USER/.ssh/authorized_keys
rlRun "cat ~/.ssh/id_rsa.pub >$USER_AK_FILE"
rlRun "chown $USER:$USER $USER_AK_FILE"
rlRun "chmod 0600 $USER_AK_FILE"
rlRun "gcc -fPIC -DPIC -shared -rdynamic -o $PAM_MODULE.o $PAM_MODULE.c"
rlRun "test -d /lib64/security && cp $PAM_MODULE.o /lib64/security/" 0,1
rlRun "test -d /lib/security && cp $PAM_MODULE.o /lib/security/" 0,1
rlRun "sed -i '1 i auth optional $PAM_MODULE.o' $PAM_SSHD"
# pam-and-env should expose information to both PAM and environmental variable;
# we will be testing only env variable here for the time being,
rlRun "echo 'ExposeAuthenticationMethods pam-and-env' >>$SSHD_CFG"
rlRun "sed -i '/^ChallengeResponseAuthentication/ d' $SSHD_CFG"
rlRun "service sshd restart"
rlWaitForSocket 22 -t 5
rlRun -s "ssh -i ~/.ssh/id_rsa $USER@localhost \"env|grep SSH_USER_AUTH\"" 0 \
"Environment variable SSH_USER_AUTH is set"
rlAssertGrep "^SSH_USER_AUTH=publickey:" $rlRun_LOG
rlRun "rm -f $rlRun_LOG"
# pam-only should expose information only to PAM and not to environment variable
rlRun "sed -i 's/pam-and-env/pam-only/' $SSHD_CFG"
rlRun "echo 'AuthenticationMethods publickey,keyboard-interactive:pam' >>$SSHD_CFG"
rlRun "service sshd restart"
rlWaitForSocket 22 -t 5
ssh_with_pass() {
ssh_args=("-i /root/.ssh/id_rsa")
ssh_args+=("$USER@localhost")
cat >ssh.exp <<_EOF
#!/usr/bin/expect -f
set timeout 5
spawn ssh ${ssh_args[*]} "echo CONNECTED; env|grep SSH_USER_AUTH"
expect {
-re {.*[Pp]assword.*} { send -- "$PASS\r"; exp_continue }
timeout { exit 1 }
eof { exit 0 }
}
_EOF
rlRun -s "expect -f ssh.exp"
}
#rlRun -s "ssh ${ssh_args[*]} \"echo CONNECTED; env|grep SSH_USER_AUTH\"" 1 \
#"Environment variable SSH_USER_AUTH is NOT set"
rlRun "ssh_with_pass"
rlRun "grep -q CONNECTED $rlRun_LOG" 0 "Connection was successful"
rlAssertGrep "^SSH_USER_AUTH: 'publickey:" /tmp/SSH_USER_AUTH
rlRun "cat /tmp/SSH_USER_AUTH"
rlRun "rm -f $rlRun_LOG /tmp/SSH_USER_AUTH"
for pm in /lib64/security/$PAM_MODULE.o /lib/security/$PAM_MODULE.o; do
rlRun "test -e $pm && rm -f $pm" 0,1
done
rlRun "rlFileRestore --namespace exposing"
rlPhaseEnd
fi
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlRun "userdel -fr $USER"
rlFileRestore
rlServiceRestore sshd
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

63
tests/port-forwarding/Makefile
View File

@ -1,63 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/openssh/Sanity/port-forwarding
# Description: Testing port forwarding (ideally all possibilities: -L, -R, -D)
# Author: Stanislav Zidek <szidek@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2015 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/openssh/Sanity/port-forwarding
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
-include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Stanislav Zidek <szidek@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Testing port forwarding (ideally all possibilities: -L, -R, -D)" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: openssh" >> $(METADATA)
@echo "Requires: openssh net-tools nc" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: yes" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/port-forwarding/PURPOSE
View File

@ -1,3 +0,0 @@
PURPOSE of /CoreOS/openssh/Sanity/port-forwarding
Description: Testing port forwarding (ideally all possibilities: -L, -R, -D)
Author: Stanislav Zidek <szidek@redhat.com>

152
tests/port-forwarding/runtest.sh
View File

@ -1,152 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/openssh/Sanity/port-forwarding
# Description: Testing port forwarding (ideally all possibilities: -L, -R, -D)
# Author: Stanislav Zidek <szidek@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2015 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="openssh"
USER="user$RANDOM"
FORWARDED=$((RANDOM % 100 + 6800))
LISTEN=$((RANDOM % 100 + 6900))
TIMEOUT=5
MESSAGE="HUGE_SUCCESS"
SSH_OPTIONS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlFileBackup /etc/ssh/sshd_config
rlRun "useradd -m $USER"
rlRun "su - $USER -c \"mkdir .ssh; chmod 700 .ssh; cd .ssh; ssh-keygen -N '' -f id_rsa; cat id_rsa.pub >authorized_keys; chmod 600 authorized_keys\""
rlRun "echo 'LogLevel DEBUG' >>/etc/ssh/sshd_config"
rlServiceStart sshd
rlRun "IP=\$( ip a |grep 'scope global' |grep -w inet |cut -d'/' -f1 |awk '{ print \$2 }' |tail -1 )"
rlRun "echo 'IP=$IP'"
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlPhaseEnd
forwarding_test() {
EXP_RESULT=$1
FORWARDED=$2
HOST=$3
LISTEN=$4
rlRun "nc -l $LISTEN &>listen.log &"
LISTEN_PID=$!
rlWaitForSocket $LISTEN -t $TIMEOUT
rlRun "ps -fp $LISTEN_PID"
rlRun "su - $USER -c \"ssh $SSH_OPTIONS -N -L $FORWARDED:$HOST:$LISTEN $USER@localhost &\" &>tunnel.log"
rlRun "ps -fC ssh"
rlRun "SSH_PID=\$( pgrep -n -u $USER ssh )"
rlRun "echo SSH_PID is '$SSH_PID'"
rlWaitForSocket $FORWARDED -t $TIMEOUT
rlRun "[[ -n '$SSH_PID' ]] && ps -fp $SSH_PID"
rlRun "echo '$MESSAGE'|nc localhost $FORWARDED" 0,1
if [[ $EXP_RESULT == "success" ]]; then
rlAssertGrep "$MESSAGE" listen.log
else # failure expected
rlAssertGrep "open failed" tunnel.log -i
rlAssertGrep "administratively prohibited" tunnel.log -i
rlAssertNotGrep "$MESSAGE" listen.log
fi
rlRun "kill -9 $LISTEN_PID $SSH_PID" 0,1 "Killing cleanup"
rlWaitForSocket $LISTEN -t $TIMEOUT --close
rlWaitForSocket $FORWARDED -t $TIMEOUT --close
if ! rlGetPhaseState; then
rlRun "cat listen.log"
rlRun "cat tunnel.log"
fi
rlFileSubmit listen.log tunnel.log
rlRun "rm -f *.log;"
}
rlPhaseStartTest "Local forwarding"
forwarding_test "success" $FORWARDED localhost $LISTEN
((FORWARDED+=1))
((LISTEN+=1))
rlPhaseEnd
rlPhaseStartTest "PermitOpen with 'any'"
rlFileBackup --namespace permitopen_any /etc/ssh/sshd_config /etc/hosts
rlRun "echo 'PermitOpen any' >>/etc/ssh/sshd_config"
rlRun "echo '$IP anyhost1 anyhost2' >>/etc/hosts"
rlRun "service sshd restart"
for i in `seq 3`; do
forwarding_test "success" $FORWARDED anyhost1 $LISTEN
forwarding_test "success" $FORWARDED anyhost2 $LISTEN
((FORWARDED+=1))
((LISTEN+=1))
done
rlFileRestore --namespace permitopen_any
rlPhaseEnd
if ! rlIsRHEL '<6.7'; then
# PermitOpen with wildcards is new feature in RHEL-6.7
rlPhaseStartTest "PermitOpen with port wildcard"
rlFileBackup --namespace port_wildcard /etc/ssh/sshd_config /etc/hosts
rlRun "echo 'PermitOpen wildportallow:*' >>/etc/ssh/sshd_config"
rlRun "echo '$IP wildportallow wildportdeny' >>/etc/hosts"
rlRun "service sshd restart"
forwarding_test "success" $FORWARDED wildportallow $LISTEN
((FORWARDED+=1))
((LISTEN+=1))
forwarding_test "failure" $FORWARDED wildportdeny $LISTEN
((FORWARDED+=1))
((LISTEN+=1))
rlFileRestore --namespace port_wildcard
rlRun "service sshd restart"
rlPhaseEnd
fi
if ! rlIsRHEL '<7.3'; then
rlPhaseStartTest "PermitOpen with host wildcard and specific port"
rlFileBackup --namespace host_wildcard /etc/ssh/sshd_config /etc/hosts
rlRun "echo 'PermitOpen *:$LISTEN' >>/etc/ssh/sshd_config"
rlRun "echo '$IP wildhost1 wildhost2' >>/etc/hosts"
rlRun "service sshd restart"
forwarding_test "success" $FORWARDED wildhost1 $LISTEN
((FORWARDED+=1))
forwarding_test "success" $FORWARDED wildhost2 $LISTEN
((FORWARDED+=1))
((LISTEN+=1)) # different listen port, should fail
forwarding_test "failure" $FORWARDED wildhost2 $LISTEN
rlFileRestore --namespace host_wildcard
rlPhaseEnd
fi
rlPhaseStartCleanup
rlRun "userdel -rf $USER"
rlRun "popd"
rlFileRestore
rlServiceRestore sshd
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

31
tests/tests.yml
View File

@ -1,31 +0,0 @@
---
# Tests for docker container
- hosts: localhost
tags:
- container
# no compatible tests
# Tests for classic environment and Atomic Host
- hosts: localhost
tags:
- all
- classic
- atomic
roles:
- role: standard-test-beakerlib
tests:
- port-forwarding
- pam_ssh_agent_auth
required_packages:
- iproute # needs ip command
- procps-ng # needs ps and pgrep commands
- initscripts # needs service command
- openssh-clients # needs ssh command
- findutils # needs find command
- net-tools # needs netstat command
- libselinux-utils # needs selinuxenabled command
- nmap-ncat # needs nc command
- pam_ssh_agent_auth
- gcc # needs to test pam_ssh_agent_auth
- pam-devel # needs to test pam_ssh_agent_auth
- expect # needs to test pam_ssh_agent_auth