pam/tests/pam_unix/runtest.sh

175 lines
6.0 KiB
Bash
Raw Normal View History

#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/pam/Sanity/pam_unix
# Description: Test for module pam_unix
# Author: David Spurek <dspurek@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2012 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh
. /usr/share/beakerlib/beakerlib.sh
PACKAGE="pam"
PACKAGES=( "pam" "expect" )
_PASSWORD1="jf@#Faffo"
_PASSWORD2="0m4nchU!!F"
function do_passwd {
expect <<EOF
set timeout 5
spawn -noecho su $1 -c passwd
expect {
timeout {puts timeout; exit 1}
eof {exit 2}
-nocase "(current)*password" { puts "$2"; send -- "$2\r"}
}
expect {
timeout {puts timeout; exit 1}
eof {exit 3}
-nocase "new*password" { puts "$3"; send -- "$3\r"}
}
expect {
timeout {puts timeout; exit 1}
eof {exit 4}
-nocase "has been already used" { puts "exit 6" ; exit 6}
-nocase "retype*password" { puts "$3"; send -- "$3\r"}
}
expect {
timeout {exit 5}
-nocase "has been already used" { puts "exit 6" ; exit 6}
eof
}
puts "end"
EOF
}
rlJournalStart && {
rlPhaseStartSetup && {
tcfTry "Setup phase" && {
tcfRun "rlCheckMakefileRequires"
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
CleanupRegister "rlRun 'rm -r $TmpDir' 0 'Removing tmp directory'"
CleanupRegister 'rlRun "popd"'
rlRun "pushd $TmpDir"
CleanupRegister 'rlRun "pamCleanup"'
rlRun "pamSetup"
CleanupRegister 'rlRun "rlFileRestore"'
rlFileBackup "/etc/security/opasswd" && >/etc/security/opasswd
tcfFin; }
rlPhaseEnd; }
tcfTry "Tests" --no-assert && {
tcfChk && {
rlPhaseStartTest "test option remember" && {
tcfChk "setup" && {
CleanupRegister --mark 'rlRun "testUserCleanup"'
rlRun "testUserSetup 2"
PWA=( ':3533tjh^397*:~21081^*p@w!~18374_0' ':4273tjh^397*:~3709^*p@w!~19467_1' ':31388tjh^397*:~32486^*p@w!~12258_2' ':10233tjh^397*:~620^*p@w!~19779_3' ':26151tjh^397*:~8077^*p@w!~29968_4' ':26593tjh^397*:~4665^*p@w!~16428_5' ':23163tjh^397*:~16784^*p@w!~4822_6' ':4065tjh^397*:~14355^*p@w!~4119_7' ':16312tjh^397*:~30577^*p@w!~26223_8' )
rlRun "echo ${PWA[0]} | passwd --stdin ${testUser[1]}"
CleanupRegister 'rlRun "pamRestoreFiles"'
rlRun "pamBackupFiles"
#rlRun "sed -i -e 's/^password\s\+sufficient\s\+pam_unix.so/\0 remember=5/' $sys_auth"
rlRun "pamReplaceServiceModuleRule su password pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) remember=5'"
#rlRun "cat $sys_auth"
rlRun "pamGetServiceRules --prefix su password"
tcfFin; }
tcfTry "test remember option" && {
NEWPW=${PWA[0]}
for i in `seq 6`; do
rlLog "change passwrd #$i"
OLDPW=$NEWPW; NEWPW=${PWA[$i]}
rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0
done
rlLog "change passwrd #$i"
rlLog "Try change to password that have been alredy used (should fail)"
OLDPW=$NEWPW;
rlRun "do_passwd ${testUser[1]} ${OLDPW} ${PWA[1]}" 6
for i in 7 8 1; do
rlLog "change passwrd #$i"
OLDPW=$NEWPW; NEWPW=${PWA[$i]}
rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0
done
tcfFin; }
tcfTry "test vhange the password to a previous password of test1" && {
# change the password to a previous password of test1, the password change should be allowed.
rlLog "Change the password to a previous password of test1, the password change should be allowed"
echo ${PWA[0]} | passwd --stdin $testUser
rlRun "do_passwd $testUser ${PWA[0]} ${PWA[5]}" 0
tcfFin; }
tcfChk "cleanup" && {
CleanupDo --mark
tcfFin; }
rlPhaseEnd; }; :
tcfFin; }
# Run the test for >=RHEL-6.9 and >=RHEL-7.3 and <>RHEL(Fedora)
! rlIsRHEL '<6.9' && { ! rlIsRHEL '<7.3' || rlIsRHEL 6; } && tcfChk && {
rlPhaseStartTest "test option no_pass_expiry" && {
tcfChk "setup" && {
CleanupRegister --mark 'rlRun "testUserCleanup"'
rlRun "testUserSetup"
CleanupRegister 'rlRun "sshCleanup"'
rlRun "sshSetup"
rlRun "sshKeyGen"
rlRun "sshCopyID --user $testUser --password $testUserPasswd"
CleanupRegister 'rlRun "sshdRestore"'
rlRun "sshdStart"
CleanupRegister 'rlRun "pamRestoreFiles"'
rlRun "pamBackupFiles"
rlRun "pamGetServiceRules --prefix su account"
tcfFin; }
tcfTry "test" && {
rlRun "sshRun --user $testUser --key 'id'"
rlRun "chage -d 0 $testUser"
rlRun "sshRun --user $testUser --key 'id'" 1-255
rlRun "pamReplaceServiceModuleRule sshd account pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) no_pass_expiry'"
rlRun "pamGetServiceRules --prefix sshd account"
rlRun "sshRun --user $testUser --key 'id'"
tcfFin; }
tcfChk "cleanup" && {
CleanupDo --mark
tcfFin; }
rlPhaseEnd; }; :
tcfFin; }; :
tcfFin; }
rlPhaseStartCleanup && {
tcfChk "Cleanup phase" && {
CleanupDo
tcfFin; }
tcfCheckFinal
rlPhaseEnd; }
rlJournalPrintText
rlJournalEnd; }