| |
@@ -0,0 +1,174 @@
|
| |
+ #!/bin/bash
|
| |
+ # vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
| |
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| |
+ #
|
| |
+ # runtest.sh of /CoreOS/pam/Sanity/pam_unix
|
| |
+ # Description: Test for module pam_unix
|
| |
+ # Author: David Spurek <dspurek@redhat.com>
|
| |
+ #
|
| |
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| |
+ #
|
| |
+ # Copyright (c) 2012 Red Hat, Inc. All rights reserved.
|
| |
+ #
|
| |
+ # This copyrighted material is made available to anyone wishing
|
| |
+ # to use, modify, copy, or redistribute it subject to the terms
|
| |
+ # and conditions of the GNU General Public License version 2.
|
| |
+ #
|
| |
+ # This program is distributed in the hope that it will be
|
| |
+ # useful, but WITHOUT ANY WARRANTY; without even the implied
|
| |
+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
| |
+ # PURPOSE. See the GNU General Public License for more details.
|
| |
+ #
|
| |
+ # You should have received a copy of the GNU General Public
|
| |
+ # License along with this program; if not, write to the Free
|
| |
+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
| |
+ # Boston, MA 02110-1301, USA.
|
| |
+ #
|
| |
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| |
+
|
| |
+ # Include Beaker environment
|
| |
+ . /usr/bin/rhts-environment.sh
|
| |
+ . /usr/share/beakerlib/beakerlib.sh
|
| |
+
|
| |
+ PACKAGE="pam"
|
| |
+
|
| |
+ PACKAGES=( "pam" "expect" )
|
| |
+
|
| |
+ _PASSWORD1="jf@#Faffo"
|
| |
+ _PASSWORD2="0m4nchU!!F"
|
| |
+
|
| |
+ function do_passwd {
|
| |
+ expect <<EOF
|
| |
+ set timeout 5
|
| |
+ spawn -noecho su $1 -c passwd
|
| |
+ expect {
|
| |
+ timeout {puts timeout; exit 1}
|
| |
+ eof {exit 2}
|
| |
+ -nocase "(current)*password" { puts "$2"; send -- "$2\r"}
|
| |
+ }
|
| |
+ expect {
|
| |
+ timeout {puts timeout; exit 1}
|
| |
+ eof {exit 3}
|
| |
+ -nocase "new*password" { puts "$3"; send -- "$3\r"}
|
| |
+ }
|
| |
+ expect {
|
| |
+ timeout {puts timeout; exit 1}
|
| |
+ eof {exit 4}
|
| |
+ -nocase "has been already used" { puts "exit 6" ; exit 6}
|
| |
+ -nocase "retype*password" { puts "$3"; send -- "$3\r"}
|
| |
+ }
|
| |
+ expect {
|
| |
+ timeout {exit 5}
|
| |
+ -nocase "has been already used" { puts "exit 6" ; exit 6}
|
| |
+ eof
|
| |
+ }
|
| |
+ puts "end"
|
| |
+ EOF
|
| |
+ }
|
| |
+
|
| |
+
|
| |
+ rlJournalStart && {
|
| |
+ rlPhaseStartSetup && {
|
| |
+ tcfTry "Setup phase" && {
|
| |
+ tcfRun "rlCheckMakefileRequires"
|
| |
+ rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
| |
+ CleanupRegister "rlRun 'rm -r $TmpDir' 0 'Removing tmp directory'"
|
| |
+ CleanupRegister 'rlRun "popd"'
|
| |
+ rlRun "pushd $TmpDir"
|
| |
+ CleanupRegister 'rlRun "pamCleanup"'
|
| |
+ rlRun "pamSetup"
|
| |
+ CleanupRegister 'rlRun "rlFileRestore"'
|
| |
+ rlFileBackup "/etc/security/opasswd" && >/etc/security/opasswd
|
| |
+ tcfFin; }
|
| |
+ rlPhaseEnd; }
|
| |
+
|
| |
+ tcfTry "Tests" --no-assert && {
|
| |
+ tcfChk && {
|
| |
+ rlPhaseStartTest "test option remember" && {
|
| |
+ tcfChk "setup" && {
|
| |
+ CleanupRegister --mark 'rlRun "testUserCleanup"'
|
| |
+ rlRun "testUserSetup 2"
|
| |
+ PWA=( ':3533tjh^397*:~21081^*p@w!~18374_0' ':4273tjh^397*:~3709^*p@w!~19467_1' ':31388tjh^397*:~32486^*p@w!~12258_2' ':10233tjh^397*:~620^*p@w!~19779_3' ':26151tjh^397*:~8077^*p@w!~29968_4' ':26593tjh^397*:~4665^*p@w!~16428_5' ':23163tjh^397*:~16784^*p@w!~4822_6' ':4065tjh^397*:~14355^*p@w!~4119_7' ':16312tjh^397*:~30577^*p@w!~26223_8' )
|
| |
+ rlRun "echo ${PWA[0]} | passwd --stdin ${testUser[1]}"
|
| |
+ CleanupRegister 'rlRun "pamRestoreFiles"'
|
| |
+ rlRun "pamBackupFiles"
|
| |
+ #rlRun "sed -i -e 's/^password\s\+sufficient\s\+pam_unix.so/\0 remember=5/' $sys_auth"
|
| |
+ rlRun "pamReplaceServiceModuleRule su password pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) remember=5'"
|
| |
+ #rlRun "cat $sys_auth"
|
| |
+ rlRun "pamGetServiceRules --prefix su password"
|
| |
+ tcfFin; }
|
| |
+
|
| |
+ tcfTry "test remember option" && {
|
| |
+ NEWPW=${PWA[0]}
|
| |
+ for i in `seq 6`; do
|
| |
+ rlLog "change passwrd #$i"
|
| |
+ OLDPW=$NEWPW; NEWPW=${PWA[$i]}
|
| |
+ rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0
|
| |
+ done
|
| |
+
|
| |
+ rlLog "change passwrd #$i"
|
| |
+ rlLog "Try change to password that have been alredy used (should fail)"
|
| |
+ OLDPW=$NEWPW;
|
| |
+ rlRun "do_passwd ${testUser[1]} ${OLDPW} ${PWA[1]}" 6
|
| |
+
|
| |
+ for i in 7 8 1; do
|
| |
+ rlLog "change passwrd #$i"
|
| |
+ OLDPW=$NEWPW; NEWPW=${PWA[$i]}
|
| |
+ rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0
|
| |
+ done
|
| |
+ tcfFin; }
|
| |
+
|
| |
+ tcfTry "test vhange the password to a previous password of test1" && {
|
| |
+ # change the password to a previous password of test1, the password change should be allowed.
|
| |
+ rlLog "Change the password to a previous password of test1, the password change should be allowed"
|
| |
+ echo ${PWA[0]} | passwd --stdin $testUser
|
| |
+ rlRun "do_passwd $testUser ${PWA[0]} ${PWA[5]}" 0
|
| |
+ tcfFin; }
|
| |
+
|
| |
+ tcfChk "cleanup" && {
|
| |
+ CleanupDo --mark
|
| |
+ tcfFin; }
|
| |
+ rlPhaseEnd; }; :
|
| |
+ tcfFin; }
|
| |
+
|
| |
+ # Run the test for >=RHEL-6.9 and >=RHEL-7.3 and <>RHEL(Fedora)
|
| |
+ ! rlIsRHEL '<6.9' && { ! rlIsRHEL '<7.3' || rlIsRHEL 6; } && tcfChk && {
|
| |
+ rlPhaseStartTest "test option no_pass_expiry" && {
|
| |
+ tcfChk "setup" && {
|
| |
+ CleanupRegister --mark 'rlRun "testUserCleanup"'
|
| |
+ rlRun "testUserSetup"
|
| |
+ CleanupRegister 'rlRun "sshCleanup"'
|
| |
+ rlRun "sshSetup"
|
| |
+ rlRun "sshKeyGen"
|
| |
+ rlRun "sshCopyID --user $testUser --password $testUserPasswd"
|
| |
+ CleanupRegister 'rlRun "sshdRestore"'
|
| |
+ rlRun "sshdStart"
|
| |
+ CleanupRegister 'rlRun "pamRestoreFiles"'
|
| |
+ rlRun "pamBackupFiles"
|
| |
+ rlRun "pamGetServiceRules --prefix su account"
|
| |
+ tcfFin; }
|
| |
+
|
| |
+ tcfTry "test" && {
|
| |
+ rlRun "sshRun --user $testUser --key 'id'"
|
| |
+ rlRun "chage -d 0 $testUser"
|
| |
+ rlRun "sshRun --user $testUser --key 'id'" 1-255
|
| |
+ rlRun "pamReplaceServiceModuleRule sshd account pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) no_pass_expiry'"
|
| |
+ rlRun "pamGetServiceRules --prefix sshd account"
|
| |
+ rlRun "sshRun --user $testUser --key 'id'"
|
| |
+ tcfFin; }
|
| |
+
|
| |
+ tcfChk "cleanup" && {
|
| |
+ CleanupDo --mark
|
| |
+ tcfFin; }
|
| |
+ rlPhaseEnd; }; :
|
| |
+ tcfFin; }; :
|
| |
+ tcfFin; }
|
| |
+
|
| |
+ rlPhaseStartCleanup && {
|
| |
+ tcfChk "Cleanup phase" && {
|
| |
+ CleanupDo
|
| |
+ tcfFin; }
|
| |
+ tcfCheckFinal
|
| |
+ rlPhaseEnd; }
|
| |
+ rlJournalPrintText
|
| |
+ rlJournalEnd; }
|
| |