|
Packit |
6bd9ab |
#!/usr/bin/expect --
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# test_pamcmds.expect - test script to check output of PAM commands
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# Copyright (C) 2011, 2012, 2013 Arthur de Jong
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# This library is free software; you can redistribute it and/or
|
|
Packit |
6bd9ab |
# modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
# License as published by the Free Software Foundation; either
|
|
Packit |
6bd9ab |
# version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# This library is distributed in the hope that it will be useful,
|
|
Packit |
6bd9ab |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6bd9ab |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6bd9ab |
# Lesser General Public License for more details.
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
# License along with this library; if not, write to the Free Software
|
|
Packit |
6bd9ab |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
6bd9ab |
# 02110-1301 USA
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# basic configuration
|
|
Packit |
6bd9ab |
set timeout 5
|
|
Packit |
6bd9ab |
log_file -a -noappend test_pamcmds.log
|
|
Packit |
6bd9ab |
log_user 0
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# basic error handling
|
|
Packit |
6bd9ab |
proc abort {} {
|
|
Packit |
6bd9ab |
global expect_out
|
|
Packit |
6bd9ab |
send_user "\n\ntest_pamcmds.expect: ERROR found:\n"
|
|
Packit |
6bd9ab |
send_user "$expect_out(buffer)\n"
|
|
Packit |
6bd9ab |
exit 1
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# function for resetting the password
|
|
Packit |
6bd9ab |
proc reset_password {} {
|
|
Packit |
6bd9ab |
global expect_out
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: resetting passwd...\n"
|
|
Packit |
6bd9ab |
spawn passwd vsefcovic
|
|
Packit |
6bd9ab |
expect {
|
|
Packit |
6bd9ab |
"LDAP administrator password" { send "test\r"; exp_continue }
|
|
Packit |
6bd9ab |
-regexp "(New|Retype new)( UNIX)? password:" { send "test\r"; exp_continue }
|
|
Packit |
6bd9ab |
"password updated successfully" {}
|
|
Packit |
6bd9ab |
"passwd: all authentication tokens updated successfully." {}
|
|
Packit |
6bd9ab |
"Invalid credentials" abort
|
|
Packit |
6bd9ab |
"Authentication token manipulation error" abort
|
|
Packit |
6bd9ab |
"passwd: Sorry, `passwd' can only change passwords for local or NIS users." {
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: passwd not using PAM\n"
|
|
Packit |
6bd9ab |
exit 77
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
default abort
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#close
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# find source directory
|
|
Packit |
6bd9ab |
if { ! [info exists ::env(srcdir) ] } {
|
|
Packit |
6bd9ab |
set env(srcdir) "."
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
# ensure that we are running as root
|
|
Packit |
6bd9ab |
if { [exec id -u] != "0" } {
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: not running as root\n"
|
|
Packit |
6bd9ab |
exit 77
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
# ensure that we are running in the test environment
|
|
Packit |
6bd9ab |
spawn $env(srcdir)/testenv.sh check
|
|
Packit |
6bd9ab |
expect eof
|
|
Packit |
6bd9ab |
catch wait result
|
|
Packit |
6bd9ab |
if { [lindex $result 3] } {
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: not running in test environment\n"
|
|
Packit |
6bd9ab |
exit 77
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# ensure that a correct password is set
|
|
Packit |
6bd9ab |
reset_password
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# start a shell as nobody
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: start shell...\n"
|
|
Packit |
6bd9ab |
spawn su - nobody -s /bin/sh
|
|
Packit |
6bd9ab |
expect "\$ "
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# function to do login, expecting OK result
|
|
Packit |
6bd9ab |
proc test_login_ok {uid passwd} {
|
|
Packit |
6bd9ab |
send "su - $uid -s /bin/sh\r"
|
|
Packit |
6bd9ab |
expect "Password:"
|
|
Packit |
6bd9ab |
send "$passwd\r"
|
|
Packit |
6bd9ab |
expect {
|
|
Packit |
6bd9ab |
"su: warning: cannot change directory" { exp_continue }
|
|
Packit |
6bd9ab |
"\$ " {}
|
|
Packit |
6bd9ab |
"su: incorrect password" abort
|
|
Packit |
6bd9ab |
default abort
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
# test whether we are really logged in
|
|
Packit |
6bd9ab |
send "id\r"
|
|
Packit |
6bd9ab |
expect {
|
|
Packit |
6bd9ab |
-regexp "uid=\[0-9\]*\\($uid\\)" {}
|
|
Packit |
6bd9ab |
"\$ " abort
|
|
Packit |
6bd9ab |
default abort
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
expect "\$ "
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# function to do login, expecting FAIL result
|
|
Packit |
6bd9ab |
proc test_login_authfail {uid passwd} {
|
|
Packit |
6bd9ab |
send "su - $uid -s /bin/sh\r"
|
|
Packit |
6bd9ab |
expect "Password:"
|
|
Packit |
6bd9ab |
send "$passwd\r"
|
|
Packit |
6bd9ab |
expect {
|
|
Packit |
6bd9ab |
"su: Authentication failure" {}
|
|
Packit |
6bd9ab |
"su: incorrect password" {}
|
|
Packit |
6bd9ab |
"\$ " abort
|
|
Packit |
6bd9ab |
default abort
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
expect "\$ "
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# function to do login, expecting FAIL result
|
|
Packit |
6bd9ab |
proc test_login_unknown {uid passwd} {
|
|
Packit |
6bd9ab |
send "su - $uid -s /bin/sh\r"
|
|
Packit |
6bd9ab |
expect {
|
|
Packit |
6bd9ab |
"Password:" { send "$passwd\r"; exp_continue }
|
|
Packit |
6bd9ab |
"Unknown id" {}
|
|
Packit |
6bd9ab |
"No passwd entry for user" {}
|
|
Packit |
6bd9ab |
"user $uid does not exist" {}
|
|
Packit |
6bd9ab |
"\$ " abort
|
|
Packit |
6bd9ab |
default abort
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
expect "\$ "
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# test incorrect password
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: testing incorrect password...\n"
|
|
Packit |
6bd9ab |
test_login_authfail vsefcovic wrongpassword
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# test correct password
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: testing correct password...\n"
|
|
Packit |
6bd9ab |
test_login_ok vsefcovic test
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# change password using incorrect old password
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: testing password change with incorrect password...\n"
|
|
Packit |
6bd9ab |
send "passwd\r"
|
|
Packit |
6bd9ab |
expect {
|
|
Packit |
6bd9ab |
-nocase "password:" { send "wrongpassword\r" }
|
|
Packit |
6bd9ab |
"\$ " abort
|
|
Packit |
6bd9ab |
default abort
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
expect {
|
|
Packit |
6bd9ab |
-regexp "(New|Retype new)( UNIX)? password:" { send "DuhevOlNoz5\r"; exp_continue }
|
|
Packit |
6bd9ab |
"password changed" abort
|
|
Packit |
6bd9ab |
"all authentication tokens updated successfully." abort
|
|
Packit |
6bd9ab |
"Invalid credentials" {}
|
|
Packit |
6bd9ab |
"Authentication token manipulation error" {}
|
|
Packit |
6bd9ab |
"\$ " abort
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
expect "\$ "
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# change the password using the correct old password
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: testing password change with correct password...\n"
|
|
Packit |
6bd9ab |
send "passwd\r"
|
|
Packit |
6bd9ab |
expect {
|
|
Packit |
6bd9ab |
-nocase "password:" { send "test\r" }
|
|
Packit |
6bd9ab |
"\$ " abort
|
|
Packit |
6bd9ab |
default abort
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
expect {
|
|
Packit |
6bd9ab |
-regexp "(New|Retype new)( UNIX)? password:" { send "DuhevOlNoz5\r"; exp_continue }
|
|
Packit |
6bd9ab |
"password updated successfully" {}
|
|
Packit |
6bd9ab |
"all authentication tokens updated successfully." {}
|
|
Packit |
6bd9ab |
"Invalid credentials" abort
|
|
Packit |
6bd9ab |
"Authentication token manipulation error" abort
|
|
Packit |
6bd9ab |
"\$ " abort
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
expect "\$ "
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# exist shell (back to nobody)
|
|
Packit |
6bd9ab |
send "exit\r"
|
|
Packit |
6bd9ab |
expect "\$ "
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# logging in with the old password should fail now
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: testing old password...\n"
|
|
Packit |
6bd9ab |
test_login_authfail vsefcovic test
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# test correct password
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: testing new password...\n"
|
|
Packit |
6bd9ab |
test_login_ok vsefcovic DuhevOlNoz5
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# test invalid username
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: testing with unknown username...\n"
|
|
Packit |
6bd9ab |
test_login_unknown foo anypassword
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# test login as root with incorrect password
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: testing with root...\n"
|
|
Packit |
6bd9ab |
test_login_authfail root anypassword
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# test login as nobody with incorrect password
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: testing with nobody...\n"
|
|
Packit |
6bd9ab |
test_login_authfail nobody anypassword
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# close the shell (first log off vsefcovic)
|
|
Packit |
6bd9ab |
send "exit\r"
|
|
Packit |
6bd9ab |
expect "\$ "
|
|
Packit |
6bd9ab |
send "exit\r"
|
|
Packit |
6bd9ab |
expect {
|
|
Packit |
6bd9ab |
eof {}
|
|
Packit |
6bd9ab |
"\$ " abort
|
|
Packit |
6bd9ab |
timeout abort
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# ensure that a correct password is set
|
|
Packit |
6bd9ab |
reset_password
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
send_user "test_pamcmds.expect: everyting OK\n"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
exit 0
|