emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Add tests from the old svn tree

Browse Source 
We're losing the svn history (which we could probably keep if we tried
hard enough) but don't consider that worthwhile.

Note these tests are destructive, so run them only in a throwaway
environment like a chroot, container, or vm.

The tests/run.all script should be the one which launches all the tests.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Serge Hallyn
2014-09-17 14:42:55 -05:00
parent 2cb54158b8
commit b999d48941
8970 changed files with 336314 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/grouptools/groupmems/57_groupmems_authentication/config.txt Normal file
View File

@@ -0,0 +1 @@
user myuser, in group groups

45
tests/grouptools/groupmems/57_groupmems_authentication/config/etc/group Normal file
View File

@@ -0,0 +1,45 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
groupmems:x:99:myuser
utest1:x:1000:
myuser:x:424242:utest1,bin,daemon
gtest1:x:424242:utest1,bin,utmp

45
tests/grouptools/groupmems/57_groupmems_authentication/config/etc/gshadow Normal file
View File

@@ -0,0 +1,45 @@
root:*::
daemon:*::
bin:*::
sys:*::
adm:*::
tty:*::
disk:*::
lp:*::
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*::
voice:*::
cdrom:*::
floppy:*::
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
groupmems:*::myuser
utest1:*::
myuser:x::utest1,bin,daemon
gtest1:*::

25
tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-account Normal file
View File

@@ -0,0 +1,25 @@
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
#
# here are the per-package modules (the "Primary" block)
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
# here's the fallback if no module succeeds
account requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
account required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

25
tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-auth Normal file
View File

@@ -0,0 +1,25 @@
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
auth [success=1 default=ignore] pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

8
tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/groupmems Normal file
View File

@@ -0,0 +1,8 @@
# The PAM configuration file for the Shadow 'groupmod' service
#
# This allows root to modify groups without being prompted for a password
auth sufficient pam_rootok.so
@include common-auth
@include common-account

21
tests/grouptools/groupmems/57_groupmems_authentication/config/etc/passwd Normal file
View File

@@ -0,0 +1,21 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
utest1:x:1000:1000::/tmp:/bin/sh
myuser:x:424242:424242::/home:/bin/bash

21
tests/grouptools/groupmems/57_groupmems_authentication/config/etc/shadow Normal file
View File

@@ -0,0 +1,21 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
utest1:!:12977:0:99999:7:::
myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::

45
tests/grouptools/groupmems/57_groupmems_authentication/data/group Normal file
View File

@@ -0,0 +1,45 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
groupmems:x:99:myuser
utest1:x:1000:
myuser:x:424242:utest1,bin,daemon,nobody
gtest1:x:424242:utest1,bin,utmp

45
tests/grouptools/groupmems/57_groupmems_authentication/data/gshadow Normal file
View File

@@ -0,0 +1,45 @@
root:*::
daemon:*::
bin:*::
sys:*::
adm:*::
tty:*::
disk:*::
lp:*::
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*::
voice:*::
cdrom:*::
floppy:*::
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
groupmems:*::myuser
utest1:*::
myuser:x::utest1,bin,daemon,nobody
gtest1:*::

39
tests/grouptools/groupmems/57_groupmems_authentication/groupmems.test Executable file
View File

@@ -0,0 +1,39 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "groupmems (called by a regular user) authenticate the caller"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "myuser will call groupmems..."
./run_groupmems.exp
echo "OK"
echo -n "Check the passwd file..."
../../../common/compare_file.pl config/etc/passwd /etc/passwd
echo "OK"
echo -n "Check the group file..."
../../../common/compare_file.pl data/group /etc/group
echo "OK"
echo -n "Check the shadow file..."
../../../common/compare_file.pl config/etc/shadow /etc/shadow
echo "OK"
echo -n "Check the gshadow file..."
../../../common/compare_file.pl data/gshadow /etc/gshadow
echo "OK"
log_status "$0" "SUCCESS"
restore_config
trap '' 0

43
tests/grouptools/groupmems/57_groupmems_authentication/run_groupmems.exp Executable file
View File

@@ -0,0 +1,43 @@
#!/usr/bin/expect
set timeout 2
expect_after default {puts "\nFAIL"; exit 1}
if {$argc != 0} {
puts "usage: run_groupmems.exp"
exit 1
}
# First, switch to the testsuite user
# (otherwise, no password will be asked)
send_user "# switch to the 'myuser' user\n"
send_user "# and expect a '$ ' prompt\n"
spawn /bin/su myuser
expect "$ " ;# Wait for the prompt
send_user "\n# make sure we are now 'myuser'"
send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
send "\r" ;# restore the prompt for the logs
send "id\r" ;# Verify we are really testsuite
expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
expect "$ " ;# Wait for the prompt
send_user "\n\n"
send_user "# now add user utest1 to the myuser group\n"
send_user "# and expect a password prompt"
send "\r" ;# restore the prompt for the logs
send "/usr/sbin/groupmems -a nobody\r"
expect "Password: "
send "myuserF00barbaz\r"
expect "$ " ;# Wait for the prompt
send "echo $?\r"
expect "0\r"
expect "$ " ;# Wait for the prompt
close
puts "\nPASS"
exit 0