1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
#!/bin/sh
# PCP QA Test No. 823
# Exercise basic SASL functionality using a custom sasldb.
#
# Copyright (c) 2013,2017 Red Hat.
#
# NOTE
# This test is likely to fail unless hostname(1) returns
# some sort of FQDN. For example, when hostname was vm23 it
# failed, but when hostname was set (via /etc/hostname in
# this case) to vm23.localdomain the test passes.
seq=`basename $0`
echo "QA output created by $seq"
. ./common.secure
_get_libpcp_config
$authentication || _notrun "No authentication support available"
sasl_notrun_checks saslpasswd2 sasldblistusers2
$pluginviewer -a | grep 'Plugin "sasldb"' >/dev/null
test $? -eq 0 || _notrun "SASL sasldb auxprop plugin unavailable"
$pluginviewer -c | grep 'Plugin "plain"' >/dev/null 2>&1
test $? -eq 0 || _notrun 'No client support for plain authentication'
$pluginviewer -s | grep 'Plugin "plain"' >/dev/null 2>&1
test $? -eq 0 || _notrun 'No server support for plain authentication'
_cleanup()
{
# restore any modified pmcd configuration files
_restore_config $PCP_SASLCONF_DIR/pmcd.conf
_service pmcd restart 2>&1 | _filter_pcp_restart
_wait_for_pmcd
_service pmlogger restart 2>&1 | _filter_pcp_restart
_wait_for_pmlogger
$sudo rm -rf $tmp.*
}
status=1 # failure is the default!
hostname=`hostname`
trap "_cleanup; exit \$status" 0 1 2 3 15
_filter_listusers2()
{
sed \
-e "s/^$username/USER/" \
-e "s/@$hostname:/@HOST:/"
}
# real QA test starts here
_save_config $PCP_SASLCONF_DIR/pmcd.conf
echo 'mech_list: plain' >$tmp.sasl
echo "sasldb_path: $tmp.passwd.db" >>$tmp.sasl
$sudo cp $tmp.sasl $PCP_SASLCONF_DIR/pmcd.conf
$sudo chown $PCP_USER:$PCP_GROUP $PCP_SASLCONF_DIR/pmcd.conf
ls -l $PCP_SASLCONF_DIR/pmcd.conf >>$seq_full
$sudo -u $PCP_USER cat $PCP_SASLCONF_DIR/pmcd.conf >>$seq_full
echo "Creating temporary sasldb, add user running QA to it" | tee -a $seq_full
echo y | saslpasswd2 -p -a pmcd -f $tmp.passwd.db $username
echo "Verify saslpasswd2 has successfully added a new user" | tee -a $seq_full
sasldblistusers2 -f $tmp.passwd.db \
| tee -a $seq_full \
| _filter_listusers2
echo "Ensure pmcd can read the password file" | tee -a $seq_full
$sudo chown $PCP_USER:$PCP_GROUP $tmp.passwd.db
ls -l $tmp.passwd.db >>$seq_full
$sudo -u $PCP_USER od -c $tmp.passwd.db >>$seq_full
echo "Start pmcd with this shiny new sasldb"
if ! _service pmcd restart 2>&1; then _exit 1; fi \
| tee -a $seq_full | _filter_pcp_restart
_wait_for_pmcd || _exit 1
if ! _service pmlogger restart 2>&1; then _exit 1; fi \
| tee -a $seq_full | _filter_pcp_restart
_wait_for_pmlogger || _exit 1
echo "Enabling sample PMDA tracing" | tee -a $seq_full
echo "username=$username" >>$seq_full
pmstore sample.control "auth"
echo "Verifying SASL authentication for new client (FAIL)" | tee -a $seq_full
pmprobe -v -h "pcp://localhost?username=${username}&password=n" sample.control 2>&1\
| tee -a $tmp.out
grep -q 'user not found' $tmp.out && _notrun "sasldb user-not-found libsasl bug"
cat $PCP_LOG_DIR/pmcd/sample.log >>$seq_full
filter_sample_log_credentials
echo "pmcd.log (from expected FAIL)" >>$seq_full | tee -a $seq_full
cat $PCP_LOG_DIR/pmcd/pmcd.log >>$seq_full
echo "Verifying SASL authentication for new client (PASS)" | tee -a $seq_full
pmprobe -v -h "pcp://localhost?username=${username}&password=y" sample.control
cat $PCP_LOG_DIR/pmcd/sample.log >>$seq_full
filter_sample_log_credentials
echo "pmcd.log (from expected PASS)" >>$seq_full
cat $PCP_LOG_DIR/pmcd/pmcd.log >>$seq_full
# success, all done
status=0
exit
|
