1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
#!/bin/sh
# PCP QA Test No. 832
# Exercise enforced-authentication modes for pmcd.
#
# Copyright (c) 2013,2017 Red Hat.
#
seq=`basename $0`
echo "QA output created by $seq"
. ./common.secure
_get_libpcp_config
$unix_domain_sockets || _notrun "No unix domain socket support available"
$authentication || _notrun "No authentication support available"
sasl_notrun_checks
$pluginviewer -c | grep 'Plugin "plain"' >/dev/null 2>&1
test $? -eq 0 || _notrun 'No client support for plain authentication'
$pluginviewer -s | grep 'Plugin "plain"' >/dev/null 2>&1
test $? -eq 0 || _notrun 'No server support for plain authentication'
PCP_CONSOLE=none; export PCP_CONSOLE
_cleanup()
{
# restore any modified pmcd configuration files
_restore_config $PCP_PMCDOPTIONS_PATH
_restore_config $PCP_SASLCONF_DIR/pmcd.conf
_service pmcd restart 2>&1 | _filter_pcp_restart
_wait_for_pmcd
_restore_auto_restart pmcd
_service pmlogger restart 2>&1 | _filter_pcp_restart
_wait_for_pmlogger
rm -rf $tmp.*
}
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_stop_auto_restart pmcd
# Handle spurious lines from deep inside SASL code ...
# [Mon Mar 2 17:58:40] pmcd_wait(16622) Alert: Parameter Error in ../plugins/plugin_common.c near line 357
#
# And this from libpcp (via pmcd_wait) ...
# Starting pmcd ... [Thu Aug 4 16:59:02] pmcd_wait(14208) Error: __pmCloseChannelbyFd: fd=3 expected PDU_ATTR received: Timeout waiting for a response from PMCD
#
_filter()
{
sed \
-e 's/\[[^]]*] .* Alert: Parameter Error .* line [0-9][0-9]*//' \
-e '/ pmcd_wait([0-9][0-9]*) Error: __pmCloseChannelbyFd/s/\[.*//' \
-e 's/\[[A-Z][a-z][a-z] [A-Z][a-z][a-z] *[0-9][0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9]]/[DATE]/' \
-e '/^[ ]*$/d' \
# end
}
# real QA test starts here
_save_config $PCP_SASLCONF_DIR/pmcd.conf
echo 'mech_list: plain' > $tmp.sasl
$sudo cp $tmp.sasl $PCP_SASLCONF_DIR/pmcd.conf
_save_config $PCP_PMCDOPTIONS_PATH
cat <<End-Of-File >$tmp.options
# Dummy lines added by PCP QA test $seq
#
-S
End-Of-File
$sudo cp $tmp.options $PCP_PMCDOPTIONS_PATH
echo "Start pmcd with modified \$PCP_PMCDOPTIONS_PATH (pmcd.options)" | tee -a $seq_full
cat $PCP_PMCDOPTIONS_PATH >>$seq_full
if ! _service pmcd stop 2>&1; then _exit 1; fi | tee -a $seq_full >$tmp.out
# Note: need to use $PCP_RC_DIR/pmcd here, not _service pmcd so that
# systemd (if it is available) does not set pmcd.service into failed
# state when pmcd_wait -h local: fails with one of the SASL errors
# above (seen on vm31)
#
$sudo $PCP_RC_DIR/pmcd start 2>&1 | tee -a $seq_full >$tmp.out
if [ -f $PCP_LOG_DIR/pmcd/pmcd.log ]
then
echo "--- pmcd.log after start ---" >>$seq_full
cat $PCP_LOG_DIR/pmcd/pmcd.log >>$seq_full
else
echo "No pmcd.log?" >>$seq_full
$PCP_PS_PROG $PCP_PS_ALL_FLAGS | grep -E '[P]PID|/[p]mcd( |$)' >>$seq_full
fi
if ! _wait_for_pmcd 10 unix: 2>&1; then _exit 1; fi | tee -a $seq_full | _filter
grep -i 'starting pmcd' $tmp.out \
| _filter \
| sed -e "s/$$/MYPID/" \
| _filter_pcp_start
# should now be running in enforced-credentials mode, check it out.
# unix domain access should always succeed - no matter how binaries
# were configured/built
echo "testing secure mode access via unix domain socket (PASS)"
pmstore -h unix: sample.write_me 1 # store PDU
pmprobe -h unix: -v sample.write_me # fetch PDU
pminfo -th unix: sample.write_me # text PDU
pminfo -dh unix: sample.write_me # desc PDU
echo
echo "testing secure mode access attempt via inet socket (FAIL)"
pmstore -h localhost sample.write_me 2 2>&1 | _filter
pmprobe -h localhost -v sample.write_me 2>&1 | _filter
pminfo -th localhost sample.write_me 2>&1 | _filter
pminfo -dh localhost sample.write_me 2>&1 | _filter
echo
# success, all done
status=0
exit
|
