1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
#!/bin/sh
set -e
# set a root password so that we can later replace sudo with sudo-ldap
# see #1001858
passwd=$(getent shadow root|cut -f2 -d:)
passwd1=$(echo "$passwd" |cut -c1)
# Note: we do need the 'xfoo' syntax here, since POSIX special-cases
# the $passwd value '!' as negation.
if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then
echo "root:rootpassword" | chpasswd
fi
TESTNR="01"
BASEDIR="$(pwd)/debian/tests"
COMMONDIR="${BASEDIR}/common"
DIR="${BASEDIR}/${TESTNR}"
PATH="/bin:/usr/bin:/sbin:/usr/sbin"
ACCTA="test${TESTNR}a"
ACCTB="test${TESTNR}b"
PASSWD="test${TESTNR}23456"
HOMEDIRA="/home/${ACCTA}"
HOMEDIRB="/home/${ACCTB}"
LDIFDIR="${DIR}/ldif"
trap '
deluser --remove-home "${ACCTA}" 2>/dev/null || true
deluser --remove-home "${ACCTB}" 2>/dev/null || true
' 0 INT QUIT ABRT PIPE TERM
printf > /etc/hosts "127.0.1.1 %s\n" "$(hostname)"
cat /etc/hosts
printf "========= test %s\.1: account group member, correct password\n" "${TESTNR}"
deluser ${ACCTA} 2>/dev/null || true
adduser --disabled-password --home "${HOMEDIRA}" --gecos "" "${ACCTA}"
printf "%s:%s\n" "${ACCTA}" "${PASSWD}" | chpasswd
adduser "${ACCTA}" sudo
RET=0
printf "trying %s with correct password\n" "${ACCTA}"
su - "${ACCTA}" -c "${COMMONDIR}/asuser ${PASSWD}" || RET=$?
printf "%s with correct password, return value %s\n" "${ACCTA}" "${RET}"
if [ "$(cat ${HOMEDIRA}/stdout)" != "0" ]; then
echo >&2 id -u did not give 0
printf >&2 "stdout:\n"
cat >&2 ${HOMEDIRA}/stdout
printf >&2 "stderr:\n"
cat >&2 ${HOMEDIRA}/stderr
printf >&2 "exit code %s\n" "${RET}"
printf >&2 "exit 1\n" "${RET}"
exit 1
fi
printf "========= test %s\.2: account group member, wrong password\n" "${TESTNR}"
rm -f "${HOMEDIRA}/std*"
RET=0
printf "trying %s with wrong password\n" "${ACCTA}"
su - "${ACCTA}" -c "${COMMONDIR}/asuser wrongpasswd" || RET=$?
printf "%s with wrong password, return value %s\n" "${ACCTA}" "${RET}"
head -n-0 ${HOMEDIRA}/stdout ${HOMEDIRA}/stderr
printf -- "\n-------\n"
for string in "[sudo] password for ${ACCTA}" "Sorry, try again" "sudo: no password was provided" "sudo: 1 incorrect password attempt"; do
if ! grep -F "${string}" ${HOMEDIRA}/stderr; then
printf "%s missing in stderr output\n" "${string}"
printf >&2 "stdout:\n"
cat >&2 ${HOMEDIRA}/stdout
printf >&2 "stderr:\n"
cat >&2 ${HOMEDIRA}/stderr
printf >&2 "\nexit code %s\n" "${RET}"
printf >&2 -- "------\n exit 1\n"
exit 1
fi
done
printf "========= test %s\.3: account not group member, correct password\n" "${TESTNR}"
deluser ${ACCTB} 2>/dev/null || true
adduser --disabled-password --home "${HOMEDIRB}" --gecos "" "${ACCTB}"
printf "%s:%s\n" "${ACCTB}" "${PASSWD}" | chpasswd
RET=0
printf "trying %s (no sudo membership) with correct password\n" "${ACCTB}"
su - "${ACCTB}" -c "${COMMONDIR}/asuser ${PASSWD}" || RET=$?
printf "%s with correct password, return value %s\n" "${ACCTB}" "${RET}"
head -n-0 ${HOMEDIRB}/stdout ${HOMEDIRA}/stderr
printf -- "\n-------\n"
for string in "[sudo] password for ${ACCTB}" "${ACCTB} is not in the sudoers file"; do
if ! grep -F "${string}" ${HOMEDIRB}/stderr; then
printf "%s missing in stderr output\n" "${string}"
printf >&2 "stdout:\n"
cat >&2 ${HOMEDIRB}/stdout
printf >&2 "stderr:\n"
cat >&2 ${HOMEDIRB}/stderr
printf >&2 "\nexit code %s\n" "${RET}"
printf >&2 -- "------\n exit 1\n"
exit 1
fi
done
printf "test series sucessful, exit 0\n"
exit 0
|
