1 #! /bin/sh 2 3 # Copyright (c) 2012 FUJITSU LIMITED 4 # 5 # This program is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as published by 7 # the Free Software Foundation; either version 2 of the License, or 8 # (at your option) any later version. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 # the GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18 # 19 # Description: Test allowed_shells, vetoed_shells and shell_fallback 20 # in the configuration file. 21 # Author: Peng Haitao <penght (at] cn.fujitsu.com> 22 # History: 2012/02/09 - Created. 23 # 24 25 . ./sssd-lib.sh || exit 1 26 27 sssd_case1() 28 { 29 export TST_COUNT=1 30 31 tst_resm TINFO "test allowed_shells with the shell in \"/etc/shells\"." 32 33 sss_usermod -s $line_shell $username 34 getent passwd $username@LOCAL | grep "$line_shell" >/dev/null 2>&1 35 if [ $? -eq 0 ]; then 36 tst_resm TPASS "sssd: user login shell is $line_shell." 37 else 38 tst_resm TFAIL "sssd: user login shell should be $line_shell." 39 : $(( TFAILCNT += 1 )) 40 return $TFAILCNT 41 fi 42 43 return 0 44 } 45 46 sssd_case2() 47 { 48 export TST_COUNT=2 49 50 tst_resm TINFO "test not set allowed_shells" 51 52 make_config_file 53 sleep 1 54 55 restart_sssd_daemon 56 57 # When not set allowed_shells, the user shell is used even if is wrong 58 sss_usermod -s $LTPTMP/noshell $username 59 getent passwd $username@LOCAL | grep "$LTPTMP/noshell" >/dev/null 2>&1 60 if [ $? -eq 0 ]; then 61 tst_resm TPASS "sssd: user home dir is $LTPTMP/noshell." 62 else 63 tst_resm TFAIL "sssd: user home dir should be $LTPTMP/noshell." 64 : $(( TFAILCNT += 1 )) 65 return $TFAILCNT 66 fi 67 68 return 0 69 } 70 71 sssd_case3() 72 { 73 export TST_COUNT=3 74 75 tst_resm TINFO "test use shell_fallback when set allowed_shells" 76 77 # Create the configuration file specific to this test case. 78 make_config_file 79 sed -i -e "/\[nss\]/ a\allowed_shells = $LTPTMP/noshell" $CONFIG_FILE 80 sleep 1 81 82 sss_usermod -s $LTPTMP/noshell $username 83 84 restart_sssd_daemon 85 86 # When the shell is in the allowed_shells list but not in "/etc/shells" 87 # use the value of the shell_fallback parameter. 88 # shell_fallback's default value is /bin/sh. 89 getent passwd $username@LOCAL | grep "/bin/sh" >/dev/null 2>&1 90 if [ $? -eq 0 ]; then 91 tst_resm TPASS "sssd: user home dir is /bin/sh." 92 else 93 tst_resm TFAIL "sssd: user home dir should be /bin/sh." 94 : $(( TFAILCNT += 1 )) 95 return $TFAILCNT 96 fi 97 98 return 0 99 } 100 101 sssd_case4() 102 { 103 export TST_COUNT=4 104 105 tst_resm TINFO "test use shell_fallback when set allowed_shells" 106 107 # Create the configuration file specific to this test case. 108 make_config_file 109 sed -i -e "/\[nss\]/ a\allowed_shells = $LTPTMP/noshell" $CONFIG_FILE 110 sed -i -e "/\[nss\]/ a\shell_fallback = $line_shell" $CONFIG_FILE 111 sleep 1 112 113 sss_usermod -s $LTPTMP/noshell $username 114 115 restart_sssd_daemon 116 117 # When the shell is in the allowed_shells list but not in "/etc/shells" 118 # use the value of the shell_fallback parameter. 119 # shell_fallback's value is set $line_shell. 120 getent passwd $username@LOCAL | grep "$line_shell" >/dev/null 2>&1 121 if [ $? -eq 0 ]; then 122 tst_resm TPASS "sssd: user home dir is $line_shell." 123 else 124 tst_resm TFAIL "sssd: user home dir should be $line_shell." 125 : $(( TFAILCNT += 1 )) 126 return $TFAILCNT 127 fi 128 129 return 0 130 } 131 132 sssd_case5() 133 { 134 export TST_COUNT=5 135 136 tst_resm TINFO "test use shell_fallback when set vetoed_shells" 137 138 # Create the configuration file specific to this test case. 139 make_config_file 140 sed -i -e "/\[nss\]/ a\vetoed_shells = $line_shell" $CONFIG_FILE 141 sleep 1 142 143 sss_usermod -s $line_shell $username 144 145 restart_sssd_daemon 146 147 # When the shell is in the vetoed_shells list, 148 # use the value of the shell_fallback parameter. 149 # shell_fallback's default value is /bin/sh. 150 getent passwd $username@LOCAL | grep "/bin/sh" >/dev/null 2>&1 151 if [ $? -eq 0 ]; then 152 tst_resm TPASS "sssd: user home dir is /bin/sh." 153 else 154 tst_resm TFAIL "sssd: user home dir should be /bin/sh." 155 : $(( TFAILCNT += 1 )) 156 return $TFAILCNT 157 fi 158 159 return 0 160 } 161 162 sssd_case6() 163 { 164 export TST_COUNT=6 165 166 tst_resm TINFO "test use nologin when not in allowed_shells" 167 168 # Create the configuration file specific to this test case. 169 make_config_file 170 sed -i -e "/\[nss\]/ a\allowed_shells = $line_shell" $CONFIG_FILE 171 sleep 1 172 173 sss_usermod -s $LTPTMP/noshell $username 174 175 restart_sssd_daemon 176 177 # When the shell is not in the allowed_shells list, and not in 178 # "/etc/shells", a nologin shell is used. 179 getent passwd $username@LOCAL | grep "/sbin/nologin" >/dev/null 2>&1 180 if [ $? -eq 0 ]; then 181 tst_resm TPASS "sssd: user home dir is /sbin/nologin." 182 else 183 tst_resm TFAIL "sssd: user home dir should be /sbin/nologin." 184 : $(( TFAILCNT += 1 )) 185 return $TFAILCNT 186 fi 187 188 return 0 189 } 190 191 export TST_TOTAL=6 192 export TCID=sssd03 193 194 grep -v -w -E "nologin|sh|bash" /etc/shells > $LTPTMP/all_shells 195 line_shell=`sed -n '1p' $LTPTMP/all_shells` 196 if [ -z "$line_shell" ]; then 197 rm -f $LTPTMP/all_shells 198 tst_brkm TCONF NULL "Please install another shell." 199 return 0 200 fi 201 rm -f $LTPTMP/all_shells 202 203 TFAILCNT=0 204 username="sssd_test_user" 205 206 make_config_file 207 # make sure config file is OK 208 sleep 1 209 restart_sssd_daemon 210 sss_useradd $username 211 212 for i in $(seq 1 $TST_TOTAL); do 213 sssd_case$i 214 done 215 216 sss_userdel $username 217 cleanup ${TFAILCNT:=0} 218
