1 #! /usr/bin/expect -f 2 #********************************************************************* 3 # Copyright (c) International Business Machines Corp., 2003, 2004, 2007 4 # 5 # This program is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as published by 7 # the Free Software Foundation; either version 2 of the License, or 8 # (at your option) any later version. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 # the GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18 # 19 # FILE : su 20 # 21 # PURPOSE: Tests the basic functionality of `su`. 22 # 23 # SETUP: The program `/usr/bin/expect' MUST be installed. 24 # The user invoking this test script must NOT be "root". 25 # The PASSWD variable should be set prior to execution 26 # 27 # HISTORY: 28 # 03/03 Dustin Kirkland (dkirklan (at] us.ibm.com) 29 # 03/03 Jerone Young (jeroney (at] us.ibm.com) 30 # 10/01/04 Kris Wilson Skip test 7 if RedHat; no -e option. 31 # 05/23/07 Kris Wilson Make test 7 work for SLES. 32 ######################################################################## 33 34 # The root user cannot succesfully execute su test because the root user 35 # is able to become anyone without entering passwords 36 set whoami [ exec whoami ] 37 if { $whoami=="root" } { 38 send_user "ERROR: You must execute the 'su' tests as a non-root user\n" 39 exit 1 40 } 41 42 #Grab input from enviroment 43 if [info exists env(PASSWD)] { 44 set PASSWD $env(PASSWD) 45 } else { 46 send_user "YOU NEED TO SET ENVIROMENT VARIABLE PASSWD. \n" 47 exit 1 48 } 49 50 if [info exists env(TEST_USER2)] { 51 set USER1 $env(TEST_USER2) 52 } else { 53 send_user "YOU MUST SET ENVIRONMENT VARIABLE TEST_USER2" 54 exit 1 55 } 56 57 # Need the release type from su01 58 if [info exists env(tvar)] { 59 set distro $env(tvar) 60 } else { 61 send_user "YOU MUST SET ENVIORMENT VARIABLE tvar" 62 exit 1 63 } 64 65 if [info exists env(TEST_USER2_PASSWD)] { 66 set USER1_PASSWORD $env(TEST_USER2_PASSWD) 67 } else { 68 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER2_PASSWD" 69 exit 1 70 } 71 72 if [info exists env(TEST_LINE)] { 73 set TEST_LINE_ENV $env(TEST_LINE) 74 } else { 75 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_LINE" 76 exit 1 77 } 78 79 80 if [info exists env(TEST_ENV_FILE)] { 81 set TEST_ENV_FILE $env(TEST_ENV_FILE) 82 } else { 83 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER" 84 exit 1 85 } 86 87 if [info exists env(TEST_ENV_FILE2)] { 88 set TEST_ENV_FILE2 $env(TEST_ENV_FILE2) 89 } else { 90 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE2" 91 exit 1 92 } 93 94 95 if [info exists env(TEST_ENV_FILE_USER)] { 96 set TEST_ENV_FILE_USER1 $env(TEST_ENV_FILE_USER) 97 } else { 98 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER" 99 exit 1 100 } 101 102 if [info exists env(TEST_USER1_NEW_PASSWD)] { 103 set USER1_NEW_PASSWORD $env(TEST_USER1_NEW_PASSWD) 104 } else { 105 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER1_NEW_PASSWD" 106 exit 1 107 } 108 109 110 set script_exit_code 0 111 set i_can_root 0 112 113 send_user "Starting 'su' Testing\n" 114 115 # 1) su with no parameters and correct password. 116 # - The su command should return a result code of 0 117 # - The user ID should be root 118 # - The user environment should be that of the invoking process 119 # - The command should create a new shell with a new process ID 120 121 send_user "\nTEST: su with no parameters and correct password\n" 122 123 set i_am_root 0 124 # run "whoami" to test user ID inside su shell 125 spawn /bin/su -c whoami 126 set i_am_root 0 127 expect { 128 "Password:" { 129 send "$PASSWD\r" 130 expect { 131 "root" { set i_am_root 1 132 set i_can_root 1 133 } 134 } 135 } 136 } 137 138 catch close 139 # capture result code 140 set codes [wait] 141 set pid [lindex $codes 0] 142 set exit_code [lindex $codes 3] 143 144 #Check that su user has same enviroment as current user 145 set i_have_env 0 146 set test_env_var " " 147 if { $i_am_root==1 } { 148 spawn su -c "/bin/su root -c \"echo \\\$TEST_LINE > $TEST_ENV_FILE\"" 149 expect { 150 "Password:" { 151 send "$PASSWD\r" 152 } 153 } 154 expect eof 155 catch close 156 wait 157 158 set test_env_var [exec cat $TEST_ENV_FILE] 159 160 if { $test_env_var==$TEST_LINE_ENV } { 161 set i_have_env 1 162 } else { 163 send_user "/bin/su with correct password (FAILED), the enviroment was not kept after su.\n" 164 } 165 } 166 167 168 #this variable is for any test, it can't run correctly if this test fails 169 set test_one_passed 0 170 171 if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==1) } { 172 send_user "/bin/su with correct password & enviroment check ( PASSED )\n" 173 set test_one_passed 1 174 } else { 175 send_user "/bin/su with correct password ( FAILED )\n" 176 set script_exit_code 1 177 } 178 179 180 # 2) su with no parameters and incorrect password. 181 # - The su command should return a result code of non-0 182 # - The user should be returned to the invoking shell 183 # - An appropriate failure message should be displayed 184 185 send_user "\nTEST: su with no parameters and incorrect password \n" 186 187 set displayed_error 0 188 # run "whoami" to test user ID inside su shell 189 spawn /bin/su -c whoami 190 set displayed_error 0 191 expect { 192 "Password:" { 193 send "wrong_$PASSWD\r" 194 expect { 195 "su: incorrect password" { set displayed_error 1 } 196 "su: Authentication failure" { set displayed_error 1 } 197 } 198 } 199 } 200 201 catch close 202 # capture result code 203 set codes [wait] 204 set pid [lindex $codes 0] 205 set exit_code [lindex $codes 3] 206 207 #Added for arm architecture 208 209 send_user "\ndisplayed_error=$displayed_error" 210 send_user "\nexit_code=$exit_code" 211 send_user "\npid=$pid\n" 212 213 if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 214 send_user "/bin/su with incorrect password ( PASSED )\n" 215 } else { 216 send_user "/bin/su with incorrect password ( FAILED )\n" 217 set script_exit_code 1 218 } 219 220 # 3) su to root using name parameter and correct password. 221 # - The su command should return a result code of 0 222 # - The user ID should be root 223 # - The user environment should be that of the invoking process 224 # - The command should create a new shell with a new process ID 225 226 send_user "\nTEST: su to root using name parameter and correct password. \n" 227 228 set i_am_root 0 229 # run "whoami" to test user ID inside su shell 230 spawn /bin/su -l root -c whoami 231 expect { 232 "Password:" { 233 send "$PASSWD\r" 234 expect { 235 "root" { set i_am_root 1 } 236 } 237 } 238 } 239 240 catch close 241 # capture result code 242 set codes [wait] 243 set pid [lindex $codes 0] 244 set exit_code [lindex $codes 3] 245 246 247 #Check that su user does not have the same enviroment as current user 248 set i_have_env 0 249 set test_env " " 250 if { $i_am_root==1 } { 251 spawn /bin/sh -c "/bin/su -l root -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE2\"\"" 252 expect { 253 "Password:" { 254 send "$PASSWD\r" 255 } 256 } 257 258 set test_env [exec cat $TEST_ENV_FILE2] 259 260 if { $test_env==$TEST_LINE_ENV } { 261 set i_have_env 1 262 send_user "/bin/su -l root with correct password (FAILED), because it did not change enviroment\n" 263 } 264 } 265 266 267 if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } { 268 send_user "/bin/su -l root with correct password & enviroment check ( PASSED )\n" 269 } else { 270 send_user "/bin/su -l root with correct password ( FAILED )\n" 271 set script_exit_code 1 272 } 273 274 275 # 4) su to root with name parameter and incorrect password. 276 # - The su command should return a result code of non-0 277 # - The user should be returned to the invoking shell 278 # - An appropriate failure message should be displayed 279 280 send_user "\nTEST: su to root with name parameter and incorrect password. \n" 281 282 set displayed_error 0 283 # run "whoami" to test user ID inside su shell 284 spawn /bin/su -l root -c whoami 285 expect { 286 "Password:" { 287 send "wrong_$PASSWD\r" 288 expect { 289 "su: incorrect password" { set displayed_error 1 } 290 "su: Authentication failure" { set displayed_error 1 } 291 } 292 } 293 } 294 295 catch close 296 # capture result code 297 set codes [wait] 298 set pid [lindex $codes 0] 299 set exit_code [lindex $codes 3] 300 if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 301 send_user "/bin/su -l root with incorrect password ( PASSED )\n" 302 } else { 303 send_user "/bin/su -l root with incorrect password ( FAILED )\n" 304 set script_exit_code 1 305 } 306 307 308 # 5) su to user1 with name parameter and correct password. 309 # - The su command should return a result code of 0 310 # - The user ID should be user1 311 # - The user environment should be that of the invoking process, in this case,that of user1 312 # - The command should create a new shell with a new process ID 313 # - Run "whoami" to test user ID inside su shell 314 315 send_user "TEST: su to user1 with name parameter and correct password.\n" 316 317 set i_am_correct 0 318 spawn /bin/su -l $USER1 -c whoami 319 expect { 320 "Password:" { 321 send "$USER1_PASSWORD\r" 322 expect { 323 "$USER1\r" { set i_am_correct 1 } 324 } 325 } 326 } 327 328 catch close 329 # capture result code 330 set codes [wait] 331 set pid [lindex $codes 0] 332 set exit_code [lindex $codes 3] 333 334 set i_have_env 0 335 set test_env_var 0 336 #Check to see that su user does not have the same enviroment 337 if { $i_am_correct==1 } { 338 spawn /bin/sh -c "/bin/su -l $USER1 -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE_USER1\"\"" 339 expect { 340 "Password:" { 341 send "$USER1_PASSWORD\r" 342 } 343 } 344 345 } 346 347 set test_env_var [exec cat $TEST_ENV_FILE_USER1] 348 349 set i_have_env 0 350 if { $test_env_var==$TEST_LINE_ENV } { 351 set i_have_env 1 352 send_user "/bin/su -l $USER1 with correct password (FAILED), because it did not change enviroment\n" 353 set i_have_env 0 354 if { $test_env_var==$TEST_LINE_ENV } { 355 set i_have_env 1 356 send_user "su -l $USER1 with correct password (FAILED), because it did not change enviroment\n" 357 } 358 } 359 360 if { ($i_am_correct==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } { 361 send_user "/bin/su -l $USER1 with correct password & enviroment check ( PASSED )\n" 362 } else { 363 send_user "/bin/su -l $USER1 with correct password ( FAILED )\n" 364 set script_exit_code 1 365 } 366 367 368 369 # 6)su to user1 with name parameter and incorrect password. 370 # - The su command should return a result code of non-0 371 # - The user should be returned to the invoking shell 372 # - An appropriate failure message should be displayed. 373 374 send_user "TEST: su to user1 with name parameter and incorrect password.\n" 375 spawn /bin/su -l $USER1 -c whoami 376 set displayed_error 0 377 expect { 378 "Password:" { 379 send "wrong_$USER1_PASSWORD\r" 380 expect { 381 "su: incorrect password" { set displayed_error 1 } 382 "su: Authentication failure" { set displayed_error 1 } 383 } 384 } 385 } 386 387 catch close 388 # capture result code 389 set codes [wait] 390 set pid [lindex $codes 0] 391 set exit_code [lindex $codes 3] 392 if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 393 send_user "/bin/su -l $USER1 with incorrect password ( PASSED )\n" 394 } else { 395 send_user "/bin/su -l $USER1 with incorrect password ( FAILED )\n" 396 set script_exit_code 1 397 } 398 399 400 # 7) su to user1 with the user1 password expired 401 # - user1 should not be allowed to log in 402 # - The su command should return a result code of non-0 403 # - The user should be returned to the invoking shell 404 # - An appropriate failure message should be displayed. 405 406 # Become root and expire $USER1 password 407 408 # Skip this if Red Hat; -e option not supported. 409 if { $distro != "redhat" && $distro != "redhat-linux" } { 410 411 if { $test_one_passed==1} { 412 send_user "TEST: su to user1 with the user1 password expired.\n" 413 414 spawn /bin/su -l root -c "passwd -e $USER1" 415 expect { 416 "Password:" { 417 send "$PASSWD\r" 418 expect { 419 "Password expiry information changed." 420 } 421 } 422 } 423 424 set i_am_correct 0 425 spawn /bin/su -l $USER1 -c whoami 426 expect { 427 "Password:" { 428 send "$USER1_PASSWORD\r" 429 expect { 430 -re "current.*password|Old Password" { 431 send "wrong_$USER1_PASSWORD\r" 432 expect { 433 -re "current.*password|Old Password" { 434 send "wrong_$USER1_PASSWORD\r" 435 expect { 436 "su: incorrect password" { set i_am_correct 1 } 437 "su: Authentication failure" { set i_am_correct 1 } 438 "su: Authentication token manipulation error" { set i_am_correct 1 } 439 } 440 } 441 "su: incorrect password" { set i_am_correct 1 } 442 "su: Authentication failure" { set i_am_correct 1 } 443 "su: Authentication token manipulation error" { set i_am_correct 1 } 444 } 445 } 446 } 447 } 448 } 449 450 catch close 451 # capture result code 452 set codes [wait] 453 set pid [lindex $codes 0] 454 set exit_code [lindex $codes 3] 455 if { ($i_am_correct==1) && ($exit_code!=0) && ($pid>0) } { 456 send_user "/bin/su -l $USER1 with expired correct password ( PASSED )\n" 457 } else { 458 send_user "/bin/su -l $USER1 with expired correct password ( FAILED )\n" 459 set script_exit_code 1 460 } 461 462 463 #Become root and set $USER1 password back to previous value 464 spawn /bin/su -l root -c "passwd $USER1" 465 expect { 466 "Password: " { 467 send "$PASSWD\r" 468 expect { 469 "Enter new password: " { 470 send "$USER1_NEW_PASSWORD\r" 471 expect { 472 "Re-type new password: " { 473 send "$USER1_NEW_PASSWORD\r" 474 expect { 475 "Password changed" {} 476 } 477 } 478 } 479 } 480 } 481 } 482 } 483 484 catch close 485 } else { 486 487 send_user "TEST: su to user1 with the user1 password expired. (FAILED),see more next line.\n" 488 send_user "This test cannot be run because the first test to su as root failed\n" 489 490 } 491 # If RH let the tester know why only 6 tests were run. 492 } else { 493 send_user "TEST 7 skipped if running on Red Hat; -e not supported \n" 494 } 495 exit $script_exit_code 496
