1 #!/bin/sh -u 2 # 3 # Copyright (C) 2008 CAI Qian <caiqian (at] cclom.cn> 4 # Copyright (c) International Business Machines Corp., 2003 5 # 6 # This program is free software; you can redistribute it and/or modify 7 # it under the terms of the GNU General Public License as published by 8 # the Free Software Foundation; either version 2 of the License, or 9 # (at your option) any later version. 10 # 11 # This program is distributed in the hope that it will be useful, but 12 # WITHOUT ANY WARRANTY; without even the implied warranty of 13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 # General Public License for more details. 15 # 16 # You should have received a copy of the GNU General Public License 17 # along with this program; if not, write to the Free Software 18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 19 # USA 20 # 21 # FILE: /etc/at.allow 22 # 23 # PURPOSE: Test that /etc/at.allow , only allows those in the file to 24 # run cron jobs. 25 # 26 # HISTORY: 27 # 04/03 Jerone Young (jyoung5 (at] us.ibm.com) 28 # 29 30 export TCID=at_allow01 31 export TST_TOTAL=1 32 export TST_COUNT=1 33 TMP=${TMP:=/tmp} 34 allow="/etc/at.allow" 35 test_user1="test_user_1" 36 test_user2="test_user_2" 37 test_user1_home="/home/${test_user1}" 38 test_user2_home="/home/${test_user2}" 39 tmpfile="$TMP/at_allow_test" 40 41 if [ "$(id -ru)" = 0 ]; then 42 . cmdlib.sh 43 fi 44 45 #----------------------------------------------------------------------- 46 # FUNCTION: do_setup 47 #----------------------------------------------------------------------- 48 49 do_setup() 50 { 51 # Move any files that may get in the way. 52 rm "${tmpfile}" >/dev/null 2>&1 53 mv "${allow}" "${allow}.old" >/dev/null 2>&1 54 55 # Remove users for clean enviroment. 56 rm -rf "${test_user1_home}" "${test_user2_home}" 57 userdel -r "${test_user1}" >/dev/null 2>&1 58 userdel -r "${test_user2}" >/dev/null 2>&1 59 60 # Create the 1st user. 61 if ! useradd -g users -d "${test_user1_home}" -m "${test_user1}"; then 62 echo "Could not add test user ${test_user1} to system." 63 exit 1 64 fi 65 66 # Create the 2nd user. 67 if ! useradd -g users -d "${test_user2_home}" -m "${test_user2}"; then 68 echo "Could not add test user ${test_user2} to system." 69 exit 1 70 fi 71 72 # This is the workaround for a potential bug. 73 # [Bug 468337] At Refuse to Work with Non-login Shell 74 # https://bugzilla.redhat.com/show_bug.cgi?id=468337 75 # As we are running in non-login shell now, we cannot run the script 76 # by simply given it a relative path. Therefore, we copy it to test 77 # users' home directories, and run it from there. 78 cp "$0" "${test_user1_home}/." && 79 cp "$0" "${test_user2_home}/." && 80 echo "export LTPROOT='$LTPROOT'" > "${test_user1_home}/cached_ltproot" && 81 echo "export LTPROOT='$LTPROOT'" > "${test_user2_home}/cached_ltproot" 82 if [ $? -ne 0 ]; then 83 tst_resm TBROK "Couldn't copy over req'd files for test users" 84 exit 1 85 fi 86 87 restart_daemon atd 88 } 89 90 #----------------------------------------------------------------------- 91 # FUNCTION: do_cleanup 92 #----------------------------------------------------------------------- 93 do_cleanup() 94 { 95 # We forcefully remove those files anyway. Otherwise userdel may 96 # give us bad warnings. 97 rm -rf "${test_user1_home}" "${test_user2_home}" 98 userdel -r "${test_user1}" >/dev/null 2>&1 99 userdel -r "${test_user2}" >/dev/null 2>&1 100 rm "${allow}" 101 mv "${allow}.old" "${allow}" >/dev/null 2>&1 102 rm "${tmpfile}" >/dev/null 2>&1 103 } 104 105 #----------------------------------------------------------------------- 106 # FUNCTION: run_test 107 #----------------------------------------------------------------------- 108 run_test() 109 { 110 if [ $(whoami) = "${test_user1}" ]; then 111 . "${test_user1_home}/cached_ltproot" || exit 1 112 export PATH="$PATH:$LTPROOT/testcases/bin" 113 114 echo "TEST: $allow should allow only those who in the file to run jobs." 115 echo "(1) TEST THAT PERSON IN ${allow} IS ABLE TO RUN JOB." 116 echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" | 117 if ! at -m now + 1 minutes ; then 118 echo "Error while adding job using at for user ${test_user1}." 119 exit 1 120 fi 121 echo " Sleeping for 75 seconds...." 122 sleep 75 123 124 exit_code=1 125 test -e "${tmpfile}" && exit_code=0 126 if [ ${exit_code} -eq 1 ]; then 127 tst_resm TFAIL "At did not allow user to execute job" 128 else 129 tst_resm TPASS "At allowed user to execute test job" 130 fi 131 132 rm -f "${tmpfile}" >/dev/null 2>&1 133 exit ${exit_code} 134 135 elif [ $(whoami) = "${test_user2}" ]; then 136 137 . "${test_user2_home}/cached_ltproot" || exit 1 138 export PATH="$PATH:$LTPROOT/testcases/bin" 139 140 echo "(2) TEST PERSON THAT IS NOT IN ${allow} IS NOT ABLE TO RUN JOB." 141 142 echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" | 143 if ! at -m now + 1 minutes; then 144 echo "Expected error while adding job user at for user ${test_user2}" 145 fi 146 echo "Sleeping for 75 seconds...." 147 sleep 75 148 149 exit_code=1 150 test -e "${tmpfile}" || exit_code=0 151 if [ ${exit_code} -eq 1 ]; then 152 tst_resm TFAIL "At allowed user to execute test job" 153 else 154 tst_resm TPASS "At did not allow user to execute job" 155 fi 156 157 rm -f "${tmpfile}" >/dev/null 2>&1 158 exit ${exit_code} 159 160 fi 161 } 162 163 #----------------------------------------------------------------------- 164 # FUNCTION: main 165 #----------------------------------------------------------------------- 166 if ! type at > /dev/null; then 167 tst_resm TCONF "at command not found on system" 168 elif [ "$(id -ru)" = 0 ]; then 169 if do_setup; then 170 171 if ! echo "${test_user1}" >"${allow}"; then 172 exit_code=1 173 elif ! su "${test_user1}" -lc "${test_user1_home}/${0##*/}"; then 174 exit_code=1 175 elif ! su "${test_user2}" -lc "${test_user2_home}/${0##*/}"; then 176 exit_code=1 177 else 178 exit_code=0 179 fi 180 do_cleanup 181 else 182 exit_code=1 183 fi 184 exit ${exit_code} 185 else 186 run_test 187 exit 0 188 fi 189
