1 #! /usr/bin/expect -f 2 #********************************************************************* 3 # Copyright (c) International Business Machines Corp., 2003, 2004, 2007 4 # 5 # This program is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as published by 7 # the Free Software Foundation; either version 2 of the License, or 8 # (at your option) any later version. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 # the GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18 # 19 # FILE : su 20 # 21 # PURPOSE: Tests the basic functionality of `su`. 22 # 23 # SETUP: The program `/usr/bin/expect' MUST be installed. 24 # The user invoking this test script must NOT be "root". 25 # The PASSWD variable should be set prior to execution 26 # 27 # HISTORY: 28 # 03/03 Dustin Kirkland (dkirklan (at] us.ibm.com) 29 # 03/03 Jerone Young (jeroney (at] us.ibm.com) 30 # 10/01/04 Kris Wilson Skip test 7 if RedHat; no -e option. 31 # 05/23/07 Kris Wilson Make test 7 work for SLES. 32 ######################################################################## 33 34 # The root user cannot succesfully execute su test because the root user 35 # is able to become anyone without entering passwords 36 set whoami [ exec whoami ] 37 if { $whoami=="root" } { 38 send_user "ERROR: You must execute the 'su' tests as a non-root user\n" 39 exit 1 40 } 41 42 #Grab input from enviroment 43 if [info exists env(PASSWD)] { 44 set PASSWD $env(PASSWD) 45 } else { 46 send_user "YOU NEED TO SET ENVIROMENT VARIABLE PASSWD. \n" 47 exit 1 48 } 49 50 if [info exists env(TEST_USER2)] { 51 set USER1 $env(TEST_USER2) 52 } else { 53 send_user "YOU MUST SET ENVIRONMENT VARIABLE TEST_USER2" 54 exit 1 55 } 56 57 # Need the release type from su01 58 if [info exists env(tvar)] { 59 set distro $env(tvar) 60 } else { 61 send_user "YOU MUST SET ENVIORMENT VARIABLE tvar" 62 exit 1 63 } 64 65 if [info exists env(TEST_USER2_PASSWD)] { 66 set USER1_PASSWORD $env(TEST_USER2_PASSWD) 67 } else { 68 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER2_PASSWD" 69 exit 1 70 } 71 72 if [info exists env(TEST_LINE)] { 73 set TEST_LINE_ENV $env(TEST_LINE) 74 } else { 75 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_LINE" 76 exit 1 77 } 78 79 80 if [info exists env(TEST_ENV_FILE)] { 81 set TEST_ENV_FILE $env(TEST_ENV_FILE) 82 } else { 83 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER" 84 exit 1 85 } 86 87 if [info exists env(TEST_ENV_FILE2)] { 88 set TEST_ENV_FILE2 $env(TEST_ENV_FILE2) 89 } else { 90 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE2" 91 exit 1 92 } 93 94 95 if [info exists env(TEST_ENV_FILE_USER)] { 96 set TEST_ENV_FILE_USER1 $env(TEST_ENV_FILE_USER) 97 } else { 98 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER" 99 exit 1 100 } 101 102 if [info exists env(TEST_USER1_NEW_PASSWD)] { 103 set USER1_NEW_PASSWORD $env(TEST_USER1_NEW_PASSWD) 104 } else { 105 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER1_NEW_PASSWD" 106 exit 1 107 } 108 109 110 set script_exit_code 0 111 set i_can_root 0 112 113 send_user "Starting 'su' Testing\n" 114 115 # 1) su with no parameters and correct password. 116 # - The su command should return a result code of 0 117 # - The user ID should be root 118 # - The user environment should be that of the invoking process 119 # - The command should create a new shell with a new process ID 120 121 send_user "\nTEST: su with no parameters and correct password\n" 122 123 set i_am_root 0 124 # run "whoami" to test user ID inside su shell 125 spawn /bin/su -c whoami 126 set i_am_root 0 127 expect { 128 "Password:" { 129 send "$PASSWD\r" 130 expect { 131 "root" { set i_am_root 1 132 set i_can_root 1 133 } 134 } 135 } 136 } 137 138 # capture result code 139 set codes [wait] 140 set pid [lindex $codes 0] 141 set exit_code [lindex $codes 3] 142 143 #Check that su user has same enviroment as current user 144 set i_have_env 0 145 set test_env_var " " 146 if { $i_am_root==1 } { 147 spawn su -c "/bin/su root -c \"echo \\\$TEST_LINE > $TEST_ENV_FILE\"" 148 expect { 149 "Password:" { 150 send "$PASSWD\r" 151 } 152 } 153 expect eof 154 wait 155 156 set test_env_var [exec cat $TEST_ENV_FILE] 157 158 if { $test_env_var==$TEST_LINE_ENV } { 159 set i_have_env 1 160 } else { 161 send_user "/bin/su with correct password (FAILED), the enviroment was not kept after su.\n" 162 } 163 } 164 165 166 #this variable is for any test, it can't run correctly if this test fails 167 set test_one_passed 0 168 169 if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==1) } { 170 send_user "/bin/su with correct password & enviroment check ( PASSED )\n" 171 set test_one_passed 1 172 } else { 173 send_user "/bin/su with correct password ( FAILED )\n" 174 set script_exit_code 1 175 } 176 177 178 # 2) su with no parameters and incorrect password. 179 # - The su command should return a result code of non-0 180 # - The user should be returned to the invoking shell 181 # - An appropriate failure message should be displayed 182 183 send_user "\nTEST: su with no parameters and incorrect password \n" 184 185 set displayed_error 0 186 # run "whoami" to test user ID inside su shell 187 spawn /bin/su -c whoami 188 set displayed_error 0 189 expect { 190 "Password:" { 191 send "wrong_$PASSWD\r" 192 expect { 193 "su: incorrect password" { set displayed_error 1 } 194 "su: Authentication failure" { set displayed_error 1 } 195 } 196 } 197 } 198 199 # capture result code 200 set codes [wait] 201 set pid [lindex $codes 0] 202 set exit_code [lindex $codes 3] 203 204 #Added for arm architecture 205 206 send_user "\ndisplayed_error=$displayed_error" 207 send_user "\nexit_code=$exit_code" 208 send_user "\npid=$pid\n" 209 210 if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 211 send_user "/bin/su with incorrect password ( PASSED )\n" 212 } else { 213 send_user "/bin/su with incorrect password ( FAILED )\n" 214 set script_exit_code 1 215 } 216 217 # 3) su to root using name parameter and correct password. 218 # - The su command should return a result code of 0 219 # - The user ID should be root 220 # - The user environment should be that of the invoking process 221 # - The command should create a new shell with a new process ID 222 223 send_user "\nTEST: su to root using name parameter and correct password. \n" 224 225 set i_am_root 0 226 # run "whoami" to test user ID inside su shell 227 spawn /bin/su -l root -c whoami 228 expect { 229 "Password:" { 230 send "$PASSWD\r" 231 expect { 232 "root" { set i_am_root 1 } 233 } 234 } 235 } 236 237 # capture result code 238 set codes [wait] 239 set pid [lindex $codes 0] 240 set exit_code [lindex $codes 3] 241 242 243 #Check that su user does not have the same enviroment as current user 244 set i_have_env 0 245 set test_env " " 246 if { $i_am_root==1 } { 247 spawn /bin/sh -c "/bin/su -l root -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE2\"\"" 248 expect { 249 "Password:" { 250 send "$PASSWD\r" 251 } 252 } 253 254 set test_env [exec cat $TEST_ENV_FILE2] 255 256 if { $test_env==$TEST_LINE_ENV } { 257 set i_have_env 1 258 send_user "/bin/su -l root with correct password (FAILED), because it did not change enviroment\n" 259 } 260 } 261 262 263 if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } { 264 send_user "/bin/su -l root with correct password & enviroment check ( PASSED )\n" 265 } else { 266 send_user "/bin/su -l root with correct password ( FAILED )\n" 267 set script_exit_code 1 268 } 269 270 271 # 4) su to root with name parameter and incorrect password. 272 # - The su command should return a result code of non-0 273 # - The user should be returned to the invoking shell 274 # - An appropriate failure message should be displayed 275 276 send_user "\nTEST: su to root with name parameter and incorrect password. \n" 277 278 set displayed_error 0 279 # run "whoami" to test user ID inside su shell 280 spawn /bin/su -l root -c whoami 281 expect { 282 "Password:" { 283 send "wrong_$PASSWD\r" 284 expect { 285 "su: incorrect password" { set displayed_error 1 } 286 "su: Authentication failure" { set displayed_error 1 } 287 } 288 } 289 } 290 291 # capture result code 292 set codes [wait] 293 set pid [lindex $codes 0] 294 set exit_code [lindex $codes 3] 295 if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 296 send_user "/bin/su -l root with incorrect password ( PASSED )\n" 297 } else { 298 send_user "/bin/su -l root with incorrect password ( FAILED )\n" 299 set script_exit_code 1 300 } 301 302 303 # 5) su to user1 with name parameter and correct password. 304 # - The su command should return a result code of 0 305 # - The user ID should be user1 306 # - The user environment should be that of the invoking process, in this case,that of user1 307 # - The command should create a new shell with a new process ID 308 # - Run "whoami" to test user ID inside su shell 309 310 send_user "TEST: su to user1 with name parameter and correct password.\n" 311 312 set i_am_correct 0 313 spawn /bin/su -l $USER1 -c whoami 314 expect { 315 "Password:" { 316 send "$USER1_PASSWORD\r" 317 expect { 318 "$USER1\r" { set i_am_correct 1 } 319 } 320 } 321 } 322 323 # capture result code 324 set codes [wait] 325 set pid [lindex $codes 0] 326 set exit_code [lindex $codes 3] 327 328 set i_have_env 0 329 set test_env_var 0 330 #Check to see that su user does not have the same enviroment 331 if { $i_am_correct==1 } { 332 spawn /bin/sh -c "/bin/su -l $USER1 -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE_USER1\"\"" 333 expect { 334 "Password:" { 335 send "$USER1_PASSWORD\r" 336 } 337 } 338 339 } 340 341 set test_env_var [exec cat $TEST_ENV_FILE_USER1] 342 343 set i_have_env 0 344 if { $test_env_var==$TEST_LINE_ENV } { 345 set i_have_env 1 346 send_user "/bin/su -l $USER1 with correct password (FAILED), because it did not change enviroment\n" 347 set i_have_env 0 348 if { $test_env_var==$TEST_LINE_ENV } { 349 set i_have_env 1 350 send_user "su -l $USER1 with correct password (FAILED), because it did not change enviroment\n" 351 } 352 } 353 354 if { ($i_am_correct==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } { 355 send_user "/bin/su -l $USER1 with correct password & enviroment check ( PASSED )\n" 356 } else { 357 send_user "/bin/su -l $USER1 with correct password ( FAILED )\n" 358 set script_exit_code 1 359 } 360 361 362 363 # 6)su to user1 with name parameter and incorrect password. 364 # - The su command should return a result code of non-0 365 # - The user should be returned to the invoking shell 366 # - An appropriate failure message should be displayed. 367 368 send_user "TEST: su to user1 with name parameter and incorrect password.\n" 369 spawn /bin/su -l $USER1 -c whoami 370 set displayed_error 0 371 expect { 372 "Password:" { 373 send "wrong_$USER1_PASSWORD\r" 374 expect { 375 "su: incorrect password" { set displayed_error 1 } 376 "su: Authentication failure" { set displayed_error 1 } 377 } 378 } 379 } 380 381 # capture result code 382 set codes [wait] 383 set pid [lindex $codes 0] 384 set exit_code [lindex $codes 3] 385 if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 386 send_user "/bin/su -l $USER1 with incorrect password ( PASSED )\n" 387 } else { 388 send_user "/bin/su -l $USER1 with incorrect password ( FAILED )\n" 389 set script_exit_code 1 390 } 391 392 393 # 7) su to user1 with the user1 password expired 394 # - user1 should not be allowed to log in 395 # - The su command should return a result code of non-0 396 # - The user should be returned to the invoking shell 397 # - An appropriate failure message should be displayed. 398 399 # Become root and expire $USER1 password 400 401 # Skip this if Red Hat; -e option not supported. 402 if { $distro != "redhat" && $distro != "redhat-linux" } { 403 404 if { $test_one_passed==1} { 405 send_user "TEST: su to user1 with the user1 password expired.\n" 406 407 spawn /bin/su -l root -c "passwd -e $USER1" 408 expect { 409 "Password:" { 410 send "$PASSWD\r" 411 expect { 412 "Password expiry information changed." 413 } 414 } 415 } 416 417 set i_am_correct 0 418 spawn /bin/su -l $USER1 -c whoami 419 expect { 420 "Password:" { 421 send "$USER1_PASSWORD\r" 422 expect { 423 -re "current.*password|Old Password" { 424 send "wrong_$USER1_PASSWORD\r" 425 expect { 426 -re "current.*password|Old Password" { 427 send "wrong_$USER1_PASSWORD\r" 428 expect { 429 "su: incorrect password" { set i_am_correct 1 } 430 "su: Authentication failure" { set i_am_correct 1 } 431 "su: Authentication token manipulation error" { set i_am_correct 1 } 432 } 433 } 434 "su: incorrect password" { set i_am_correct 1 } 435 "su: Authentication failure" { set i_am_correct 1 } 436 "su: Authentication token manipulation error" { set i_am_correct 1 } 437 } 438 } 439 } 440 } 441 } 442 443 # capture result code 444 set codes [wait] 445 set pid [lindex $codes 0] 446 set exit_code [lindex $codes 3] 447 if { ($i_am_correct==1) && ($exit_code!=0) && ($pid>0) } { 448 send_user "/bin/su -l $USER1 with expired correct password ( PASSED )\n" 449 } else { 450 send_user "/bin/su -l $USER1 with expired correct password ( FAILED )\n" 451 set script_exit_code 1 452 } 453 454 455 #Become root and set $USER1 password back to previous value 456 spawn /bin/su -l root -c "passwd $USER1" 457 expect { 458 "Password: " { 459 send "$PASSWD\r" 460 expect { 461 "Enter new password: " { 462 send "$USER1_NEW_PASSWORD\r" 463 expect { 464 "Re-type new password: " { 465 send "$USER1_NEW_PASSWORD\r" 466 expect { 467 "Password changed" {} 468 } 469 } 470 } 471 } 472 } 473 } 474 } 475 476 } else { 477 478 send_user "TEST: su to user1 with the user1 password expired. (FAILED),see more next line.\n" 479 send_user "This test cannot be run because the first test to su as root failed\n" 480 481 } 482 # If RH let the tester know why only 6 tests were run. 483 } else { 484 send_user "TEST 7 skipped if running on Red Hat; -e not supported \n" 485 } 486 exit $script_exit_code 487
