| #! /bin/sh |
| |
| # Copyright (c) 2012 FUJITSU LIMITED |
| # |
| # This program is free software; you can redistribute it and/or modify |
| # it under the terms of the GNU General Public License as published by |
| # the Free Software Foundation; either version 2 of the License, or |
| # (at your option) any later version. |
| # |
| # This program is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See |
| # the GNU General Public License for more details. |
| # |
| # You should have received a copy of the GNU General Public License |
| # along with this program; if not, write to the Free Software |
| # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| # |
| # Description: Test allowed_shells, vetoed_shells and shell_fallback |
| # in the configuration file. |
| # Author: Peng Haitao <penght@cn.fujitsu.com> |
| # History: 2012/02/09 - Created. |
| # |
| |
| . ./sssd-lib.sh || exit 1 |
| |
| sssd_case1() |
| { |
| export TST_COUNT=1 |
| |
| tst_resm TINFO "test allowed_shells with the shell in \"/etc/shells\"." |
| |
| sss_usermod -s $line_shell $username |
| getent passwd $username@LOCAL | grep "$line_shell" >/dev/null 2>&1 |
| if [ $? -eq 0 ]; then |
| tst_resm TPASS "sssd: user login shell is $line_shell." |
| else |
| tst_resm TFAIL "sssd: user login shell should be $line_shell." |
| : $(( TFAILCNT += 1 )) |
| return $TFAILCNT |
| fi |
| |
| return 0 |
| } |
| |
| sssd_case2() |
| { |
| export TST_COUNT=2 |
| |
| tst_resm TINFO "test not set allowed_shells" |
| |
| make_config_file |
| sleep 1 |
| |
| restart_sssd_daemon |
| |
| # When not set allowed_shells, the user shell is used even if is wrong |
| sss_usermod -s $LTPTMP/noshell $username |
| getent passwd $username@LOCAL | grep "$LTPTMP/noshell" >/dev/null 2>&1 |
| if [ $? -eq 0 ]; then |
| tst_resm TPASS "sssd: user home dir is $LTPTMP/noshell." |
| else |
| tst_resm TFAIL "sssd: user home dir should be $LTPTMP/noshell." |
| : $(( TFAILCNT += 1 )) |
| return $TFAILCNT |
| fi |
| |
| return 0 |
| } |
| |
| sssd_case3() |
| { |
| export TST_COUNT=3 |
| |
| tst_resm TINFO "test use shell_fallback when set allowed_shells" |
| |
| # Create the configuration file specific to this test case. |
| make_config_file |
| sed -i -e "/\[nss\]/ a\allowed_shells = $LTPTMP/noshell" $CONFIG_FILE |
| sleep 1 |
| |
| sss_usermod -s $LTPTMP/noshell $username |
| |
| restart_sssd_daemon |
| |
| # When the shell is in the allowed_shells list but not in "/etc/shells" |
| # use the value of the shell_fallback parameter. |
| # shell_fallback's default value is /bin/sh. |
| getent passwd $username@LOCAL | grep "/bin/sh" >/dev/null 2>&1 |
| if [ $? -eq 0 ]; then |
| tst_resm TPASS "sssd: user home dir is /bin/sh." |
| else |
| tst_resm TFAIL "sssd: user home dir should be /bin/sh." |
| : $(( TFAILCNT += 1 )) |
| return $TFAILCNT |
| fi |
| |
| return 0 |
| } |
| |
| sssd_case4() |
| { |
| export TST_COUNT=4 |
| |
| tst_resm TINFO "test use shell_fallback when set allowed_shells" |
| |
| # Create the configuration file specific to this test case. |
| make_config_file |
| sed -i -e "/\[nss\]/ a\allowed_shells = $LTPTMP/noshell" $CONFIG_FILE |
| sed -i -e "/\[nss\]/ a\shell_fallback = $line_shell" $CONFIG_FILE |
| sleep 1 |
| |
| sss_usermod -s $LTPTMP/noshell $username |
| |
| restart_sssd_daemon |
| |
| # When the shell is in the allowed_shells list but not in "/etc/shells" |
| # use the value of the shell_fallback parameter. |
| # shell_fallback's value is set $line_shell. |
| getent passwd $username@LOCAL | grep "$line_shell" >/dev/null 2>&1 |
| if [ $? -eq 0 ]; then |
| tst_resm TPASS "sssd: user home dir is $line_shell." |
| else |
| tst_resm TFAIL "sssd: user home dir should be $line_shell." |
| : $(( TFAILCNT += 1 )) |
| return $TFAILCNT |
| fi |
| |
| return 0 |
| } |
| |
| sssd_case5() |
| { |
| export TST_COUNT=5 |
| |
| tst_resm TINFO "test use shell_fallback when set vetoed_shells" |
| |
| # Create the configuration file specific to this test case. |
| make_config_file |
| sed -i -e "/\[nss\]/ a\vetoed_shells = $line_shell" $CONFIG_FILE |
| sleep 1 |
| |
| sss_usermod -s $line_shell $username |
| |
| restart_sssd_daemon |
| |
| # When the shell is in the vetoed_shells list, |
| # use the value of the shell_fallback parameter. |
| # shell_fallback's default value is /bin/sh. |
| getent passwd $username@LOCAL | grep "/bin/sh" >/dev/null 2>&1 |
| if [ $? -eq 0 ]; then |
| tst_resm TPASS "sssd: user home dir is /bin/sh." |
| else |
| tst_resm TFAIL "sssd: user home dir should be /bin/sh." |
| : $(( TFAILCNT += 1 )) |
| return $TFAILCNT |
| fi |
| |
| return 0 |
| } |
| |
| sssd_case6() |
| { |
| export TST_COUNT=6 |
| |
| tst_resm TINFO "test use nologin when not in allowed_shells" |
| |
| # Create the configuration file specific to this test case. |
| make_config_file |
| sed -i -e "/\[nss\]/ a\allowed_shells = $line_shell" $CONFIG_FILE |
| sleep 1 |
| |
| sss_usermod -s $LTPTMP/noshell $username |
| |
| restart_sssd_daemon |
| |
| # When the shell is not in the allowed_shells list, and not in |
| # "/etc/shells", a nologin shell is used. |
| getent passwd $username@LOCAL | grep "/sbin/nologin" >/dev/null 2>&1 |
| if [ $? -eq 0 ]; then |
| tst_resm TPASS "sssd: user home dir is /sbin/nologin." |
| else |
| tst_resm TFAIL "sssd: user home dir should be /sbin/nologin." |
| : $(( TFAILCNT += 1 )) |
| return $TFAILCNT |
| fi |
| |
| return 0 |
| } |
| |
| export TST_TOTAL=6 |
| export TCID=sssd03 |
| |
| grep -v -w -E "nologin|sh|bash" /etc/shells > $LTPTMP/all_shells |
| line_shell=`sed -n '1p' $LTPTMP/all_shells` |
| if [ -z "$line_shell" ]; then |
| rm -f $LTPTMP/all_shells |
| tst_brkm TCONF NULL "Please install another shell." |
| return 0 |
| fi |
| rm -f $LTPTMP/all_shells |
| |
| TFAILCNT=0 |
| username="sssd_test_user" |
| |
| make_config_file |
| # make sure config file is OK |
| sleep 1 |
| restart_sssd_daemon |
| sss_useradd $username |
| |
| for i in $(seq 1 $TST_TOTAL); do |
| sssd_case$i |
| done |
| |
| sss_userdel $username |
| cleanup ${TFAILCNT:=0} |