1#!/bin/sh -u 2# 3# Copyright (C) 2008 CAI Qian <caiqian@cclom.cn> 4# Copyright (c) International Business Machines Corp., 2003 5# 6# This program is free software; you can redistribute it and/or modify 7# it under the terms of the GNU General Public License as published by 8# the Free Software Foundation; either version 2 of the License, or 9# (at your option) any later version. 10# 11# This program is distributed in the hope that it will be useful, but 12# WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14# General Public License for more details. 15# 16# You should have received a copy of the GNU General Public License 17# along with this program; if not, write to the Free Software 18# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 19# USA 20# 21# FILE: /etc/at.allow 22# 23# PURPOSE: Test that /etc/at.allow , only allows those in the file to 24# run cron jobs. 25# 26# HISTORY: 27# 04/03 Jerone Young (jyoung5@us.ibm.com) 28# 29 30export TCID=at_allow01 31export TST_TOTAL=1 32export TST_COUNT=1 33TMP=${TMP:=/tmp} 34allow="/etc/at.allow" 35test_user1="test_user_1" 36test_user2="test_user_2" 37test_user1_home="/home/${test_user1}" 38test_user2_home="/home/${test_user2}" 39tmpfile="$TMP/at_allow_test" 40 41if [ "$(id -ru)" = 0 ]; then 42 . cmdlib.sh 43fi 44 45#----------------------------------------------------------------------- 46# FUNCTION: do_setup 47#----------------------------------------------------------------------- 48 49do_setup() 50{ 51 # Move any files that may get in the way. 52 rm "${tmpfile}" >/dev/null 2>&1 53 mv "${allow}" "${allow}.old" >/dev/null 2>&1 54 55 # Remove users for clean enviroment. 56 rm -rf "${test_user1_home}" "${test_user2_home}" 57 userdel -r "${test_user1}" >/dev/null 2>&1 58 userdel -r "${test_user2}" >/dev/null 2>&1 59 60 # Create the 1st user. 61 if ! useradd -g users -d "${test_user1_home}" -m "${test_user1}"; then 62 echo "Could not add test user ${test_user1} to system." 63 exit 1 64 fi 65 66 # Create the 2nd user. 67 if ! useradd -g users -d "${test_user2_home}" -m "${test_user2}"; then 68 echo "Could not add test user ${test_user2} to system." 69 exit 1 70 fi 71 72 # This is the workaround for a potential bug. 73 # [Bug 468337] At Refuse to Work with Non-login Shell 74 # https://bugzilla.redhat.com/show_bug.cgi?id=468337 75 # As we are running in non-login shell now, we cannot run the script 76 # by simply given it a relative path. Therefore, we copy it to test 77 # users' home directories, and run it from there. 78 cp "$0" "${test_user1_home}/." && 79 cp "$0" "${test_user2_home}/." && 80 echo "export LTPROOT='$LTPROOT'" > "${test_user1_home}/cached_ltproot" && 81 echo "export LTPROOT='$LTPROOT'" > "${test_user2_home}/cached_ltproot" 82 if [ $? -ne 0 ]; then 83 tst_resm TBROK "Couldn't copy over req'd files for test users" 84 exit 1 85 fi 86 87 restart_daemon atd 88} 89 90#----------------------------------------------------------------------- 91# FUNCTION: do_cleanup 92#----------------------------------------------------------------------- 93do_cleanup() 94{ 95 # We forcefully remove those files anyway. Otherwise userdel may 96 # give us bad warnings. 97 rm -rf "${test_user1_home}" "${test_user2_home}" 98 userdel -r "${test_user1}" >/dev/null 2>&1 99 userdel -r "${test_user2}" >/dev/null 2>&1 100 rm "${allow}" 101 mv "${allow}.old" "${allow}" >/dev/null 2>&1 102 rm "${tmpfile}" >/dev/null 2>&1 103} 104 105#----------------------------------------------------------------------- 106# FUNCTION: run_test 107#----------------------------------------------------------------------- 108run_test() 109{ 110 if [ $(whoami) = "${test_user1}" ]; then 111 . "${test_user1_home}/cached_ltproot" || exit 1 112 export PATH="$PATH:$LTPROOT/testcases/bin" 113 114 echo "TEST: $allow should allow only those who in the file to run jobs." 115 echo "(1) TEST THAT PERSON IN ${allow} IS ABLE TO RUN JOB." 116 echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" | 117 if ! at -m now + 1 minutes ; then 118 echo "Error while adding job using at for user ${test_user1}." 119 exit 1 120 fi 121 echo " Sleeping for 75 seconds...." 122 sleep 75 123 124 exit_code=1 125 test -e "${tmpfile}" && exit_code=0 126 if [ ${exit_code} -eq 1 ]; then 127 tst_resm TFAIL "At did not allow user to execute job" 128 else 129 tst_resm TPASS "At allowed user to execute test job" 130 fi 131 132 rm -f "${tmpfile}" >/dev/null 2>&1 133 exit ${exit_code} 134 135 elif [ $(whoami) = "${test_user2}" ]; then 136 137 . "${test_user2_home}/cached_ltproot" || exit 1 138 export PATH="$PATH:$LTPROOT/testcases/bin" 139 140 echo "(2) TEST PERSON THAT IS NOT IN ${allow} IS NOT ABLE TO RUN JOB." 141 142 echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" | 143 if ! at -m now + 1 minutes; then 144 echo "Expected error while adding job user at for user ${test_user2}" 145 fi 146 echo "Sleeping for 75 seconds...." 147 sleep 75 148 149 exit_code=1 150 test -e "${tmpfile}" || exit_code=0 151 if [ ${exit_code} -eq 1 ]; then 152 tst_resm TFAIL "At allowed user to execute test job" 153 else 154 tst_resm TPASS "At did not allow user to execute job" 155 fi 156 157 rm -f "${tmpfile}" >/dev/null 2>&1 158 exit ${exit_code} 159 160 fi 161} 162 163#----------------------------------------------------------------------- 164# FUNCTION: main 165#----------------------------------------------------------------------- 166if ! type at > /dev/null; then 167 tst_resm TCONF "at command not found on system" 168elif [ "$(id -ru)" = 0 ]; then 169 if do_setup; then 170 171 if ! echo "${test_user1}" >"${allow}"; then 172 exit_code=1 173 elif ! su "${test_user1}" -lc "${test_user1_home}/${0##*/}"; then 174 exit_code=1 175 elif ! su "${test_user2}" -lc "${test_user2_home}/${0##*/}"; then 176 exit_code=1 177 else 178 exit_code=0 179 fi 180 do_cleanup 181 else 182 exit_code=1 183 fi 184 exit ${exit_code} 185else 186 run_test 187 exit 0 188fi 189