1#! /bin/sh 2 3# Copyright (c) 2012 FUJITSU LIMITED 4# 5# This program is free software; you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation; either version 2 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13# the GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program; if not, write to the Free Software 17# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18# 19# Description: Test allowed_shells, vetoed_shells and shell_fallback 20# in the configuration file. 21# Author: Peng Haitao <penght@cn.fujitsu.com> 22# History: 2012/02/09 - Created. 23# 24 25. ./sssd-lib.sh || exit 1 26 27sssd_case1() 28{ 29 export TST_COUNT=1 30 31 tst_resm TINFO "test allowed_shells with the shell in \"/etc/shells\"." 32 33 sss_usermod -s $line_shell $username 34 getent passwd $username@LOCAL | grep "$line_shell" >/dev/null 2>&1 35 if [ $? -eq 0 ]; then 36 tst_resm TPASS "sssd: user login shell is $line_shell." 37 else 38 tst_resm TFAIL "sssd: user login shell should be $line_shell." 39 : $(( TFAILCNT += 1 )) 40 return $TFAILCNT 41 fi 42 43 return 0 44} 45 46sssd_case2() 47{ 48 export TST_COUNT=2 49 50 tst_resm TINFO "test not set allowed_shells" 51 52 make_config_file 53 sleep 1 54 55 restart_sssd_daemon 56 57 # When not set allowed_shells, the user shell is used even if is wrong 58 sss_usermod -s $LTPTMP/noshell $username 59 getent passwd $username@LOCAL | grep "$LTPTMP/noshell" >/dev/null 2>&1 60 if [ $? -eq 0 ]; then 61 tst_resm TPASS "sssd: user home dir is $LTPTMP/noshell." 62 else 63 tst_resm TFAIL "sssd: user home dir should be $LTPTMP/noshell." 64 : $(( TFAILCNT += 1 )) 65 return $TFAILCNT 66 fi 67 68 return 0 69} 70 71sssd_case3() 72{ 73 export TST_COUNT=3 74 75 tst_resm TINFO "test use shell_fallback when set allowed_shells" 76 77 # Create the configuration file specific to this test case. 78 make_config_file 79 sed -i -e "/\[nss\]/ a\allowed_shells = $LTPTMP/noshell" $CONFIG_FILE 80 sleep 1 81 82 sss_usermod -s $LTPTMP/noshell $username 83 84 restart_sssd_daemon 85 86 # When the shell is in the allowed_shells list but not in "/etc/shells" 87 # use the value of the shell_fallback parameter. 88 # shell_fallback's default value is /bin/sh. 89 getent passwd $username@LOCAL | grep "/bin/sh" >/dev/null 2>&1 90 if [ $? -eq 0 ]; then 91 tst_resm TPASS "sssd: user home dir is /bin/sh." 92 else 93 tst_resm TFAIL "sssd: user home dir should be /bin/sh." 94 : $(( TFAILCNT += 1 )) 95 return $TFAILCNT 96 fi 97 98 return 0 99} 100 101sssd_case4() 102{ 103 export TST_COUNT=4 104 105 tst_resm TINFO "test use shell_fallback when set allowed_shells" 106 107 # Create the configuration file specific to this test case. 108 make_config_file 109 sed -i -e "/\[nss\]/ a\allowed_shells = $LTPTMP/noshell" $CONFIG_FILE 110 sed -i -e "/\[nss\]/ a\shell_fallback = $line_shell" $CONFIG_FILE 111 sleep 1 112 113 sss_usermod -s $LTPTMP/noshell $username 114 115 restart_sssd_daemon 116 117 # When the shell is in the allowed_shells list but not in "/etc/shells" 118 # use the value of the shell_fallback parameter. 119 # shell_fallback's value is set $line_shell. 120 getent passwd $username@LOCAL | grep "$line_shell" >/dev/null 2>&1 121 if [ $? -eq 0 ]; then 122 tst_resm TPASS "sssd: user home dir is $line_shell." 123 else 124 tst_resm TFAIL "sssd: user home dir should be $line_shell." 125 : $(( TFAILCNT += 1 )) 126 return $TFAILCNT 127 fi 128 129 return 0 130} 131 132sssd_case5() 133{ 134 export TST_COUNT=5 135 136 tst_resm TINFO "test use shell_fallback when set vetoed_shells" 137 138 # Create the configuration file specific to this test case. 139 make_config_file 140 sed -i -e "/\[nss\]/ a\vetoed_shells = $line_shell" $CONFIG_FILE 141 sleep 1 142 143 sss_usermod -s $line_shell $username 144 145 restart_sssd_daemon 146 147 # When the shell is in the vetoed_shells list, 148 # use the value of the shell_fallback parameter. 149 # shell_fallback's default value is /bin/sh. 150 getent passwd $username@LOCAL | grep "/bin/sh" >/dev/null 2>&1 151 if [ $? -eq 0 ]; then 152 tst_resm TPASS "sssd: user home dir is /bin/sh." 153 else 154 tst_resm TFAIL "sssd: user home dir should be /bin/sh." 155 : $(( TFAILCNT += 1 )) 156 return $TFAILCNT 157 fi 158 159 return 0 160} 161 162sssd_case6() 163{ 164 export TST_COUNT=6 165 166 tst_resm TINFO "test use nologin when not in allowed_shells" 167 168 # Create the configuration file specific to this test case. 169 make_config_file 170 sed -i -e "/\[nss\]/ a\allowed_shells = $line_shell" $CONFIG_FILE 171 sleep 1 172 173 sss_usermod -s $LTPTMP/noshell $username 174 175 restart_sssd_daemon 176 177 # When the shell is not in the allowed_shells list, and not in 178 # "/etc/shells", a nologin shell is used. 179 getent passwd $username@LOCAL | grep "/sbin/nologin" >/dev/null 2>&1 180 if [ $? -eq 0 ]; then 181 tst_resm TPASS "sssd: user home dir is /sbin/nologin." 182 else 183 tst_resm TFAIL "sssd: user home dir should be /sbin/nologin." 184 : $(( TFAILCNT += 1 )) 185 return $TFAILCNT 186 fi 187 188 return 0 189} 190 191export TST_TOTAL=6 192export TCID=sssd03 193 194grep -v -w -E "nologin|sh|bash" /etc/shells > $LTPTMP/all_shells 195line_shell=`sed -n '1p' $LTPTMP/all_shells` 196if [ -z "$line_shell" ]; then 197 rm -f $LTPTMP/all_shells 198 tst_brkm TCONF NULL "Please install another shell." 199 return 0 200fi 201rm -f $LTPTMP/all_shells 202 203TFAILCNT=0 204username="sssd_test_user" 205 206make_config_file 207# make sure config file is OK 208sleep 1 209restart_sssd_daemon 210sss_useradd $username 211 212for i in $(seq 1 $TST_TOTAL); do 213 sssd_case$i 214done 215 216sss_userdel $username 217cleanup ${TFAILCNT:=0} 218