• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#! /usr/bin/expect -f
2#*********************************************************************
3#   Copyright (c) International Business Machines  Corp., 2003, 2004, 2007
4#
5#   This program is free software;  you can redistribute it and/or modify
6#   it under the terms of the GNU General Public License as published by
7#   the Free Software Foundation; either version 2 of the License, or
8#   (at your option) any later version.
9#
10#   This program is distributed in the hope that it will be useful,
11#   but WITHOUT ANY WARRANTY;  without even the implied warranty of
12#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
13#   the GNU General Public License for more details.
14#
15#   You should have received a copy of the GNU General Public License
16#   along with this program;  if not, write to the Free Software
17#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18#
19#  FILE   : su
20#
21#  PURPOSE: Tests the basic functionality of `su`.
22#
23#  SETUP: The program `/usr/bin/expect' MUST be installed.
24#         The user invoking this test script must NOT be "root".
25#     	  The PASSWD variable should be set prior to execution
26#
27#  HISTORY:
28#     03/03     Dustin Kirkland (dkirklan@us.ibm.com)
29#     03/03     Jerone Young    (jeroney@us.ibm.com)
30#     10/01/04  Kris Wilson     Skip test 7 if RedHat; no -e option.
31#     05/23/07  Kris Wilson     Make test 7 work for SLES.
32########################################################################
33
34# The root user cannot succesfully execute su test because the root user
35# is able to become anyone without entering passwords
36set whoami [ exec whoami ]
37if { $whoami=="root" } {
38  send_user "ERROR: You must execute the 'su' tests as a non-root user\n"
39  exit 1
40}
41
42#Grab input from enviroment
43if [info exists env(PASSWD)] {
44  	set PASSWD $env(PASSWD)
45} else {
46	send_user "YOU NEED TO SET ENVIROMENT VARIABLE PASSWD. \n"
47	exit 1
48}
49
50if [info exists env(TEST_USER2)] {
51  set USER1 $env(TEST_USER2)
52} else {
53  	send_user "YOU MUST SET ENVIRONMENT VARIABLE TEST_USER2"
54  	exit 1
55}
56
57# Need the release type from su01
58if [info exists env(tvar)] {
59  set distro $env(tvar)
60} else {
61        send_user "YOU MUST SET ENVIORMENT VARIABLE tvar"
62        exit 1
63}
64
65if [info exists env(TEST_USER2_PASSWD)] {
66  set USER1_PASSWORD $env(TEST_USER2_PASSWD)
67} else {
68  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER2_PASSWD"
69  exit 1
70}
71
72if [info exists env(TEST_LINE)] {
73  set TEST_LINE_ENV $env(TEST_LINE)
74} else {
75  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_LINE"
76  exit 1
77}
78
79
80if [info exists env(TEST_ENV_FILE)] {
81  set TEST_ENV_FILE $env(TEST_ENV_FILE)
82} else {
83  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER"
84  exit 1
85}
86
87if [info exists env(TEST_ENV_FILE2)] {
88  set TEST_ENV_FILE2 $env(TEST_ENV_FILE2)
89} else {
90  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE2"
91  exit 1
92}
93
94
95if [info exists env(TEST_ENV_FILE_USER)] {
96  set TEST_ENV_FILE_USER1 $env(TEST_ENV_FILE_USER)
97} else {
98  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER"
99  exit 1
100}
101
102if [info exists env(TEST_USER1_NEW_PASSWD)] {
103  set USER1_NEW_PASSWORD $env(TEST_USER1_NEW_PASSWD)
104} else {
105  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER1_NEW_PASSWD"
106  exit 1
107}
108
109
110set script_exit_code 0
111set i_can_root 0
112
113send_user "Starting 'su' Testing\n"
114
115# 1) su with no parameters and correct password.
116#    - The su command should return a result code of 0
117#    - The user ID should be root
118#    - The user environment should be that of the invoking process
119#    - The command should create a new shell with a new process ID
120
121send_user "\nTEST: su with no parameters and correct password\n"
122
123set i_am_root 0
124# run "whoami" to test user ID inside su shell
125spawn /bin/su -c whoami
126set i_am_root 0
127expect {
128  "Password:" {
129  	send "$PASSWD\r"
130    expect {
131      "root" { set i_am_root 1
132		set i_can_root 1
133	 }
134    }
135  }
136}
137
138catch close
139# capture result code
140set codes [wait]
141set pid [lindex $codes 0]
142set exit_code [lindex $codes 3]
143
144#Check that su user has same enviroment as current user
145set i_have_env 0
146set test_env_var " "
147if { $i_am_root==1 } {
148	spawn su -c "/bin/su root -c \"echo \\\$TEST_LINE > $TEST_ENV_FILE\""
149	expect {
150		 "Password:" {
151			send "$PASSWD\r"
152		}
153	}
154	expect eof
155	catch close
156	wait
157
158	set test_env_var [exec cat $TEST_ENV_FILE]
159
160	if  { $test_env_var==$TEST_LINE_ENV } {
161		set i_have_env 1
162	} else {
163		send_user "/bin/su with correct password (FAILED), the enviroment was not kept after su.\n"
164	}
165}
166
167
168#this variable is for any test, it can't run correctly if this test fails
169set test_one_passed 0
170
171if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==1) } {
172	send_user "/bin/su with correct password & enviroment check ( PASSED )\n"
173	set test_one_passed 1
174} else {
175  	send_user "/bin/su with correct password ( FAILED )\n"
176    set script_exit_code 1
177}
178
179
180# 2) su with no parameters and incorrect password.
181# 	  - The su command should return a result code of non-0
182#     - The user should be returned to the invoking shell
183#     - An appropriate failure message should be displayed
184
185send_user "\nTEST: su with no parameters and incorrect password \n"
186
187set displayed_error 0
188# run "whoami" to test user ID inside su shell
189spawn /bin/su -c whoami
190set displayed_error 0
191expect {
192  "Password:" {
193    send "wrong_$PASSWD\r"
194    expect {
195				"su: incorrect password" { set displayed_error 1 }
196				"su: Authentication failure" { set displayed_error 1 }
197    }
198  }
199}
200
201catch close
202# capture result code
203set codes [wait]
204set pid [lindex $codes 0]
205set exit_code [lindex $codes 3]
206
207#Added for arm architecture
208
209send_user "\ndisplayed_error=$displayed_error"
210send_user "\nexit_code=$exit_code"
211send_user "\npid=$pid\n"
212
213if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } {
214  send_user "/bin/su with incorrect password ( PASSED )\n"
215} else {
216  send_user "/bin/su with incorrect password ( FAILED )\n"
217  set script_exit_code 1
218}
219
220# 3) su to root using name parameter and correct password.
221# - The su command should return a result code of 0
222# - The user ID should be root
223# - The user environment should be that of the invoking process
224# - The command should create a new shell with a new process ID
225
226send_user "\nTEST: su to root using name parameter and correct password. \n"
227
228set i_am_root 0
229# run "whoami" to test user ID inside su shell
230spawn /bin/su -l root -c whoami
231expect {
232  "Password:" {
233    send "$PASSWD\r"
234    expect {
235				"root" { set i_am_root 1 }
236    }
237  }
238}
239
240catch close
241# capture result code
242set codes [wait]
243set pid [lindex $codes 0]
244set exit_code [lindex $codes 3]
245
246
247#Check that su user does not have the same enviroment as current user
248set i_have_env 0
249set test_env " "
250if { $i_am_root==1 } {
251     	spawn /bin/sh -c "/bin/su -l root -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE2\"\""
252        expect {
253                 "Password:" {
254			send "$PASSWD\r"
255                }
256        }
257
258	set test_env [exec cat $TEST_ENV_FILE2]
259
260	if  { $test_env==$TEST_LINE_ENV } {
261        	set i_have_env 1
262 		send_user "/bin/su -l root with correct password (FAILED), because it did not change enviroment\n"
263	}
264}
265
266
267if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } {
268  send_user "/bin/su -l root with correct password & enviroment check ( PASSED )\n"
269} else {
270  send_user "/bin/su -l root with correct password ( FAILED )\n"
271  set script_exit_code 1
272}
273
274
275# 4) su to root with name parameter and incorrect password.
276#    - The su command should return a result code of non-0
277#    - The user should be returned to the invoking shell
278#    - An appropriate failure message should be displayed
279
280send_user "\nTEST: su to root with name parameter and incorrect password. \n"
281
282set displayed_error 0
283# run "whoami" to test user ID inside su shell
284spawn /bin/su -l root -c whoami
285expect {
286  "Password:" {
287    send "wrong_$PASSWD\r"
288    expect {
289				"su: incorrect password" { set displayed_error 1 }
290				"su: Authentication failure" { set displayed_error 1 }
291    }
292  }
293}
294
295catch close
296# capture result code
297set codes [wait]
298set pid [lindex $codes 0]
299set exit_code [lindex $codes 3]
300if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } {
301  send_user "/bin/su -l root with incorrect password ( PASSED )\n"
302} else {
303  send_user "/bin/su -l root with incorrect password ( FAILED )\n"
304  set script_exit_code 1
305}
306
307
308# 5) su to user1 with name parameter and correct password.
309#    - The su command should return a result code of 0
310#    - The user ID should be user1
311#    - The user environment should be that of the invoking process, in this case,that of user1
312#    - The command should create a new shell with a new process ID
313#    - Run "whoami" to test user ID inside su shell
314
315send_user "TEST: su to user1 with name parameter and correct password.\n"
316
317set i_am_correct 0
318spawn /bin/su -l $USER1 -c whoami
319expect {
320  "Password:" {
321    send "$USER1_PASSWORD\r"
322    expect {
323				"$USER1\r" { set i_am_correct 1 }
324    }
325  }
326}
327
328catch close
329# capture result code
330set codes [wait]
331set pid [lindex $codes 0]
332set exit_code [lindex $codes 3]
333
334set i_have_env 0
335set test_env_var 0
336#Check to see that su user does not have the same enviroment
337if { $i_am_correct==1 } {
338        spawn /bin/sh -c "/bin/su -l $USER1 -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE_USER1\"\""
339        expect {
340                 "Password:" {
341                                send "$USER1_PASSWORD\r"
342                }
343        }
344
345}
346
347set test_env_var [exec cat $TEST_ENV_FILE_USER1]
348
349set i_have_env 0
350if  { $test_env_var==$TEST_LINE_ENV } {
351        set i_have_env 1
352        send_user "/bin/su -l $USER1 with correct password (FAILED), because it did not change enviroment\n"
353	set i_have_env 0
354	if  { $test_env_var==$TEST_LINE_ENV } {
355        	set i_have_env 1
356        	send_user "su -l $USER1 with correct password (FAILED), because it did not change enviroment\n"
357	}
358}
359
360if { ($i_am_correct==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } {
361  send_user "/bin/su -l $USER1 with correct password & enviroment check ( PASSED )\n"
362} else {
363  send_user "/bin/su -l $USER1 with correct password ( FAILED )\n"
364  set script_exit_code 1
365}
366
367
368
369# 6)su to user1 with name parameter and incorrect password.
370#    - The su command should return a result code of non-0
371#    - The user should be returned to the invoking shell
372#    - An appropriate failure message should be displayed.
373
374send_user "TEST: su to user1 with name parameter and incorrect password.\n"
375spawn /bin/su -l $USER1 -c whoami
376set displayed_error 0
377expect {
378  "Password:" {
379    send "wrong_$USER1_PASSWORD\r"
380    expect {
381				"su: incorrect password" { set displayed_error 1 }
382				"su: Authentication failure" { set displayed_error 1 }
383    }
384  }
385}
386
387catch close
388# capture result code
389set codes [wait]
390set pid [lindex $codes 0]
391set exit_code [lindex $codes 3]
392if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } {
393  	send_user "/bin/su -l $USER1 with incorrect password ( PASSED )\n"
394} else {
395  	send_user "/bin/su -l $USER1 with incorrect password ( FAILED )\n"
396	set script_exit_code 1
397}
398
399
400# 7) su to user1 with the user1 password expired
401#    - user1 should not be allowed to log in
402#    - The su command should return a result code of non-0
403#    - The user should be returned to the invoking shell
404#    - An appropriate failure message should be displayed.
405
406# Become root and expire $USER1 password
407
408#  Skip this if Red Hat; -e option not supported.
409if { $distro != "redhat" && $distro != "redhat-linux" } {
410
411if { $test_one_passed==1} {
412send_user "TEST:  su to user1 with the user1 password expired.\n"
413
414spawn /bin/su -l root -c "passwd -e $USER1"
415expect {
416  "Password:" {
417    send "$PASSWD\r"
418    expect {
419				"Password expiry information changed."
420    }
421  }
422}
423
424set i_am_correct 0
425spawn /bin/su -l $USER1 -c whoami
426expect {
427  "Password:" {
428    send "$USER1_PASSWORD\r"
429    expect {
430        -re "current.*password|Old Password" {
431        send "wrong_$USER1_PASSWORD\r"
432        expect {
433       	  -re "current.*password|Old Password" {
434          send "wrong_$USER1_PASSWORD\r"
435            expect {
436								"su: incorrect password" { set i_am_correct 1 }
437								"su: Authentication failure" { set i_am_correct 1 }
438								"su: Authentication token manipulation error" { set i_am_correct 1 }
439            }
440          }
441					"su: incorrect password" { set i_am_correct 1 }
442					"su: Authentication failure" { set i_am_correct 1 }
443					"su: Authentication token manipulation error" { set i_am_correct 1 }
444        }
445      }
446    }
447  }
448}
449
450catch close
451# capture result code
452set codes [wait]
453set pid [lindex $codes 0]
454set exit_code [lindex $codes 3]
455if { ($i_am_correct==1) && ($exit_code!=0) && ($pid>0) } {
456  	send_user "/bin/su -l $USER1 with expired correct password ( PASSED )\n"
457} else {
458  	send_user "/bin/su -l $USER1 with expired correct password ( FAILED )\n"
459	set script_exit_code 1
460}
461
462
463#Become root and set $USER1 password back to previous value
464spawn /bin/su -l root -c "passwd $USER1"
465expect {
466  "Password: " {
467    send "$PASSWD\r"
468    expect {
469     "Enter new password: " {
470        send "$USER1_NEW_PASSWORD\r"
471        expect {
472          "Re-type new password: " {
473            send "$USER1_NEW_PASSWORD\r"
474            expect {
475              "Password changed" {}
476            }
477          }
478        }
479      }
480    }
481  }
482}
483
484catch close
485} else {
486
487	send_user "TEST:  su to user1 with the user1 password expired. (FAILED),see more next line.\n"
488	send_user "This test cannot be run because the first test to su as root failed\n"
489
490}
491# If RH let the tester know why only 6 tests were run.
492} else {
493  send_user "TEST 7 skipped if running on Red Hat; -e not supported \n"
494}
495exit  $script_exit_code
496