• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2#
3#   Copyright (c) International Business Machines  Corp., 2003
4#
5#   This program is free software;  you can redistribute it and/or modify
6#   it under the terms of the GNU General Public License as published by
7#   the Free Software Foundation; either version 2 of the License, or
8#   (at your option) any later version.
9#
10#   This program is distributed in the hope that it will be useful,
11#   but WITHOUT ANY WARRANTY;  without even the implied warranty of
12#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
13#   the GNU General Public License for more details.
14#
15#   You should have received a copy of the GNU General Public License
16#   along with this program;  if not, write to the Free Software
17#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18#
19#	FILE: /var/spool/cron/allow
20#
21#	PURPOSE: Test that /var/spool/cron/allow , only allows those in the file to run cron jobs.
22#
23#	HISTORY:
24#		04/03 Jerone Young (jyoung5@us.ibm.com)
25#
26
27echo "This script contains bashism that needs to be fixed!"
28
29iam=`whoami`
30
31tvar=${MACHTYPE%-*}
32tvar=${tvar#*-}
33
34if [ "$tvar" = "redhat" -o "$tvar" = "redhat-linux" ]
35then
36CRON_ALLOW="/etc/cron.allow"
37else
38CRON_ALLOW="/var/spool/cron/allow"
39fi
40
41TEST_USER1="ca_user1"
42TEST_USER1_HOME="/home/$TEST_USER1"
43TEST_USER2="ca_user2"
44TEST_USER2_HOME="/home/$TEST_USER2"
45
46#-----------------------------------------------------------------------
47# FUNCTION:  do_setup
48#-----------------------------------------------------------------------
49
50do_setup() {
51	#move any files that may get in the way
52	rm /tmp/cron_allow_test > /dev/null 2>&1
53	rm /tmp/cron_allow_test1 > /dev/null 2>&1
54	mv $CRON_ALLOW $CRON_ALLOW.old > /dev/null 2>&1
55
56	#remove users for clean enviroment
57    su $TEST_USER1 -c "crontab -r"
58    su $TEST_USER2 -c "crontab -r"
59        rm -rf /home/$TEST_USER1
60        rm -rf /home/$TEST_USER2
61	userdel $TEST_USER1
62	userdel $TEST_USER2
63	sleep 1
64
65#create 1st user
66	useradd -m -g users $TEST_USER1
67	if [ $? != 0 ]
68    then {
69        echo "Could not add test user $TEST_USER1 to system."
70        exit 1
71    }
72    fi
73
74#create 2nd user
75	useradd -m -g users $TEST_USER2
76    if [ $? != 0 ]
77    then {
78        echo "Could not add test user $TEST_USER2 to system."
79        exit 1
80    }
81    fi
82}
83
84#-----------------------------------------------------------------------
85# FUNCTION:  do_cleanup
86#-----------------------------------------------------------------------
87do_cleanup(){
88    su $TEST_USER1 -c "crontab -r"
89    su $TEST_USER2 -c "crontab -r"
90        rm -rf /home/$TEST_USER1
91        rm -rf /home/$TEST_USER2
92	userdel $TEST_USER1
93	userdel $TEST_USER2
94	rm $CRON_ALLOW
95	mv $CRON_ALLOW.old $CRON_ALLOW > /dev/null 2>&1
96	rm /tmp/cron_allow_test >/dev/null 2>&1
97}
98
99#-----------------------------------------------------------------------
100# FUNCTION:  run_test
101#-----------------------------------------------------------------------
102run_test() {
103
104if [ $iam = $TEST_USER1 ]
105then
106	echo "TEST: $CRON_ALLOW should only allow those in the file to
107run cron jobs."
108
109	echo "(1) TEST THAT PERSON IN $CRON_ALLOW IS ABLE TO RUN JOB."
110
111	echo "backup crontab...."
112    crontab -l | grep '^[^#]' > /tmp/crontab-cronallow-save-$iam
113
114	crontab - << EOF
115        `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_allow_test 2>&1
116EOF
117	if [ $? != 0 ]; then
118	echo Error while adding crontab for user $TEST_USER1
119	exit 1
120	fi
121
122	echo "sleeping for 130 seconds...."
123	sleep 130
124
125	EXIT_CODE=1
126	test -e /tmp/cron_allow_test && EXIT_CODE=0
127
128	if [ $EXIT_CODE = 1 ]; then
129		echo "Cron did not allow user to execute job , TEST FAILED"
130	else
131		echo "Cron allowed user to execute test job, TEST PASSED"
132	fi
133
134	 echo "restore old crontab..."
135     crontab /tmp/crontab-cronallow-save-$iam
136     rm -f /tmp/crontab-cronallow-save-$iam
137
138
139	rm -f /tmp/cron_allow_test
140
141	exit $EXIT_CODE
142fi
143
144if [ $iam = $TEST_USER2 ]
145then
146        echo "(2) TEST THAT PERSON NOT IN $CRON_ALLOW IS NOT ABLE TO RUN JOB."
147
148		echo "backup crontab...."
149    	crontab -l | grep '^[^#]' > /tmp/crontab-cronallow-save-$iam
150
151        crontab - << EOF
152        `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_allow_test1 2>&1
153EOF
154        if [ $? != 0 ]; then
155        echo Error while adding crontab for user $TEST_USER2
156        fi
157
158        echo "sleeping for 130 seconds...."
159        sleep 130
160
161        EXIT_CODE=0
162        test -e /tmp/cron_allow_test1 && EXIT_CODE=1
163
164        if [ $EXIT_CODE = 0 ]; then
165                echo "Cron did not allow user to execute job , TEST PASSED"
166        else
167                echo "Cron allowed user to execute test job, TEST FAILED"
168        fi
169
170		echo "restore old crontab..."
171     	crontab /tmp/crontab-cronallow-save-$iam
172     	rm -f /tmp/crontab-cronallow-save-$iam
173
174        rm -f /tmp/cron_allow_test1
175
176        exit $EXIT_CODE
177fi
178
179}
180
181#-----------------------------------------------------------------------
182# FUNCTION: main
183#-----------------------------------------------------------------------
184if [ $iam = "root" ]
185then
186	do_setup
187	echo $TEST_USER1 > $CRON_ALLOW
188	EXIT_CODE=0
189	su $TEST_USER1 -c "$0"
190	if [ $? != 0 ]
191	then
192	   EXIT_CODE=1
193	fi
194	su $TEST_USER2 -c "$0"
195	if [ $? != 0 ]
196	then EXIT_CODE=1
197	fi
198	do_cleanup
199	exit $EXIT_CODE
200else
201	run_test
202fi
203