• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2#
3#   Copyright (c) International Business Machines  Corp., 2003
4#
5#   This program is free software;  you can redistribute it and/or modify
6#   it under the terms of the GNU General Public License as published by
7#   the Free Software Foundation; either version 2 of the License, or
8#   (at your option) any later version.
9#
10#   This program is distributed in the hope that it will be useful,
11#   but WITHOUT ANY WARRANTY;  without even the implied warranty of
12#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
13#   the GNU General Public License for more details.
14#
15#   You should have received a copy of the GNU General Public License
16#   along with this program;  if not, write to the Free Software
17#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18#
19#	FILE: /var/spool/cron/allow
20#
21#	PURPOSE: Test that /var/spool/cron/deny , does not allow those in the file to run cron jobs.
22#
23#	HISTORY:
24#		04/03 Jerone Young (jyoung5@us.ibm.com)
25#
26
27echo "This script contains bashism that needs to be fixed!"
28
29iam=`whoami`
30
31tvar=${MACHTYPE%-*}
32tvar=${tvar#*-}
33
34if [ "$tvar" = "redhat" -o "$tvar" = "redhat-linux" ]
35then
36CRON_DENY="/etc/cron.deny"
37CRON_ALLOW="/etc/cron.allow"
38else
39CRON_DENY="/var/spool/cron/deny"
40CRON_ALLOW="/var/spool/cron/allow"
41fi
42
43TEST_USER1="cd_user1"
44TEST_USER1_HOME="/home/$TEST_USER1"
45TEST_USER2="cd_user2"
46TEST_USER2_HOME="/home/$TEST_USER2"
47
48#-----------------------------------------------------------------------
49# FUNCTION:  do_setup
50#-----------------------------------------------------------------------
51
52do_setup() {
53	#move any files that may get in the way
54	rm /tmp/cron_deny_test > /dev/null 2>&1
55        rm /tmp/cron_deny_test1 > /dev/null 2>&1
56
57	mv $CRON_DENY $CRON_DENY.old > /dev/null 2>&1
58	mv $CRON_ALLOW $CRON_ALLOW.old > /dev/null 2>&1
59
60	#remove users for clean enviroment
61    su $TEST_USER1 -c "crontab -r"
62    su $TEST_USER2 -c "crontab -r"
63        rm -rf /home/$TEST_USER1
64        rm -rf /home/$TEST_USER2
65	userdel $TEST_USER1
66	userdel $TEST_USER2
67	sleep 1
68
69#create 1st user
70	useradd -m -g users $TEST_USER1
71	if [ $? != 0 ]
72    then {
73        echo "Could not add test user $TEST_USER1 to system."
74        exit 1
75    }
76    fi
77
78#create 2nd user
79	useradd -m -g users $TEST_USER2
80    if [ $? != 0 ]
81    then {
82        echo "Could not add test user $TEST_USER2 to system."
83        exit 1
84    }
85    fi
86}
87
88#-----------------------------------------------------------------------
89# FUNCTION:  do_cleanup
90#-----------------------------------------------------------------------
91do_cleanup(){
92    su $TEST_USER1 -c "crontab -r"
93    su $TEST_USER2 -c "crontab -r"
94        rm -rf /home/$TEST_USER1
95        rm -rf /home/$TEST_USER2
96	userdel $TEST_USER1
97	userdel $TEST_USER2
98	rm $CRON_DENY
99	mv $CRON_DENY.old $CRON_DENY > /dev/null 2>&1
100	mv $CRON_ALLOW.old $CRON_ALLOW > /dev/null 2>&1
101	rm /tmp/cron_allow_test >/dev/null 2>&1
102}
103
104#-----------------------------------------------------------------------
105# FUNCTION:  run_test
106#-----------------------------------------------------------------------
107run_test() {
108
109if [ $iam = $TEST_USER1 ]
110then
111	echo "TEST: $CRON_DENY should allow only allow those who are not in the file to
112run cron jobs."
113
114	echo "(1) TEST THAT PERSON NOT IN $CRON_DENY IS ABLE TO RUN JOB."
115
116	crontab - << EOF
117	`date '+%M' | awk '{ORS=""; print ($1+2)%60" * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_deny_test 2>&1
118EOF
119	if [ $? != 0 ]; then
120	echo Error while adding crontab for user $TEST_USER1
121	exit 1
122	fi
123
124	echo "sleeping for 130 seconds...."
125	sleep 130
126
127	EXIT_CODE=1
128	test -e /tmp/cron_deny_test && EXIT_CODE=0
129
130	if [ $EXIT_CODE = 1 ]; then
131		echo "Cron did not allow user to execute job , TEST FAILED"
132	else
133		echo "Cron allowed user to execute test job, TEST PASSED"
134	fi
135
136	rm -f /tmp/cron_deny_test
137
138	exit $EXIT_CODE
139fi
140
141if [ $iam = $TEST_USER2 ]
142then
143        echo "(2) TEST THAT PERSON IN $CRON_DENY IS NOT ABLE TO RUN JOB."
144
145        crontab - << EOF
146        `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_deny_test 2>&1
147EOF
148        if [ $? != 0 ]; then
149        echo Error while adding crontab for user $TEST_USER2
150        fi
151
152        echo "sleeping for 130 seconds...."
153        sleep 130
154
155        EXIT_CODE=0
156        test -e /tmp/cron_deny_test1 && EXIT_CODE=1
157
158        if [ $EXIT_CODE = 0 ]; then
159                echo "Cron did not allow user to execute job , TEST PASSED"
160        else
161                echo "Cron allowed user to execute test job, TEST FAILED"
162        fi
163
164        rm -f /tmp/cron_deny_test1
165
166        exit $EXIT_CODE
167fi
168
169}
170
171#-----------------------------------------------------------------------
172# FUNCTION: main
173#-----------------------------------------------------------------------
174if [ $iam = "root" ]
175then
176	do_setup
177	echo $TEST_USER2 > $CRON_DENY
178	EXIT_CODE=0
179	su $TEST_USER1 -c "$0"
180	if [ $? != 0 ]
181	then
182	   EXIT_CODE=1
183	fi
184	su $TEST_USER2 -c "$0"
185	if [ $? != 0 ]
186	then EXIT_CODE=1
187	fi
188	do_cleanup
189	exit $EXIT_CODE
190else
191	run_test
192fi
193