• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#! /usr/bin/expect -f
2#*********************************************************************
3#   Copyright (c) International Business Machines  Corp., 2003, 2004, 2007
4#
5#   This program is free software;  you can redistribute it and/or modify
6#   it under the terms of the GNU General Public License as published by
7#   the Free Software Foundation; either version 2 of the License, or
8#   (at your option) any later version.
9#
10#   This program is distributed in the hope that it will be useful,
11#   but WITHOUT ANY WARRANTY;  without even the implied warranty of
12#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
13#   the GNU General Public License for more details.
14#
15#   You should have received a copy of the GNU General Public License
16#   along with this program;  if not, write to the Free Software
17#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18#
19#  FILE   : su
20#
21#  PURPOSE: Tests the basic functionality of `su`.
22#
23#  SETUP: The program `/usr/bin/expect' MUST be installed.
24#         The user invoking this test script must NOT be "root".
25#     	  The PASSWD variable should be set prior to execution
26#
27#  HISTORY:
28#     03/03     Dustin Kirkland (dkirklan@us.ibm.com)
29#     03/03     Jerone Young    (jeroney@us.ibm.com)
30#     10/01/04  Kris Wilson     Skip test 7 if RedHat; no -e option.
31#     05/23/07  Kris Wilson     Make test 7 work for SLES.
32########################################################################
33
34# The root user cannot succesfully execute su test because the root user
35# is able to become anyone without entering passwords
36set whoami [ exec whoami ]
37if { $whoami=="root" } {
38  send_user "ERROR: You must execute the 'su' tests as a non-root user\n"
39  exit 1
40}
41
42#Grab input from enviroment
43if [info exists env(PASSWD)] {
44  	set PASSWD $env(PASSWD)
45} else {
46	send_user "YOU NEED TO SET ENVIROMENT VARIABLE PASSWD. \n"
47	exit 1
48}
49
50if [info exists env(TEST_USER2)] {
51  set USER1 $env(TEST_USER2)
52} else {
53  	send_user "YOU MUST SET ENVIRONMENT VARIABLE TEST_USER2"
54  	exit 1
55}
56
57# Need the release type from su01
58if [info exists env(tvar)] {
59  set distro $env(tvar)
60} else {
61        send_user "YOU MUST SET ENVIORMENT VARIABLE tvar"
62        exit 1
63}
64
65if [info exists env(TEST_USER2_PASSWD)] {
66  set USER1_PASSWORD $env(TEST_USER2_PASSWD)
67} else {
68  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER2_PASSWD"
69  exit 1
70}
71
72if [info exists env(TEST_LINE)] {
73  set TEST_LINE_ENV $env(TEST_LINE)
74} else {
75  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_LINE"
76  exit 1
77}
78
79
80if [info exists env(TEST_ENV_FILE)] {
81  set TEST_ENV_FILE $env(TEST_ENV_FILE)
82} else {
83  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER"
84  exit 1
85}
86
87if [info exists env(TEST_ENV_FILE2)] {
88  set TEST_ENV_FILE2 $env(TEST_ENV_FILE2)
89} else {
90  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE2"
91  exit 1
92}
93
94
95if [info exists env(TEST_ENV_FILE_USER)] {
96  set TEST_ENV_FILE_USER1 $env(TEST_ENV_FILE_USER)
97} else {
98  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER"
99  exit 1
100}
101
102if [info exists env(TEST_USER1_NEW_PASSWD)] {
103  set USER1_NEW_PASSWORD $env(TEST_USER1_NEW_PASSWD)
104} else {
105  send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER1_NEW_PASSWD"
106  exit 1
107}
108
109
110set script_exit_code 0
111set i_can_root 0
112
113send_user "Starting 'su' Testing\n"
114
115# 1) su with no parameters and correct password.
116#    - The su command should return a result code of 0
117#    - The user ID should be root
118#    - The user environment should be that of the invoking process
119#    - The command should create a new shell with a new process ID
120
121send_user "\nTEST: su with no parameters and correct password\n"
122
123set i_am_root 0
124# run "whoami" to test user ID inside su shell
125spawn /bin/su -c whoami
126set i_am_root 0
127expect {
128  "Password:" {
129  	send "$PASSWD\r"
130    expect {
131      "root" { set i_am_root 1
132		set i_can_root 1
133	 }
134    }
135  }
136}
137
138# capture result code
139set codes [wait]
140set pid [lindex $codes 0]
141set exit_code [lindex $codes 3]
142
143#Check that su user has same enviroment as current user
144set i_have_env 0
145set test_env_var " "
146if { $i_am_root==1 } {
147	spawn su -c "/bin/su root -c \"echo \\\$TEST_LINE > $TEST_ENV_FILE\""
148	expect {
149		 "Password:" {
150			send "$PASSWD\r"
151		}
152	}
153	expect eof
154	wait
155
156	set test_env_var [exec cat $TEST_ENV_FILE]
157
158	if  { $test_env_var==$TEST_LINE_ENV } {
159		set i_have_env 1
160	} else {
161		send_user "/bin/su with correct password (FAILED), the enviroment was not kept after su.\n"
162	}
163}
164
165
166#this variable is for any test, it can't run correctly if this test fails
167set test_one_passed 0
168
169if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==1) } {
170	send_user "/bin/su with correct password & enviroment check ( PASSED )\n"
171	set test_one_passed 1
172} else {
173  	send_user "/bin/su with correct password ( FAILED )\n"
174    set script_exit_code 1
175}
176
177
178# 2) su with no parameters and incorrect password.
179# 	  - The su command should return a result code of non-0
180#     - The user should be returned to the invoking shell
181#     - An appropriate failure message should be displayed
182
183send_user "\nTEST: su with no parameters and incorrect password \n"
184
185set displayed_error 0
186# run "whoami" to test user ID inside su shell
187spawn /bin/su -c whoami
188set displayed_error 0
189expect {
190  "Password:" {
191    send "wrong_$PASSWD\r"
192    expect {
193				"su: incorrect password" { set displayed_error 1 }
194				"su: Authentication failure" { set displayed_error 1 }
195    }
196  }
197}
198
199# capture result code
200set codes [wait]
201set pid [lindex $codes 0]
202set exit_code [lindex $codes 3]
203
204#Added for arm architecture
205
206send_user "\ndisplayed_error=$displayed_error"
207send_user "\nexit_code=$exit_code"
208send_user "\npid=$pid\n"
209
210if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } {
211  send_user "/bin/su with incorrect password ( PASSED )\n"
212} else {
213  send_user "/bin/su with incorrect password ( FAILED )\n"
214  set script_exit_code 1
215}
216
217# 3) su to root using name parameter and correct password.
218# - The su command should return a result code of 0
219# - The user ID should be root
220# - The user environment should be that of the invoking process
221# - The command should create a new shell with a new process ID
222
223send_user "\nTEST: su to root using name parameter and correct password. \n"
224
225set i_am_root 0
226# run "whoami" to test user ID inside su shell
227spawn /bin/su -l root -c whoami
228expect {
229  "Password:" {
230    send "$PASSWD\r"
231    expect {
232				"root" { set i_am_root 1 }
233    }
234  }
235}
236
237# capture result code
238set codes [wait]
239set pid [lindex $codes 0]
240set exit_code [lindex $codes 3]
241
242
243#Check that su user does not have the same enviroment as current user
244set i_have_env 0
245set test_env " "
246if { $i_am_root==1 } {
247     	spawn /bin/sh -c "/bin/su -l root -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE2\"\""
248        expect {
249                 "Password:" {
250			send "$PASSWD\r"
251                }
252        }
253
254	set test_env [exec cat $TEST_ENV_FILE2]
255
256	if  { $test_env==$TEST_LINE_ENV } {
257        	set i_have_env 1
258 		send_user "/bin/su -l root with correct password (FAILED), because it did not change enviroment\n"
259	}
260}
261
262
263if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } {
264  send_user "/bin/su -l root with correct password & enviroment check ( PASSED )\n"
265} else {
266  send_user "/bin/su -l root with correct password ( FAILED )\n"
267  set script_exit_code 1
268}
269
270
271# 4) su to root with name parameter and incorrect password.
272#    - The su command should return a result code of non-0
273#    - The user should be returned to the invoking shell
274#    - An appropriate failure message should be displayed
275
276send_user "\nTEST: su to root with name parameter and incorrect password. \n"
277
278set displayed_error 0
279# run "whoami" to test user ID inside su shell
280spawn /bin/su -l root -c whoami
281expect {
282  "Password:" {
283    send "wrong_$PASSWD\r"
284    expect {
285				"su: incorrect password" { set displayed_error 1 }
286				"su: Authentication failure" { set displayed_error 1 }
287    }
288  }
289}
290
291# capture result code
292set codes [wait]
293set pid [lindex $codes 0]
294set exit_code [lindex $codes 3]
295if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } {
296  send_user "/bin/su -l root with incorrect password ( PASSED )\n"
297} else {
298  send_user "/bin/su -l root with incorrect password ( FAILED )\n"
299  set script_exit_code 1
300}
301
302
303# 5) su to user1 with name parameter and correct password.
304#    - The su command should return a result code of 0
305#    - The user ID should be user1
306#    - The user environment should be that of the invoking process, in this case,that of user1
307#    - The command should create a new shell with a new process ID
308#    - Run "whoami" to test user ID inside su shell
309
310send_user "TEST: su to user1 with name parameter and correct password.\n"
311
312set i_am_correct 0
313spawn /bin/su -l $USER1 -c whoami
314expect {
315  "Password:" {
316    send "$USER1_PASSWORD\r"
317    expect {
318				"$USER1\r" { set i_am_correct 1 }
319    }
320  }
321}
322
323# capture result code
324set codes [wait]
325set pid [lindex $codes 0]
326set exit_code [lindex $codes 3]
327
328set i_have_env 0
329set test_env_var 0
330#Check to see that su user does not have the same enviroment
331if { $i_am_correct==1 } {
332        spawn /bin/sh -c "/bin/su -l $USER1 -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE_USER1\"\""
333        expect {
334                 "Password:" {
335                                send "$USER1_PASSWORD\r"
336                }
337        }
338
339}
340
341set test_env_var [exec cat $TEST_ENV_FILE_USER1]
342
343set i_have_env 0
344if  { $test_env_var==$TEST_LINE_ENV } {
345        set i_have_env 1
346        send_user "/bin/su -l $USER1 with correct password (FAILED), because it did not change enviroment\n"
347	set i_have_env 0
348	if  { $test_env_var==$TEST_LINE_ENV } {
349        	set i_have_env 1
350        	send_user "su -l $USER1 with correct password (FAILED), because it did not change enviroment\n"
351	}
352}
353
354if { ($i_am_correct==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } {
355  send_user "/bin/su -l $USER1 with correct password & enviroment check ( PASSED )\n"
356} else {
357  send_user "/bin/su -l $USER1 with correct password ( FAILED )\n"
358  set script_exit_code 1
359}
360
361
362
363# 6)su to user1 with name parameter and incorrect password.
364#    - The su command should return a result code of non-0
365#    - The user should be returned to the invoking shell
366#    - An appropriate failure message should be displayed.
367
368send_user "TEST: su to user1 with name parameter and incorrect password.\n"
369spawn /bin/su -l $USER1 -c whoami
370set displayed_error 0
371expect {
372  "Password:" {
373    send "wrong_$USER1_PASSWORD\r"
374    expect {
375				"su: incorrect password" { set displayed_error 1 }
376				"su: Authentication failure" { set displayed_error 1 }
377    }
378  }
379}
380
381# capture result code
382set codes [wait]
383set pid [lindex $codes 0]
384set exit_code [lindex $codes 3]
385if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } {
386  	send_user "/bin/su -l $USER1 with incorrect password ( PASSED )\n"
387} else {
388  	send_user "/bin/su -l $USER1 with incorrect password ( FAILED )\n"
389	set script_exit_code 1
390}
391
392
393# 7) su to user1 with the user1 password expired
394#    - user1 should not be allowed to log in
395#    - The su command should return a result code of non-0
396#    - The user should be returned to the invoking shell
397#    - An appropriate failure message should be displayed.
398
399# Become root and expire $USER1 password
400
401#  Skip this if Red Hat; -e option not supported.
402if { $distro != "redhat" && $distro != "redhat-linux" } {
403
404if { $test_one_passed==1} {
405send_user "TEST:  su to user1 with the user1 password expired.\n"
406
407spawn /bin/su -l root -c "passwd -e $USER1"
408expect {
409  "Password:" {
410    send "$PASSWD\r"
411    expect {
412				"Password expiry information changed."
413    }
414  }
415}
416
417set i_am_correct 0
418spawn /bin/su -l $USER1 -c whoami
419expect {
420  "Password:" {
421    send "$USER1_PASSWORD\r"
422    expect {
423        -re "current.*password|Old Password" {
424        send "wrong_$USER1_PASSWORD\r"
425        expect {
426       	  -re "current.*password|Old Password" {
427          send "wrong_$USER1_PASSWORD\r"
428            expect {
429								"su: incorrect password" { set i_am_correct 1 }
430								"su: Authentication failure" { set i_am_correct 1 }
431								"su: Authentication token manipulation error" { set i_am_correct 1 }
432            }
433          }
434					"su: incorrect password" { set i_am_correct 1 }
435					"su: Authentication failure" { set i_am_correct 1 }
436					"su: Authentication token manipulation error" { set i_am_correct 1 }
437        }
438      }
439    }
440  }
441}
442
443# capture result code
444set codes [wait]
445set pid [lindex $codes 0]
446set exit_code [lindex $codes 3]
447if { ($i_am_correct==1) && ($exit_code!=0) && ($pid>0) } {
448  	send_user "/bin/su -l $USER1 with expired correct password ( PASSED )\n"
449} else {
450  	send_user "/bin/su -l $USER1 with expired correct password ( FAILED )\n"
451	set script_exit_code 1
452}
453
454
455#Become root and set $USER1 password back to previous value
456spawn /bin/su -l root -c "passwd $USER1"
457expect {
458  "Password: " {
459    send "$PASSWD\r"
460    expect {
461     "Enter new password: " {
462        send "$USER1_NEW_PASSWORD\r"
463        expect {
464          "Re-type new password: " {
465            send "$USER1_NEW_PASSWORD\r"
466            expect {
467              "Password changed" {}
468            }
469          }
470        }
471      }
472    }
473  }
474}
475
476} else {
477
478	send_user "TEST:  su to user1 with the user1 password expired. (FAILED),see more next line.\n"
479	send_user "This test cannot be run because the first test to su as root failed\n"
480
481}
482# If RH let the tester know why only 6 tests were run.
483} else {
484  send_user "TEST 7 skipped if running on Red Hat; -e not supported \n"
485}
486exit  $script_exit_code
487