1#! /usr/bin/expect -f 2#********************************************************************* 3# Copyright (c) International Business Machines Corp., 2003, 2004, 2007 4# 5# This program is free software; you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation; either version 2 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13# the GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program; if not, write to the Free Software 17# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18# 19# FILE : su 20# 21# PURPOSE: Tests the basic functionality of `su`. 22# 23# SETUP: The program `/usr/bin/expect' MUST be installed. 24# The user invoking this test script must NOT be "root". 25# The PASSWD variable should be set prior to execution 26# 27# HISTORY: 28# 03/03 Dustin Kirkland (dkirklan@us.ibm.com) 29# 03/03 Jerone Young (jeroney@us.ibm.com) 30# 10/01/04 Kris Wilson Skip test 7 if RedHat; no -e option. 31# 05/23/07 Kris Wilson Make test 7 work for SLES. 32######################################################################## 33 34# The root user cannot succesfully execute su test because the root user 35# is able to become anyone without entering passwords 36set whoami [ exec whoami ] 37if { $whoami=="root" } { 38 send_user "ERROR: You must execute the 'su' tests as a non-root user\n" 39 exit 1 40} 41 42#Grab input from enviroment 43if [info exists env(PASSWD)] { 44 set PASSWD $env(PASSWD) 45} else { 46 send_user "YOU NEED TO SET ENVIROMENT VARIABLE PASSWD. \n" 47 exit 1 48} 49 50if [info exists env(TEST_USER2)] { 51 set USER1 $env(TEST_USER2) 52} else { 53 send_user "YOU MUST SET ENVIRONMENT VARIABLE TEST_USER2" 54 exit 1 55} 56 57# Need the release type from su01 58if [info exists env(tvar)] { 59 set distro $env(tvar) 60} else { 61 send_user "YOU MUST SET ENVIORMENT VARIABLE tvar" 62 exit 1 63} 64 65if [info exists env(TEST_USER2_PASSWD)] { 66 set USER1_PASSWORD $env(TEST_USER2_PASSWD) 67} else { 68 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER2_PASSWD" 69 exit 1 70} 71 72if [info exists env(TEST_LINE)] { 73 set TEST_LINE_ENV $env(TEST_LINE) 74} else { 75 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_LINE" 76 exit 1 77} 78 79 80if [info exists env(TEST_ENV_FILE)] { 81 set TEST_ENV_FILE $env(TEST_ENV_FILE) 82} else { 83 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER" 84 exit 1 85} 86 87if [info exists env(TEST_ENV_FILE2)] { 88 set TEST_ENV_FILE2 $env(TEST_ENV_FILE2) 89} else { 90 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE2" 91 exit 1 92} 93 94 95if [info exists env(TEST_ENV_FILE_USER)] { 96 set TEST_ENV_FILE_USER1 $env(TEST_ENV_FILE_USER) 97} else { 98 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER" 99 exit 1 100} 101 102if [info exists env(TEST_USER1_NEW_PASSWD)] { 103 set USER1_NEW_PASSWORD $env(TEST_USER1_NEW_PASSWD) 104} else { 105 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER1_NEW_PASSWD" 106 exit 1 107} 108 109 110set script_exit_code 0 111set i_can_root 0 112 113send_user "Starting 'su' Testing\n" 114 115# 1) su with no parameters and correct password. 116# - The su command should return a result code of 0 117# - The user ID should be root 118# - The user environment should be that of the invoking process 119# - The command should create a new shell with a new process ID 120 121send_user "\nTEST: su with no parameters and correct password\n" 122 123set i_am_root 0 124# run "whoami" to test user ID inside su shell 125spawn /bin/su -c whoami 126set i_am_root 0 127expect { 128 "Password:" { 129 send "$PASSWD\r" 130 expect { 131 "root" { set i_am_root 1 132 set i_can_root 1 133 } 134 } 135 } 136} 137 138# capture result code 139set codes [wait] 140set pid [lindex $codes 0] 141set exit_code [lindex $codes 3] 142 143#Check that su user has same enviroment as current user 144set i_have_env 0 145set test_env_var " " 146if { $i_am_root==1 } { 147 spawn su -c "/bin/su root -c \"echo \\\$TEST_LINE > $TEST_ENV_FILE\"" 148 expect { 149 "Password:" { 150 send "$PASSWD\r" 151 } 152 } 153 expect eof 154 wait 155 156 set test_env_var [exec cat $TEST_ENV_FILE] 157 158 if { $test_env_var==$TEST_LINE_ENV } { 159 set i_have_env 1 160 } else { 161 send_user "/bin/su with correct password (FAILED), the enviroment was not kept after su.\n" 162 } 163} 164 165 166#this variable is for any test, it can't run correctly if this test fails 167set test_one_passed 0 168 169if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==1) } { 170 send_user "/bin/su with correct password & enviroment check ( PASSED )\n" 171 set test_one_passed 1 172} else { 173 send_user "/bin/su with correct password ( FAILED )\n" 174 set script_exit_code 1 175} 176 177 178# 2) su with no parameters and incorrect password. 179# - The su command should return a result code of non-0 180# - The user should be returned to the invoking shell 181# - An appropriate failure message should be displayed 182 183send_user "\nTEST: su with no parameters and incorrect password \n" 184 185set displayed_error 0 186# run "whoami" to test user ID inside su shell 187spawn /bin/su -c whoami 188set displayed_error 0 189expect { 190 "Password:" { 191 send "wrong_$PASSWD\r" 192 expect { 193 "su: incorrect password" { set displayed_error 1 } 194 "su: Authentication failure" { set displayed_error 1 } 195 } 196 } 197} 198 199# capture result code 200set codes [wait] 201set pid [lindex $codes 0] 202set exit_code [lindex $codes 3] 203 204#Added for arm architecture 205 206send_user "\ndisplayed_error=$displayed_error" 207send_user "\nexit_code=$exit_code" 208send_user "\npid=$pid\n" 209 210if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 211 send_user "/bin/su with incorrect password ( PASSED )\n" 212} else { 213 send_user "/bin/su with incorrect password ( FAILED )\n" 214 set script_exit_code 1 215} 216 217# 3) su to root using name parameter and correct password. 218# - The su command should return a result code of 0 219# - The user ID should be root 220# - The user environment should be that of the invoking process 221# - The command should create a new shell with a new process ID 222 223send_user "\nTEST: su to root using name parameter and correct password. \n" 224 225set i_am_root 0 226# run "whoami" to test user ID inside su shell 227spawn /bin/su -l root -c whoami 228expect { 229 "Password:" { 230 send "$PASSWD\r" 231 expect { 232 "root" { set i_am_root 1 } 233 } 234 } 235} 236 237# capture result code 238set codes [wait] 239set pid [lindex $codes 0] 240set exit_code [lindex $codes 3] 241 242 243#Check that su user does not have the same enviroment as current user 244set i_have_env 0 245set test_env " " 246if { $i_am_root==1 } { 247 spawn /bin/sh -c "/bin/su -l root -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE2\"\"" 248 expect { 249 "Password:" { 250 send "$PASSWD\r" 251 } 252 } 253 254 set test_env [exec cat $TEST_ENV_FILE2] 255 256 if { $test_env==$TEST_LINE_ENV } { 257 set i_have_env 1 258 send_user "/bin/su -l root with correct password (FAILED), because it did not change enviroment\n" 259 } 260} 261 262 263if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } { 264 send_user "/bin/su -l root with correct password & enviroment check ( PASSED )\n" 265} else { 266 send_user "/bin/su -l root with correct password ( FAILED )\n" 267 set script_exit_code 1 268} 269 270 271# 4) su to root with name parameter and incorrect password. 272# - The su command should return a result code of non-0 273# - The user should be returned to the invoking shell 274# - An appropriate failure message should be displayed 275 276send_user "\nTEST: su to root with name parameter and incorrect password. \n" 277 278set displayed_error 0 279# run "whoami" to test user ID inside su shell 280spawn /bin/su -l root -c whoami 281expect { 282 "Password:" { 283 send "wrong_$PASSWD\r" 284 expect { 285 "su: incorrect password" { set displayed_error 1 } 286 "su: Authentication failure" { set displayed_error 1 } 287 } 288 } 289} 290 291# capture result code 292set codes [wait] 293set pid [lindex $codes 0] 294set exit_code [lindex $codes 3] 295if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 296 send_user "/bin/su -l root with incorrect password ( PASSED )\n" 297} else { 298 send_user "/bin/su -l root with incorrect password ( FAILED )\n" 299 set script_exit_code 1 300} 301 302 303# 5) su to user1 with name parameter and correct password. 304# - The su command should return a result code of 0 305# - The user ID should be user1 306# - The user environment should be that of the invoking process, in this case,that of user1 307# - The command should create a new shell with a new process ID 308# - Run "whoami" to test user ID inside su shell 309 310send_user "TEST: su to user1 with name parameter and correct password.\n" 311 312set i_am_correct 0 313spawn /bin/su -l $USER1 -c whoami 314expect { 315 "Password:" { 316 send "$USER1_PASSWORD\r" 317 expect { 318 "$USER1\r" { set i_am_correct 1 } 319 } 320 } 321} 322 323# capture result code 324set codes [wait] 325set pid [lindex $codes 0] 326set exit_code [lindex $codes 3] 327 328set i_have_env 0 329set test_env_var 0 330#Check to see that su user does not have the same enviroment 331if { $i_am_correct==1 } { 332 spawn /bin/sh -c "/bin/su -l $USER1 -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE_USER1\"\"" 333 expect { 334 "Password:" { 335 send "$USER1_PASSWORD\r" 336 } 337 } 338 339} 340 341set test_env_var [exec cat $TEST_ENV_FILE_USER1] 342 343set i_have_env 0 344if { $test_env_var==$TEST_LINE_ENV } { 345 set i_have_env 1 346 send_user "/bin/su -l $USER1 with correct password (FAILED), because it did not change enviroment\n" 347 set i_have_env 0 348 if { $test_env_var==$TEST_LINE_ENV } { 349 set i_have_env 1 350 send_user "su -l $USER1 with correct password (FAILED), because it did not change enviroment\n" 351 } 352} 353 354if { ($i_am_correct==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } { 355 send_user "/bin/su -l $USER1 with correct password & enviroment check ( PASSED )\n" 356} else { 357 send_user "/bin/su -l $USER1 with correct password ( FAILED )\n" 358 set script_exit_code 1 359} 360 361 362 363# 6)su to user1 with name parameter and incorrect password. 364# - The su command should return a result code of non-0 365# - The user should be returned to the invoking shell 366# - An appropriate failure message should be displayed. 367 368send_user "TEST: su to user1 with name parameter and incorrect password.\n" 369spawn /bin/su -l $USER1 -c whoami 370set displayed_error 0 371expect { 372 "Password:" { 373 send "wrong_$USER1_PASSWORD\r" 374 expect { 375 "su: incorrect password" { set displayed_error 1 } 376 "su: Authentication failure" { set displayed_error 1 } 377 } 378 } 379} 380 381# capture result code 382set codes [wait] 383set pid [lindex $codes 0] 384set exit_code [lindex $codes 3] 385if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 386 send_user "/bin/su -l $USER1 with incorrect password ( PASSED )\n" 387} else { 388 send_user "/bin/su -l $USER1 with incorrect password ( FAILED )\n" 389 set script_exit_code 1 390} 391 392 393# 7) su to user1 with the user1 password expired 394# - user1 should not be allowed to log in 395# - The su command should return a result code of non-0 396# - The user should be returned to the invoking shell 397# - An appropriate failure message should be displayed. 398 399# Become root and expire $USER1 password 400 401# Skip this if Red Hat; -e option not supported. 402if { $distro != "redhat" && $distro != "redhat-linux" } { 403 404if { $test_one_passed==1} { 405send_user "TEST: su to user1 with the user1 password expired.\n" 406 407spawn /bin/su -l root -c "passwd -e $USER1" 408expect { 409 "Password:" { 410 send "$PASSWD\r" 411 expect { 412 "Password expiry information changed." 413 } 414 } 415} 416 417set i_am_correct 0 418spawn /bin/su -l $USER1 -c whoami 419expect { 420 "Password:" { 421 send "$USER1_PASSWORD\r" 422 expect { 423 -re "current.*password|Old Password" { 424 send "wrong_$USER1_PASSWORD\r" 425 expect { 426 -re "current.*password|Old Password" { 427 send "wrong_$USER1_PASSWORD\r" 428 expect { 429 "su: incorrect password" { set i_am_correct 1 } 430 "su: Authentication failure" { set i_am_correct 1 } 431 "su: Authentication token manipulation error" { set i_am_correct 1 } 432 } 433 } 434 "su: incorrect password" { set i_am_correct 1 } 435 "su: Authentication failure" { set i_am_correct 1 } 436 "su: Authentication token manipulation error" { set i_am_correct 1 } 437 } 438 } 439 } 440 } 441} 442 443# capture result code 444set codes [wait] 445set pid [lindex $codes 0] 446set exit_code [lindex $codes 3] 447if { ($i_am_correct==1) && ($exit_code!=0) && ($pid>0) } { 448 send_user "/bin/su -l $USER1 with expired correct password ( PASSED )\n" 449} else { 450 send_user "/bin/su -l $USER1 with expired correct password ( FAILED )\n" 451 set script_exit_code 1 452} 453 454 455#Become root and set $USER1 password back to previous value 456spawn /bin/su -l root -c "passwd $USER1" 457expect { 458 "Password: " { 459 send "$PASSWD\r" 460 expect { 461 "Enter new password: " { 462 send "$USER1_NEW_PASSWORD\r" 463 expect { 464 "Re-type new password: " { 465 send "$USER1_NEW_PASSWORD\r" 466 expect { 467 "Password changed" {} 468 } 469 } 470 } 471 } 472 } 473 } 474} 475 476} else { 477 478 send_user "TEST: su to user1 with the user1 password expired. (FAILED),see more next line.\n" 479 send_user "This test cannot be run because the first test to su as root failed\n" 480 481} 482# If RH let the tester know why only 6 tests were run. 483} else { 484 send_user "TEST 7 skipped if running on Red Hat; -e not supported \n" 485} 486exit $script_exit_code 487