From 4dc6ede4b58685dd4fd8e9ea4c2a9cc561858e0f Mon Sep 17 00:00:00 2001 From: Serhii Turivny Date: Wed, 4 Oct 2017 17:57:38 +0300 Subject: [PATCH] =?UTF-8?q?Add=C2=A0CI=C2=A0tests=C2=A0using=C2=A0the?= =?UTF-8?q?=C2=A0standard=C2=A0test=C2=A0interface?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds tests according to the CI wiki [0] specifically the standard test interface in the spec [1]. [0] https://fedoraproject.org/wiki/CI [1] https://fedoraproject.org/wiki/Changes/InvokingTests --- tests/Test-coverage-for-TTY-auditing/Makefile | 71 +++++++ tests/Test-coverage-for-TTY-auditing/PURPOSE | 4 + .../Test-coverage-for-TTY-auditing/runtest.sh | 119 ++++++++++++ tests/pam_unix/Makefile | 70 +++++++ tests/pam_unix/PURPOSE | 3 + tests/pam_unix/runtest.sh | 174 ++++++++++++++++++ tests/tests.yml | 33 ++++ 7 files changed, 474 insertions(+) create mode 100644 tests/Test-coverage-for-TTY-auditing/Makefile create mode 100644 tests/Test-coverage-for-TTY-auditing/PURPOSE create mode 100644 tests/Test-coverage-for-TTY-auditing/runtest.sh create mode 100644 tests/pam_unix/Makefile create mode 100644 tests/pam_unix/PURPOSE create mode 100644 tests/pam_unix/runtest.sh create mode 100644 tests/tests.yml diff --git a/tests/Test-coverage-for-TTY-auditing/Makefile b/tests/Test-coverage-for-TTY-auditing/Makefile new file mode 100644 index 0000000..7864fa5 --- /dev/null +++ b/tests/Test-coverage-for-TTY-auditing/Makefile @@ -0,0 +1,71 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing +# Description: Test for Test coverage for TTY auditing +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + @test -x runtest.sh || chmod a+x runtest.sh + @if [ -e /usr/share/beakerlib/plugins/try-check-final.sh ]; then \ + /usr/share/beakerlib/plugins/try-check-final.sh verify_plugin; \ + elif [ -e /mnt/tests/CoreOS/beaker/plugin-tcf/try-check-final.sh ]; then \ + /mnt/tests/CoreOS/beaker/plugin-tcf/try-check-final.sh verify_plugin; \ + elif [ -e /mnt/qa/scratch/dapospis/try-check-final.sh ]; then \ + /mnt/qa/scratch/dapospis/try-check-final.sh verify_plugin; \ + fi; + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "RhtsRequires: test(/CoreOS/beaker/plugin-tcf)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Test for Test coverage for TTY auditing" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: pam" >> $(METADATA) + @echo "Requires: pam /usr/bin/bc /usr/bin/expect /usr/bin/pcregrep" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/Test-coverage-for-TTY-auditing/PURPOSE b/tests/Test-coverage-for-TTY-auditing/PURPOSE new file mode 100644 index 0000000..2cc1a78 --- /dev/null +++ b/tests/Test-coverage-for-TTY-auditing/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing +Description: Test for Test coverage for TTY auditing +Author: Dalibor Pospisil +Bug summary: Test coverage for TTY auditing diff --git a/tests/Test-coverage-for-TTY-auditing/runtest.sh b/tests/Test-coverage-for-TTY-auditing/runtest.sh new file mode 100644 index 0000000..8ce10a0 --- /dev/null +++ b/tests/Test-coverage-for-TTY-auditing/runtest.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/pam/Sanity/Test-coverage-for-TTY-auditing +# Description: Test for Test coverage for TTY auditing +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh +. /usr/lib/beakerlib/beakerlib.sh + +PACKAGES="pam" +BINARIES="pcregrep expect bc" + +rlJournalStart &&{ + rlPhaseStartSetup &&{ + rlTry "Setup phase" && { + for PACKAGE in $PACKAGES; do + rlAssertRpm $PACKAGE + done + for BINARY in $BINARIES; do + rlRun "which $BINARY" 0 "Check presence of $BINARY" + done + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlFileBackup --clean /etc/pam.d/ + rlRun "echo 'session required pam_tty_audit.so disable=* enable=root' >>/etc/pam.d/system-auth" + rlRun "cat /etc/pam.d/system-auth" + rlFin; } + rlPhaseEnd;} + + rlPhaseStartTest &&{ + rlTry "Test phase" && { + rlTry "backup audit.log" &&{ + cat /var/log/audit/audit.log >./audit.log + rlFin; } + unalias su >& /dev/null + rlTry "su root, bc some expressions" &&{ + expect <' | sed -e 's/> //' | tee ./log" 0-255 + rlChk "check that audit.log contains what it should" &&{ + aureport --tty -ts recent -if ./log |tee log.txt + rlRun "pcregrep -M 'bc \"1\+1\",(|)(\n|\r)?.*\"10\^2\",(|)(\r|\n)?.*,,(|)' log.txt" + rlFin; } + rlFin; } + #PS1="[test] " bash + rlPhaseEnd;} + + rlPhaseStartCleanup &&{ + rlChk "Cleanup phase" && { + rlFileRestore + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlFin; } + rlTCFcheckFinal + rlPhaseEnd;} + + rlJournalPrintText +rlJournalEnd;} diff --git a/tests/pam_unix/Makefile b/tests/pam_unix/Makefile new file mode 100644 index 0000000..3d80f3e --- /dev/null +++ b/tests/pam_unix/Makefile @@ -0,0 +1,70 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/pam/Sanity/pam_unix +# Description: Test for module pam_unix +# Author: David Spurek +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/pam/Sanity/pam_unix +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: David Spurek " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Test for module pam_unix" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 15m" >> $(METADATA) + @echo "RunFor: pam" >> $(METADATA) + @echo "RhtsRequires: library(distribution/ConditionalPhases)" >> $(METADATA) + @echo "RhtsRequires: library(distribution/dpcommon)" >> $(METADATA) + @echo "RhtsRequires: library(distribution/testUser)" >> $(METADATA) + @echo "RhtsRequires: library(openssh/basic)" >> $(METADATA) + @echo "RhtsRequires: library(pam/basic)" >> $(METADATA) + @echo "Requires: pam" >> $(METADATA) + @echo "Requires: expect" >> $(METADATA) + @echo "Requires: openssh-server openssh-clients" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/pam_unix/PURPOSE b/tests/pam_unix/PURPOSE new file mode 100644 index 0000000..20d5a49 --- /dev/null +++ b/tests/pam_unix/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/pam/Sanity/pam_unix +Description: Test for module pam_unix +Author: David Spurek diff --git a/tests/pam_unix/runtest.sh b/tests/pam_unix/runtest.sh new file mode 100644 index 0000000..8f321b2 --- /dev/null +++ b/tests/pam_unix/runtest.sh @@ -0,0 +1,174 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/pam/Sanity/pam_unix +# Description: Test for module pam_unix +# Author: David Spurek +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="pam" + +PACKAGES=( "pam" "expect" ) + +_PASSWORD1="jf@#Faffo" +_PASSWORD2="0m4nchU!!F" + +function do_passwd { +expect </etc/security/opasswd + tcfFin; } + rlPhaseEnd; } + + tcfTry "Tests" --no-assert && { + tcfChk && { + rlPhaseStartTest "test option remember" && { + tcfChk "setup" && { + CleanupRegister --mark 'rlRun "testUserCleanup"' + rlRun "testUserSetup 2" + PWA=( ':3533tjh^397*:~21081^*p@w!~18374_0' ':4273tjh^397*:~3709^*p@w!~19467_1' ':31388tjh^397*:~32486^*p@w!~12258_2' ':10233tjh^397*:~620^*p@w!~19779_3' ':26151tjh^397*:~8077^*p@w!~29968_4' ':26593tjh^397*:~4665^*p@w!~16428_5' ':23163tjh^397*:~16784^*p@w!~4822_6' ':4065tjh^397*:~14355^*p@w!~4119_7' ':16312tjh^397*:~30577^*p@w!~26223_8' ) + rlRun "echo ${PWA[0]} | passwd --stdin ${testUser[1]}" + CleanupRegister 'rlRun "pamRestoreFiles"' + rlRun "pamBackupFiles" + #rlRun "sed -i -e 's/^password\s\+sufficient\s\+pam_unix.so/\0 remember=5/' $sys_auth" + rlRun "pamReplaceServiceModuleRule su password pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) remember=5'" + #rlRun "cat $sys_auth" + rlRun "pamGetServiceRules --prefix su password" + tcfFin; } + + tcfTry "test remember option" && { + NEWPW=${PWA[0]} + for i in `seq 6`; do + rlLog "change passwrd #$i" + OLDPW=$NEWPW; NEWPW=${PWA[$i]} + rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0 + done + + rlLog "change passwrd #$i" + rlLog "Try change to password that have been alredy used (should fail)" + OLDPW=$NEWPW; + rlRun "do_passwd ${testUser[1]} ${OLDPW} ${PWA[1]}" 6 + + for i in 7 8 1; do + rlLog "change passwrd #$i" + OLDPW=$NEWPW; NEWPW=${PWA[$i]} + rlRun "do_passwd ${testUser[1]} ${OLDPW} ${NEWPW}" 0 + done + tcfFin; } + + tcfTry "test vhange the password to a previous password of test1" && { + # change the password to a previous password of test1, the password change should be allowed. + rlLog "Change the password to a previous password of test1, the password change should be allowed" + echo ${PWA[0]} | passwd --stdin $testUser + rlRun "do_passwd $testUser ${PWA[0]} ${PWA[5]}" 0 + tcfFin; } + + tcfChk "cleanup" && { + CleanupDo --mark + tcfFin; } + rlPhaseEnd; }; : + tcfFin; } + + # Run the test for >=RHEL-6.9 and >=RHEL-7.3 and <>RHEL(Fedora) + ! rlIsRHEL '<6.9' && { ! rlIsRHEL '<7.3' || rlIsRHEL 6; } && tcfChk && { + rlPhaseStartTest "test option no_pass_expiry" && { + tcfChk "setup" && { + CleanupRegister --mark 'rlRun "testUserCleanup"' + rlRun "testUserSetup" + CleanupRegister 'rlRun "sshCleanup"' + rlRun "sshSetup" + rlRun "sshKeyGen" + rlRun "sshCopyID --user $testUser --password $testUserPasswd" + CleanupRegister 'rlRun "sshdRestore"' + rlRun "sshdStart" + CleanupRegister 'rlRun "pamRestoreFiles"' + rlRun "pamBackupFiles" + rlRun "pamGetServiceRules --prefix su account" + tcfFin; } + + tcfTry "test" && { + rlRun "sshRun --user $testUser --key 'id'" + rlRun "chage -d 0 $testUser" + rlRun "sshRun --user $testUser --key 'id'" 1-255 + rlRun "pamReplaceServiceModuleRule sshd account pam_unix.so '' '' '' '$(pamGetServiceRuleAgruments su password pam_unix.so) no_pass_expiry'" + rlRun "pamGetServiceRules --prefix sshd account" + rlRun "sshRun --user $testUser --key 'id'" + tcfFin; } + + tcfChk "cleanup" && { + CleanupDo --mark + tcfFin; } + rlPhaseEnd; }; : + tcfFin; }; : + tcfFin; } + + rlPhaseStartCleanup && { + tcfChk "Cleanup phase" && { + CleanupDo + tcfFin; } + tcfCheckFinal + rlPhaseEnd; } + rlJournalPrintText +rlJournalEnd; } diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..ae82b9a --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,33 @@ +--- +# Tests that run in classic context +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + tests: + - pam_unix + - Test-coverage-for-TTY-auditing + required_packages: + - bc + - expect + - findutils # beakerlib needs find command + - openssh-clients + - openssh-server + - pam + - pcre-tools + +# Tests that run in container context +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - container + tests: + - Test-coverage-for-TTY-auditing + required_packages: + - bc + - expect + - findutils # beakerlib needs find command + - pam + - pcre-tools