Blame tests/p_passwd/20_root_tests

Iain Douglas 756e5d
#!/bin/bash
Iain Douglas 756e5d
# Author: Iain Douglas <centos@1n6.org.uk>
Iain Douglas 756e5d
#
Iain Douglas 756e5d
Iain Douglas 756e5d
function ExitFail
Iain Douglas 756e5d
{
Iain Douglas 756e5d
    t_Log "FAIL"
Iain Douglas 756e5d
    exit $FAIL
Iain Douglas 756e5d
}
Iain Douglas 756e5d
#
Iain Douglas 756e5d
# Test the command line options for passwd that are restricted to root.
Iain Douglas 756e5d
#
Iain Douglas 756e5d
Iain Douglas 756e5d
t_Log "Running $0 - Check root only actions"
Iain Douglas 756e5d
t_Log "Create test user passtest"
Iain Douglas 756e5d
userdel -rf passtest; useradd passtest && echo passtest | passwd --stdin passtest &>/dev/null
Iain Douglas 756e5d
t_CheckExitStatus $?
Iain Douglas 756e5d
Iain Douglas 756e5d
# Check that passwd -l locks the password - the field in /etc/shadow has 
Iain Douglas 756e5d
# a ! prepended
Iain Douglas 756e5d
t_Log "Check account can be locked"
Iain Douglas 756e5d
passwd -l passtest &>/dev/null
Iain Douglas 756e5d
Iain Douglas 756e5d
if [ $? -eq "0" ]
Iain Douglas 756e5d
then
Iain Douglas 756e5d
    getent shadow passtest | cut -f2 -d: | grep '^!' &>/dev/null
Iain Douglas 756e5d
    t_CheckExitStatus $?
Iain Douglas 756e5d
else
Iain Douglas 756e5d
    ExitFail
Iain Douglas 756e5d
fi
Iain Douglas 756e5d
Iain Douglas 756e5d
# Check that passwd -u will unlock the account - removes the ! from the 
Iain Douglas 756e5d
# start of the password field in /etc/shadow
Iain Douglas 756e5d
t_Log "Check account can be unlocked"
Iain Douglas 756e5d
passwd -u passtest &>/dev/null
Iain Douglas 756e5d
Iain Douglas 756e5d
if [ $? -eq "0" ]
Iain Douglas 756e5d
then
Iain Douglas 756e5d
    getent shadow passtest | cut -f2 -d: | grep -v '^!' &>/dev/null
Iain Douglas 756e5d
    t_CheckExitStatus $?
Iain Douglas 756e5d
else
Iain Douglas 756e5d
    ExitFail
Iain Douglas 756e5d
fi
Iain Douglas 756e5d
Iain Douglas 756e5d
# Check that passwd -e expires an account. Field 3 of /etc/shadow is set to 0
Iain Douglas 756e5d
t_Log "Check password can be expired"
Iain Douglas 756e5d
passwd -e passtest &>/dev/null
Iain Douglas 756e5d
Iain Douglas 756e5d
if [ $? -eq "0" ]
Iain Douglas 756e5d
then
Iain Douglas 756e5d
    getent shadow passtest | cut -f3 -d: | grep '^0' &>/dev/null 
Iain Douglas 756e5d
    t_CheckExitStatus $?
Iain Douglas 756e5d
    echo passtest | passwd --stdin passtest &>/dev/null
Iain Douglas 756e5d
else
Iain Douglas 756e5d
    ExitFail
Iain Douglas 756e5d
fi
Iain Douglas 756e5d
Iain Douglas 756e5d
# Check that passwd -n, -x, -w -i set the mindays, maxdays, warndays and
Iain Douglas 756e5d
# inactive fields (4-7) in /etc/shadow
Iain Douglas 756e5d
t_Log "Check password aging data can be set"
Iain Douglas 756e5d
passwd -n 11 -x 22 -w 33 -i 44 passtest &>/dev/null
Iain Douglas 756e5d
Iain Douglas 756e5d
if [ $? -eq "0" ]
Iain Douglas 756e5d
then
Iain Douglas 756e5d
    getent shadow passtest | cut -f4-7 -d: | grep '^11:22:33:44' &>/dev/null
Iain Douglas 756e5d
    t_CheckExitStatus $?
Iain Douglas 756e5d
else
Iain Douglas 756e5d
    ExitFail
Iain Douglas 756e5d
fi
Iain Douglas 756e5d
Iain Douglas 756e5d
# Check that passwd -d deletes the password - the field in /etc/shadow is
Iain Douglas 756e5d
# cleared
Iain Douglas 756e5d
t_Log "Check password can be deleted"
Iain Douglas 756e5d
passwd -d passtest &>/dev/null
Iain Douglas 756e5d
Iain Douglas 756e5d
if [ $? -eq "0" ]
Iain Douglas 756e5d
then
Iain Douglas 756e5d
    password=$(getent shadow passtest | cut -f2 -d:)
Iain Douglas 756e5d
    if [ -z "${password}" ]
Iain Douglas 756e5d
    then
Iain Douglas 756e5d
        t_Log "PASS"
Iain Douglas 756e5d
    else
Iain Douglas 756e5d
        ExitFail
Iain Douglas 756e5d
    fi
Iain Douglas 756e5d
else
Iain Douglas 756e5d
    ExitFail
Iain Douglas 756e5d
fi
Iain Douglas 756e5d
Iain Douglas 756e5d
# Passwd won't, without being forced, unlock an account with a blank password
Iain Douglas 756e5d
# so check this is the case.
Iain Douglas 756e5d
t_Log "Check blank password cannot be unlocked"
Iain Douglas 756e5d
passwd -l passtest &>/dev/null
Iain Douglas 756e5d
passwd -u passtest &>/dev/null 
Iain Douglas 756e5d
Iain Douglas 756e5d
if [ $? -ne "0" ]
Iain Douglas 756e5d
then
Iain Douglas 756e5d
    t_Log PASS
Iain Douglas 756e5d
else
Iain Douglas 756e5d
    ExitFail
Iain Douglas 756e5d
fi
Iain Douglas 756e5d
Iain Douglas 756e5d
# Force passwd to unlock an account with a blank password passwd -uf.
Iain Douglas 756e5d
t_Log "Check blank password can be force unlocked"
Iain Douglas 756e5d
passwd -uf passtest &>/dev/null
Iain Douglas 756e5d
t_CheckExitStatus $?
Iain Douglas 756e5d
Iain Douglas 756e5d
# Check the output of passwd -S at this point it should be
Iain Douglas 756e5d
# passtest NP YYYY-MM-DD  11 22 33 44 (Empty password.)
Iain Douglas 756e5d
# It's possible that this will run on a different side of midnight to earlier 
Iain Douglas 756e5d
# commands so if checking the output for today fails check yesterday too
Iain Douglas 756e5d
t_Log "Check output of passwd -S"
Iain Douglas 756e5d
Iain Douglas 756e5d
expected="passtest NP "$(date +'%F')" 11 22 33 44 (Empty password.)"
Iain Douglas 756e5d
passwd -S passtest | grep "$expected" &>/dev/null
Iain Douglas 756e5d
if [ $? -eq "0" ]
Iain Douglas 756e5d
then
Iain Douglas 756e5d
    t_Log "PASS"
Iain Douglas 756e5d
else
Iain Douglas 756e5d
    expected="passtest NP "$(date +'%F' -d yesterday)" 11 22 33 44 (Empty password.)"
Iain Douglas 756e5d
    passwd -S passtest | grep "$expected" &>/dev/null
Iain Douglas 756e5d
    t_CheckExitStatus $?
Iain Douglas 756e5d
fi