diff --git a/tests/pam_ssh_agent_auth/Makefile b/tests/pam_ssh_agent_auth/Makefile deleted file mode 100644 index f77eb4d..0000000 --- a/tests/pam_ssh_agent_auth/Makefile +++ /dev/null @@ -1,64 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/openssh/Sanity/pam_ssh_agent_auth -# Description: This is a basic sanity test for pam_ssh_agent_auth -# Author: Jakub Jelen -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2015 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/openssh/Sanity/pam_ssh_agent_auth -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE pam_save_ssh_var.c - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - - --include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Jakub Jelen " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: This is basic sanity test for pam_ssh_agent_auth" >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 5m" >> $(METADATA) - @echo "RunFor: openssh" >> $(METADATA) - @echo "Requires: openssh pam_ssh_agent_auth pam-devel expect" >> $(METADATA) - @echo "RhtsRequires: library(distribution/fips)" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2+" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) - - rhts-lint $(METADATA) diff --git a/tests/pam_ssh_agent_auth/PURPOSE b/tests/pam_ssh_agent_auth/PURPOSE deleted file mode 100644 index 59557de..0000000 --- a/tests/pam_ssh_agent_auth/PURPOSE +++ /dev/null @@ -1,7 +0,0 @@ -PURPOSE of /CoreOS/openssh/Sanity/pam_ssh_agent_auth -Description: This is basic sanity test for pam_ssh_agent_auth -Author: Jakub Jelen - -Created as a response to rhbz#1251777 and previous one rhbz#1225106. -The code of pam module is outdated and compiled with current openssh -version which went through quite enough refactoring. diff --git a/tests/pam_ssh_agent_auth/pam_save_ssh_var.c b/tests/pam_ssh_agent_auth/pam_save_ssh_var.c deleted file mode 100644 index e422fff..0000000 --- a/tests/pam_ssh_agent_auth/pam_save_ssh_var.c +++ /dev/null @@ -1,73 +0,0 @@ -/* -This simple pam module saves the content of SSH_USER_AUTH variable to /tmp/SSH_USER_AUTH -file. - -Setup: - - gcc -fPIC -DPIC -shared -rdynamic -o pam_save_ssh_var.o pam_save_ssh_var.c - - copy pam_save_ssh_var.o to /lib/security resp. /lib64/security - - add to /etc/pam.d/sshd - auth requisite pam_save_ssh_var.o -*/ - -/* Define which PAM interfaces we provide */ -#define PAM_SM_ACCOUNT -#define PAM_SM_AUTH -#define PAM_SM_PASSWORD -#define PAM_SM_SESSION - -/* Include PAM headers */ -#include -#include -#include -#include - -int save_ssh_var(pam_handle_t *pamh, const char *phase) { - FILE *fp; - const char *var; - - fp = fopen("/tmp/SSH_USER_AUTH","a"); - fprintf(fp, "BEGIN (%s)\n", phase); - var = pam_getenv(pamh, "SSH_USER_AUTH"); - if (var != NULL) { - fprintf(fp, "SSH_USER_AUTH: '%s'\n", var); - } - fprintf(fp, "END (%s)\n", phase); - fclose(fp); - - return 0; -} - -/* PAM entry point for session creation */ -int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { - return(PAM_IGNORE); -} - -/* PAM entry point for session cleanup */ -int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { - return(PAM_IGNORE); -} - -/* PAM entry point for accounting */ -int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { - return(PAM_IGNORE); -} - -/* PAM entry point for authentication verification */ -int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { - save_ssh_var(pamh, "auth"); - return(PAM_IGNORE); -} - -/* - PAM entry point for setting user credentials (that is, to actually - establish the authenticated user's credentials to the service provider) - */ -int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { - return(PAM_IGNORE); -} - -/* PAM entry point for authentication token (password) changes */ -int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { - return(PAM_IGNORE); -} - diff --git a/tests/pam_ssh_agent_auth/runtest.sh b/tests/pam_ssh_agent_auth/runtest.sh deleted file mode 100755 index 297be39..0000000 --- a/tests/pam_ssh_agent_auth/runtest.sh +++ /dev/null @@ -1,184 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/openssh/Sanity/pam_ssh_agent_auth -# Description: This is a basic sanity test for pam_ssh_agent_auth -# Author: Jakub Jelen -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2015 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/bin/rhts-environment.sh || exit 1 -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="openssh" -PAM_SUDO="/etc/pam.d/sudo" -PAM_SSHD="/etc/pam.d/sshd" -PAM_MODULE="pam_save_ssh_var" -SUDOERS_CFG="/etc/sudoers.d/01_pam_ssh_auth" -SSHD_CFG="/etc/ssh/sshd_config" -USER="testuser$RANDOM" -PASS="testpassxy4re.3298fhdsaf" -AUTH_KEYS="/etc/security/authorized_keys" -AK_COMMAND_BIN="/root/ak.sh" -AK_COMMAND_KEYS="/root/akeys" -declare -a KEYS=("rsa" "ecdsa") - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm $PACKAGE - rlAssertRpm pam_ssh_agent_auth - rlImport distribution/fips - rlServiceStart sshd - rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" - rlRun "cp ${PAM_MODULE}.c $TmpDir/" - rlRun "pushd $TmpDir" - rlFileBackup --clean $PAM_SUDO /etc/sudoers /etc/sudoers.d/ /etc/security/ $AUTH_KEYS - rlRun "sed -i '1 a\ -auth sufficient pam_ssh_agent_auth.so file=$AUTH_KEYS' $PAM_SUDO" - rlRun "echo 'Defaults env_keep += \"SSH_AUTH_SOCK\"' > $SUDOERS_CFG" - rlRun "echo 'Defaults !requiretty' >> $SUDOERS_CFG" - grep '^%wheel' /etc/sudoers || \ - rlRun "echo '%wheel ALL=(ALL) ALL' >> $SUDOERS_CFG" - rlRun "useradd $USER -G wheel" - rlRun "echo $PASS |passwd --stdin $USER" - rlPhaseEnd - - if ! fipsIsEnabled; then - KEYS+=("dsa") - fi - - for KEY in "${KEYS[@]}"; do - rlPhaseStartTest "Test with key type $KEY" - rlRun "su $USER -c 'ssh-keygen -t $KEY -f ~/.ssh/my_id_$KEY -N \"\"'" 0 - - # Without authorized_keys, the authentication should fail - rlRun -s "su $USER -c 'eval \`ssh-agent\`; sudo id; ssh-agent -k'" 0 - rlAssertNotGrep "uid=0(root) gid=0(root)" $rlRun_LOG - - # Append the keys only to make sure we can match also the non-first line - rlRun "cat ~$USER/.ssh/my_id_${KEY}.pub >> $AUTH_KEYS" - rlRun -s "su $USER -c 'eval \`ssh-agent\`; ssh-add ~/.ssh/my_id_$KEY; sudo id; ssh-agent -k'" - rlAssertGrep "uid=0(root) gid=0(root)" $rlRun_LOG - rlPhaseEnd - done - - if rlIsRHEL '<6.8' || ( rlIsRHEL '<7.3' && rlIsRHEL 7 ) ; then - : # not available - else - rlPhaseStartSetup "Setup for authorized_keys_command" - rlFileBackup --namespace ak_command $PAM_SUDO - rlRun "rm -f $AUTH_KEYS" - cat >$AK_COMMAND_BIN <<_EOF -#!/bin/bash -cat $AK_COMMAND_KEYS -_EOF - rlRun "chmod +x $AK_COMMAND_BIN" - rlRun "sed -i 's|.*pam_ssh_agent_auth.*|auth sufficient pam_ssh_agent_auth.so authorized_keys_command=$AK_COMMAND_BIN authorized_keys_command_user=root|' $PAM_SUDO" - rlRun "cat $PAM_SUDO" - rlPhaseEnd - - for KEY in "${KEYS[@]}"; do - rlPhaseStartTest "Test authorized_keys_command with key type $KEY (bz1299555, bz1317858)" - rlRun "cat ~$USER/.ssh/my_id_${KEY}.pub >$AK_COMMAND_KEYS" - rlRun -s "su $USER -c 'eval \`ssh-agent\`; ssh-add ~/.ssh/my_id_$KEY; sudo id; ssh-agent -k'" - rlAssertGrep "uid=0(root) gid=0(root)" $rlRun_LOG - rlPhaseEnd - done - - rlPhaseStartCleanup "Cleanup for authorized_keys_command" - rlFileRestore --namespace ak_command - rlRun "rm -f $AK_COMMAND_BIN $AK_COMMAND_KEYS" - rlPhaseEnd - fi - - if rlIsRHEL '>=7.3'; then # not in Fedora anymore - rlPhaseStartTest "bz1312304 - Exposing information about succesful auth" - rlRun "rlFileBackup --namespace exposing $PAM_SSHD" - rlRun "rlFileBackup --namespace exposing $SSHD_CFG" - rlRun "rlFileBackup --namespace exposing /root/.ssh/" - rlRun "rm -f ~/.ssh/id_rsa*" - rlRun "ssh-keygen -f ~/.ssh/id_rsa -N \"\"" 0 - rlRun "ssh-keyscan localhost >~/.ssh/known_hosts" 0 - USER_AK_FILE=~$USER/.ssh/authorized_keys - rlRun "cat ~/.ssh/id_rsa.pub >$USER_AK_FILE" - rlRun "chown $USER:$USER $USER_AK_FILE" - rlRun "chmod 0600 $USER_AK_FILE" - rlRun "gcc -fPIC -DPIC -shared -rdynamic -o $PAM_MODULE.o $PAM_MODULE.c" - rlRun "test -d /lib64/security && cp $PAM_MODULE.o /lib64/security/" 0,1 - rlRun "test -d /lib/security && cp $PAM_MODULE.o /lib/security/" 0,1 - rlRun "sed -i '1 i auth optional $PAM_MODULE.o' $PAM_SSHD" - - # pam-and-env should expose information to both PAM and environmental variable; - # we will be testing only env variable here for the time being, - rlRun "echo 'ExposeAuthenticationMethods pam-and-env' >>$SSHD_CFG" - rlRun "sed -i '/^ChallengeResponseAuthentication/ d' $SSHD_CFG" - rlRun "service sshd restart" - rlWaitForSocket 22 -t 5 - rlRun -s "ssh -i ~/.ssh/id_rsa $USER@localhost \"env|grep SSH_USER_AUTH\"" 0 \ - "Environment variable SSH_USER_AUTH is set" - rlAssertGrep "^SSH_USER_AUTH=publickey:" $rlRun_LOG - rlRun "rm -f $rlRun_LOG" - - # pam-only should expose information only to PAM and not to environment variable - rlRun "sed -i 's/pam-and-env/pam-only/' $SSHD_CFG" - rlRun "echo 'AuthenticationMethods publickey,keyboard-interactive:pam' >>$SSHD_CFG" - rlRun "service sshd restart" - rlWaitForSocket 22 -t 5 -ssh_with_pass() { - ssh_args=("-i /root/.ssh/id_rsa") - ssh_args+=("$USER@localhost") - cat >ssh.exp <<_EOF -#!/usr/bin/expect -f - -set timeout 5 -spawn ssh ${ssh_args[*]} "echo CONNECTED; env|grep SSH_USER_AUTH" -expect { - -re {.*[Pp]assword.*} { send -- "$PASS\r"; exp_continue } - timeout { exit 1 } - eof { exit 0 } -} -_EOF - rlRun -s "expect -f ssh.exp" -} - #rlRun -s "ssh ${ssh_args[*]} \"echo CONNECTED; env|grep SSH_USER_AUTH\"" 1 \ - #"Environment variable SSH_USER_AUTH is NOT set" - rlRun "ssh_with_pass" - rlRun "grep -q CONNECTED $rlRun_LOG" 0 "Connection was successful" - rlAssertGrep "^SSH_USER_AUTH: 'publickey:" /tmp/SSH_USER_AUTH - rlRun "cat /tmp/SSH_USER_AUTH" - rlRun "rm -f $rlRun_LOG /tmp/SSH_USER_AUTH" - for pm in /lib64/security/$PAM_MODULE.o /lib/security/$PAM_MODULE.o; do - rlRun "test -e $pm && rm -f $pm" 0,1 - done - rlRun "rlFileRestore --namespace exposing" - rlPhaseEnd - fi - - rlPhaseStartCleanup - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlRun "userdel -fr $USER" - rlFileRestore - rlServiceRestore sshd - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/port-forwarding/Makefile b/tests/port-forwarding/Makefile deleted file mode 100644 index d325bdd..0000000 --- a/tests/port-forwarding/Makefile +++ /dev/null @@ -1,63 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/openssh/Sanity/port-forwarding -# Description: Testing port forwarding (ideally all possibilities: -L, -R, -D) -# Author: Stanislav Zidek -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2015 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/openssh/Sanity/port-forwarding -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - - --include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Stanislav Zidek " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: Testing port forwarding (ideally all possibilities: -L, -R, -D)" >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 5m" >> $(METADATA) - @echo "RunFor: openssh" >> $(METADATA) - @echo "Requires: openssh net-tools nc" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2+" >> $(METADATA) - @echo "Confidential: yes" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) - - rhts-lint $(METADATA) diff --git a/tests/port-forwarding/PURPOSE b/tests/port-forwarding/PURPOSE deleted file mode 100644 index 5a8bc87..0000000 --- a/tests/port-forwarding/PURPOSE +++ /dev/null @@ -1,3 +0,0 @@ -PURPOSE of /CoreOS/openssh/Sanity/port-forwarding -Description: Testing port forwarding (ideally all possibilities: -L, -R, -D) -Author: Stanislav Zidek diff --git a/tests/port-forwarding/runtest.sh b/tests/port-forwarding/runtest.sh deleted file mode 100755 index f18f2ae..0000000 --- a/tests/port-forwarding/runtest.sh +++ /dev/null @@ -1,152 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/openssh/Sanity/port-forwarding -# Description: Testing port forwarding (ideally all possibilities: -L, -R, -D) -# Author: Stanislav Zidek -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2015 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="openssh" -USER="user$RANDOM" -FORWARDED=$((RANDOM % 100 + 6800)) -LISTEN=$((RANDOM % 100 + 6900)) -TIMEOUT=5 -MESSAGE="HUGE_SUCCESS" -SSH_OPTIONS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm $PACKAGE - rlFileBackup /etc/ssh/sshd_config - rlRun "useradd -m $USER" - rlRun "su - $USER -c \"mkdir .ssh; chmod 700 .ssh; cd .ssh; ssh-keygen -N '' -f id_rsa; cat id_rsa.pub >authorized_keys; chmod 600 authorized_keys\"" - rlRun "echo 'LogLevel DEBUG' >>/etc/ssh/sshd_config" - rlServiceStart sshd - rlRun "IP=\$( ip a |grep 'scope global' |grep -w inet |cut -d'/' -f1 |awk '{ print \$2 }' |tail -1 )" - rlRun "echo 'IP=$IP'" - rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - -forwarding_test() { - EXP_RESULT=$1 - FORWARDED=$2 - HOST=$3 - LISTEN=$4 - - rlRun "nc -l $LISTEN &>listen.log &" - LISTEN_PID=$! - rlWaitForSocket $LISTEN -t $TIMEOUT - rlRun "ps -fp $LISTEN_PID" - rlRun "su - $USER -c \"ssh $SSH_OPTIONS -N -L $FORWARDED:$HOST:$LISTEN $USER@localhost &\" &>tunnel.log" - rlRun "ps -fC ssh" - rlRun "SSH_PID=\$( pgrep -n -u $USER ssh )" - rlRun "echo SSH_PID is '$SSH_PID'" - rlWaitForSocket $FORWARDED -t $TIMEOUT - rlRun "[[ -n '$SSH_PID' ]] && ps -fp $SSH_PID" - rlRun "echo '$MESSAGE'|nc localhost $FORWARDED" 0,1 - - if [[ $EXP_RESULT == "success" ]]; then - rlAssertGrep "$MESSAGE" listen.log - else # failure expected - rlAssertGrep "open failed" tunnel.log -i - rlAssertGrep "administratively prohibited" tunnel.log -i - rlAssertNotGrep "$MESSAGE" listen.log - fi - - rlRun "kill -9 $LISTEN_PID $SSH_PID" 0,1 "Killing cleanup" - rlWaitForSocket $LISTEN -t $TIMEOUT --close - rlWaitForSocket $FORWARDED -t $TIMEOUT --close - if ! rlGetPhaseState; then - rlRun "cat listen.log" - rlRun "cat tunnel.log" - fi - rlFileSubmit listen.log tunnel.log - rlRun "rm -f *.log;" -} - - rlPhaseStartTest "Local forwarding" - forwarding_test "success" $FORWARDED localhost $LISTEN - ((FORWARDED+=1)) - ((LISTEN+=1)) - rlPhaseEnd - - rlPhaseStartTest "PermitOpen with 'any'" - rlFileBackup --namespace permitopen_any /etc/ssh/sshd_config /etc/hosts - rlRun "echo 'PermitOpen any' >>/etc/ssh/sshd_config" - rlRun "echo '$IP anyhost1 anyhost2' >>/etc/hosts" - rlRun "service sshd restart" - for i in `seq 3`; do - forwarding_test "success" $FORWARDED anyhost1 $LISTEN - forwarding_test "success" $FORWARDED anyhost2 $LISTEN - ((FORWARDED+=1)) - ((LISTEN+=1)) - done - rlFileRestore --namespace permitopen_any - rlPhaseEnd - - if ! rlIsRHEL '<6.7'; then - # PermitOpen with wildcards is new feature in RHEL-6.7 - rlPhaseStartTest "PermitOpen with port wildcard" - rlFileBackup --namespace port_wildcard /etc/ssh/sshd_config /etc/hosts - rlRun "echo 'PermitOpen wildportallow:*' >>/etc/ssh/sshd_config" - rlRun "echo '$IP wildportallow wildportdeny' >>/etc/hosts" - rlRun "service sshd restart" - forwarding_test "success" $FORWARDED wildportallow $LISTEN - ((FORWARDED+=1)) - ((LISTEN+=1)) - forwarding_test "failure" $FORWARDED wildportdeny $LISTEN - ((FORWARDED+=1)) - ((LISTEN+=1)) - rlFileRestore --namespace port_wildcard - rlRun "service sshd restart" - rlPhaseEnd - fi - - if ! rlIsRHEL '<7.3'; then - rlPhaseStartTest "PermitOpen with host wildcard and specific port" - rlFileBackup --namespace host_wildcard /etc/ssh/sshd_config /etc/hosts - rlRun "echo 'PermitOpen *:$LISTEN' >>/etc/ssh/sshd_config" - rlRun "echo '$IP wildhost1 wildhost2' >>/etc/hosts" - rlRun "service sshd restart" - forwarding_test "success" $FORWARDED wildhost1 $LISTEN - ((FORWARDED+=1)) - forwarding_test "success" $FORWARDED wildhost2 $LISTEN - ((FORWARDED+=1)) - ((LISTEN+=1)) # different listen port, should fail - forwarding_test "failure" $FORWARDED wildhost2 $LISTEN - rlFileRestore --namespace host_wildcard - rlPhaseEnd - fi - - rlPhaseStartCleanup - rlRun "userdel -rf $USER" - rlRun "popd" - rlFileRestore - rlServiceRestore sshd - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 8086af2..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Tests for docker container -- hosts: localhost - tags: - - container - # no compatible tests - -# Tests for classic environment and Atomic Host -- hosts: localhost - tags: - - all - - classic - - atomic - roles: - - role: standard-test-beakerlib - tests: - - port-forwarding - - pam_ssh_agent_auth - required_packages: - - iproute # needs ip command - - procps-ng # needs ps and pgrep commands - - initscripts # needs service command - - openssh-clients # needs ssh command - - findutils # needs find command - - net-tools # needs netstat command - - libselinux-utils # needs selinuxenabled command - - nmap-ncat # needs nc command - - pam_ssh_agent_auth - - gcc # needs to test pam_ssh_agent_auth - - pam-devel # needs to test pam_ssh_agent_auth - - expect # needs to test pam_ssh_agent_auth