1#! /usr/bin/expect -f 2#********************************************************************* 3# Copyright (c) International Business Machines Corp., 2003, 2004, 2007 4# 5# This program is free software; you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation; either version 2 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13# the GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program; if not, write to the Free Software 17# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18# 19# FILE : su 20# 21# PURPOSE: Tests the basic functionality of `su`. 22# 23# SETUP: The program `/usr/bin/expect' MUST be installed. 24# The user invoking this test script must NOT be "root". 25# The PASSWD variable should be set prior to execution 26# 27# HISTORY: 28# 03/03 Dustin Kirkland (dkirklan@us.ibm.com) 29# 03/03 Jerone Young (jeroney@us.ibm.com) 30# 10/01/04 Kris Wilson Skip test 7 if RedHat; no -e option. 31# 05/23/07 Kris Wilson Make test 7 work for SLES. 32######################################################################## 33 34# The root user cannot succesfully execute su test because the root user 35# is able to become anyone without entering passwords 36set whoami [ exec whoami ] 37if { $whoami=="root" } { 38 send_user "ERROR: You must execute the 'su' tests as a non-root user\n" 39 exit 1 40} 41 42#Grab input from enviroment 43if [info exists env(PASSWD)] { 44 set PASSWD $env(PASSWD) 45} else { 46 send_user "YOU NEED TO SET ENVIROMENT VARIABLE PASSWD. \n" 47 exit 1 48} 49 50if [info exists env(TEST_USER2)] { 51 set USER1 $env(TEST_USER2) 52} else { 53 send_user "YOU MUST SET ENVIRONMENT VARIABLE TEST_USER2" 54 exit 1 55} 56 57# Need the release type from su01 58if [info exists env(tvar)] { 59 set distro $env(tvar) 60} else { 61 send_user "YOU MUST SET ENVIORMENT VARIABLE tvar" 62 exit 1 63} 64 65if [info exists env(TEST_USER2_PASSWD)] { 66 set USER1_PASSWORD $env(TEST_USER2_PASSWD) 67} else { 68 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER2_PASSWD" 69 exit 1 70} 71 72if [info exists env(TEST_LINE)] { 73 set TEST_LINE_ENV $env(TEST_LINE) 74} else { 75 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_LINE" 76 exit 1 77} 78 79 80if [info exists env(TEST_ENV_FILE)] { 81 set TEST_ENV_FILE $env(TEST_ENV_FILE) 82} else { 83 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER" 84 exit 1 85} 86 87if [info exists env(TEST_ENV_FILE2)] { 88 set TEST_ENV_FILE2 $env(TEST_ENV_FILE2) 89} else { 90 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE2" 91 exit 1 92} 93 94 95if [info exists env(TEST_ENV_FILE_USER)] { 96 set TEST_ENV_FILE_USER1 $env(TEST_ENV_FILE_USER) 97} else { 98 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_ENV_FILE_USER" 99 exit 1 100} 101 102if [info exists env(TEST_USER1_NEW_PASSWD)] { 103 set USER1_NEW_PASSWORD $env(TEST_USER1_NEW_PASSWD) 104} else { 105 send_user "YOU MUST SET ENVIROMENT VARIABLE TEST_USER1_NEW_PASSWD" 106 exit 1 107} 108 109 110set script_exit_code 0 111set i_can_root 0 112 113send_user "Starting 'su' Testing\n" 114 115# 1) su with no parameters and correct password. 116# - The su command should return a result code of 0 117# - The user ID should be root 118# - The user environment should be that of the invoking process 119# - The command should create a new shell with a new process ID 120 121send_user "\nTEST: su with no parameters and correct password\n" 122 123set i_am_root 0 124# run "whoami" to test user ID inside su shell 125spawn /bin/su -c whoami 126set i_am_root 0 127expect { 128 "Password:" { 129 send "$PASSWD\r" 130 expect { 131 "root" { set i_am_root 1 132 set i_can_root 1 133 } 134 } 135 } 136} 137 138catch close 139# capture result code 140set codes [wait] 141set pid [lindex $codes 0] 142set exit_code [lindex $codes 3] 143 144#Check that su user has same enviroment as current user 145set i_have_env 0 146set test_env_var " " 147if { $i_am_root==1 } { 148 spawn su -c "/bin/su root -c \"echo \\\$TEST_LINE > $TEST_ENV_FILE\"" 149 expect { 150 "Password:" { 151 send "$PASSWD\r" 152 } 153 } 154 expect eof 155 catch close 156 wait 157 158 set test_env_var [exec cat $TEST_ENV_FILE] 159 160 if { $test_env_var==$TEST_LINE_ENV } { 161 set i_have_env 1 162 } else { 163 send_user "/bin/su with correct password (FAILED), the enviroment was not kept after su.\n" 164 } 165} 166 167 168#this variable is for any test, it can't run correctly if this test fails 169set test_one_passed 0 170 171if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==1) } { 172 send_user "/bin/su with correct password & enviroment check ( PASSED )\n" 173 set test_one_passed 1 174} else { 175 send_user "/bin/su with correct password ( FAILED )\n" 176 set script_exit_code 1 177} 178 179 180# 2) su with no parameters and incorrect password. 181# - The su command should return a result code of non-0 182# - The user should be returned to the invoking shell 183# - An appropriate failure message should be displayed 184 185send_user "\nTEST: su with no parameters and incorrect password \n" 186 187set displayed_error 0 188# run "whoami" to test user ID inside su shell 189spawn /bin/su -c whoami 190set displayed_error 0 191expect { 192 "Password:" { 193 send "wrong_$PASSWD\r" 194 expect { 195 "su: incorrect password" { set displayed_error 1 } 196 "su: Authentication failure" { set displayed_error 1 } 197 } 198 } 199} 200 201catch close 202# capture result code 203set codes [wait] 204set pid [lindex $codes 0] 205set exit_code [lindex $codes 3] 206 207#Added for arm architecture 208 209send_user "\ndisplayed_error=$displayed_error" 210send_user "\nexit_code=$exit_code" 211send_user "\npid=$pid\n" 212 213if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 214 send_user "/bin/su with incorrect password ( PASSED )\n" 215} else { 216 send_user "/bin/su with incorrect password ( FAILED )\n" 217 set script_exit_code 1 218} 219 220# 3) su to root using name parameter and correct password. 221# - The su command should return a result code of 0 222# - The user ID should be root 223# - The user environment should be that of the invoking process 224# - The command should create a new shell with a new process ID 225 226send_user "\nTEST: su to root using name parameter and correct password. \n" 227 228set i_am_root 0 229# run "whoami" to test user ID inside su shell 230spawn /bin/su -l root -c whoami 231expect { 232 "Password:" { 233 send "$PASSWD\r" 234 expect { 235 "root" { set i_am_root 1 } 236 } 237 } 238} 239 240catch close 241# capture result code 242set codes [wait] 243set pid [lindex $codes 0] 244set exit_code [lindex $codes 3] 245 246 247#Check that su user does not have the same enviroment as current user 248set i_have_env 0 249set test_env " " 250if { $i_am_root==1 } { 251 spawn /bin/sh -c "/bin/su -l root -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE2\"\"" 252 expect { 253 "Password:" { 254 send "$PASSWD\r" 255 } 256 } 257 258 set test_env [exec cat $TEST_ENV_FILE2] 259 260 if { $test_env==$TEST_LINE_ENV } { 261 set i_have_env 1 262 send_user "/bin/su -l root with correct password (FAILED), because it did not change enviroment\n" 263 } 264} 265 266 267if { ($i_am_root==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } { 268 send_user "/bin/su -l root with correct password & enviroment check ( PASSED )\n" 269} else { 270 send_user "/bin/su -l root with correct password ( FAILED )\n" 271 set script_exit_code 1 272} 273 274 275# 4) su to root with name parameter and incorrect password. 276# - The su command should return a result code of non-0 277# - The user should be returned to the invoking shell 278# - An appropriate failure message should be displayed 279 280send_user "\nTEST: su to root with name parameter and incorrect password. \n" 281 282set displayed_error 0 283# run "whoami" to test user ID inside su shell 284spawn /bin/su -l root -c whoami 285expect { 286 "Password:" { 287 send "wrong_$PASSWD\r" 288 expect { 289 "su: incorrect password" { set displayed_error 1 } 290 "su: Authentication failure" { set displayed_error 1 } 291 } 292 } 293} 294 295catch close 296# capture result code 297set codes [wait] 298set pid [lindex $codes 0] 299set exit_code [lindex $codes 3] 300if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 301 send_user "/bin/su -l root with incorrect password ( PASSED )\n" 302} else { 303 send_user "/bin/su -l root with incorrect password ( FAILED )\n" 304 set script_exit_code 1 305} 306 307 308# 5) su to user1 with name parameter and correct password. 309# - The su command should return a result code of 0 310# - The user ID should be user1 311# - The user environment should be that of the invoking process, in this case,that of user1 312# - The command should create a new shell with a new process ID 313# - Run "whoami" to test user ID inside su shell 314 315send_user "TEST: su to user1 with name parameter and correct password.\n" 316 317set i_am_correct 0 318spawn /bin/su -l $USER1 -c whoami 319expect { 320 "Password:" { 321 send "$USER1_PASSWORD\r" 322 expect { 323 "$USER1\r" { set i_am_correct 1 } 324 } 325 } 326} 327 328catch close 329# capture result code 330set codes [wait] 331set pid [lindex $codes 0] 332set exit_code [lindex $codes 3] 333 334set i_have_env 0 335set test_env_var 0 336#Check to see that su user does not have the same enviroment 337if { $i_am_correct==1 } { 338 spawn /bin/sh -c "/bin/su -l $USER1 -c \"echo \"\\\$TEST_LINE > $TEST_ENV_FILE_USER1\"\"" 339 expect { 340 "Password:" { 341 send "$USER1_PASSWORD\r" 342 } 343 } 344 345} 346 347set test_env_var [exec cat $TEST_ENV_FILE_USER1] 348 349set i_have_env 0 350if { $test_env_var==$TEST_LINE_ENV } { 351 set i_have_env 1 352 send_user "/bin/su -l $USER1 with correct password (FAILED), because it did not change enviroment\n" 353 set i_have_env 0 354 if { $test_env_var==$TEST_LINE_ENV } { 355 set i_have_env 1 356 send_user "su -l $USER1 with correct password (FAILED), because it did not change enviroment\n" 357 } 358} 359 360if { ($i_am_correct==1) && ($exit_code==0) && ($pid>0) && ($i_have_env==0) } { 361 send_user "/bin/su -l $USER1 with correct password & enviroment check ( PASSED )\n" 362} else { 363 send_user "/bin/su -l $USER1 with correct password ( FAILED )\n" 364 set script_exit_code 1 365} 366 367 368 369# 6)su to user1 with name parameter and incorrect password. 370# - The su command should return a result code of non-0 371# - The user should be returned to the invoking shell 372# - An appropriate failure message should be displayed. 373 374send_user "TEST: su to user1 with name parameter and incorrect password.\n" 375spawn /bin/su -l $USER1 -c whoami 376set displayed_error 0 377expect { 378 "Password:" { 379 send "wrong_$USER1_PASSWORD\r" 380 expect { 381 "su: incorrect password" { set displayed_error 1 } 382 "su: Authentication failure" { set displayed_error 1 } 383 } 384 } 385} 386 387catch close 388# capture result code 389set codes [wait] 390set pid [lindex $codes 0] 391set exit_code [lindex $codes 3] 392if { ($displayed_error==1) && ($exit_code!=0) && ($pid>0) } { 393 send_user "/bin/su -l $USER1 with incorrect password ( PASSED )\n" 394} else { 395 send_user "/bin/su -l $USER1 with incorrect password ( FAILED )\n" 396 set script_exit_code 1 397} 398 399 400# 7) su to user1 with the user1 password expired 401# - user1 should not be allowed to log in 402# - The su command should return a result code of non-0 403# - The user should be returned to the invoking shell 404# - An appropriate failure message should be displayed. 405 406# Become root and expire $USER1 password 407 408# Skip this if Red Hat; -e option not supported. 409if { $distro != "redhat" && $distro != "redhat-linux" } { 410 411if { $test_one_passed==1} { 412send_user "TEST: su to user1 with the user1 password expired.\n" 413 414spawn /bin/su -l root -c "passwd -e $USER1" 415expect { 416 "Password:" { 417 send "$PASSWD\r" 418 expect { 419 "Password expiry information changed." 420 } 421 } 422} 423 424set i_am_correct 0 425spawn /bin/su -l $USER1 -c whoami 426expect { 427 "Password:" { 428 send "$USER1_PASSWORD\r" 429 expect { 430 -re "current.*password|Old Password" { 431 send "wrong_$USER1_PASSWORD\r" 432 expect { 433 -re "current.*password|Old Password" { 434 send "wrong_$USER1_PASSWORD\r" 435 expect { 436 "su: incorrect password" { set i_am_correct 1 } 437 "su: Authentication failure" { set i_am_correct 1 } 438 "su: Authentication token manipulation error" { set i_am_correct 1 } 439 } 440 } 441 "su: incorrect password" { set i_am_correct 1 } 442 "su: Authentication failure" { set i_am_correct 1 } 443 "su: Authentication token manipulation error" { set i_am_correct 1 } 444 } 445 } 446 } 447 } 448} 449 450catch close 451# capture result code 452set codes [wait] 453set pid [lindex $codes 0] 454set exit_code [lindex $codes 3] 455if { ($i_am_correct==1) && ($exit_code!=0) && ($pid>0) } { 456 send_user "/bin/su -l $USER1 with expired correct password ( PASSED )\n" 457} else { 458 send_user "/bin/su -l $USER1 with expired correct password ( FAILED )\n" 459 set script_exit_code 1 460} 461 462 463#Become root and set $USER1 password back to previous value 464spawn /bin/su -l root -c "passwd $USER1" 465expect { 466 "Password: " { 467 send "$PASSWD\r" 468 expect { 469 "Enter new password: " { 470 send "$USER1_NEW_PASSWORD\r" 471 expect { 472 "Re-type new password: " { 473 send "$USER1_NEW_PASSWORD\r" 474 expect { 475 "Password changed" {} 476 } 477 } 478 } 479 } 480 } 481 } 482} 483 484catch close 485} else { 486 487 send_user "TEST: su to user1 with the user1 password expired. (FAILED),see more next line.\n" 488 send_user "This test cannot be run because the first test to su as root failed\n" 489 490} 491# If RH let the tester know why only 6 tests were run. 492} else { 493 send_user "TEST 7 skipped if running on Red Hat; -e not supported \n" 494} 495exit $script_exit_code 496