diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:22:06 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:22:06 +0000 |
commit | 741c1ef7a4f2ac316ad6e557ddbe03023413478d (patch) | |
tree | 38890f681daa26c57e865b4feca10d0ca53e1046 /tests/usertools/chpasswd-PAM | |
parent | Initial commit. (diff) | |
download | shadow-741c1ef7a4f2ac316ad6e557ddbe03023413478d.tar.xz shadow-741c1ef7a4f2ac316ad6e557ddbe03023413478d.zip |
Adding upstream version 1:4.5.upstream/1%4.5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/usertools/chpasswd-PAM')
279 files changed, 7699 insertions, 0 deletions
diff --git a/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test new file mode 100755 index 0000000..519d0a2 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test @@ -0,0 +1,56 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd fails if an user does not exist" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody, lp, and foooo's password..." +echo 'nobody:test +lp:test2 +foooo:test3' | chpasswd 2>tmp/chpasswd.err && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/chpasswd.err +echo "=======================================================================" +echo -n "Check that there were a failure message..." +diff -au data/chpasswd.err tmp/chpasswd.err +echo "error message OK." +rm -f tmp/chpasswd.err + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/group b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/gshadow b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password new file mode 100644 index 0000000..07f3f1d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure md5 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/passwd b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/shadow b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err new file mode 100644 index 0000000..8a3011f --- /dev/null +++ b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err @@ -0,0 +1,3 @@ +chpasswd: (user foooo) pam_chauthtok() failed, error: +Authentication token manipulation error +chpasswd: (line 3, user foooo) password not changed diff --git a/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow new file mode 100644 index 0000000..cb54856 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_MD5 test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_MD5 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test new file mode 100755 index 0000000..c036205 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can change the password of multiple users" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password..." +echo 'nobody:test +lp:test2' | chpasswd +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/group b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/gshadow b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/passwd b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/shadow b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/data/shadow b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/data/shadow new file mode 100644 index 0000000..d69c00c --- /dev/null +++ b/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_DES test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_DES test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test new file mode 100755 index 0000000..fb915a1 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test @@ -0,0 +1,44 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd changes the passwd file if shadow does not exist" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Remove /etc/shadow..." +rm -f /etc/shadow +echo "OK" + +echo -n "Change nobody's and lp's password..." +echo 'nobody:test +lp:test2' | chpasswd +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check that shadow does not exist..." +test ! -f /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/group b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/gshadow b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/common-password new file mode 100644 index 0000000..07f3f1d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure md5 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/passwd b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/passwd new file mode 100644 index 0000000..bd03706 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:bar:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/shadow b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/passwd b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/passwd new file mode 100644 index 0000000..36fa602 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:@PASS_MD5 test2@:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:@PASS_MD5 test@:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test new file mode 100755 index 0000000..2660213 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test @@ -0,0 +1,43 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries" +# FIXME: The PAM and !PAM versions differs: +# PAM will create a shadow entry if the shadow file exists +# !PAM will update the passwd entry and leave the shadow file untouched + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody's and lp's password..." +echo 'nobody:test +lp:test2' | chpasswd +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/group b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/gshadow b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/gshadow new file mode 100644 index 0000000..54dc57e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/gshadow @@ -0,0 +1,40 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/passwd b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/shadow b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/shadow new file mode 100644 index 0000000..f4f74a5 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/shadow @@ -0,0 +1,18 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/shadow b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/shadow new file mode 100644 index 0000000..090d61a --- /dev/null +++ b/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_DES test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +lp:@PASS_DES test2@:@TODAY@:::::: diff --git a/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test new file mode 100755 index 0000000..5760ca5 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test @@ -0,0 +1,55 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd fails if no password are provided" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody's and lp's password..." +echo 'nobody:test +lp' | chpasswd 2>tmp/chpasswd.err && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/chpasswd.err +echo "=======================================================================" +echo -n "Check that there were a failure message..." +diff -au data/chpasswd.err tmp/chpasswd.err +echo "error message OK." +rm -f tmp/chpasswd.err + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/group b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/gshadow b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password new file mode 100644 index 0000000..07f3f1d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure md5 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/passwd b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/shadow b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err new file mode 100644 index 0000000..a02b7d6 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err @@ -0,0 +1 @@ +chpasswd: line 2: missing new password diff --git a/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow new file mode 100644 index 0000000..658661b --- /dev/null +++ b/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_MD5 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test new file mode 100755 index 0000000..fda6230 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test @@ -0,0 +1,48 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can display its usage message" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Get chpasswd usage (chpasswd -h)..." +chpasswd -h >tmp/usage.out +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config.txt b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config.txt new file mode 100644 index 0000000..31f5635 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config.txt @@ -0,0 +1,10 @@ +# no testsuite password +# root password: rootF00barbaz +# myuser password: myuserF00barbaz + +user foo, in group users (only in /etc/group) +user foo, in group tty (only in /etc/gshadow) +user foo, in group floppy +user foo, admin of group disk +user foo, admin and member of group fax +user foo, admin and member of group cdrom (only in /etc/gshadow) diff --git a/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/group b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/gshadow b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/passwd b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/shadow b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/06_chpasswd_usage/data/usage.out b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/data/usage.out new file mode 100644 index 0000000..59c8b35 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/06_chpasswd_usage/data/usage.out @@ -0,0 +1,12 @@ +Usage: chpasswd [options] + +Options: + -c, --crypt-method METHOD the crypt method (one of NONE DES MD5 SHA256 SHA512) + -e, --encrypted supplied passwords are encrypted + -h, --help display this help message and exit + -m, --md5 encrypt the clear text password using + the MD5 algorithm + -R, --root CHROOT_DIR directory to chroot into + -s, --sha-rounds number of SHA rounds for the SHA* + crypt algorithms + diff --git a/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test new file mode 100755 index 0000000..f75e674 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd displays its usage message in case on non recognized option" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Get chpasswd usage (chpasswd --foo)..." +chpasswd --foo 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "2" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config.txt b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config.txt new file mode 100644 index 0000000..31f5635 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config.txt @@ -0,0 +1,10 @@ +# no testsuite password +# root password: rootF00barbaz +# myuser password: myuserF00barbaz + +user foo, in group users (only in /etc/group) +user foo, in group tty (only in /etc/gshadow) +user foo, in group floppy +user foo, admin of group disk +user foo, admin and member of group fax +user foo, admin and member of group cdrom (only in /etc/gshadow) diff --git a/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/group b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/gshadow b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/passwd b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/shadow b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/data/usage.out b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/data/usage.out new file mode 100644 index 0000000..4e26b6d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/data/usage.out @@ -0,0 +1,13 @@ +chpasswd: unrecognized option '--foo' +Usage: chpasswd [options] + +Options: + -c, --crypt-method METHOD the crypt method (one of NONE DES MD5 SHA256 SHA512) + -e, --encrypted supplied passwords are encrypted + -h, --help display this help message and exit + -m, --md5 encrypt the clear text password using + the MD5 algorithm + -R, --root CHROOT_DIR directory to chroot into + -s, --sha-rounds number of SHA rounds for the SHA* + crypt algorithms + diff --git a/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test new file mode 100755 index 0000000..ecfbb20 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd checks that -e and -m are not provided at the same time" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Password are encrypted and must use md5 (chpasswd -m -e)..." +echo 'nobody:test' | chpasswd -m -e 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "2" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config.txt b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config.txt new file mode 100644 index 0000000..31f5635 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config.txt @@ -0,0 +1,10 @@ +# no testsuite password +# root password: rootF00barbaz +# myuser password: myuserF00barbaz + +user foo, in group users (only in /etc/group) +user foo, in group tty (only in /etc/gshadow) +user foo, in group floppy +user foo, admin of group disk +user foo, admin and member of group fax +user foo, admin and member of group cdrom (only in /etc/gshadow) diff --git a/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/group b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/gshadow b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/passwd b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/passwd new file mode 100644 index 0000000..dbb06b8 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000::/nonexistent:/bin/sh diff --git a/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/shadow b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/data/usage.out b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/data/usage.out new file mode 100644 index 0000000..799c8dd --- /dev/null +++ b/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/data/usage.out @@ -0,0 +1,13 @@ +chpasswd: the -c, -e, and -m flags are exclusive +Usage: chpasswd [options] + +Options: + -c, --crypt-method METHOD the crypt method (one of NONE DES MD5 SHA256 SHA512) + -e, --encrypted supplied passwords are encrypted + -h, --help display this help message and exit + -m, --md5 encrypt the clear text password using + the MD5 algorithm + -R, --root CHROOT_DIR directory to chroot into + -s, --sha-rounds number of SHA rounds for the SHA* + crypt algorithms + diff --git a/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test new file mode 100755 index 0000000..ab5deec --- /dev/null +++ b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd checks that -e and -c are not provided at the same time" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Password are encrypted and must use another method (chpasswd -c SHA512 -e)..." +echo 'nobody:test' | chpasswd -c SHA512 -e 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "2" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config.txt b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config.txt new file mode 100644 index 0000000..31f5635 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config.txt @@ -0,0 +1,10 @@ +# no testsuite password +# root password: rootF00barbaz +# myuser password: myuserF00barbaz + +user foo, in group users (only in /etc/group) +user foo, in group tty (only in /etc/gshadow) +user foo, in group floppy +user foo, admin of group disk +user foo, admin and member of group fax +user foo, admin and member of group cdrom (only in /etc/gshadow) diff --git a/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/group b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/gshadow b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/passwd b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/passwd new file mode 100644 index 0000000..dbb06b8 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000::/nonexistent:/bin/sh diff --git a/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/shadow b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/data/usage.out b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/data/usage.out new file mode 100644 index 0000000..799c8dd --- /dev/null +++ b/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/data/usage.out @@ -0,0 +1,13 @@ +chpasswd: the -c, -e, and -m flags are exclusive +Usage: chpasswd [options] + +Options: + -c, --crypt-method METHOD the crypt method (one of NONE DES MD5 SHA256 SHA512) + -e, --encrypted supplied passwords are encrypted + -h, --help display this help message and exit + -m, --md5 encrypt the clear text password using + the MD5 algorithm + -R, --root CHROOT_DIR directory to chroot into + -s, --sha-rounds number of SHA rounds for the SHA* + crypt algorithms + diff --git a/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test new file mode 100755 index 0000000..fe2bbd7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd checks that -c and -m are not provided at the same time" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Password must use md5 and another method (chpasswd -m -c SHA256)..." +echo 'nobody:test' | chpasswd -m -c SHA256 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "2" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config.txt b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config.txt new file mode 100644 index 0000000..31f5635 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config.txt @@ -0,0 +1,10 @@ +# no testsuite password +# root password: rootF00barbaz +# myuser password: myuserF00barbaz + +user foo, in group users (only in /etc/group) +user foo, in group tty (only in /etc/gshadow) +user foo, in group floppy +user foo, admin of group disk +user foo, admin and member of group fax +user foo, admin and member of group cdrom (only in /etc/gshadow) diff --git a/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/group b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/gshadow b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/passwd b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/passwd new file mode 100644 index 0000000..dbb06b8 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000::/nonexistent:/bin/sh diff --git a/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/shadow b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/data/usage.out b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/data/usage.out new file mode 100644 index 0000000..799c8dd --- /dev/null +++ b/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/data/usage.out @@ -0,0 +1,13 @@ +chpasswd: the -c, -e, and -m flags are exclusive +Usage: chpasswd [options] + +Options: + -c, --crypt-method METHOD the crypt method (one of NONE DES MD5 SHA256 SHA512) + -e, --encrypted supplied passwords are encrypted + -h, --help display this help message and exit + -m, --md5 encrypt the clear text password using + the MD5 algorithm + -R, --root CHROOT_DIR directory to chroot into + -s, --sha-rounds number of SHA rounds for the SHA* + crypt algorithms + diff --git a/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test new file mode 100755 index 0000000..29982fc --- /dev/null +++ b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd checks that -c is provided if -s is used" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Password must use md5 and another method (chpasswd --sha-rounds 12)..." +echo 'nobody:test' | chpasswd --sha-rounds 12 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "2" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config.txt b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config.txt new file mode 100644 index 0000000..31f5635 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config.txt @@ -0,0 +1,10 @@ +# no testsuite password +# root password: rootF00barbaz +# myuser password: myuserF00barbaz + +user foo, in group users (only in /etc/group) +user foo, in group tty (only in /etc/gshadow) +user foo, in group floppy +user foo, admin of group disk +user foo, admin and member of group fax +user foo, admin and member of group cdrom (only in /etc/gshadow) diff --git a/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/group b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/gshadow b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/passwd b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/passwd new file mode 100644 index 0000000..dbb06b8 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000::/nonexistent:/bin/sh diff --git a/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/shadow b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/data/usage.out b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/data/usage.out new file mode 100644 index 0000000..ab133e2 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/data/usage.out @@ -0,0 +1,13 @@ +chpasswd: -s flag is only allowed with the -c flag +Usage: chpasswd [options] + +Options: + -c, --crypt-method METHOD the crypt method (one of NONE DES MD5 SHA256 SHA512) + -e, --encrypted supplied passwords are encrypted + -h, --help display this help message and exit + -m, --md5 encrypt the clear text password using + the MD5 algorithm + -R, --root CHROOT_DIR directory to chroot into + -s, --sha-rounds number of SHA rounds for the SHA* + crypt algorithms + diff --git a/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test new file mode 100755 index 0000000..1b478f9 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd checks the -s argument" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Password must use md5 and another method (chpasswd --sha-rounds 12foo -c SHA512)..." +echo 'nobody:test' | chpasswd --sha-rounds 12foo -c SHA512 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "2" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config.txt b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config.txt new file mode 100644 index 0000000..31f5635 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config.txt @@ -0,0 +1,10 @@ +# no testsuite password +# root password: rootF00barbaz +# myuser password: myuserF00barbaz + +user foo, in group users (only in /etc/group) +user foo, in group tty (only in /etc/gshadow) +user foo, in group floppy +user foo, admin of group disk +user foo, admin and member of group fax +user foo, admin and member of group cdrom (only in /etc/gshadow) diff --git a/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/group b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/gshadow b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/passwd b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/passwd new file mode 100644 index 0000000..dbb06b8 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000::/nonexistent:/bin/sh diff --git a/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/shadow b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/data/usage.out b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/data/usage.out new file mode 100644 index 0000000..bcfcf6d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/data/usage.out @@ -0,0 +1,13 @@ +chpasswd: invalid numeric argument '12foo' +Usage: chpasswd [options] + +Options: + -c, --crypt-method METHOD the crypt method (one of NONE DES MD5 SHA256 SHA512) + -e, --encrypted supplied passwords are encrypted + -h, --help display this help message and exit + -m, --md5 encrypt the clear text password using + the MD5 algorithm + -R, --root CHROOT_DIR directory to chroot into + -s, --sha-rounds number of SHA rounds for the SHA* + crypt algorithms + diff --git a/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test new file mode 100755 index 0000000..a2f653c --- /dev/null +++ b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd checks the -c argument" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Password must use md5 and another method (chpasswd --crypt-method SHA513)..." +echo 'nobody:test' | chpasswd --crypt-method SHA513 2>tmp/usage.out && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "2" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/usage.out +echo "=======================================================================" +echo -n "Check the usage message..." +diff -au data/usage.out tmp/usage.out +echo "usage message OK." +rm -f tmp/usage.out + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config.txt b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config.txt new file mode 100644 index 0000000..31f5635 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config.txt @@ -0,0 +1,10 @@ +# no testsuite password +# root password: rootF00barbaz +# myuser password: myuserF00barbaz + +user foo, in group users (only in /etc/group) +user foo, in group tty (only in /etc/gshadow) +user foo, in group floppy +user foo, admin of group disk +user foo, admin and member of group fax +user foo, admin and member of group cdrom (only in /etc/gshadow) diff --git a/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/group b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/gshadow b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/passwd b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/passwd new file mode 100644 index 0000000..dbb06b8 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000::/nonexistent:/bin/sh diff --git a/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/shadow b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/data/usage.out b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/data/usage.out new file mode 100644 index 0000000..2c9e5aa --- /dev/null +++ b/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/data/usage.out @@ -0,0 +1,13 @@ +chpasswd: unsupported crypt method: SHA513 +Usage: chpasswd [options] + +Options: + -c, --crypt-method METHOD the crypt method (one of NONE DES MD5 SHA256 SHA512) + -e, --encrypted supplied passwords are encrypted + -h, --help display this help message and exit + -m, --md5 encrypt the clear text password using + the MD5 algorithm + -R, --root CHROOT_DIR directory to chroot into + -s, --sha-rounds number of SHA rounds for the SHA* + crypt algorithms + diff --git a/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test new file mode 100755 index 0000000..3591462 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use encrypted password" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd -e)..." +echo 'nobody:test +lp:test2' | chpasswd -e +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/group b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/gshadow b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/passwd b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/shadow b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/data/shadow b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/data/shadow new file mode 100644 index 0000000..269ee68 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:test2:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:test:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test new file mode 100755 index 0000000..534fb6f --- /dev/null +++ b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use create md5 passwords" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd --md5)..." +echo 'nobody:test +lp:test2' | chpasswd --md5 +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/group b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/gshadow b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/passwd b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/shadow b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/data/shadow b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/data/shadow new file mode 100644 index 0000000..cb54856 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_MD5 test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_MD5 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test new file mode 100755 index 0000000..e7c1b4e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use encrypted passwords" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd -c NONE)..." +echo 'nobody:test +lp:test2' | chpasswd -c NONE +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/group b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/gshadow b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/passwd b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/shadow b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/data/shadow b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/data/shadow new file mode 100644 index 0000000..269ee68 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:test2:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:test:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test new file mode 100755 index 0000000..f7da2c6 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use create MD5 passwords" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd --crypt-method MD5)..." +echo 'nobody:test +lp:test2' | chpasswd --crypt-method MD5 +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/group b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/gshadow b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/passwd b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/shadow b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/data/shadow b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/data/shadow new file mode 100644 index 0000000..cb54856 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_MD5 test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_MD5 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test new file mode 100755 index 0000000..750b82f --- /dev/null +++ b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use create DES passwords" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd --crypt-method DES)..." +echo 'nobody:test +lp:test2' | chpasswd --crypt-method DES +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/group b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/gshadow b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/passwd b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/shadow b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/data/shadow b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/data/shadow new file mode 100644 index 0000000..d69c00c --- /dev/null +++ b/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_DES test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_DES test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test new file mode 100755 index 0000000..56c67bf --- /dev/null +++ b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use create SHA256 passwords" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA256)..." +echo 'nobody:test +lp:test2' | chpasswd --crypt-method SHA256 +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/group b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/gshadow b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/passwd b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/shadow b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/data/shadow b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/data/shadow new file mode 100644 index 0000000..2705a06 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test new file mode 100755 index 0000000..9a0b0d7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test @@ -0,0 +1,41 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use create SHA256 passwords and use at least 1000 rounds" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA256 -s 900)..." +echo 'nobody:test +lp:test2' | chpasswd --crypt-method SHA256 -s 900 +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +grep nobody /etc/shadow | grep -q ':\$5\$rounds=1000\$' +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/group b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/gshadow b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/passwd b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/shadow b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/data/shadow b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/data/shadow new file mode 100644 index 0000000..2705a06 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test new file mode 100755 index 0000000..6f5f586 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test @@ -0,0 +1,41 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use create SHA256 passwords and use the requested number of rounds" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA256 -s 9000)..." +echo 'nobody:test +lp:test2' | chpasswd --crypt-method SHA256 -s 9000 +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +grep nobody /etc/shadow | grep -q ':\$5\$rounds=9000\$' +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/group b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/gshadow b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/passwd b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/shadow b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/data/shadow b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/data/shadow new file mode 100644 index 0000000..2705a06 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test new file mode 100755 index 0000000..856665f --- /dev/null +++ b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use create SHA512 passwords" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA512)..." +echo 'nobody:test +lp:test2' | chpasswd --crypt-method SHA512 +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/group b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/gshadow b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/passwd b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/shadow b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/data/shadow b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/data/shadow new file mode 100644 index 0000000..83bc0c9 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test new file mode 100755 index 0000000..4382ab5 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test @@ -0,0 +1,41 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use create SHA512 passwords and use at least 1000 rounds" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA512 -s 900)..." +echo 'nobody:test +lp:test2' | chpasswd --crypt-method SHA512 -s 900 +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +grep nobody /etc/shadow | grep -q ':\$6\$rounds=1000\$' +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/group b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/gshadow b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/passwd b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/shadow b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/data/shadow b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/data/shadow new file mode 100644 index 0000000..83bc0c9 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test new file mode 100755 index 0000000..f42c7be --- /dev/null +++ b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test @@ -0,0 +1,41 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use create SHA512 passwords and use the requested number of rounds" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA512 -s 9000)..." +echo 'nobody:test +lp:test2' | chpasswd --crypt-method SHA512 -s 9000 +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +grep nobody /etc/shadow | grep -q ':\$6\$rounds=9000\$' +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/group b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/gshadow b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/passwd b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/shadow b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/data/shadow b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/data/shadow new file mode 100644 index 0000000..83bc0c9 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test new file mode 100755 index 0000000..ce881e8 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test @@ -0,0 +1,44 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd changes the passwd file if shadow does not exist" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Remove /etc/shadow..." +rm -f /etc/shadow +echo "OK" + +echo -n "Change nobody's and lp's password..." +echo 'nobody:test +lp:test2' | chpasswd -e +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check that shadow does not exist..." +test ! -f /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/group b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/gshadow b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/common-password new file mode 100644 index 0000000..07f3f1d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure md5 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/passwd b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/shadow b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/data/passwd b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/data/passwd new file mode 100644 index 0000000..0489957 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/data/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:test2:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:test:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test new file mode 100755 index 0000000..7aa511e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test @@ -0,0 +1,59 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd changes the passwd file if shadow does not exist" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Remove /etc/shadow..." +rm -f /etc/shadow +echo "OK" + +echo -n "Change nobody's and lp's password..." +echo 'nobody:test +lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/chpasswd.err +echo "=======================================================================" +echo -n "Check that there were a failure message..." +diff -au data/chpasswd.err tmp/chpasswd.err +echo "error message OK." +rm -f tmp/chpasswd.err + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check that shadow does not exist..." +test ! -f /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/group b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/gshadow b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/common-password new file mode 100644 index 0000000..07f3f1d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure md5 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/passwd b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/shadow b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/data/chpasswd.err b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/data/chpasswd.err new file mode 100644 index 0000000..498b5c8 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/data/chpasswd.err @@ -0,0 +1,6 @@ +chpasswd: (user nobody) pam_chauthtok() failed, error: +Authentication token manipulation error +chpasswd: (line 1, user nobody) password not changed +chpasswd: (user lp) pam_chauthtok() failed, error: +Authentication token manipulation error +chpasswd: (line 2, user lp) password not changed diff --git a/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test new file mode 100755 index 0000000..0578c1f --- /dev/null +++ b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test @@ -0,0 +1,59 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd changes the passwd file if shadow does not exist" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Remove /etc/shadow..." +rm -f /etc/shadow +echo "OK" + +echo -n "Change nobody's and lp's password..." +echo 'nobody:test +lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/chpasswd.err +echo "=======================================================================" +echo -n "Check that there were a failure message..." +diff -au data/chpasswd.err tmp/chpasswd.err +echo "error message OK." +rm -f tmp/chpasswd.err + +echo -n "Check the passwd file..." +../../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check that shadow does not exist..." +test ! -f /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/group b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/gshadow b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/common-password new file mode 100644 index 0000000..07f3f1d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure md5 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/passwd b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/passwd new file mode 100644 index 0000000..0d29119 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/shadow b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/chpasswd.err b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/chpasswd.err new file mode 100644 index 0000000..1381d0e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/chpasswd.err @@ -0,0 +1,3 @@ +chpasswd: (user lp) pam_chauthtok() failed, error: +Authentication token manipulation error +chpasswd: (line 2, user lp) password not changed diff --git a/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/passwd b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/passwd new file mode 100644 index 0000000..9a44671 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:@PASS_MD5 test@:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test new file mode 100755 index 0000000..0578c1f --- /dev/null +++ b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test @@ -0,0 +1,59 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd changes the passwd file if shadow does not exist" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Remove /etc/shadow..." +rm -f /etc/shadow +echo "OK" + +echo -n "Change nobody's and lp's password..." +echo 'nobody:test +lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/chpasswd.err +echo "=======================================================================" +echo -n "Check that there were a failure message..." +diff -au data/chpasswd.err tmp/chpasswd.err +echo "error message OK." +rm -f tmp/chpasswd.err + +echo -n "Check the passwd file..." +../../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check that shadow does not exist..." +test ! -f /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/group b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/gshadow b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/common-password new file mode 100644 index 0000000..07f3f1d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure md5 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/passwd b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/passwd new file mode 100644 index 0000000..6ba390f --- /dev/null +++ b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:bar:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/shadow b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/chpasswd.err b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/chpasswd.err new file mode 100644 index 0000000..9eb11ca --- /dev/null +++ b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/chpasswd.err @@ -0,0 +1,3 @@ +chpasswd: (user nobody) pam_chauthtok() failed, error: +Authentication token manipulation error +chpasswd: (line 1, user nobody) password not changed diff --git a/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/passwd b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/passwd new file mode 100644 index 0000000..978ea44 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:@PASS_MD5 test2@:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test new file mode 100755 index 0000000..c341285 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test @@ -0,0 +1,43 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries" +# FIXME: The PAM and !PAM versions differs: +# PAM will create a shadow entry if the shadow file exists +# !PAM will update the passwd entry and leave the shadow file untouched + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody's and lp's password..." +echo 'nobody:test +lp:test2' | chpasswd -e +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/group b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/gshadow b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/gshadow new file mode 100644 index 0000000..54dc57e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/gshadow @@ -0,0 +1,40 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/passwd b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/shadow b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/shadow new file mode 100644 index 0000000..f4f74a5 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/shadow @@ -0,0 +1,18 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/passwd b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/shadow b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/shadow new file mode 100644 index 0000000..fcb19db --- /dev/null +++ b/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:test:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +lp:test2:@TODAY@:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test new file mode 100755 index 0000000..a18f912 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test @@ -0,0 +1,61 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd checks if the passwd file is locked" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0 + +change_config + +echo -n "Create lock file for /etc/passwd..." +touch /etc/passwd.lock +echo "done" + +echo -n "Change passwords (chpasswd -e)..." +echo 'nobody:test +lp:test2' | chpasswd -e 2>tmp/chpasswd.err && exit 1 || { + status=$? +} +echo "OK" + +rm -f /etc/passwd.lock + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/chpasswd.err +echo "=======================================================================" +echo -n "Check that there were a failure message..." +diff -au data/chpasswd.err tmp/chpasswd.err +echo "error message OK." +rm -f tmp/chpasswd.err + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config.txt b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config.txt diff --git a/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/group b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/group new file mode 100644 index 0000000..b6fae89 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3:root +adm:x:4:root,foo +tty:x:5: +disk:x:6: +lp:x:7:foo,root +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21:foo +voice:x:22: +cdrom:x:24: +floppy:x:25:foo +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100:foo +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/gshadow b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/gshadow new file mode 100644 index 0000000..1f2ba8d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*::root +adm:*::root,foo +tty:*::foo +disk:*:foo: +lp:*::foo,root +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:foo:foo +voice:*:: +cdrom:*:foo:foo +floppy:*::foo +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/passwd b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/passwd new file mode 100644 index 0000000..bf52df0 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000::/home/foo:/bin/false diff --git a/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/shadow b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/shadow new file mode 100644 index 0000000..2baad3b --- /dev/null +++ b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/data/chpasswd.err b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/data/chpasswd.err new file mode 100644 index 0000000..468b8b6 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/data/chpasswd.err @@ -0,0 +1,2 @@ +chpasswd: existing lock file /etc/passwd.lock without a PID +chpasswd: cannot lock /etc/passwd; try again later. diff --git a/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test new file mode 100755 index 0000000..3686758 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test @@ -0,0 +1,61 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd checks if the shadow file is locked" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0 + +change_config + +echo -n "Create lock file for /etc/shadow..." +touch /etc/shadow.lock +echo "done" + +echo -n "Change passwords (chpasswd -e)..." +echo 'nobody:test +lp:test2' | chpasswd -e 2>tmp/chpasswd.err && exit 1 || { + status=$? +} +echo "OK" + +rm -f /etc/shadow.lock + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/chpasswd.err +echo "=======================================================================" +echo -n "Check that there were a failure message..." +diff -au data/chpasswd.err tmp/chpasswd.err +echo "error message OK." +rm -f tmp/chpasswd.err + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config.txt b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config.txt diff --git a/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/group b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/group new file mode 100644 index 0000000..b6fae89 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3:root +adm:x:4:root,foo +tty:x:5: +disk:x:6: +lp:x:7:foo,root +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21:foo +voice:x:22: +cdrom:x:24: +floppy:x:25:foo +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100:foo +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/gshadow b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/gshadow new file mode 100644 index 0000000..1f2ba8d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*::root +adm:*::root,foo +tty:*::foo +disk:*:foo: +lp:*::foo,root +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:foo:foo +voice:*:: +cdrom:*:foo:foo +floppy:*::foo +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/passwd b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/passwd new file mode 100644 index 0000000..bf52df0 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000::/home/foo:/bin/false diff --git a/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/shadow b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/shadow new file mode 100644 index 0000000..2baad3b --- /dev/null +++ b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/data/chpasswd.err b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/data/chpasswd.err new file mode 100644 index 0000000..507310f --- /dev/null +++ b/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/data/chpasswd.err @@ -0,0 +1,2 @@ +chpasswd: existing lock file /etc/shadow.lock without a PID +chpasswd: cannot lock /etc/shadow; try again later. diff --git a/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test new file mode 100755 index 0000000..05bf394 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test @@ -0,0 +1,56 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd checks that users exist" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change passwords (chpasswd)..." +echo 'nobody:test +bar:bar2 +lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/chpasswd.err +echo "=======================================================================" +echo -n "Check that there were a failure message..." +diff -au data/chpasswd.err tmp/chpasswd.err +echo "error message OK." +rm -f tmp/chpasswd.err + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config.txt b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config.txt diff --git a/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/group b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/group new file mode 100644 index 0000000..b6fae89 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3:root +adm:x:4:root,foo +tty:x:5: +disk:x:6: +lp:x:7:foo,root +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21:foo +voice:x:22: +cdrom:x:24: +floppy:x:25:foo +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100:foo +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/gshadow b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/gshadow new file mode 100644 index 0000000..1f2ba8d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*::root +adm:*::root,foo +tty:*::foo +disk:*:foo: +lp:*::foo,root +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:foo:foo +voice:*:: +cdrom:*:foo:foo +floppy:*::foo +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/passwd b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/passwd new file mode 100644 index 0000000..bf52df0 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000::/home/foo:/bin/false diff --git a/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/shadow b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/shadow new file mode 100644 index 0000000..2baad3b --- /dev/null +++ b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/chpasswd.err b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/chpasswd.err new file mode 100644 index 0000000..245a3b2 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/chpasswd.err @@ -0,0 +1,3 @@ +chpasswd: (user bar) pam_chauthtok() failed, error: +Authentication token manipulation error +chpasswd: (line 2, user bar) password not changed diff --git a/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/shadow b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/shadow new file mode 100644 index 0000000..958f25b --- /dev/null +++ b/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test new file mode 100755 index 0000000..05c6a31 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test @@ -0,0 +1,56 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd checks that users exist" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change passwords (chpasswd -e)..." +echo 'nobody:test +bar:bar2 +lp:test2' | chpasswd -e 2>tmp/chpasswd.err && exit 1 || { + status=$? +} +echo "OK" + +echo -n "Check returned status ($status)..." +test "$status" = "1" +echo "OK" + +echo "chpasswd reported:" +echo "=======================================================================" +cat tmp/chpasswd.err +echo "=======================================================================" +echo -n "Check that there were a failure message..." +diff -au data/chpasswd.err tmp/chpasswd.err +echo "error message OK." +rm -f tmp/chpasswd.err + +echo -n "Check the passwd file..." +../../../common/compare_file.pl config/etc/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl config/etc/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config.txt b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config.txt diff --git a/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/default/useradd b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/default/useradd new file mode 100644 index 0000000..31c44ab --- /dev/null +++ b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/default/useradd @@ -0,0 +1,36 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/foobar +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +GROUP=10 +# +# The default home directory. Same as DHOME for adduser +HOME=/tmp +# +# The number of days after a password expires until the account +# is permanently disabled +INACTIVE=12 +# +# The default expire date +EXPIRE=2007-12-02 +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes diff --git a/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/group b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/group new file mode 100644 index 0000000..b6fae89 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3:root +adm:x:4:root,foo +tty:x:5: +disk:x:6: +lp:x:7:foo,root +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21:foo +voice:x:22: +cdrom:x:24: +floppy:x:25:foo +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100:foo +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/gshadow b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/gshadow new file mode 100644 index 0000000..1f2ba8d --- /dev/null +++ b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*::root +adm:*::root,foo +tty:*::foo +disk:*:foo: +lp:*::foo,root +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:foo:foo +voice:*:: +cdrom:*:foo:foo +floppy:*::foo +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/passwd b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/passwd new file mode 100644 index 0000000..bf52df0 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000::/home/foo:/bin/false diff --git a/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/shadow b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/shadow new file mode 100644 index 0000000..2baad3b --- /dev/null +++ b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/shadow @@ -0,0 +1,20 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/data/chpasswd.err b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/data/chpasswd.err new file mode 100644 index 0000000..7182e70 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/data/chpasswd.err @@ -0,0 +1,2 @@ +chpasswd: line 2: user 'bar' does not exist +chpasswd: error detected, changes ignored diff --git a/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test new file mode 100755 index 0000000..5e3bc03 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../../common/config.sh +. ../../../common/log.sh + +log_start "$0" "chpasswd can use encrypted password" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo -n "Change nobody and lp's password (chpasswd -e)..." +echo 'nobody:test +lp:test2' | chpasswd -e +echo "OK" + +echo -n "Check the passwd file..." +../../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../../common/compare_file.pl config/etc/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the gshadow file..." +../../../common/compare_file.pl config/etc/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + diff --git a/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/group b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/gshadow b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/chpasswd b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/chpasswd new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/chpasswd @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/common-password b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/common-password new file mode 100644 index 0000000..06c59a7 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/passwd b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/passwd new file mode 100644 index 0000000..5648ba0 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:oldpass:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/shadow b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/shadow new file mode 100644 index 0000000..5f50d18 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/passwd b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/passwd new file mode 100644 index 0000000..1ed98b3 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:test2:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/shadow b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/shadow new file mode 100644 index 0000000..269ee68 --- /dev/null +++ b/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/shadow @@ -0,0 +1,19 @@ +root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:test2:@TODAY@:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:test:@TODAY@:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: |