diff options
Diffstat (limited to 'tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM')
13 files changed, 331 insertions, 0 deletions
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config.txt b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config.txt diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/group b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/group new file mode 100644 index 0000000..1012390 --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/group @@ -0,0 +1,41 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/gshadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/gshadow new file mode 100644 index 0000000..ae42486 --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/gshadow @@ -0,0 +1,41 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/common-password new file mode 100644 index 0000000..a15d7a6 --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/common-password @@ -0,0 +1,33 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure sha256 rounds=3000 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/newusers new file mode 100644 index 0000000..552045e --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/newusers @@ -0,0 +1,6 @@ +# +# The PAM configuration file for the Shadow `chpasswd' service +# + +@include common-password + diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/passwd b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/passwd new file mode 100644 index 0000000..43fc135 --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/passwd @@ -0,0 +1,19 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/shadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/shadow new file mode 100644 index 0000000..031ce88 --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/shadow @@ -0,0 +1,19 @@ +root::12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/group b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/group new file mode 100644 index 0000000..fecba0c --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/group @@ -0,0 +1,42 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +crontab:x:101: +Debian-exim:x:102: +foo:x:1000: diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/gshadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/gshadow new file mode 100644 index 0000000..5042e58 --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/gshadow @@ -0,0 +1,42 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +gnats:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*:: +nogroup:*:: +crontab:x:: +Debian-exim:x:: +foo:*:: diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/newusers.list b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/newusers.list new file mode 100644 index 0000000..9c40fa2 --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/newusers.list @@ -0,0 +1 @@ +foo:fooPass:::User Foo - Gecos Field::/bin/sh diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/passwd b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/passwd new file mode 100644 index 0000000..7bf7386 --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/passwd @@ -0,0 +1,20 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +Debian-exim:x:102:102::/var/spool/exim4:/bin/false +foo:x:1000:1000:User Foo - Gecos Field::/bin/sh diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/shadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/shadow new file mode 100644 index 0000000..b07274f --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/shadow @@ -0,0 +1,20 @@ +root::12991:0:99999:7::: +daemon:*:12977:0:99999:7::: +bin:*:12977:0:99999:7::: +sys:*:12977:0:99999:7::: +sync:*:12977:0:99999:7::: +games:*:12977:0:99999:7::: +man:*:12977:0:99999:7::: +lp:*:12977:0:99999:7::: +mail:*:12977:0:99999:7::: +news:*:12977:0:99999:7::: +uucp:*:12977:0:99999:7::: +proxy:*:12977:0:99999:7::: +www-data:*:12977:0:99999:7::: +backup:*:12977:0:99999:7::: +list:*:12977:0:99999:7::: +irc:*:12977:0:99999:7::: +gnats:*:12977:0:99999:7::: +nobody:*:12977:0:99999:7::: +Debian-exim:!:12977:0:99999:7::: +foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7::: diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test new file mode 100755 index 0000000..6260beb --- /dev/null +++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test @@ -0,0 +1,47 @@ +#!/bin/sh + +set -e + +cd $(dirname $0) + +. ../../common/config.sh +. ../../common/log.sh + +log_start "$0" "newusers can encrypt the passwords with the SHA256 algorithm and a specified number of rounds" + +save_config + +# restore the files on exit +trap 'log_status "$0" "FAILURE"; restore_config' 0 + +change_config + +echo "newusers -c SHA256 -s 3000 data/newusers.list" +newusers data/newusers.list + +echo -n "Check the passwd file..." +../../common/compare_file.pl data/passwd /etc/passwd +echo "OK" +echo -n "Check the group file..." +../../common/compare_file.pl data/group /etc/group +echo "OK" +echo -n "Check the shadow file..." +../../common/compare_file.pl data/shadow /etc/shadow +echo "OK" +echo -n "Check the number of rounds..." +rounds=$(sed -n 's/^foo:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow) +echo -n "($rounds)..." +if [ ! "$rounds" = 3000 ]; then + echo "Wrong number of rounds" + grep "^foo:" /etc/shadow + exit 1 +fi +echo "OK" +echo -n "Check the gshadow file..." +../../common/compare_file.pl data/gshadow /etc/gshadow +echo "OK" + +log_status "$0" "SUCCESS" +restore_config +trap '' 0 + |