diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:37:39 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:37:39 +0000 |
commit | c015179efce5825c16d68ec81530d82631cd2cf7 (patch) | |
tree | 186c902f87903d06ece7d840b230c37383e86f50 /debian/tests/01-getroot | |
parent | Adding upstream version 1.9.13p3. (diff) | |
download | sudo-c015179efce5825c16d68ec81530d82631cd2cf7.tar.xz sudo-c015179efce5825c16d68ec81530d82631cd2cf7.zip |
Adding debian version 1.9.13p3-1+deb12u1.debian/1.9.13p3-1+deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rwxr-xr-x | debian/tests/01-getroot | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/debian/tests/01-getroot b/debian/tests/01-getroot new file mode 100755 index 0000000..4edef3e --- /dev/null +++ b/debian/tests/01-getroot @@ -0,0 +1,100 @@ +#!/bin/sh + +set -e + +# set a root password so that we can later replace sudo with sudo-ldap +# see #1001858 +passwd=$(getent shadow root|cut -f2 -d:) +passwd1=$(echo "$passwd" |cut -c1) +# Note: we do need the 'xfoo' syntax here, since POSIX special-cases +# the $passwd value '!' as negation. +if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then + echo "root:rootpassword" | chpasswd +fi + +TESTNR="01" +BASEDIR="$(pwd)/debian/tests" +COMMONDIR="${BASEDIR}/common" +DIR="${BASEDIR}/${TESTNR}" +PATH="/bin:/usr/bin:/sbin:/usr/sbin" +ACCTA="test${TESTNR}a" +ACCTB="test${TESTNR}b" +PASSWD="test${TESTNR}23456" +HOMEDIRA="/home/${ACCTA}" +HOMEDIRB="/home/${ACCTB}" +LDIFDIR="${DIR}/ldif" + +trap ' + deluser --remove-home "${ACCTA}" 2>/dev/null || true + deluser --remove-home "${ACCTB}" 2>/dev/null || true +' 0 INT QUIT ABRT PIPE TERM + +printf > /etc/hosts "127.0.1.1 %s\n" "$(hostname)" +cat /etc/hosts + +printf "========= test %s\.1: account group member, correct password\n" "${TESTNR}" +deluser ${ACCTA} 2>/dev/null || true +adduser --disabled-password --home "${HOMEDIRA}" --gecos "" "${ACCTA}" +printf "%s:%s\n" "${ACCTA}" "${PASSWD}" | chpasswd +adduser "${ACCTA}" sudo +RET=0 +printf "trying %s with correct password\n" "${ACCTA}" +su - "${ACCTA}" -c "${COMMONDIR}/asuser ${PASSWD}" || RET=$? +printf "%s with correct password, return value %s\n" "${ACCTA}" "${RET}" +if [ "$(cat ${HOMEDIRA}/stdout)" != "0" ]; then + echo >&2 id -u did not give 0 + printf >&2 "stdout:\n" + cat >&2 ${HOMEDIRA}/stdout + printf >&2 "stderr:\n" + cat >&2 ${HOMEDIRA}/stderr + printf >&2 "exit code %s\n" "${RET}" + printf >&2 "exit 1\n" "${RET}" + exit 1 +fi + +printf "========= test %s\.2: account group member, wrong password\n" "${TESTNR}" +rm -f "${HOMEDIRA}/std*" +RET=0 +printf "trying %s with wrong password\n" "${ACCTA}" +su - "${ACCTA}" -c "${COMMONDIR}/asuser wrongpasswd" || RET=$? +printf "%s with wrong password, return value %s\n" "${ACCTA}" "${RET}" +head -n-0 ${HOMEDIRA}/stdout ${HOMEDIRA}/stderr +printf -- "\n-------\n" +for string in "[sudo] password for ${ACCTA}" "Sorry, try again" "sudo: no password was provided" "sudo: 1 incorrect password attempt"; do + if ! grep -F "${string}" ${HOMEDIRA}/stderr; then + printf "%s missing in stderr output\n" "${string}" + printf >&2 "stdout:\n" + cat >&2 ${HOMEDIRA}/stdout + printf >&2 "stderr:\n" + cat >&2 ${HOMEDIRA}/stderr + printf >&2 "\nexit code %s\n" "${RET}" + printf >&2 -- "------\n exit 1\n" + exit 1 + fi +done + +printf "========= test %s\.3: account not group member, correct password\n" "${TESTNR}" +deluser ${ACCTB} 2>/dev/null || true +adduser --disabled-password --home "${HOMEDIRB}" --gecos "" "${ACCTB}" +printf "%s:%s\n" "${ACCTB}" "${PASSWD}" | chpasswd +RET=0 +printf "trying %s (no sudo membership) with correct password\n" "${ACCTB}" +su - "${ACCTB}" -c "${COMMONDIR}/asuser ${PASSWD}" || RET=$? +printf "%s with correct password, return value %s\n" "${ACCTB}" "${RET}" +head -n-0 ${HOMEDIRB}/stdout ${HOMEDIRA}/stderr +printf -- "\n-------\n" +for string in "[sudo] password for ${ACCTB}" "${ACCTB} is not in the sudoers file"; do + if ! grep -F "${string}" ${HOMEDIRB}/stderr; then + printf "%s missing in stderr output\n" "${string}" + printf >&2 "stdout:\n" + cat >&2 ${HOMEDIRB}/stdout + printf >&2 "stderr:\n" + cat >&2 ${HOMEDIRB}/stderr + printf >&2 "\nexit code %s\n" "${RET}" + printf >&2 -- "------\n exit 1\n" + exit 1 + fi +done + +printf "test series sucessful, exit 0\n" +exit 0 |