implement test cases for some of the common PAM actions (test environment required for this)

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1398 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2011-03-18 15:33:50 +0100
committer: Arthur de Jong <arthur@arthurdejong.org> 2011-03-18 15:33:50 +0100
commit: e7c95cfdb8698109dce244c748dd292e0dcd5dd3 (patch)
tree: 78646728a6e44fe25e4e896bf87e33b6ea80d5aa
parent: 2927aaa0b3796443821fff5b9043faafe2ffd542 (diff)
5 files changed, 302 insertions, 37 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am
index cc5042a..272ce04 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -19,12 +19,13 @@
 # 02110-1301 USA
 
 TESTS = test_dict test_set test_tio test_cfg test_myldap.sh test_nsscmds.sh \
-        test_getpeercred test_common test_expr
+        test_pamcmds.sh test_getpeercred test_common test_expr
 
 check_PROGRAMS = test_dict test_set test_tio test_cfg test_myldap \
                  test_getpeercred test_common test_expr
 
-EXTRA_DIST = nslcd-test.conf test_myldap.sh test_nsscmds.sh usernames.txt
+EXTRA_DIST = nslcd-test.conf test_myldap.sh test_nsscmds.sh test_pamcmds.sh \
+             in_testenv.sh test_pamcmds.expect usernames.txt
 
 CLEANFILES = $(EXTRA_PROGRAMS)
 
diff --git a/tests/in_testenv.sh b/tests/in_testenv.sh
new file mode 100755
index 0000000..5137140
--- /dev/null
+++ b/tests/in_testenv.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+# in_testenv.sh - script to check whether we are running in test environment
+#
+# Copyright (C) 2011 Arthur de Jong
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+# This script expects to be run in an environment where nss-pam-ldapd
+# is deployed with an LDAP server with the proper content (and nslcd running).
+# It's probably best to run this in an environment without nscd (this breaks
+# the services tests).
+
+# check if LDAP is configured correctly
+cfgfile="/etc/nslcd.conf"
+if [ -r "$cfgfile" ]
+then
+  :
+else
+  echo "$0: $cfgfile: not found"
+  exit 77
+fi
+
+uri=`sed -n 's/^uri *//p' "$cfgfile" | head -n 1`
+base="dc=test,dc=tld"
+
+# try to fetch the base DN (fail with exit 77 to indicate problem)
+ldapsearch -b "$base" -s base -x -H "$uri" > /dev/null 2>&1 || {
+  echo "$0: LDAP server $uri not available for $base"
+  exit 77
+}
+
+# basic check to see if nslcd is running
+if [ -S /var/run/nslcd/socket ] && \
+   [ -f /var/run/nslcd/nslcd.pid ] && \
+   kill -s 0 `cat /var/run/nslcd/nslcd.pid` > /dev/null 2>&1
+then
+  :
+else
+  echo "$0: nslcd not running"
+  exit 77
+fi
+
+# TODO: check if nscd is running
+
+# TODO: check if /etc/nsswitch.conf is correct
+
+echo "$0: using LDAP server $uri"
diff --git a/tests/test_nsscmds.sh b/tests/test_nsscmds.sh
index b5975a3..13dd30c 100755
--- a/tests/test_nsscmds.sh
+++ b/tests/test_nsscmds.sh
@@ -26,41 +26,8 @@
 
 set -e
 
-# check if LDAP is configured correctly
-cfgfile="/etc/nslcd.conf"
-if [ -r "$cfgfile" ]
-then
-  :
-else
-  echo "test_nsscmds.sh: $cfgfile: not found"
-  exit 77
-fi
-
-uri=`sed -n 's/^uri *//p' "$cfgfile" | head -n 1`
-base="dc=test,dc=tld"
-
-# try to fetch the base DN (fail with exit 77 to indicate problem)
-ldapsearch -b "$base" -s base -x -H "$uri" > /dev/null 2>&1 || {
-  echo "test_nsscmds.sh: LDAP server $uri not available for $base"
-  exit 77
-}
-
-# basic check to see if nslcd is running
-if [ -S /var/run/nslcd/socket ] && \
-   [ -f /var/run/nslcd/nslcd.pid ] && \
-   kill -s 0 `cat /var/run/nslcd/nslcd.pid` > /dev/null 2>&1
-then
-  :
-else
-  echo "test_nsscmds.sh: nslcd not running"
-  exit 77
-fi
-
-# TODO: check if nscd is running
-
-# TODO: check if /etc/nsswitch.conf is correct
-
-echo "test_nsscmds.sh: using LDAP server $uri"
+# ensure that we are running in the test environment
+. ./in_testenv.sh
 
 # preload our own NSS module
 srcdir="${srcdir-"."}"
diff --git a/tests/test_pamcmds.expect b/tests/test_pamcmds.expect
new file mode 100755
index 0000000..bc80b86
--- /dev/null
+++ b/tests/test_pamcmds.expect
@@ -0,0 +1,201 @@
+#!/usr/bin/expect --
+
+# test_pamcmds.expect - test script to check output of PAM commands
+#
+# Copyright (C) 2011 Arthur de Jong
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+# basic configuration
+set timeout 5
+log_file -a -noappend test_pamcmds.log
+log_user 0
+
+# basic error handling
+proc abort {} {
+  global expect_out
+  send_user "\n\ntest_pamcmds.expect: ERROR found:\n"
+  send_user "$expect_out(buffer)\n"
+  exit 1
+}
+
+# function for resetting the password
+proc reset_password {} {
+  global expect_out
+  send_user "test_pamcmds.expect: resetting passwd...\n"
+  spawn passwd arthur
+  expect {
+    "LDAP administrator password" { send "test\r"; exp_continue }
+    -regexp "(New|Retype new) password:" { send "test\r"; exp_continue }
+    "password updated successfully" {}
+    "Invalid credentials" abort
+    "Authentication token manipulation error" abort
+    default abort
+  }
+  #close
+}
+
+# ensure that we are running as root
+if { [exec id -u] != "0" } {
+  send_user "test_pamcmds.expect: not running as root\n"
+  exit 77
+}
+# ensure that we are running in the test environment
+spawn ./in_testenv.sh
+expect {
+  "in_testenv.sh: using LDAP server" { expect eof }
+  eof {
+    send_user "test_pamcmds.expect: not running in test environment\n"
+    exit 77
+  }
+}
+
+# ensure that a correct password is set
+reset_password
+
+# start a shell as nobody
+send_user "test_pamcmds.expect: start shell...\n"
+spawn su - nobody -s /bin/sh
+expect "\$ "
+
+# function to do login, expecting OK result
+proc test_login_ok {uid passwd} {
+  send "su - $uid -s /bin/sh\r"
+  expect "Password:"
+  send "$passwd\r"
+  expect {
+    "\$ " {}
+    "su: " abort
+    default abort
+  }
+  # test whether we are really logged in
+  send "id\r"
+  expect {
+    -regexp "uid=\[0-9\]*\\($uid\\)" {}
+    "\$ " abort
+    default abort
+  }
+  expect "\$ "
+}
+
+# function to do login, expecting FAIL result
+proc test_login_authfail {uid passwd} {
+  send "su - $uid -s /bin/sh\r"
+  expect "Password:"
+  send "$passwd\r"
+  expect {
+    "su: Authentication failure" {}
+    "\$ " abort
+    default abort
+  }
+  expect "\$ "
+}
+
+# function to do login, expecting FAIL result
+proc test_login_unknown {uid passwd} {
+  send "su - $uid -s /bin/sh\r"
+  expect "Password:"
+  send "$passwd\r"
+  expect {
+    "Unknown id" {}
+    "\$ " abort
+    default abort
+  }
+  expect "\$ "
+}
+
+# test incorrect password
+send_user "test_pamcmds.expect: testing incorrect password...\n"
+test_login_authfail arthur wrongpassword
+
+# test correct password
+send_user "test_pamcmds.expect: testing correct password...\n"
+test_login_ok arthur test
+
+# change password using incorrect old password
+send_user "test_pamcmds.expect: testing password change with incorrect password...\n"
+send "passwd\r"
+expect {
+  -nocase "password:" { send "wrongpassword\r" }
+  "\$ " abort
+  default abort
+}
+expect {
+  -regexp "(New|Retype new) password:" { send "newpassword\r"; exp_continue }
+  "password changed" abort
+  "Invalid credentials" {}
+  "Authentication token manipulation error" {}
+  "\$ " abort
+}
+expect "\$ "
+
+# change the password using the correct old password
+send_user "test_pamcmds.expect: testing password change with correct password...\n"
+send "passwd\r"
+expect {
+  -nocase "password:" { send "test\r" }
+  "\$ " abort
+  default abort
+}
+expect {
+  -regexp "(New|Retype new) password:" { send "newpassword\r"; exp_continue }
+  "password updated successfully" {}
+  "Invalid credentials" abort
+  "Authentication token manipulation error" abort
+  "\$ " abort
+}
+expect "\$ "
+
+# exist shell (back to nobody)
+send "exit\r"
+expect "\$ "
+
+# logging in with the old password should fail now
+send_user "test_pamcmds.expect: testing old password...\n"
+test_login_authfail arthur test
+
+# test correct password
+send_user "test_pamcmds.expect: testing new password...\n"
+test_login_ok arthur newpassword
+
+# test invalid username
+send_user "test_pamcmds.expect: testing with unknown username...\n"
+test_login_unknown foo anypassword
+
+# test login as root with incorrect password
+send_user "test_pamcmds.expect: testing with root...\n"
+test_login_authfail root anypassword
+
+# test login as nobody with incorrect password
+send_user "test_pamcmds.expect: testing with nobody...\n"
+test_login_authfail nobody anypassword
+
+# close the shell (first log of arthur)
+send "exit\r"
+expect "\$ "
+send "exit\r"
+expect {
+  eof {}
+  "\$ " abort
+  timeout abort
+}
+
+# ensure that a correct password is set
+reset_password
+
+send_user "test_pamcmds.expect: everyting OK\n"
+
+exit 0
diff --git a/tests/test_pamcmds.sh b/tests/test_pamcmds.sh
new file mode 100755
index 0000000..8895540
--- /dev/null
+++ b/tests/test_pamcmds.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# test_pamcmds.sh - test script to start test_pamcmds.expect
+#
+# Copyright (C) 2011 Arthur de Jong
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+set -e
+
+# ensure that we are running in the test environment
+. ./in_testenv.sh
+
+# check if we have expect installed
+EXPECT="$(which expect 2> /dev/null || true)"
+if ! [ -x "$EXPECT" ]
+then
+  echo "$0: expect not found, not running tests"
+  exit 77
+fi
+
+"$EXPECT" ./test_pamcmds.expect
author	Arthur de Jong <arthur@arthurdejong.org>	2011-03-18 15:33:50 +0100
committer	Arthur de Jong <arthur@arthurdejong.org>	2011-03-18 15:33:50 +0100
commit	e7c95cfdb8698109dce244c748dd292e0dcd5dd3 (patch)
tree	78646728a6e44fe25e4e896bf87e33b6ea80d5aa
parent	2927aaa0b3796443821fff5b9043faafe2ffd542 (diff)