1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
|
#!/bin/sh
# test.sh - simple test script to check output of name lookup commands
#
# Copyright (C) 2007 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA
# This script expects to be run in an environment where nss-ldapd
# is deployed with an LDAP server with the proper contents (nslcd running).
# FIXME: update the above description and provide actual LDIF file
# It's probably best to run this in an environment without nscd.
# note that nscd should not be running
set -e
# check if LDAP is configured correctly
cfgfile="/etc/nss-ldapd.conf"
uri=`sed -n 's/^uri *//p' "$cfgfile" | head -n 1`
base="dc=test,dc=tld"
# try to fetch the base DN (fail with exit 77 to indicate problem)
ldapsearch -b "$base" -s base -x -H "$uri" > /dev/null 2>&1 || {
echo "LDAP server $uri not available for $base"
exit 77
}
# TODO: check if nslcd is running
# TODO: check if nscd is running
echo "using LDAP server $uri"
# the total number of errors
FAIL=0
check() {
# the command to execute
cmd="$1"
# save the expected output
expectfile=`mktemp -t expected.XXXXXX 2> /dev/null || tempfile -s .expected 2> /dev/null`
cat > "$expectfile"
# run the command
echo 'checking "'"$cmd"'"'
actualfile=`mktemp -t actual.XXXXXX 2> /dev/null || tempfile -s .actual 2> /dev/null`
eval "$cmd" > "$actualfile" 2>&1 || true
# check for differences
if ! diff -Nauwi "$expectfile" "$actualfile"
then
FAIL=`expr $FAIL + 1`
fi
# remove temporary files
rm "$expectfile" "$actualfile"
}
###########################################################################
echo "testing aliases..."
# check all aliases
check "getent aliases|sort" << EOM
bar2: foobar@example.com
bar: foobar@example.com
foo: bar@example.com
EOM
# get alias by name
check "getent aliases foo" << EOM
foo: bar@example.com
EOM
# get alias by second name
check "getent aliases bar2" << EOM
bar2: foobar@example.com
EOM
###########################################################################
echo "testing ether..."
# get an entry by hostname
check "getent ethers testhost" << EOM
0:18:8a:54:1a:8e testhost
EOM
# get an entry by alias name
check "getent ethers testhostalias" << EOM
0:18:8a:54:1a:8e testhostalias
EOM
# get an entry by ethernet address
check "getent ethers 0:18:8a:54:1a:8b" << EOM
0:18:8a:54:1a:8b testhost2
EOM
# get entry by ip address
# this does not currently work, but maybe it should
#check "getent ethers 10.0.0.1" << EOM
#0:18:8a:54:1a:8e testhost
#EOM
# get all ethers (unsupported)
check "getent ethers" << EOM
Enumeration not supported on ethers
EOM
###########################################################################
echo "testing group..."
check "getent group testgroup" << EOM
testgroup:*:6100:arthur,test
EOM
# this does not work because users is in /etc/group but it would
# be nice if libc supported this
#check "getent group users" << EOM
#users:*:100:arthur,test
#EOM
check "getent group 6100" << EOM
testgroup:*:6100:arthur,test
EOM
check "groups arthur" << EOM
arthur : users testgroup
EOM
check "getent group | egrep '^(testgroup|users):'" << EOM
users:x:100:
testgroup:*:6100:arthur,test
users:*:100:arthur,test
EOM
check "getent group | wc -l" << EOM
43
EOM
###########################################################################
echo "testing hosts..."
check "getent hosts testhost" << EOM
10.0.0.1 testhost testhostalias
EOM
check "getent hosts testhostalias" << EOM
10.0.0.1 testhost testhostalias
EOM
check "getent hosts 10.0.0.1" << EOM
10.0.0.1 testhost testhostalias
EOM
check "getent hosts | grep testhost" << EOM
10.0.0.1 testhost testhostalias
EOM
# dummy test for IPv6 envoronment
check "getent hosts ::1" << EOM
::1 ip6-localhost ip6-loopback
EOM
# TODO: add more tests for IPv6 support
###########################################################################
echo "testing netgroup..."
# check netgroup lookup of test netgroup
check "getent netgroup tstnetgroup" << EOM
tstnetgroup (aap, , ) (noot, , )
EOM
###########################################################################
echo "testing networks..."
check "getent networks testnet" << EOM
testnet 10.0.0.0
EOM
check "getent networks 10.0.0.0" << EOM
testnet 10.0.0.0
EOM
check "getent networks | grep testnet" << EOM
testnet 10.0.0.0
EOM
###########################################################################
echo "testing passwd..."
check "getent passwd ecolden" << EOM
ecolden:x:5972:1000:Estelle Colden:/home/ecolden:/bin/bash
EOM
check "getent passwd arthur" << EOM
arthur:x:1000:100:Arthur de Jong:/home/arthur:/bin/bash
EOM
check "getent passwd 4089" << EOM
jguzzetta:x:4089:1000:Josephine Guzzetta:/home/jguzzetta:/bin/bash
EOM
# count the number of passwd entries in the 4000-5999 range
check "getent passwd | grep -c ':x:[45][0-9][0-9][0-9]:'" << EOM
2000
EOM
###########################################################################
echo "testing protocols..."
check "getent protocols protfoo" << EOM
protfoo 140 protfooalias
EOM
check "getent protocols protfooalias" << EOM
protfoo 140 protfooalias
EOM
check "getent protocols 140" << EOM
protfoo 140 protfooalias
EOM
check "getent protocols icmp" << EOM
icmp 1 ICMP
EOM
check "getent protocols | grep protfoo" << EOM
protfoo 140 protfooalias
EOM
###########################################################################
echo "testing rpc..."
check "getent rpc rpcfoo" << EOM
rpcfoo 160002 rpcfooalias
EOM
check "getent rpc rpcfooalias" << EOM
rpcfoo 160002 rpcfooalias
EOM
check "getent rpc 160002" << EOM
rpcfoo 160002 rpcfooalias
EOM
check "getent rpc | grep rpcfoo" << EOM
rpcfoo 160002 rpcfooalias
EOM
###########################################################################
echo "testing services..."
check "getent services foosrv" << EOM
foosrv 15349/tcp
EOM
check "getent services foosrv/tcp" << EOM
foosrv 15349/tcp
EOM
check "getent services foosrv/udp" << EOM
EOM
check "getent services 15349/tcp" << EOM
foosrv 15349/tcp
EOM
check "getent services 15349/udp" << EOM
EOM
check "getent services barsrv" << EOM
barsrv 15350/tcp
EOM
check "getent services barsrv/tcp" << EOM
barsrv 15350/tcp
EOM
check "getent services barsrv/udp" << EOM
barsrv 15350/udp
EOM
check "getent services | egrep '(foo|bar)srv' | sort" << EOM
barsrv 15350/tcp
barsrv 15350/udp
foosrv 15349/tcp
EOM
check "getent services | wc -l" << EOM
505
EOM
###########################################################################
echo "testing shadow..."
# NOTE: the output of this should depend on whether we are root or not
check "getent shadow ecordas" << EOM
ecordas:*::::7:2::0
EOM
check "getent shadow arthur" << EOM
arthur:*::100:200:7:2::0
EOM
# check if the number of passwd entries matches the number of shadow entries
numpasswd=`getent passwd | wc -l`
check "getent shadow | wc -l" << EOM
$numpasswd
EOM
# check if the names of users match between passwd and shadow
getent passwd | sed 's/:.*//' | sort | \
check "getent shadow | sed 's/:.*//' | sort"
###########################################################################
# determine the result
if [ $FAIL -eq 0 ]
then
echo "all tests passed"
exit 0
else
echo "$FAIL tests failed"
exit 1
fi
|