emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Add tests from the old svn tree

Browse Source 
We're losing the svn history (which we could probably keep if we tried
hard enough) but don't consider that worthwhile.

Note these tests are destructive, so run them only in a throwaway
environment like a chroot, container, or vm.

The tests/run.all script should be the one which launches all the tests.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Serge Hallyn
2014-09-17 14:42:55 -05:00
parent 2cb54158b8
commit b999d48941
8970 changed files with 336314 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/log/faillog/01_faillog_no_faillog/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/01_faillog_no_faillog/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/01_faillog_no_faillog/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

20
tests/log/faillog/01_faillog_no_faillog/config/etc/passwd Normal file
View File

@@ -0,0 +1,20 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/false

20
tests/log/faillog/01_faillog_no_faillog/config/etc/shadow Normal file
View File

@@ -0,0 +1,20 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:!:12977:0:99999:7:::

1
tests/log/faillog/01_faillog_no_faillog/data/faillog.err Normal file
View File

@@ -0,0 +1 @@
faillog: Cannot open /var/log/faillog: No such file or directory

51
tests/log/faillog/01_faillog_no_faillog/faillog.test Executable file
View File

@@ -0,0 +1,51 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "faillog detects missing /var/log/faillog and does not create it"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config; touch /var/log/faillog' 0
change_config
echo -n "Remove /var/log/faillog (it will not be restored)..."
rm -f /var/log/faillog
echo "OK"
echo -n "Execute faillog (faillog)..."
faillog 2>tmp/faillog.err && exit 1 || {
status=$?
}
echo "OK"
echo -n "Check returned status ($status)..."
test "$status" = "1"
echo "OK"
echo "faillog reported:"
echo "======================================================================="
cat tmp/faillog.err
echo "======================================================================="
echo -n "Check the usage message..."
diff -au data/faillog.err tmp/faillog.err
echo "usage message OK."
rm -f tmp/faillog.err
echo -n "Check that the /var/log/faillog file was not created"...
test ! -f /var/log/faillog
echo "OK"
touch /var/log/faillog
log_status "$0" "SUCCESS"
restore_config
trap '' 0

10
tests/log/faillog/02_faillog_usage/config.txt Normal file
View File

@@ -0,0 +1,10 @@
# no testsuite password
# root password: rootF00barbaz
# myuser password: myuserF00barbaz
user foo, in group users (only in /etc/group)
user foo, in group tty (only in /etc/gshadow)
user foo, in group floppy
user foo, admin of group disk
user foo, admin and member of group fax
user foo, admin and member of group cdrom (only in /etc/gshadow)

41
tests/log/faillog/02_faillog_usage/config/etc/group Normal file
View File

@@ -0,0 +1,41 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:

41
tests/log/faillog/02_faillog_usage/config/etc/gshadow Normal file
View File

@@ -0,0 +1,41 @@
root:*::
daemon:*::
bin:*::
sys:*::
adm:*::
tty:*::
disk:*::
lp:*::
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*::
voice:*::
cdrom:*::
floppy:*::
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::

19
tests/log/faillog/02_faillog_usage/config/etc/passwd Normal file
View File

@@ -0,0 +1,19 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false

19
tests/log/faillog/02_faillog_usage/config/etc/shadow Normal file
View File

@@ -0,0 +1,19 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::

14
tests/log/faillog/02_faillog_usage/data/usage.out Normal file
View File

@@ -0,0 +1,14 @@
Usage: faillog [options]
Options:
-a, --all display faillog records for all users
-h, --help display this help message and exit
-l, --lock-secs SEC after failed login lock account for SEC seconds
-m, --maximum MAX set maximum failed login counters to MAX
-r, --reset reset the counters of login failures
-R, --root CHROOT_DIR directory to chroot into
-t, --time DAYS display faillog records more recent than DAYS
-u, --user LOGIN/RANGE display faillog record or maintains failure
counters and limits (if used with -r, -m,
or -l) only for the specified LOGIN(s)

35
tests/log/faillog/02_faillog_usage/faillog.test Executable file
View File

@@ -0,0 +1,35 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "faillog can display its usage message"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Get faillog usage (faillog -h)..."
faillog -h >tmp/usage.out
echo "OK"
echo "faillog reported:"
echo "======================================================================="
cat tmp/usage.out
echo "======================================================================="
echo -n "Check the usage message..."
diff -au data/usage.out tmp/usage.out
echo "usage message OK."
rm -f tmp/usage.out
log_status "$0" "SUCCESS"
restore_config
trap '' 0

1
tests/log/faillog/03_faillog_format/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/03_faillog_format/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/03_faillog_format/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

111
tests/log/faillog/03_faillog_format/config/etc/pam.d/login Normal file
View File

@@ -0,0 +1,111 @@
#
# The PAM configuration file for the Shadow `login' service
#
# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth optional pam_faildelay.so delay=3000000
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
#
# With the default control of this module:
# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
# root will not be prompted for a password on insecure lines.
# if an invalid username is entered, a password is prompted (but login
# will eventually be rejected)
#
# You can change it to a "requisite" module if you think root may mis-type
# her login and should not be prompted for a password in that case. But
# this will leave the system as vulnerable to user enumeration attacks.
#
# You can change it to a "required" module if you think it permits to
# guess valid user names of your system (invalid user names are considered
# as possibly being root on insecure lines), but root passwords may be
# communicated over insecure lines.
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
# Added to support faillog
auth required pam_tally.so per_user
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without out this it is possible
# that a module could execute code in the wrong domain.
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth optional pam_group.so
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required pam_access.so
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional pam_lastlog.so
# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session optional pam_motd.so
# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
#
# This also defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
session optional pam_mail.so standard
# Standard Un*x account and session
@include common-account
@include common-session
@include common-password
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)

20
tests/log/faillog/03_faillog_format/config/etc/passwd Normal file
View File

@@ -0,0 +1,20 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh

20
tests/log/faillog/03_faillog_format/config/etc/shadow Normal file
View File

@@ -0,0 +1,20 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:pass:12977:0:99999:7:::

2
tests/log/faillog/03_faillog_format/data/faillog.out Normal file
View File

@@ -0,0 +1,2 @@
Login Failures Maximum Latest On

20
tests/log/faillog/03_faillog_format/data/lastlog.out Normal file
View File

@@ -0,0 +1,20 @@
Username Port From Latest
root **Never logged in**
daemon **Never logged in**
bin **Never logged in**
sys **Never logged in**
sync **Never logged in**
games **Never logged in**
man **Never logged in**
lp **Never logged in**
mail **Never logged in**
news **Never logged in**
uucp **Never logged in**
proxy **Never logged in**
www-data **Never logged in**
backup **Never logged in**
list **Never logged in**
irc **Never logged in**
gnats **Never logged in**
nobody **Never logged in**
Debian-exim **Never logged in**

57
tests/log/faillog/03_faillog_format/faillog.test Executable file
View File

@@ -0,0 +1,57 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "reports all entry from /var/log/faillog"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
cp data/faillog.out tmp/faillog.out1
cp data/faillog.out tmp/faillog.out2
TTY=$(ls /dev/pts | sort -n|tail -1)
TTY=$((TTY+1))
DATE=$(LC_ALL=C date +"%D %H:%M:%S %z")
# pam_tally do not report the line of failure ?
printf "%-9s %5d %5d %s %s\n" foo 1 0 "$DATE" "">> tmp/faillog.out1
echo -n "Trigger a connection as foo..."
./login.exp
echo "OK"
DATE=$(LC_ALL=C date +"%D %H:%M:%S %z")
# pam_tally do not report the line of failure ?
printf "%-9s %5d %5d %s %s\n" foo 1 0 "$DATE" "">> tmp/faillog.out2
echo -n "faillog..."
faillog > tmp/faillog.out
echo "OK."
echo "faillog :"
echo "======================================================================="
cat tmp/faillog.out
echo "======================================================================="
echo -n "Check the faillog message..."
diff -au tmp/faillog.out tmp/faillog.out1 || diff -au tmp/faillog.out tmp/faillog.out2
echo "faillog message OK."
rm -f tmp/faillog.out tmp/faillog.out1 tmp/faillog.out2
log_status "$0" "SUCCESS"
restore_config
trap '' 0

17
tests/log/faillog/03_faillog_format/login.exp Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/expect
set timeout 5
expect_after default {puts "\nFAIL"; exit 1}
spawn /bin/bash
expect "# "
send "login foo\r"
expect "Password: "
sleep 0.1
send "badpass\r"
send_user "\n# password 'badpass' sent\n\n"
expect "login: "
send "exit\r"
exit 0

1
tests/log/faillog/04_faillog_mulitple/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/04_faillog_mulitple/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/04_faillog_mulitple/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

111
tests/log/faillog/04_faillog_mulitple/config/etc/pam.d/login Normal file
View File

@@ -0,0 +1,111 @@
#
# The PAM configuration file for the Shadow `login' service
#
# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth optional pam_faildelay.so delay=3000000
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
#
# With the default control of this module:
# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
# root will not be prompted for a password on insecure lines.
# if an invalid username is entered, a password is prompted (but login
# will eventually be rejected)
#
# You can change it to a "requisite" module if you think root may mis-type
# her login and should not be prompted for a password in that case. But
# this will leave the system as vulnerable to user enumeration attacks.
#
# You can change it to a "required" module if you think it permits to
# guess valid user names of your system (invalid user names are considered
# as possibly being root on insecure lines), but root passwords may be
# communicated over insecure lines.
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
# Added to support faillog
auth required pam_tally.so per_user
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without out this it is possible
# that a module could execute code in the wrong domain.
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth optional pam_group.so
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required pam_access.so
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional pam_lastlog.so
# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session optional pam_motd.so
# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
#
# This also defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
session optional pam_mail.so standard
# Standard Un*x account and session
@include common-account
@include common-session
@include common-password
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)

22
tests/log/faillog/04_faillog_mulitple/config/etc/passwd Normal file
View File

@@ -0,0 +1,22 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
bar:x:1001:1001::/home/bar:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh
baz:x:1002:1002::/home/baz:/bin/sh

22
tests/log/faillog/04_faillog_mulitple/config/etc/shadow Normal file
View File

@@ -0,0 +1,22 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
bar:!:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:a:12977:0:99999:7:::
baz:b:12977:0:99999:7:::

5
tests/log/faillog/04_faillog_mulitple/data/faillog.list Normal file
View File

@@ -0,0 +1,5 @@
Login Failures Maximum
bar 1 0
foo 1 0
baz 1 0

52
tests/log/faillog/04_faillog_mulitple/faillog.test Executable file
View File

@@ -0,0 +1,52 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "reports all entry from /var/log/faillog"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
echo -n "Trigger a connection as foo..."
./login.exp foo
echo "OK"
echo -n "Trigger a connection as bar..."
./login.exp bar
echo "OK"
echo -n "Trigger a connection as baz..."
./login.exp baz
echo "OK"
echo -n "faillog..."
faillog > tmp/faillog.out
echo "OK."
echo "faillog :"
echo "======================================================================="
cat tmp/faillog.out
echo "======================================================================="
echo -n "Check the list of logged in users..."
cut -c-28 tmp/faillog.out > tmp/faillog.list
diff -au data/faillog.list tmp/faillog.list
echo "OK."
rm -f tmp/faillog.out tmp/faillog.list
log_status "$0" "SUCCESS"
restore_config
trap '' 0

26
tests/log/faillog/04_faillog_mulitple/login.exp Executable file
View File

@@ -0,0 +1,26 @@
#!/usr/bin/expect
if {$argc == 1} {
set user [lindex $argv 0]
} else {
set user "foo"
}
set timeout 2
expect_after default {puts "\nFAIL"; exit 1}
set timeout 5
expect_after default {puts "\nFAIL"; exit 1}
spawn /bin/bash
expect "# "
send "login $user\r"
expect "Password: "
sleep 0.1
send "badpass\r"
send_user "\n# password 'badpass' sent\n\n"
expect "login: "
send "exit\r"
exit 0

1
tests/log/faillog/05_faillog-u_ID/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/05_faillog-u_ID/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/05_faillog-u_ID/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

22
tests/log/faillog/05_faillog-u_ID/config/etc/passwd Normal file
View File

@@ -0,0 +1,22 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
bar:x:1001:1001::/home/bar:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh
baz:x:1002:1002::/home/baz:/bin/sh

22
tests/log/faillog/05_faillog-u_ID/config/etc/shadow Normal file
View File

@@ -0,0 +1,22 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
bar:!:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:!:12977:0:99999:7:::
baz:!:12977:0:99999:7:::

3
tests/log/faillog/05_faillog-u_ID/data/faillog.list Normal file
View File

@@ -0,0 +1,3 @@
Login Failures Maximum
bar 0 0

42
tests/log/faillog/05_faillog-u_ID/faillog.test Executable file
View File

@@ -0,0 +1,42 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "reports all entry from /var/log/faillog"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
echo -n "faillog -u 1001..."
faillog -u 1001> tmp/faillog.out
echo "OK."
echo "faillog :"
echo "======================================================================="
cat tmp/faillog.out
echo "======================================================================="
echo -n "Check the list of logged in users..."
cut -c-28 tmp/faillog.out > tmp/faillog.list
diff -au data/faillog.list tmp/faillog.list
echo "OK."
rm -f tmp/faillog.out tmp/faillog.list
log_status "$0" "SUCCESS"
restore_config
trap '' 0

1
tests/log/faillog/06_faillog-u_name/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/06_faillog-u_name/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/06_faillog-u_name/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

22
tests/log/faillog/06_faillog-u_name/config/etc/passwd Normal file
View File

@@ -0,0 +1,22 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
bar:x:1001:1001::/home/bar:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh
baz:x:1002:1002::/home/baz:/bin/sh

22
tests/log/faillog/06_faillog-u_name/config/etc/shadow Normal file
View File

@@ -0,0 +1,22 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
bar:!:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:!:12977:0:99999:7:::
baz:!:12977:0:99999:7:::

3
tests/log/faillog/06_faillog-u_name/data/faillog.list Normal file
View File

@@ -0,0 +1,3 @@
Login
baz

42
tests/log/faillog/06_faillog-u_name/faillog.test Executable file
View File

@@ -0,0 +1,42 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "reports all entry from /var/log/faillog"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
echo -n "faillog -u baz..."
faillog -u baz> tmp/faillog.out
echo "OK."
echo "faillog :"
echo "======================================================================="
cat tmp/faillog.out
echo "======================================================================="
echo -n "Check the list of logged in users..."
cat tmp/faillog.out | cut -d" " -f1 > tmp/faillog.list
diff -au data/faillog.list tmp/faillog.list
echo "OK."
rm -f tmp/faillog.out tmp/faillog.list
log_status "$0" "SUCCESS"
restore_config
trap '' 0

1
tests/log/faillog/07_faillog-u_ID_invalid/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/07_faillog-u_ID_invalid/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/07_faillog-u_ID_invalid/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

22
tests/log/faillog/07_faillog-u_ID_invalid/config/etc/passwd Normal file
View File

@@ -0,0 +1,22 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
bar:x:1001:1001::/home/bar:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh
baz:x:1002:1002::/home/baz:/bin/sh

22
tests/log/faillog/07_faillog-u_ID_invalid/config/etc/shadow Normal file
View File

@@ -0,0 +1,22 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
bar:!:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:!:12977:0:99999:7:::
baz:!:12977:0:99999:7:::

0
tests/log/faillog/07_faillog-u_ID_invalid/data/faillog.list Normal file
View File

41
tests/log/faillog/07_faillog-u_ID_invalid/faillog.test Executable file
View File

@@ -0,0 +1,41 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "reports all entry from /var/log/faillog"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
echo -n "faillog -u 1003..."
faillog -u 1003> tmp/faillog.out
echo "OK."
echo "faillog :"
echo "======================================================================="
cat tmp/faillog.out
echo "======================================================================="
echo -n "Check the list of logged in users..."
diff -au data/faillog.list tmp/faillog.out
echo "OK."
rm -f tmp/faillog.out
log_status "$0" "SUCCESS"
restore_config
trap '' 0

1
tests/log/faillog/08_faillog-u_name_invalid/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/08_faillog-u_name_invalid/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/08_faillog-u_name_invalid/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

22
tests/log/faillog/08_faillog-u_name_invalid/config/etc/passwd Normal file
View File

@@ -0,0 +1,22 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
bar:x:1001:1001::/home/bar:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh
baz:x:1002:1002::/home/baz:/bin/sh

22
tests/log/faillog/08_faillog-u_name_invalid/config/etc/shadow Normal file
View File

@@ -0,0 +1,22 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
bar:!:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:!:12977:0:99999:7:::
baz:!:12977:0:99999:7:::

1
tests/log/faillog/08_faillog-u_name_invalid/data/faillog.err Normal file
View File

@@ -0,0 +1 @@
faillog: Unknown user or range: me

45
tests/log/faillog/08_faillog-u_name_invalid/faillog.test Executable file
View File

@@ -0,0 +1,45 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "reports all entry from /var/log/faillog"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
echo -n "faillog -u me..."
faillog -u me 2>tmp/faillog.err && exit 1 || {
status=$?
}
echo "OK."
echo -n "Check returned status ($status)..."
test "$status" = "3"
echo "OK"
echo "faillog reported:"
echo "======================================================================="
cat tmp/faillog.err
echo "======================================================================="
echo -n "Check the usage message..."
diff -au data/faillog.err tmp/faillog.err
echo "message OK."
rm -f tmp/faillog.err
log_status "$0" "SUCCESS"
restore_config
trap '' 0

1
tests/log/faillog/09_faillog-u_range/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/09_faillog-u_range/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/09_faillog-u_range/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

111
tests/log/faillog/09_faillog-u_range/config/etc/pam.d/login Normal file
View File

@@ -0,0 +1,111 @@
#
# The PAM configuration file for the Shadow `login' service
#
# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth optional pam_faildelay.so delay=3000000
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
#
# With the default control of this module:
# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
# root will not be prompted for a password on insecure lines.
# if an invalid username is entered, a password is prompted (but login
# will eventually be rejected)
#
# You can change it to a "requisite" module if you think root may mis-type
# her login and should not be prompted for a password in that case. But
# this will leave the system as vulnerable to user enumeration attacks.
#
# You can change it to a "required" module if you think it permits to
# guess valid user names of your system (invalid user names are considered
# as possibly being root on insecure lines), but root passwords may be
# communicated over insecure lines.
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
# Added to support faillog
auth required pam_tally.so per_user
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without out this it is possible
# that a module could execute code in the wrong domain.
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth optional pam_group.so
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required pam_access.so
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional pam_lastlog.so
# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session optional pam_motd.so
# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
#
# This also defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
session optional pam_mail.so standard
# Standard Un*x account and session
@include common-account
@include common-session
@include common-password
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)

22
tests/log/faillog/09_faillog-u_range/config/etc/passwd Normal file
View File

@@ -0,0 +1,22 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
bar:x:1001:1001::/home/bar:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh
baz:x:1002:1002::/home/baz:/bin/sh

22
tests/log/faillog/09_faillog-u_range/config/etc/shadow Normal file
View File

@@ -0,0 +1,22 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
bar:!:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:!:12977:0:99999:7:::
baz:!:12977:0:99999:7:::

4
tests/log/faillog/09_faillog-u_range/data/faillog.list Normal file
View File

@@ -0,0 +1,4 @@
Login Failures Maximum
irc 1 0
foo 1 0

50
tests/log/faillog/09_faillog-u_range/faillog.test Executable file
View File

@@ -0,0 +1,50 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "reports all entry from /var/log/faillog"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
echo -n "Trigger a connection as foo..."
./login.exp foo
echo "OK"
echo -n "Trigger a connection as irc..."
./login.exp irc
echo "OK"
echo -n "faillog -u 38-1001..."
faillog -u 38-1001> tmp/faillog.out
echo "OK."
echo "faillog :"
echo "======================================================================="
cat tmp/faillog.out
echo "======================================================================="
echo -n "Check the list of logged in users..."
cut -c-28 tmp/faillog.out > tmp/faillog.list
diff -au data/faillog.list tmp/faillog.list
echo "OK."
rm -f tmp/faillog.out tmp/faillog.list
log_status "$0" "SUCCESS"
restore_config
trap '' 0

26
tests/log/faillog/09_faillog-u_range/login.exp Executable file
View File

@@ -0,0 +1,26 @@
#!/usr/bin/expect
if {$argc == 1} {
set user [lindex $argv 0]
} else {
set user "foo"
}
set timeout 2
expect_after default {puts "\nFAIL"; exit 1}
set timeout 5
expect_after default {puts "\nFAIL"; exit 1}
spawn /bin/bash
expect "# "
send "login $user\r"
expect "Password: "
sleep 0.1
send "badpass\r"
send_user "\n# password 'badpass' sent\n\n"
expect "login: "
send "exit\r"
exit 0

1
tests/log/faillog/10_faillog-u_open_range/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/10_faillog-u_open_range/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/10_faillog-u_open_range/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

22
tests/log/faillog/10_faillog-u_open_range/config/etc/passwd Normal file
View File

@@ -0,0 +1,22 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
bar:x:1001:1001::/home/bar:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh
baz:x:1002:1002::/home/baz:/bin/sh

22
tests/log/faillog/10_faillog-u_open_range/config/etc/shadow Normal file
View File

@@ -0,0 +1,22 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
bar:!:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:!:12977:0:99999:7:::
baz:!:12977:0:99999:7:::

22
tests/log/faillog/10_faillog-u_open_range/data/faillog.list Normal file
View File

@@ -0,0 +1,22 @@
Login Failures Maximum
root 0 0
daemon 0 0
bin 0 0
bar 0 0
sys 0 0
sync 0 0
games 0 0
man 0 0
lp 0 0
mail 0 0
news 0 0
uucp 0 0
proxy 0 0
www-data 0 0
backup 0 0
list 0 0
irc 0 0
gnats 0 0
Debian-exim 0 0
foo 0 0

42
tests/log/faillog/10_faillog-u_open_range/faillog.test Executable file
View File

@@ -0,0 +1,42 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "faillog supports open ranges"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
echo -n "faillog -u -1001..."
faillog -a -u -1001> tmp/faillog.out
echo "OK."
echo "faillog :"
echo "======================================================================="
cat tmp/faillog.out
echo "======================================================================="
echo -n "Check the list of logged in users..."
cut -c-28 tmp/faillog.out > tmp/faillog.list
diff -au data/faillog.list tmp/faillog.list
echo "OK."
rm -f tmp/faillog.out tmp/faillog.list
log_status "$0" "SUCCESS"
restore_config
trap '' 0

1
tests/log/faillog/11_faillog-u_range_open/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/11_faillog-u_range_open/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/11_faillog-u_range_open/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

22
tests/log/faillog/11_faillog-u_range_open/config/etc/passwd Normal file
View File

@@ -0,0 +1,22 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
bar:x:1001:1001::/home/bar:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh
baz:x:1002:1002::/home/baz:/bin/sh

22
tests/log/faillog/11_faillog-u_range_open/config/etc/shadow Normal file
View File

@@ -0,0 +1,22 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
bar:!:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:!:12977:0:99999:7:::
baz:!:12977:0:99999:7:::

10
tests/log/faillog/11_faillog-u_range_open/data/faillog.list Normal file
View File

@@ -0,0 +1,10 @@
Login Failures Maximum
bar 0 0
list 0 0
irc 0 0
gnats 0 0
nobody 0 0
Debian-exim 0 0
foo 0 0
baz 0 0

42
tests/log/faillog/11_faillog-u_range_open/faillog.test Executable file
View File

@@ -0,0 +1,42 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "faillog supports open ranges (2)"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
echo -n "faillog -u 38-..."
faillog -a -u 38-> tmp/faillog.out
echo "OK."
echo "faillog :"
echo "======================================================================="
cat tmp/faillog.out
echo "======================================================================="
echo -n "Check the list of logged in users..."
cut -c-28 tmp/faillog.out > tmp/faillog.list
diff -au data/faillog.list tmp/faillog.list
echo "OK."
rm -f tmp/faillog.out tmp/faillog.list
log_status "$0" "SUCCESS"
restore_config
trap '' 0

1
tests/log/faillog/12_faillog-u_range_invalid1/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/12_faillog-u_range_invalid1/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/12_faillog-u_range_invalid1/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

22
tests/log/faillog/12_faillog-u_range_invalid1/config/etc/passwd Normal file
View File

@@ -0,0 +1,22 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
bar:x:1001:1001::/home/bar:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh
baz:x:1002:1002::/home/baz:/bin/sh

22
tests/log/faillog/12_faillog-u_range_invalid1/config/etc/shadow Normal file
View File

@@ -0,0 +1,22 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
bar:!:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:!:12977:0:99999:7:::
baz:!:12977:0:99999:7:::

1
tests/log/faillog/12_faillog-u_range_invalid1/data/faillog.err Normal file
View File

@@ -0,0 +1 @@
faillog: Unknown user or range: foo-bar

45
tests/log/faillog/12_faillog-u_range_invalid1/faillog.test Executable file
View File

@@ -0,0 +1,45 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "reports invalid ranges"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
echo -n "faillog -u foo-bar..."
faillog -u foo-bar 2>tmp/faillog.err && exit 1 || {
status=$?
}
echo "OK."
echo -n "Check returned status ($status)..."
test "$status" = "3"
echo "OK"
echo "faillog reported:"
echo "======================================================================="
cat tmp/faillog.err
echo "======================================================================="
echo -n "Check the usage message..."
diff -au data/faillog.err tmp/faillog.err
echo "message OK."
rm -f tmp/faillog.err
log_status "$0" "SUCCESS"
restore_config
trap '' 0

1
tests/log/faillog/13_faillog-u_range_invalid2/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/13_faillog-u_range_invalid2/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

42
tests/log/faillog/13_faillog-u_range_invalid2/config/etc/gshadow Normal file
View File

@@ -0,0 +1,42 @@
root:*::
daemon:*::
bin:*::
sys:*::root
adm:*::root,foo
tty:*::foo
disk:*:foo:
lp:*::foo,root
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*:foo:foo
voice:*::
cdrom:*:foo:foo
floppy:*::foo
tape:*::
sudo:*::
audio:*::
dip:*::
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
staff:*::
games:*::
users:*::
nogroup:*::
crontab:x::
Debian-exim:x::
foo:*::

22
tests/log/faillog/13_faillog-u_range_invalid2/config/etc/passwd Normal file
View File

@@ -0,0 +1,22 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
bar:x:1001:1001::/home/bar:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/sh
baz:x:1002:1002::/home/baz:/bin/sh

22
tests/log/faillog/13_faillog-u_range_invalid2/config/etc/shadow Normal file
View File

@@ -0,0 +1,22 @@
root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
daemon:*:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
bar:!:12977:0:99999:7:::
sys:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
man:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
proxy:*:12977:0:99999:7:::
www-data:*:12977:0:99999:7:::
backup:*:12977:0:99999:7:::
list:*:12977:0:99999:7:::
irc:*:12977:0:99999:7:::
gnats:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
Debian-exim:!:12977:0:99999:7:::
foo:!:12977:0:99999:7:::
baz:!:12977:0:99999:7:::

1
tests/log/faillog/13_faillog-u_range_invalid2/data/faillog.err Normal file
View File

@@ -0,0 +1 @@
faillog: Unknown user or range: foo-

45
tests/log/faillog/13_faillog-u_range_invalid2/faillog.test Executable file
View File

@@ -0,0 +1,45 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "reports invalid ranges"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Create an empty /var/log/faillog (it will not be restored)..."
> /var/log/faillog
echo "OK"
echo -n "faillog -u foo-..."
faillog -u foo- 2>tmp/faillog.err && exit 1 || {
status=$?
}
echo "OK."
echo -n "Check returned status ($status)..."
test "$status" = "3"
echo "OK"
echo "faillog reported:"
echo "======================================================================="
cat tmp/faillog.err
echo "======================================================================="
echo -n "Check the usage message..."
diff -au data/faillog.err tmp/faillog.err
echo "message OK."
rm -f tmp/faillog.err
log_status "$0" "SUCCESS"
restore_config
trap '' 0

1
tests/log/faillog/14_faillog-u_range_invalid3/config.txt Normal file
View File

@@ -0,0 +1 @@
user foo exists, UID 1000

42
tests/log/faillog/14_faillog-u_range_invalid3/config/etc/group Normal file
View File

@@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:root
adm:x:4:root,foo
tty:x:5:
disk:x:6:
lp:x:7:foo,root
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:foo
voice:x:22:
cdrom:x:24:
floppy:x:25:foo
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:foo
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

Some files were not shown because too many files have changed in this diff Show More