diff options
Diffstat (limited to 'qa/832')
| -rwxr-xr-x | qa/832 | 91 |
1 files changed, 91 insertions, 0 deletions
@@ -0,0 +1,91 @@ +#!/bin/sh +# PCP QA Test No. 832 +# Exercise enforced-authentication modes for pmcd. +# +# Copyright (c) 2013 Red Hat. +# + +seq=`basename $0` +echo "QA output created by $seq" + +# get standard environment, filters and checks +. ./common.product +. ./common.filter +. ./common.check + +_get_libpcp_config +$unix_domain_sockets || _notrun "No unix domain socket support available" +$authentication || _notrun "No authentication support available" +for helper in pluginviewer; do + which $helper >/dev/null 2>&1 || _notrun "SASL $helper tool unavailable" +done +pluginviewer -s -m plain >/dev/null 2>&1 +test $? -eq 0 || _notrun 'No server support for plain authentication' + +export PCP_CONSOLE=none + +cleanup() +{ + # restore any modified pmcd configuration files + for file in $PCP_PMCDOPTIONS_PATH $PCP_SASLCONF_DIR/pmcd.conf + do + test -f $file.$seq || continue + $sudo rm -f $file + $sudo mv $file.$seq $file + done + + $sudo $PCP_RC_DIR/pcp restart 2>&1 | _filter_pcp_stop | _filter_pcp_start + _wait_for_pmcd + _wait_for_pmlogger + + rm -rf $tmp.* +} + +status=1 # failure is the default! +$sudo rm -rf $tmp.* $seq.full +trap "cleanup; exit \$status" 0 1 2 3 15 + +_filter() +{ + sed -e '/Parameter Error/d' +} + +# real QA test starts here +$sudo mv $PCP_SASLCONF_DIR/pmcd.conf $PCP_SASLCONF_DIR/pmcd.conf.$seq +echo 'mech_list: plain' > $tmp.sasl +$sudo mv $tmp.sasl $PCP_SASLCONF_DIR/pmcd.conf + +$sudo mv $PCP_PMCDOPTIONS_PATH $PCP_PMCDOPTIONS_PATH.$seq +cat <<End-Of-File >$tmp.options +# Dummy lines added by PCP QA test $seq +# +-S +End-Of-File +$sudo mv $tmp.options $PCP_PMCDOPTIONS_PATH + +echo "Start pmcd with modified \$PCP_PMCDOPTIONS_PATH (pmcd.options)" | tee -a $seq.full +$sudo $PCP_RC_DIR/pcp restart | tee -a $seq.full >$tmp.out +_wait_for_pmcd 5 unix: +grep -i 'starting pmcd' $tmp.out | sed -e "s/$$/MYPID/" | _filter_pcp_start + +# should now be running in enforced-credentials mode, check it out. +# unix domain access should always succeed - no matter how binaries +# were configured/built + +echo "testing secure mode access via unix domain socket (PASS)" +pmstore -h unix: sample.write_me 1 # store PDU +pmprobe -h unix: -v sample.write_me # fetch PDU +pminfo -th unix: sample.write_me # text PDU +pminfo -dh unix: sample.write_me # desc PDU +echo + +echo "testing secure mode access attempt via inet socket (FAIL)" +pmstore -h localhost sample.write_me 2 2>&1 | _filter +pmprobe -h localhost -v sample.write_me 2>&1 | _filter +pminfo -th localhost sample.write_me 2>&1 | _filter +pminfo -dh localhost sample.write_me 2>&1 | _filter +echo + +# success, all done +status=0 +exit |