#!/bin/sh # PCP QA Test No. 832 # Exercise enforced-authentication modes for pmcd. # # Copyright (c) 2013 Red Hat. # seq=`basename $0` echo "QA output created by $seq" # get standard environment, filters and checks . ./common.product . ./common.filter . ./common.check _get_libpcp_config $unix_domain_sockets || _notrun "No unix domain socket support available" $authentication || _notrun "No authentication support available" for helper in pluginviewer; do which $helper >/dev/null 2>&1 || _notrun "SASL $helper tool unavailable" done pluginviewer -s -m plain >/dev/null 2>&1 test $? -eq 0 || _notrun 'No server support for plain authentication' export PCP_CONSOLE=none cleanup() { # restore any modified pmcd configuration files for file in $PCP_PMCDOPTIONS_PATH $PCP_SASLCONF_DIR/pmcd.conf do test -f $file.$seq || continue $sudo rm -f $file $sudo mv $file.$seq $file done $sudo $PCP_RC_DIR/pcp restart 2>&1 | _filter_pcp_stop | _filter_pcp_start _wait_for_pmcd _wait_for_pmlogger rm -rf $tmp.* } status=1 # failure is the default! $sudo rm -rf $tmp.* $seq.full trap "cleanup; exit \$status" 0 1 2 3 15 _filter() { sed -e '/Parameter Error/d' } # real QA test starts here $sudo mv $PCP_SASLCONF_DIR/pmcd.conf $PCP_SASLCONF_DIR/pmcd.conf.$seq echo 'mech_list: plain' > $tmp.sasl $sudo mv $tmp.sasl $PCP_SASLCONF_DIR/pmcd.conf $sudo mv $PCP_PMCDOPTIONS_PATH $PCP_PMCDOPTIONS_PATH.$seq cat <$tmp.options # Dummy lines added by PCP QA test $seq # -S End-Of-File $sudo mv $tmp.options $PCP_PMCDOPTIONS_PATH echo "Start pmcd with modified \$PCP_PMCDOPTIONS_PATH (pmcd.options)" | tee -a $seq.full $sudo $PCP_RC_DIR/pcp restart | tee -a $seq.full >$tmp.out _wait_for_pmcd 5 unix: grep -i 'starting pmcd' $tmp.out | sed -e "s/$$/MYPID/" | _filter_pcp_start # should now be running in enforced-credentials mode, check it out. # unix domain access should always succeed - no matter how binaries # were configured/built echo "testing secure mode access via unix domain socket (PASS)" pmstore -h unix: sample.write_me 1 # store PDU pmprobe -h unix: -v sample.write_me # fetch PDU pminfo -th unix: sample.write_me # text PDU pminfo -dh unix: sample.write_me # desc PDU echo echo "testing secure mode access attempt via inet socket (FAIL)" pmstore -h localhost sample.write_me 2 2>&1 | _filter pmprobe -h localhost -v sample.write_me 2>&1 | _filter pminfo -th localhost sample.write_me 2>&1 | _filter pminfo -dh localhost sample.write_me 2>&1 | _filter echo # success, all done status=0 exit