blob: 6c3580bc64c78285822413dd96be52de5ee867d5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
#!/bin/sh
# PCP QA Test No. 832
# Exercise enforced-authentication modes for pmcd.
#
# Copyright (c) 2013 Red Hat.
#
seq=`basename $0`
echo "QA output created by $seq"
# get standard environment, filters and checks
. ./common.product
. ./common.filter
. ./common.check
_get_libpcp_config
$unix_domain_sockets || _notrun "No unix domain socket support available"
$authentication || _notrun "No authentication support available"
for helper in pluginviewer; do
which $helper >/dev/null 2>&1 || _notrun "SASL $helper tool unavailable"
done
pluginviewer -s -m plain >/dev/null 2>&1
test $? -eq 0 || _notrun 'No server support for plain authentication'
export PCP_CONSOLE=none
cleanup()
{
# restore any modified pmcd configuration files
for file in $PCP_PMCDOPTIONS_PATH $PCP_SASLCONF_DIR/pmcd.conf
do
test -f $file.$seq || continue
$sudo rm -f $file
$sudo mv $file.$seq $file
done
$sudo $PCP_RC_DIR/pcp restart 2>&1 | _filter_pcp_stop | _filter_pcp_start
_wait_for_pmcd
_wait_for_pmlogger
rm -rf $tmp.*
}
status=1 # failure is the default!
$sudo rm -rf $tmp.* $seq.full
trap "cleanup; exit \$status" 0 1 2 3 15
_filter()
{
sed -e '/Parameter Error/d'
}
# real QA test starts here
$sudo mv $PCP_SASLCONF_DIR/pmcd.conf $PCP_SASLCONF_DIR/pmcd.conf.$seq
echo 'mech_list: plain' > $tmp.sasl
$sudo mv $tmp.sasl $PCP_SASLCONF_DIR/pmcd.conf
$sudo mv $PCP_PMCDOPTIONS_PATH $PCP_PMCDOPTIONS_PATH.$seq
cat <<End-Of-File >$tmp.options
# Dummy lines added by PCP QA test $seq
#
-S
End-Of-File
$sudo mv $tmp.options $PCP_PMCDOPTIONS_PATH
echo "Start pmcd with modified \$PCP_PMCDOPTIONS_PATH (pmcd.options)" | tee -a $seq.full
$sudo $PCP_RC_DIR/pcp restart | tee -a $seq.full >$tmp.out
_wait_for_pmcd 5 unix:
grep -i 'starting pmcd' $tmp.out | sed -e "s/$$/MYPID/" | _filter_pcp_start
# should now be running in enforced-credentials mode, check it out.
# unix domain access should always succeed - no matter how binaries
# were configured/built
echo "testing secure mode access via unix domain socket (PASS)"
pmstore -h unix: sample.write_me 1 # store PDU
pmprobe -h unix: -v sample.write_me # fetch PDU
pminfo -th unix: sample.write_me # text PDU
pminfo -dh unix: sample.write_me # desc PDU
echo
echo "testing secure mode access attempt via inet socket (FAIL)"
pmstore -h localhost sample.write_me 2 2>&1 | _filter
pmprobe -h localhost -v sample.write_me 2>&1 | _filter
pminfo -th localhost sample.write_me 2>&1 | _filter
pminfo -dh localhost sample.write_me 2>&1 | _filter
echo
# success, all done
status=0
exit
|
