(this change is identical across ssh01, ssh02, ssh03) The main motivation is that "mkdir /home/userdir" is not sufficient to ensure that a user can access that directory. mkdir does not account for security labels (ie. SELinux), umask of the calling shell and possibly other variables. This change fixes the following error, which can be triggered in some RHEL configurations using SELinux MLS policy:
Could not chdir to home directory /home/ssh_usr3: Permission denied bash: /home/ssh_usr3/.bashrc: Permission denied and even though ssh01 and ssh02 tests PASS successfully, they would not reveal a possible TFAIL (user is able to login) due to the chdir/bash fails shown above - both tests would falsely PASS in a scenario where ssh login was successful, matching ssh-unrelated "Permission denied". This is not yet fixed. The mkdir of home dir was actually happening in tst_setup, a quick fix (workaround) - instead of this slightly more invasive rewrite - could therefore be as simple as doing `rm -Rf' directly on /home/$TEST_USER and not setting TCtmp, letting useradd -m create the homedir. The do_cleanup trap has been moved up to perform userdel in case something in do_setup fails. Signed-off-by: Jiri Jaburek <[email protected]> --- testcases/network/tcp_cmds/ssh/ssh01 | 36 ++++++++++++++++++------------------ testcases/network/tcp_cmds/ssh/ssh02 | 36 ++++++++++++++++++------------------ testcases/network/tcp_cmds/ssh/ssh03 | 36 ++++++++++++++++++------------------ 3 files changed, 54 insertions(+), 54 deletions(-) diff --git a/testcases/network/tcp_cmds/ssh/ssh01 b/testcases/network/tcp_cmds/ssh/ssh01 index f8fe4d6..6abbf0d 100755 --- a/testcases/network/tcp_cmds/ssh/ssh01 +++ b/testcases/network/tcp_cmds/ssh/ssh01 @@ -38,33 +38,32 @@ do_setup() export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA" export TEST_USER_HOMEDIR="/home/$TEST_USER" - # erase user if he/she already exists, so we can have a clean env - TCtmp=/home/$TEST_USER - - rm -Rf $TCtmp - - tst_setup - exists expect ssh ssh01_s1 useradd userdel - userdel $TEST_USER + trap do_cleanup EXIT + + # erase user if he/she already exists, so we can have a clean env + userdel -r $TEST_USER + [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR" sleep 1 - if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER; then + tst_setup + + if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER \ + -d "$TEST_USER_HOMEDIR"; then end_testcase "Could not add test user $TEST_USER to system $RHOST." fi # create users home diretory (SLES 8 does not do this, even when specified # in adduser) - USER_UID=$(id -u $TEST_USER) - USER_GID=$(id -g $TEST_USER) - if ! mkdir -p "$TEST_USER_HOMEDIR"; then - end_testcase "Failed to create $TEST_USER_HOMEDIR" + if [ ! -d "$TEST_USER_HOMEDIR" ]; then + USER_UID=$(id -u $TEST_USER) + USER_GID=$(id -g $TEST_USER) + if ! mkdir -p "$TEST_USER_HOMEDIR"; then + end_testcase "Failed to create $TEST_USER_HOMEDIR" + fi + chown -Rf $USER_UID.$USER_GID "$TEST_USER_HOMEDIR" fi - chown -R $USER_UID.$USER_GID "$TEST_USER_HOMEDIR" - - trap do_cleanup EXIT - } #----------------------------------------------------------------------- @@ -73,7 +72,8 @@ do_setup() do_cleanup() { - userdel $TEST_USER + userdel -r $TEST_USER + [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR" tst_cleanup } diff --git a/testcases/network/tcp_cmds/ssh/ssh02 b/testcases/network/tcp_cmds/ssh/ssh02 index 919e20d..d63e3ea 100755 --- a/testcases/network/tcp_cmds/ssh/ssh02 +++ b/testcases/network/tcp_cmds/ssh/ssh02 @@ -38,33 +38,32 @@ do_setup() export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA" export TEST_USER_HOMEDIR="/home/$TEST_USER" - # erase user if he/she already exists, so we can have a clean env - TCtmp=/home/$TEST_USER - - rm -Rf $TCtmp - - tst_setup - exists expect ssh ssh02_s1 useradd userdel - userdel $TEST_USER + trap do_cleanup EXIT + + # erase user if he/she already exists, so we can have a clean env + userdel -r $TEST_USER + [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR" sleep 1 - if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER; then + tst_setup + + if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER \ + -d "$TEST_USER_HOMEDIR"; then end_testcase "Could not add test user $TEST_USER to system $RHOST." fi # create users home diretory (SLES 8 does not do this, even when specified # in adduser) - USER_UID=$(id -u $TEST_USER) - USER_GID=$(id -g $TEST_USER) - if ! mkdir -p "$TEST_USER_HOMEDIR"; then - end_testcase "Failed to create $TEST_USER_HOMEDIR" + if [ ! -d "$TEST_USER_HOMEDIR" ]; then + USER_UID=$(id -u $TEST_USER) + USER_GID=$(id -g $TEST_USER) + if ! mkdir -p "$TEST_USER_HOMEDIR"; then + end_testcase "Failed to create $TEST_USER_HOMEDIR" + fi + chown -Rf $USER_UID.$USER_GID "$TEST_USER_HOMEDIR" fi - chown -R $USER_UID.$USER_GID "$TEST_USER_HOMEDIR" - - trap do_cleanup EXIT - } #----------------------------------------------------------------------- @@ -73,7 +72,8 @@ do_setup() do_cleanup() { - userdel $TEST_USER + userdel -r $TEST_USER + [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR" tst_cleanup } diff --git a/testcases/network/tcp_cmds/ssh/ssh03 b/testcases/network/tcp_cmds/ssh/ssh03 index fe5919c..ee89465 100755 --- a/testcases/network/tcp_cmds/ssh/ssh03 +++ b/testcases/network/tcp_cmds/ssh/ssh03 @@ -38,33 +38,32 @@ do_setup() export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA" export TEST_USER_HOMEDIR="/home/$TEST_USER" - # erase user if he/she already exists, so we can have a clean env - TCtmp=/home/$TEST_USER - - rm -Rf $TCtmp - - tst_setup - exists expect ssh ssh03_s1 useradd userdel - userdel $TEST_USER + trap do_cleanup EXIT + + # erase user if he/she already exists, so we can have a clean env + userdel -r $TEST_USER + [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR" sleep 1 - if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER; then + tst_setup + + if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER \ + -d "$TEST_USER_HOMEDIR"; then end_testcase "Could not add test user $TEST_USER to system $RHOST." fi # create users home diretory (SLES 8 does not do this, even when specified # in adduser) - USER_UID=$(id -u $TEST_USER) - USER_GID=$(id -g $TEST_USER) - if ! mkdir -p "$TEST_USER_HOMEDIR"; then - end_testcase "Failed to create $TEST_USER_HOMEDIR" + if [ ! -d "$TEST_USER_HOMEDIR" ]; then + USER_UID=$(id -u $TEST_USER) + USER_GID=$(id -g $TEST_USER) + if ! mkdir -p "$TEST_USER_HOMEDIR"; then + end_testcase "Failed to create $TEST_USER_HOMEDIR" + fi + chown -Rf $USER_UID.$USER_GID "$TEST_USER_HOMEDIR" fi - chown -R $USER_UID.$USER_GID "$TEST_USER_HOMEDIR" - - trap do_cleanup EXIT - } #----------------------------------------------------------------------- @@ -73,7 +72,8 @@ do_setup() do_cleanup() { - userdel $TEST_USER + userdel -r $TEST_USER + [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR" tst_cleanup } -- 1.8.3.1 ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
