2 ###############################################################################
3 # (c) Copyright Hewlett-Packard Development Company, L.P., 2006
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of version 2 the GNU General Public License as
7 # published by the Free Software Foundation.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 ###############################################################################
19 # Verify audit of failed login when user selects and invalid level.
20 # User is only allowed s0 but picks s15.
22 source pam_functions.bash ||
exit 2
25 # allow TEST_USER to write to tmpfile
28 # if in LSPP mode, map the TEST_USER to staff_u
29 if [[ $PPROFILE == "lspp" ]]; then
30 semanage login
-d $TEST_USER
31 semanage login
-a -s staff_u
$TEST_USER
32 # XXX should compute the default context from the policy
33 def_context
=staff_u
:sysadm_r
:sysadm_t
:s0
34 sel_context
=staff_u
:sysadm_r
:sysadm_t
:s15
35 auid
=$
(id
-u "$TEST_USER")
37 exit_error
"Not in lspp mode"
40 # calling login in this manner leaves an entry in /var/run/utmp
41 # use backup (and automatic restore) to work around this
49 expect -nocase {login: $} {send "$env(TEST_USER)\r"}
50 expect -nocase {password: $} {send "$env(TEST_USER_PASSWD)\r"}
51 expect -nocase {level} {send "Y\r"}
52 expect -nocase {role:} {send "\r"}
53 expect -nocase {level:} {send "s15\r"}
54 expect -nocase {"authentication failure"} {close; wait}'
57 msg_1
="acct=\"*$TEST_USER\"* : exe=./bin/login.* res=failed.*"
58 augrok
-q type=USER_START msg_1
=~
"PAM: session open $msg_1" auid
=$auid \
59 subj
=$login_context || exit_fail
60 augrok
-q type=USER_ROLE_CHANGE msg_1
=~
"pam: default-context=$def_context selected-context=$sel_context: exe=./bin/login.* res=failed.*" auid
=$auid || exit_fail