3 # Exercise enforced-authentication modes for pmcd.
5 # Copyright (c) 2013 Red Hat.
9 echo "QA output created by $seq"
11 # get standard environment, filters and checks
17 $unix_domain_sockets || _notrun
"No unix domain socket support available"
18 $authentication || _notrun
"No authentication support available"
19 for helper
in pluginviewer
; do
20 which $helper >/dev
/null
2>&1 || _notrun
"SASL $helper tool unavailable"
22 pluginviewer
-c |
grep 'Plugin "plain"' >/dev
/null
2>&1
23 test $?
-eq 0 || _notrun
'No client support for plain authentication'
24 pluginviewer
-s |
grep 'Plugin "plain"' >/dev
/null
2>&1
25 test $?
-eq 0 || _notrun
'No server support for plain authentication'
27 export PCP_CONSOLE
=none
31 # restore any modified pmcd configuration files
32 _restore_config
$PCP_PMCDOPTIONS_PATH
33 _restore_config
$PCP_SASLCONF_DIR/pmcd.conf
35 $sudo $PCP_RC_DIR/pcp restart
2>&1 | _filter_pcp_stop | _filter_pcp_start
42 status
=1 # failure is the default!
43 $sudo rm -rf $tmp.
* $seq.full
44 trap "cleanup; exit \$status" 0 1 2 3 15
46 # Handle these spurious lines from deep inside SASL code ...
48 # [Mon Mar 2 17:58:40] pmcd_wait(16622) Alert: Parameter Error in ../plugins/plugin_common.c near line 357
53 -e 's/\[[^]]*] .* Alert: Parameter Error .* line [0-9][0-9]*//' \
58 # real QA test starts here
59 _save_config
$PCP_SASLCONF_DIR/pmcd.conf
60 echo 'mech_list: plain' > $tmp.sasl
61 $sudo cp $tmp.sasl
$PCP_SASLCONF_DIR/pmcd.conf
63 _save_config
$PCP_PMCDOPTIONS_PATH
64 cat <<End-Of-File >$tmp.options
65 # Dummy lines added by PCP QA test $seq
69 $sudo cp $tmp.options
$PCP_PMCDOPTIONS_PATH
71 echo "Start pmcd with modified \$PCP_PMCDOPTIONS_PATH (pmcd.options)" |
tee -a $seq.full
72 cat $PCP_PMCDOPTIONS_PATH >>$seq.full
73 $sudo $PCP_RC_DIR/pmcd stop
2>&1 |
tee -a $seq.full
>$tmp.out
74 $sudo $PCP_RC_DIR/pmcd start
2>&1 |
tee -a $seq.full
>$tmp.out
75 _wait_for_pmcd
10 unix
: 2>&1 |
tee -a $seq.full | _filter
76 grep -i 'starting pmcd' $tmp.out \
78 |
sed -e "s/$$/MYPID/" \
81 # should now be running in enforced-credentials mode, check it out.
82 # unix domain access should always succeed - no matter how binaries
83 # were configured/built
85 echo "testing secure mode access via unix domain socket (PASS)"
86 pmstore
-h unix
: sample.write_me
1 # store PDU
87 pmprobe
-h unix
: -v sample.write_me
# fetch PDU
88 pminfo
-th unix
: sample.write_me
# text PDU
89 pminfo
-dh unix
: sample.write_me
# desc PDU
92 echo "testing secure mode access attempt via inet socket (FAIL)"
93 pmstore
-h localhost sample.write_me
2 2>&1 | _filter
94 pmprobe
-h localhost
-v sample.write_me
2>&1 | _filter
95 pminfo
-th localhost sample.write_me
2>&1 | _filter
96 pminfo
-dh localhost sample.write_me
2>&1 | _filter