diff options
author | Arthur de Jong <arthur@arthurdejong.org> | 2013-10-20 21:44:58 +0200 |
---|---|---|
committer | Arthur de Jong <arthur@arthurdejong.org> | 2013-10-22 22:38:43 +0200 |
commit | 0a9555769ff7e7db39bf055fbb7226052b0397ff (patch) | |
tree | e531c932903472c81574f32d7d6389877dff19ca /tests | |
parent | 1899e9a86d8fdaa6ce7a2ce6cd83941c8f94353a (diff) |
Make script to check test environment
This changes the in_testenv.sh script into testenv.sh which has more
checks and a few functions to configure the test environment.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rwxr-xr-x | tests/in_testenv.sh | 61 | ||||
-rwxr-xr-x | tests/test_nsscmds.sh | 9 | ||||
-rw-r--r-- | tests/test_pamcmds.expect | 15 | ||||
-rwxr-xr-x | tests/test_pamcmds.sh | 2 | ||||
-rwxr-xr-x | tests/testenv.sh | 181 |
6 files changed, 196 insertions, 74 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 0e42417..53293a6 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -34,7 +34,7 @@ check_PROGRAMS = test_dict test_set test_tio test_expr test_getpeercred \ test_cfg test_myldap test_common test_clock test_tio_timeout \ lookup_netgroup lookup_shadow -EXTRA_DIST = nslcd-test.conf usernames.txt in_testenv.sh test_myldap.sh \ +EXTRA_DIST = nslcd-test.conf usernames.txt testenv.sh test_myldap.sh \ test_nsscmds.sh test_pamcmds.sh test_pamcmds.expect \ test_manpages.sh \ test_pycompile.sh test_pylint.sh pylint.rc test_pynslcd_cache.py diff --git a/tests/in_testenv.sh b/tests/in_testenv.sh deleted file mode 100755 index 5137140..0000000 --- a/tests/in_testenv.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh - -# in_testenv.sh - script to check whether we are running in test environment -# -# Copyright (C) 2011 Arthur de Jong -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301 USA - -# This script expects to be run in an environment where nss-pam-ldapd -# is deployed with an LDAP server with the proper content (and nslcd running). -# It's probably best to run this in an environment without nscd (this breaks -# the services tests). - -# check if LDAP is configured correctly -cfgfile="/etc/nslcd.conf" -if [ -r "$cfgfile" ] -then - : -else - echo "$0: $cfgfile: not found" - exit 77 -fi - -uri=`sed -n 's/^uri *//p' "$cfgfile" | head -n 1` -base="dc=test,dc=tld" - -# try to fetch the base DN (fail with exit 77 to indicate problem) -ldapsearch -b "$base" -s base -x -H "$uri" > /dev/null 2>&1 || { - echo "$0: LDAP server $uri not available for $base" - exit 77 -} - -# basic check to see if nslcd is running -if [ -S /var/run/nslcd/socket ] && \ - [ -f /var/run/nslcd/nslcd.pid ] && \ - kill -s 0 `cat /var/run/nslcd/nslcd.pid` > /dev/null 2>&1 -then - : -else - echo "$0: nslcd not running" - exit 77 -fi - -# TODO: check if nscd is running - -# TODO: check if /etc/nsswitch.conf is correct - -echo "$0: using LDAP server $uri" diff --git a/tests/test_nsscmds.sh b/tests/test_nsscmds.sh index ec09a0c..cf997fc 100755 --- a/tests/test_nsscmds.sh +++ b/tests/test_nsscmds.sh @@ -30,11 +30,14 @@ set -e srcdir="${srcdir-`dirname "$0"`}" # ensure that we are running in the test environment -. "$srcdir/in_testenv.sh" +"$srcdir/testenv.sh" check || exit 77 # preload our own NSS module -LD_PRELOAD="$srcdir/../nss/nss_ldap.so" -export LD_PRELOAD +if [ -e "$srcdir/../nss/nss_ldap.so" ] +then + LD_PRELOAD="$srcdir/../nss/nss_ldap.so" + export LD_PRELOAD +fi # the total number of errors FAIL=0 diff --git a/tests/test_pamcmds.expect b/tests/test_pamcmds.expect index cfd5c8f..567da54 100644 --- a/tests/test_pamcmds.expect +++ b/tests/test_pamcmds.expect @@ -2,7 +2,7 @@ # test_pamcmds.expect - test script to check output of PAM commands # -# Copyright (C) 2011 Arthur de Jong +# Copyright (C) 2011, 2012, 2013 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -58,13 +58,12 @@ if { [exec id -u] != "0" } { exit 77 } # ensure that we are running in the test environment -spawn $env(srcdir)/in_testenv.sh -expect { - "in_testenv.sh: using LDAP server" { expect eof } - eof { - send_user "test_pamcmds.expect: not running in test environment\n" - exit 77 - } +spawn $env(srcdir)/testenv.sh check +expect eof +catch wait result +if { [lindex $result 3] } { + send_user "test_pamcmds.expect: not running in test environment\n" + exit 77 } # ensure that a correct password is set diff --git a/tests/test_pamcmds.sh b/tests/test_pamcmds.sh index a50205c..76d825f 100755 --- a/tests/test_pamcmds.sh +++ b/tests/test_pamcmds.sh @@ -25,7 +25,7 @@ set -e srcdir="${srcdir-`dirname "$0"`}" # ensure that we are running in the test environment -. "$srcdir/in_testenv.sh" +"$srcdir/testenv.sh" check || exit 77 # check if we have expect installed EXPECT="$(which expect 2> /dev/null || true)" diff --git a/tests/testenv.sh b/tests/testenv.sh new file mode 100755 index 0000000..4f94c11 --- /dev/null +++ b/tests/testenv.sh @@ -0,0 +1,181 @@ +#!/bin/sh + +# testenv.sh - script to check test environment +# +# Copyright (C) 2011, 2013 Arthur de Jong +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 USA + +set -e + +# get the script name +script="`basename "$0"`" + +# find source directory (used for finding auxiliary files) +srcdir="${srcdir-`dirname "$0"`}" + +# location of nslcd configuration file +nslcd_cfg="${nslcd_cfg-/etc/nslcd.conf}" + +# find the names of services that are configured to use LDAP +nss_list_configured() +{ + sed -n 's/^[ \t]*\([a-z]*\)[ \t]*:.*[ \t]ldap.*$/\1/p' /etc/nsswitch.conf \ + | xargs +} + +# check whether the name is configure to do lookups through LDAP +nss_is_enabled() +{ + name="$1" + grep '^[ \t]*'$name'[ \t]*:.*ldap.*' /etc/nsswitch.conf > /dev/null +} + +# check to see if name is configured to do lookups through +# LDAP and enable if not +nss_enable() +{ + name="$1" + if nss_is_enabled "$name" + then + : + else + echo "$script: /etc/nsswitch.conf: enable LDAP lookups for $name" >&2 + if grep -q '^[ \t]*'$name'[ \t]*:' /etc/nsswitch.conf + then + # modify an existing entry by just adding ldap to the end + sed -i 's/^\([ \t]*'$name'[ \t]*:.*[^ \t]\)[ \t]*$/\1 ldap/' /etc/nsswitch.conf + else + # append a new line + printf '%-15s ldap\n' $name':' >> /etc/nsswitch.conf + fi + # invalidate nscd cache + nscd -i "$name" > /dev/null 2>&1 || true + fi + # we're done + return 0 +} + +# check nsswitch.conf +check_nsswitch() { + required="${1:-passwd group}" + if [ -r /etc/nsswitch.conf ] + then + : + else + echo "$script: ERROR: /etc/nsswitch.conf: not found" >&2 + return 1 + fi + enabled=`nss_list_configured` + if [ -z "$enabled" ] + then + echo "$script: ERROR: /etc/nsswitch.conf: no LDAP maps configured" >&2 + return 1 + fi + for x in $required + do + if nss_is_enabled "$x" + then + : + else + echo "$script: ERROR: /etc/nsswitch.conf: $x not using ldap" >&2 + return 1 + fi + done + echo "$script: nsswitch.conf configured for $enabled" + return 0 +} + +# check PAM stack +check_pam() { + # TODO: implement some tests + return 0 +} + +# check whether the LDAP server is available +check_ldap_server() { + if [ -r "$nslcd_cfg" ] + then + : + else + echo "$script: ERROR: $nslcd_cfg: not found" + return 1 + fi + uri=`sed -n 's/^uri *//p' "$nslcd_cfg" | head -n 1` + base="dc=test,dc=tld" + # try to fetch the base DN + ldapsearch -b "$base" -s base -x -H "$uri" > /dev/null 2>&1 || { + echo "$script: ERROR: LDAP server $uri not available for $base" + return 1 + } + echo "$script: using LDAP server $uri" + return 0 +} + +# check nslcd.conf file for presence and correct configuration +check_nslcd_conf() { + # check if file is present + [ -r "$nslcd_cfg" ] || { + echo "$script: ERROR: $nslcd_cfg: not found" >&2 + return 1 + } + # TODO: more tests... + return 0 +} + +# basic check to see if nslcd is running +check_nslcd_running() { + if [ -r /var/run/nslcd/socket ] && \ + [ -f /var/run/nslcd/nslcd.pid ] && \ + kill -0 `cat /var/run/nslcd/nslcd.pid` > /dev/null 2>&1 + then + echo "$script: nslcd running (pid `cat /var/run/nslcd/nslcd.pid`)" >&2 + return 0 + fi + echo "$script: ERROR: nslcd not running" >&2 + return 1 +} + +case "$1" in + nss_enable) + shift + while [ $# -gt 0 ] + do + nss_enable "$1" + shift + done + exit 0 + ;; + check) + res=0 + check_nsswitch || res=1 + check_pam || res=1 + check_ldap_server || res=1 + check_nslcd_conf || res=1 + check_nslcd_running || res=1 + [ $res -eq 0 ] && echo "$script: test environment OK" || true + exit $res + ;; + check_nss) + shift + check_nsswitch "$*" || exit 1 + exit 0 + ;; + *) + echo "Usage: $0 {nss_enable|check|check_nss}" >&2 + exit 1 + ;; +esac |