1bundle common test_meta 2{ 3 vars: 4 "description" string => "Test that cached password hashes do not cause problems"; 5 "story_id" string => "5525"; 6 "covers" string => "operational_kept"; 7} 8 9####################################################### 10 11# If the platform is using /etc/passwd to store hashes, then the hash will be 12# cached in the passwd_info structure in the C code. This may cause problems 13# if one part of the code (password update) tries to modify the hash, and 14# another one (locking) also does it. The latter may use the cached value from 15# before it was modified, but should use the updated value. 16 17####################################################### 18 19body common control 20{ 21 inputs => { "../../default.cf.sub", "user_queries.cf.sub" }; 22 bundlesequence => { default("$(this.promise_filename)") }; 23} 24 25####################################################### 26 27bundle common hpux_trusted 28{ 29 classes: 30 "hpux_trusted_mode_test" 31 expression => regcmp(".*hpux_trusted.*", $(this.promise_filename)); 32} 33 34bundle agent init 35{ 36 meta: 37 # Password hashes are not supported on Windows. 38 "test_skip_unsupported" string => "(hpux_trusted_mode_test.!hpux)|windows"; 39 40 vars: 41 # "j0hnd0e" 42 "hash" string => "dTloMVpjYt1w2"; 43 44 methods: 45 "any" usebundle => init_firstpass; 46 "any" usebundle => init_secondpass; 47} 48 49bundle agent init_firstpass 50{ 51 users: 52 "user1" 53 policy => "absent"; 54 "user2" 55 policy => "absent"; 56} 57 58bundle agent init_secondpass 59{ 60 users: 61 "user1" 62 policy => "present", 63 password => init_password; 64 "user2" 65 policy => "present", 66 password => init_password; 67} 68 69body password init_password 70{ 71 format => "hash"; 72 data => "$(init.hash)"; 73} 74 75####################################################### 76 77bundle agent test 78{ 79 vars: 80 # "N4wP4ssw" 81 "hash" string => "aapgPBZAGeZf6"; 82 83 methods: 84 "any" usebundle => test_firstpass; 85 "any" usebundle => test_secondpass; 86} 87 88bundle agent test_firstpass 89{ 90 users: 91 "user1" 92 policy => "locked"; 93 "user2" 94 policy => "locked"; 95} 96 97bundle agent test_secondpass 98{ 99 users: 100 "user1" 101 policy => "present", 102 password => test_hash; 103 "user2" 104 policy => "present", 105 password => test_passwd; 106} 107 108body password test_hash 109{ 110 format => "hash"; 111 data => "$(test.hash)"; 112} 113 114body password test_passwd 115{ 116 format => "plaintext"; 117 data => "N4wP4ssw"; 118} 119 120####################################################### 121 122bundle agent check 123{ 124 methods: 125 "any" usebundle => user_has_password_hash("user1", "$(test.hash)", "user1_success", "user1_failure"), 126 classes => always("user1_methods_run"); 127 "any" usebundle => user_has_password_hash("user2", "$(init.hash)", "user2_failure", "user2_success"), 128 classes => always("user2_methods_run"); 129 130 classes: 131 "ready" and => { "user1_methods_run", "user2_methods_run" }; 132 "ok" and => { "user1_success", "!user1_failure", 133 "user2_success", "!user2_failure" 134 }; 135 136 reports: 137 ok.ready:: 138 "$(this.promise_filename) Pass"; 139 !ok.ready:: 140 "$(this.promise_filename) FAIL"; 141} 142