1bundle common test_meta
2{
3  vars:
4      "description" string => "Test that cached password hashes do not cause problems";
5      "story_id" string => "5525";
6      "covers" string => "operational_kept";
7}
8
9#######################################################
10
11# If the platform is using /etc/passwd to store hashes, then the hash will be
12# cached in the passwd_info structure in the C code. This may cause problems
13# if one part of the code (password update) tries to modify the hash, and
14# another one (locking) also does it. The latter may use the cached value from
15# before it was modified, but should use the updated value.
16
17#######################################################
18
19body common control
20{
21      inputs => { "../../default.cf.sub", "user_queries.cf.sub" };
22      bundlesequence  => { default("$(this.promise_filename)") };
23}
24
25#######################################################
26
27bundle common hpux_trusted
28{
29  classes:
30      "hpux_trusted_mode_test"
31        expression => regcmp(".*hpux_trusted.*", $(this.promise_filename));
32}
33
34bundle agent init
35{
36  meta:
37      # Password hashes are not supported on Windows.
38      "test_skip_unsupported" string => "(hpux_trusted_mode_test.!hpux)|windows";
39
40  vars:
41      # "j0hnd0e"
42      "hash" string => "dTloMVpjYt1w2";
43
44  methods:
45      "any" usebundle => init_firstpass;
46      "any" usebundle => init_secondpass;
47}
48
49bundle agent init_firstpass
50{
51  users:
52      "user1"
53        policy => "absent";
54      "user2"
55        policy => "absent";
56}
57
58bundle agent init_secondpass
59{
60  users:
61      "user1"
62        policy => "present",
63        password => init_password;
64      "user2"
65        policy => "present",
66        password => init_password;
67}
68
69body password init_password
70{
71    format => "hash";
72    data => "$(init.hash)";
73}
74
75#######################################################
76
77bundle agent test
78{
79  vars:
80      # "N4wP4ssw"
81      "hash" string => "aapgPBZAGeZf6";
82
83  methods:
84      "any" usebundle => test_firstpass;
85      "any" usebundle => test_secondpass;
86}
87
88bundle agent test_firstpass
89{
90  users:
91      "user1"
92        policy => "locked";
93      "user2"
94        policy => "locked";
95}
96
97bundle agent test_secondpass
98{
99  users:
100      "user1"
101        policy => "present",
102        password => test_hash;
103      "user2"
104        policy => "present",
105        password => test_passwd;
106}
107
108body password test_hash
109{
110  format => "hash";
111  data => "$(test.hash)";
112}
113
114body password test_passwd
115{
116  format => "plaintext";
117  data => "N4wP4ssw";
118}
119
120#######################################################
121
122bundle agent check
123{
124  methods:
125      "any" usebundle => user_has_password_hash("user1", "$(test.hash)", "user1_success", "user1_failure"),
126        classes => always("user1_methods_run");
127      "any" usebundle => user_has_password_hash("user2", "$(init.hash)", "user2_failure", "user2_success"),
128        classes => always("user2_methods_run");
129
130  classes:
131      "ready" and => { "user1_methods_run", "user2_methods_run" };
132      "ok" and => { "user1_success", "!user1_failure",
133                    "user2_success", "!user2_failure"
134                  };
135
136  reports:
137    ok.ready::
138      "$(this.promise_filename) Pass";
139    !ok.ready::
140      "$(this.promise_filename) FAIL";
141}
142