1#######################################################
2#
3# Test that promise outcomes are set correctly.
4#
5#######################################################
6
7body common control
8{
9      inputs => { "../../default.cf.sub", "user_queries.cf.sub" };
10      bundlesequence  => { default("$(this.promise_filename)") };
11}
12
13#######################################################
14
15bundle common hpux_trusted
16{
17  classes:
18      "hpux_trusted_mode_test"
19        expression => regcmp(".*hpux_trusted.*", $(this.promise_filename));
20}
21
22bundle agent init
23{
24  meta:
25      "test_skip_unsupported" string => "hpux_trusted_mode_test.!hpux";
26
27      # Something in the Solaris chroot test environment makes it impossible
28      # to test matching passwords, the pam module always returns error.
29      # This should not happen in a production system though.
30      # Since the error is not on our part, and likely unsolvable, we set
31      # Redmine to zero. However, it would be nice to know if the problem ever
32      # goes away, so using soft_fail.
33      "test_soft_fail" string => "!hpux_trusted_mode_test.(solaris.!sunos_5_9)",
34        meta => { "redmine0" };
35      # On Solaris 9 PAM just crashes inside chroot.
36      "test_skip_needs_work" string => "!hpux_trusted_mode_test.sunos_5_9";
37
38  # AIX doesn't like long names (> 8 chars), so keep them short.
39  # a = absent
40  # p = present
41  # t = attributes
42  # w = password
43  # l = locked
44  # r = repair
45  users:
46    "akeep"
47      policy => "absent";
48    "arepair"
49      policy => "present";
50    "pkeep"
51      policy => "present";
52    "prepair"
53      policy => "absent";
54    "tkeep"
55      policy => "present",
56      uid => "9878",
57      group_primary => "$(user_tests.group1)",
58      groups_secondary => { "$(user_tests.group2)" },
59      shell => "/bin/csh",
60      description => "Description";
61    "trepair"
62      policy => "present",
63      uid => "9877",
64      group_primary => "$(user_tests.group1)",
65      groups_secondary => { "$(user_tests.group2)" },
66      shell => "/bin/csh",
67      description => "Description";
68    "wkeep"
69      policy => "present",
70      password => init_password;
71    "wrepair"
72      policy => "present",
73      password => init_password;
74    "lkeep"
75      policy => "locked";
76    "lr_byadd"
77      policy => "absent";
78    "lr_bymod"
79      policy => "present";
80}
81
82body password init_password
83{
84  format => "plaintext";
85  data => "Init0P4SSW0RD";
86}
87
88#######################################################
89
90bundle agent test
91{
92  users:
93   !ok::
94    "akeep"
95      classes => set_classes_kept_repaired("absent_keep", "not_absent_keep"),
96      policy => "absent";
97    "arepair"
98      classes => set_classes_kept_repaired("not_absent_repair", "absent_repair"),
99      policy => "absent";
100    "pkeep"
101      classes => set_classes_kept_repaired("present_keep", "not_present_keep"),
102      policy => "present";
103    "prepair"
104      classes => set_classes_kept_repaired("not_present_repair", "present_repair"),
105      policy => "present";
106    "tkeep"
107      classes => set_classes_kept_repaired("attributes_keep", "not_attributes_keep"),
108      policy => "present",
109      uid => "9878",
110      group_primary => "$(user_tests.group1)",
111      groups_secondary => { "$(user_tests.group2)" },
112      shell => "/bin/csh",
113      description => "Description";
114    "trepair"
115      classes => set_classes_kept_repaired("not_attributes_repair", "attributes_repair"),
116      policy => "present",
117      uid => "9877",
118      group_primary => "$(user_tests.group1)",
119      groups_secondary => {  },
120      shell => "/bin/ksh",
121      description => "Description";
122    "wkeep"
123      classes => set_classes_kept_repaired("password_keep", "not_password_keep"),
124      policy => "present",
125      password => init_password;
126    "wrepair"
127      classes => set_classes_kept_repaired("not_password_repair", "password_repair"),
128      policy => "present",
129      password => test_password;
130    "lkeep"
131      classes => set_classes_kept_repaired("locked_keep", "not_locked_keep"),
132      policy => "locked";
133    "lr_byadd"
134      classes => set_classes_kept_repaired("not_locked_repair_by_add", "locked_repair_by_add"),
135      policy => "locked";
136    "lr_bymod"
137      classes => set_classes_kept_repaired("not_locked_repair_by_mod", "locked_repair_by_mod"),
138      policy => "locked";
139
140
141  classes:
142    "and_ok" and => { "absent_keep", "absent_repair", "present_keep", "present_repair",
143                  "attributes_keep", "attributes_repair", "password_keep", "password_repair",
144                  "locked_keep", "locked_repair_by_add", "locked_repair_by_mod"  };
145    "not_ok" or => { "not_absent_keep", "not_absent_repair", "not_present_keep", "not_present_repair",
146                  "not_attributes_keep", "not_attributes_repair", "not_password_keep", "not_password_repair",
147                  "not_locked_keep", "not_locked_repair_by_add", "not_locked_repair_by_mod"  };
148
149    "ok" and => { "and_ok", "!not_ok" };
150    "fail" or => { "!and_ok", "not_ok" };
151
152  reports:
153    !absent_keep.DEBUG::
154      "absent_keep is NOT set, but should be";
155    !absent_repair.DEBUG::
156      "absent_repair is NOT set, but should be";
157    !present_keep.DEBUG::
158      "present_keep is NOT set, but should be";
159    !present_repair.DEBUG::
160      "present_repair is NOT set, but should be";
161    !attributes_keep.DEBUG::
162      "attributes_keep is NOT set, but should be";
163    !attributes_repair.DEBUG::
164      "attributes_repair is NOT set, but should be";
165    !password_keep.DEBUG::
166      "password_keep is NOT set, but should be";
167    !password_repair.DEBUG::
168      "password_repair is NOT set, but should be";
169    !locked_keep.DEBUG::
170      "locked_keep is NOT set, but should be";
171    !locked_repair_by_add.DEBUG::
172      "locked_repair_by_add is NOT set, but should be";
173    !locked_repair_by_mod.DEBUG::
174      "locked_repair_by_mod is NOT set, but should be";
175
176    not_absent_keep.DEBUG::
177      "not_absent_keep is SET, but shouldn't be";
178    not_absent_repair.DEBUG::
179      "not_absent_repair is SET, but shouldn't be";
180    not_present_keep.DEBUG::
181      "not_present_keep is SET, but shouldn't be";
182    not_present_repair.DEBUG::
183      "not_present_repair is SET, but shouldn't be";
184    not_attributes_keep.DEBUG::
185      "not_attributes_keep is SET, but shouldn't be";
186    not_attributes_repair.DEBUG::
187      "not_attributes_repair is SET, but shouldn't be";
188    not_password_keep.DEBUG::
189      "not_password_keep is SET, but shouldn't be";
190    not_password_repair.DEBUG::
191      "not_password_repair is SET, but shouldn't be";
192    not_locked_keep.DEBUG::
193      "not_locked_keep is SET, but shouldn't be";
194    not_locked_repair_by_add.DEBUG::
195      "not_locked_repair_by_add is SET, but shouldn't be";
196    not_locked_repair_by_mod.DEBUG::
197      "not_locked_repair_by_mod is SET, but shouldn't be";
198
199    ok::
200      "$(this.promise_filename) Pass";
201    fail|!ok::
202      "$(this.promise_filename) FAIL";
203}
204
205body password test_password
206{
207  format => "plaintext";
208  data => "Test0P4SSW0RD";
209}
210
211body classes set_classes_kept_repaired(x, y)
212{
213  promise_kept => { "$(x)" };
214  promise_repaired => { "$(y)" };
215}
216
217#######################################################
218
219bundle agent check
220{
221}
222