diff options
| author | Victor Engmark <victor@engmark.name> | 2021-11-18 20:44:29 +1300 |
|---|---|---|
| committer | Victor Engmark <victor@engmark.name> | 2021-11-27 15:55:46 +1300 |
| commit | 595543a3149b64a809da8fb4fdabbd6800d29ad4 (patch) | |
| tree | e1b4a86486a6b4afa22f7959049192c159a4aadd /nixos/tests/pam | |
| parent | bcc1eba8086913106ec094994181cd73a1f9a212 (diff) | |
| download | nixpkgs-595543a3149b64a809da8fb4fdabbd6800d29ad4.tar nixpkgs-595543a3149b64a809da8fb4fdabbd6800d29ad4.tar.gz nixpkgs-595543a3149b64a809da8fb4fdabbd6800d29ad4.tar.bz2 nixpkgs-595543a3149b64a809da8fb4fdabbd6800d29ad4.tar.lz nixpkgs-595543a3149b64a809da8fb4fdabbd6800d29ad4.tar.xz nixpkgs-595543a3149b64a809da8fb4fdabbd6800d29ad4.tar.zst nixpkgs-595543a3149b64a809da8fb4fdabbd6800d29ad4.zip | |
tests: Verify /etc/pam.d/chfn file contents
Diffstat (limited to 'nixos/tests/pam')
| -rw-r--r-- | nixos/tests/pam/default.nix | 25 | ||||
| -rw-r--r-- | nixos/tests/pam/test_chfn.py | 27 |
2 files changed, 52 insertions, 0 deletions
diff --git a/nixos/tests/pam/default.nix b/nixos/tests/pam/default.nix new file mode 100644 index 00000000000..86c61003aeb --- /dev/null +++ b/nixos/tests/pam/default.nix @@ -0,0 +1,25 @@ +let + name = "pam"; +in +import ../make-test-python.nix ({ pkgs, ... }: { + + nodes.machine = { ... }: { + imports = [ ../../modules/profiles/minimal.nix ]; + + krb5.enable = true; + + users = { + mutableUsers = false; + users = { + user = { + isNormalUser = true; + }; + }; + }; + }; + + testScript = builtins.replaceStrings + [ "@@pam_ccreds@@" "@@pam_krb5@@" ] + [ pkgs.pam_ccreds.outPath pkgs.pam_krb5.outPath ] + (builtins.readFile ./test_chfn.py); +}) diff --git a/nixos/tests/pam/test_chfn.py b/nixos/tests/pam/test_chfn.py new file mode 100644 index 00000000000..b108a9423ca --- /dev/null +++ b/nixos/tests/pam/test_chfn.py @@ -0,0 +1,27 @@ +expected_lines = { + "account required pam_unix.so", + "account sufficient @@pam_krb5@@/lib/security/pam_krb5.so", + "auth [default=die success=done] @@pam_ccreds@@/lib/security/pam_ccreds.so action=validate use_first_pass", + "auth [default=ignore success=1 service_err=reset] @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass", + "auth required pam_deny.so", + "auth sufficient @@pam_ccreds@@/lib/security/pam_ccreds.so action=store use_first_pass", + "auth sufficient pam_rootok.so", + "auth sufficient pam_unix.so likeauth try_first_pass", + "password sufficient @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass", + "password sufficient pam_unix.so nullok sha512", + "session optional @@pam_krb5@@/lib/security/pam_krb5.so", + "session required pam_env.so conffile=/etc/pam/environment readenv=0", + "session required pam_unix.so", +} +actual_lines = set(machine.succeed("cat /etc/pam.d/chfn").splitlines()) + +missing_lines = expected_lines - actual_lines +extra_lines = actual_lines - expected_lines +non_functional_lines = set([line for line in extra_lines if (line == "" or line.startswith("#"))]) +unexpected_functional_lines = extra_lines - non_functional_lines + +with subtest("All expected lines are in the file"): + assert not missing_lines, f"Missing lines: {missing_lines}" + +with subtest("All remaining lines are empty or comments"): + assert not unexpected_functional_lines, f"Unexpected lines: {unexpected_functional_lines}" |