[LTP] [PATCH 0/5] various tcp_cmds/ssh/* fixes, rewrites

[LTP] [PATCH 0/5] various tcp_cmds/ssh/* fixes, rewrites

[Jiri Jaburek]

Jiri Jaburek (5):
  ssh: unify code style amongst ssh tests
  ssh: remove unused ssh_set_passwd script
  ssh: properly create/remove user home dir, if possible
  ssh: try to prevent invalid PASS when remote cmd fails
  ssh: don't use crypt-based pre-encrypted passwords

 testcases/network/tcp_cmds/ssh/ssh01          | 42 ++++++++++++------------
 testcases/network/tcp_cmds/ssh/ssh01_s1       | 39 +++++++++++++----------
 testcases/network/tcp_cmds/ssh/ssh02          | 39 +++++++++++------------
 testcases/network/tcp_cmds/ssh/ssh02_s1       | 17 +++++-----
 testcases/network/tcp_cmds/ssh/ssh03          | 46 +++++++++++++--------------
 testcases/network/tcp_cmds/ssh/ssh03_s1       | 15 +++++----
 testcases/network/tcp_cmds/ssh/ssh_set_passwd | 28 ----------------
 7 files changed, 103 insertions(+), 123 deletions(-)
 delete mode 100755 testcases/network/tcp_cmds/ssh/ssh_set_passwd

-- 
1.8.3.1


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

[LTP] [PATCH 1/5] ssh: unify code style amongst ssh tests

[Jiri Jaburek]

You can use ie. diff/vimdiff to easily verify the effect of this change.

Signed-off-by: Jiri Jaburek <jjaburek@redhat.com>
---
 testcases/network/tcp_cmds/ssh/ssh01    | 12 ++++++-----
 testcases/network/tcp_cmds/ssh/ssh01_s1 | 37 +++++++++++++++++++--------------
 testcases/network/tcp_cmds/ssh/ssh02    |  1 -
 testcases/network/tcp_cmds/ssh/ssh02_s1 | 11 +++++-----
 testcases/network/tcp_cmds/ssh/ssh03    |  8 +++----
 testcases/network/tcp_cmds/ssh/ssh03_s1 | 11 +++++-----
 6 files changed, 44 insertions(+), 36 deletions(-)

diff --git a/testcases/network/tcp_cmds/ssh/ssh01 b/testcases/network/tcp_cmds/ssh/ssh01
index 0337216..f8fe4d6 100755
--- a/testcases/network/tcp_cmds/ssh/ssh01
+++ b/testcases/network/tcp_cmds/ssh/ssh01
@@ -32,16 +32,17 @@
 
 do_setup()
 {
-
     export RHOST="localhost"
     export TEST_USER="ssh_usr1"
-    export TEST_USER_PASSWD="eal"
+    export TEST_USER_PASSWD="now_this_is_a_good_ltp_test_password"
     export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA"
     export TEST_USER_HOMEDIR="/home/$TEST_USER"
 
-    #erase user if he may exist , so we can have a clean env
+    # erase user if he/she already exists, so we can have a clean env
     TCtmp=/home/$TEST_USER
 
+    rm -Rf $TCtmp
+
     tst_setup
 
     exists expect ssh ssh01_s1 useradd userdel
@@ -60,7 +61,7 @@ do_setup()
     if ! mkdir -p "$TEST_USER_HOMEDIR"; then
         end_testcase "Failed to create $TEST_USER_HOMEDIR"
     fi
-    chown -Rf $USER_UID.$USER_GID "$TEST_USER_HOMEDIR"
+    chown -R $USER_UID.$USER_GID "$TEST_USER_HOMEDIR"
 
     trap do_cleanup EXIT
 
@@ -70,7 +71,8 @@ do_setup()
 # FUNCTION:  do_cleanup
 #-----------------------------------------------------------------------
 
-do_cleanup(){
+do_cleanup()
+{
     userdel $TEST_USER
     tst_cleanup
 }
diff --git a/testcases/network/tcp_cmds/ssh/ssh01_s1 b/testcases/network/tcp_cmds/ssh/ssh01_s1
index 244593b..e64bbf0 100755
--- a/testcases/network/tcp_cmds/ssh/ssh01_s1
+++ b/testcases/network/tcp_cmds/ssh/ssh01_s1
@@ -21,7 +21,6 @@
 #  PURPOSE: Tests to see that ssh rejects an invalid password
 #
 #  SETUP: The program `/usr/bin/expect' MUST be installed.
-#         The PASSWD and RHOST variables MUST be set prior to execution.
 #
 #  HISTORY:
 #    03/03 Jerone Young (jeroney@us.ibm.com)
@@ -31,31 +30,37 @@ set RHOST $env(RHOST)
 set TEST_USER $env(TEST_USER)
 set TEST_USER_PASSWD $env(TEST_USER_PASSWD)
 
+set RUSER $TEST_USER
+set PASSWD $TEST_USER_PASSWD
+
 set timeout 90
 
 #test invalid password
 
-send_user "SSH Test Invalid Password \n"
+send_user "TEST: SSH Test Invalid Password \n"
 
-set RUSER $TEST_USER
+# Set PASSWD to an invalid password
 set PASSWD "invalid_password!"
 
 spawn ssh -l $RUSER $RHOST whoami
 
 while 1 {
-	sleep 2
-	expect {
-
-		"Are you sure you want to continue connecting (yes/no)?" { exp_send "yes\r"}
-                "assword:" {exp_send "$PASSWD\r"}
-		"Permission denied" {
-			send_user "SSH would not allow $RUSER to login with invalid password, Test Passed \n"
-			send_user "\nTEST_PASSED\n"
-			break
-		}
-	     "$RUSER" {send_user "SSH allowed $RUSER to login with invalid pass, Test Failed \n" ;exit 1}
-	}
-	sleep 1
+    sleep 2
+    expect {
+
+        "Are you sure you want to continue connecting (yes/no)?" { exp_send "yes\r"}
+        "assword:" {exp_send "$PASSWD\r"}
+        "Permission denied" {
+            send_user "SSH would not allow $RUSER to login with invalid password, Test Passed \n"
+            send_user "\nTEST_PASSED\n"
+            break
+        }
+        "$RUSER" {
+            send_user "SSH allowed $RUSER to login with invalid pass, Test Failed \n"
+            exit 1
+        }
+    }
+    sleep 1
 }
 
 exit 0
diff --git a/testcases/network/tcp_cmds/ssh/ssh02 b/testcases/network/tcp_cmds/ssh/ssh02
index 00356e5..919e20d 100755
--- a/testcases/network/tcp_cmds/ssh/ssh02
+++ b/testcases/network/tcp_cmds/ssh/ssh02
@@ -32,7 +32,6 @@
 
 do_setup()
 {
-
     export RHOST="localhost"
     export TEST_USER="ssh_usr2"
     export TEST_USER_PASSWD="now_this_is_a_good_ltp_test_password"
diff --git a/testcases/network/tcp_cmds/ssh/ssh02_s1 b/testcases/network/tcp_cmds/ssh/ssh02_s1
index b991141..724ef97 100755
--- a/testcases/network/tcp_cmds/ssh/ssh02_s1
+++ b/testcases/network/tcp_cmds/ssh/ssh02_s1
@@ -32,6 +32,7 @@ set TEST_USER $env(TEST_USER)
 set TEST_USER_PASSWD $env(TEST_USER_PASSWD)
 
 set RUSER $TEST_USER
+set PASSWD $TEST_USER_PASSWD
 
 set timeout 90
 
@@ -41,10 +42,8 @@ send_user "TEST: Test to see if ssh rejects Invalid User \n"
 
 # Set RUSER to an invalid user
 set RUSER "Invaild_User"
-set PASSWD $TEST_USER_PASSWD
 
-
-spawn ssh -l $RUSER $RHOST
+spawn ssh -l $RUSER $RHOST whoami
 
 while 1 {
     sleep 2
@@ -57,8 +56,10 @@ while 1 {
             send_user "\nTEST_PASSED\n"
             break
         }
-            "#" {send_user "SSH allowed $RUSER to login with invalid pass, Test
-Failed \n" ;exit 1}
+        "$RUSER" {
+            send_user "SSH allowed $RUSER to login with invalid pass, Test Failed \n"
+            exit 1
+        }
     }
     sleep 1
 }
diff --git a/testcases/network/tcp_cmds/ssh/ssh03 b/testcases/network/tcp_cmds/ssh/ssh03
index ca9ce0e..fe5919c 100755
--- a/testcases/network/tcp_cmds/ssh/ssh03
+++ b/testcases/network/tcp_cmds/ssh/ssh03
@@ -34,7 +34,7 @@ do_setup()
 {
     export RHOST="localhost"
     export TEST_USER="ssh_usr3"
-    export TEST_USER_PASSWD="eal"
+    export TEST_USER_PASSWD="now_this_is_a_good_ltp_test_password"
     export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA"
     export TEST_USER_HOMEDIR="/home/$TEST_USER"
 
@@ -81,9 +81,9 @@ do_cleanup()
 # FUNCTION:  MAIN
 #
 # DESCRIPTION: Create Test User
-#              Call upon script to make sure an invalid user can not have access
-#              Cleanup Test User from system
-#              Exit with exit code of script called upon
+#          Call upon script to make sure a valid user can have access
+#          Cleanup Test User from system
+#          Exit with exit code of script called upon
 #-----------------------------------------------------------------------
 . net_cmdlib.sh
 
diff --git a/testcases/network/tcp_cmds/ssh/ssh03_s1 b/testcases/network/tcp_cmds/ssh/ssh03_s1
index 6d6c61a..9463a7f 100755
--- a/testcases/network/tcp_cmds/ssh/ssh03_s1
+++ b/testcases/network/tcp_cmds/ssh/ssh03_s1
@@ -31,16 +31,14 @@ set TEST_USER $env(TEST_USER)
 set TEST_USER_PASSWD $env(TEST_USER_PASSWD)
 
 set RUSER $TEST_USER
+set PASSWD $TEST_USER_PASSWD
 
 set timeout 90
 
-#test invalid username
+#test valid username
 
 send_user "TEST: SSH allow (non-root) valid User \n"
 
-set RUSER $TEST_USER
-set PASSWD $TEST_USER_PASSWD
-
 
 spawn ssh -l $RUSER $RHOST whoami
 
@@ -54,7 +52,10 @@ while 1 {
             send_user "\nSSH would not allow $RUSER to login, Test FAILED \n"
             exit 1
         }
-        "$RUSER" {send_user "\nSSH allowed $RUSER to login, Test PASSED \n" ;break}
+        "$RUSER" {
+            send_user "SSH allowed $RUSER to login, Test PASSED \n"
+            break
+        }
     }
     sleep 1
 }
-- 
1.8.3.1


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

[LTP] [PATCH 2/5] ssh: remove unused ssh_set_passwd script

[Jiri Jaburek]

This script is not used anywhere in the suite. Furthermore,
the same functionality is already provided by passwd(1) itself:

  echo "my secret pass" | passwd --stdin myusername

Signed-off-by: Jiri Jaburek <jjaburek@redhat.com>
---
 testcases/network/tcp_cmds/ssh/ssh_set_passwd | 28 ---------------------------
 1 file changed, 28 deletions(-)
 delete mode 100755 testcases/network/tcp_cmds/ssh/ssh_set_passwd

diff --git a/testcases/network/tcp_cmds/ssh/ssh_set_passwd b/testcases/network/tcp_cmds/ssh/ssh_set_passwd
deleted file mode 100755
index 1b7bb7d..0000000
--- a/testcases/network/tcp_cmds/ssh/ssh_set_passwd
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/expect
-#
-# Set Password for a specific new user
-# This script should be run as 'root'
-#
-# Example:
-#		./set_passwd USER PASSWD
-#
-
-if { [llength $argv] < 2} {
-	exit 1
-}
-
-set USER [lindex $argv 0]
-set PASSWD [lindex $argv 1]
-
-set timeout 30
-
-spawn passwd $USER
-expect "password:"
-sleep 1
-send "$PASSWD\r"
-expect "Re-type password:"
-sleep 1
-send "$PASSWD\r"
-expect succeed
-
-exit 0
-- 
1.8.3.1


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

[LTP] [PATCH 3/5] ssh: properly create/remove user home dir, if possible

[Jiri Jaburek]

(this change is identical across ssh01, ssh02, ssh03)

The main motivation is that "mkdir /home/userdir" is not sufficient
to ensure that a user can access that directory. mkdir does not account
for security labels (ie. SELinux), umask of the calling shell and
possibly other variables.
This change fixes the following error, which can be triggered in some
RHEL configurations using SELinux MLS policy:

  Could not chdir to home directory /home/ssh_usr3: Permission denied
  bash: /home/ssh_usr3/.bashrc: Permission denied

and even though ssh01 and ssh02 tests PASS successfully, they would not
reveal a possible TFAIL (user is able to login) due to the chdir/bash
fails shown above - both tests would falsely PASS in a scenario where
ssh login was successful, matching ssh-unrelated "Permission denied".
This is not yet fixed.

The mkdir of home dir was actually happening in tst_setup, a quick fix
(workaround) - instead of this slightly more invasive rewrite - could
therefore be as simple as doing `rm -Rf' directly on /home/$TEST_USER
and not setting TCtmp, letting useradd -m create the homedir.

The do_cleanup trap has been moved up to perform userdel in case
something in do_setup fails.

Signed-off-by: Jiri Jaburek <jjaburek@redhat.com>
---
 testcases/network/tcp_cmds/ssh/ssh01 | 36 ++++++++++++++++++------------------
 testcases/network/tcp_cmds/ssh/ssh02 | 36 ++++++++++++++++++------------------
 testcases/network/tcp_cmds/ssh/ssh03 | 36 ++++++++++++++++++------------------
 3 files changed, 54 insertions(+), 54 deletions(-)

diff --git a/testcases/network/tcp_cmds/ssh/ssh01 b/testcases/network/tcp_cmds/ssh/ssh01
index f8fe4d6..6abbf0d 100755
--- a/testcases/network/tcp_cmds/ssh/ssh01
+++ b/testcases/network/tcp_cmds/ssh/ssh01
@@ -38,33 +38,32 @@ do_setup()
     export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA"
     export TEST_USER_HOMEDIR="/home/$TEST_USER"
 
-    # erase user if he/she already exists, so we can have a clean env
-    TCtmp=/home/$TEST_USER
-
-    rm -Rf $TCtmp
-
-    tst_setup
-
     exists expect ssh ssh01_s1 useradd userdel
 
-    userdel $TEST_USER
+    trap do_cleanup EXIT
+
+    # erase user if he/she already exists, so we can have a clean env
+    userdel -r $TEST_USER
+    [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR"
     sleep 1
 
-    if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER; then
+    tst_setup
+
+    if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER \
+    -d "$TEST_USER_HOMEDIR"; then
         end_testcase "Could not add test user $TEST_USER to system $RHOST."
     fi
 
     # create users home diretory (SLES 8 does not do this, even when specified
     # in adduser)
-    USER_UID=$(id -u $TEST_USER)
-    USER_GID=$(id -g $TEST_USER)
-    if ! mkdir -p "$TEST_USER_HOMEDIR"; then
-        end_testcase "Failed to create $TEST_USER_HOMEDIR"
+    if [ ! -d "$TEST_USER_HOMEDIR" ]; then
+        USER_UID=$(id -u $TEST_USER)
+        USER_GID=$(id -g $TEST_USER)
+        if ! mkdir -p "$TEST_USER_HOMEDIR"; then
+            end_testcase "Failed to create $TEST_USER_HOMEDIR"
+        fi
+        chown -Rf $USER_UID.$USER_GID "$TEST_USER_HOMEDIR"
     fi
-    chown -R $USER_UID.$USER_GID "$TEST_USER_HOMEDIR"
-
-    trap do_cleanup EXIT
-
 }
 
 #-----------------------------------------------------------------------
@@ -73,7 +72,8 @@ do_setup()
 
 do_cleanup()
 {
-    userdel $TEST_USER
+    userdel -r $TEST_USER
+    [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR"
     tst_cleanup
 }
 
diff --git a/testcases/network/tcp_cmds/ssh/ssh02 b/testcases/network/tcp_cmds/ssh/ssh02
index 919e20d..d63e3ea 100755
--- a/testcases/network/tcp_cmds/ssh/ssh02
+++ b/testcases/network/tcp_cmds/ssh/ssh02
@@ -38,33 +38,32 @@ do_setup()
     export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA"
     export TEST_USER_HOMEDIR="/home/$TEST_USER"
 
-    # erase user if he/she already exists, so we can have a clean env
-    TCtmp=/home/$TEST_USER
-
-    rm -Rf $TCtmp
-
-    tst_setup
-
     exists expect ssh ssh02_s1 useradd userdel
 
-    userdel $TEST_USER
+    trap do_cleanup EXIT
+
+    # erase user if he/she already exists, so we can have a clean env
+    userdel -r $TEST_USER
+    [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR"
     sleep 1
 
-    if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER; then
+    tst_setup
+
+    if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER \
+    -d "$TEST_USER_HOMEDIR"; then
         end_testcase "Could not add test user $TEST_USER to system $RHOST."
     fi
 
     # create users home diretory (SLES 8 does not do this, even when specified
     # in adduser)
-    USER_UID=$(id -u $TEST_USER)
-    USER_GID=$(id -g $TEST_USER)
-    if ! mkdir -p "$TEST_USER_HOMEDIR"; then
-        end_testcase "Failed to create $TEST_USER_HOMEDIR"
+    if [ ! -d "$TEST_USER_HOMEDIR" ]; then
+        USER_UID=$(id -u $TEST_USER)
+        USER_GID=$(id -g $TEST_USER)
+        if ! mkdir -p "$TEST_USER_HOMEDIR"; then
+            end_testcase "Failed to create $TEST_USER_HOMEDIR"
+        fi
+        chown -Rf $USER_UID.$USER_GID "$TEST_USER_HOMEDIR"
     fi
-    chown -R $USER_UID.$USER_GID "$TEST_USER_HOMEDIR"
-
-    trap do_cleanup EXIT
-
 }
 
 #-----------------------------------------------------------------------
@@ -73,7 +72,8 @@ do_setup()
 
 do_cleanup()
 {
-    userdel $TEST_USER
+    userdel -r $TEST_USER
+    [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR"
     tst_cleanup
 }
 
diff --git a/testcases/network/tcp_cmds/ssh/ssh03 b/testcases/network/tcp_cmds/ssh/ssh03
index fe5919c..ee89465 100755
--- a/testcases/network/tcp_cmds/ssh/ssh03
+++ b/testcases/network/tcp_cmds/ssh/ssh03
@@ -38,33 +38,32 @@ do_setup()
     export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA"
     export TEST_USER_HOMEDIR="/home/$TEST_USER"
 
-    # erase user if he/she already exists, so we can have a clean env
-    TCtmp=/home/$TEST_USER
-
-    rm -Rf $TCtmp
-
-    tst_setup
-
     exists expect ssh ssh03_s1 useradd userdel
 
-    userdel $TEST_USER
+    trap do_cleanup EXIT
+
+    # erase user if he/she already exists, so we can have a clean env
+    userdel -r $TEST_USER
+    [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR"
     sleep 1
 
-    if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER; then
+    tst_setup
+
+    if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER \
+    -d "$TEST_USER_HOMEDIR"; then
         end_testcase "Could not add test user $TEST_USER to system $RHOST."
     fi
 
     # create users home diretory (SLES 8 does not do this, even when specified
     # in adduser)
-    USER_UID=$(id -u $TEST_USER)
-    USER_GID=$(id -g $TEST_USER)
-    if ! mkdir -p "$TEST_USER_HOMEDIR"; then
-        end_testcase "Failed to create $TEST_USER_HOMEDIR"
+    if [ ! -d "$TEST_USER_HOMEDIR" ]; then
+        USER_UID=$(id -u $TEST_USER)
+        USER_GID=$(id -g $TEST_USER)
+        if ! mkdir -p "$TEST_USER_HOMEDIR"; then
+            end_testcase "Failed to create $TEST_USER_HOMEDIR"
+        fi
+        chown -Rf $USER_UID.$USER_GID "$TEST_USER_HOMEDIR"
     fi
-    chown -R $USER_UID.$USER_GID "$TEST_USER_HOMEDIR"
-
-    trap do_cleanup EXIT
-
 }
 
 #-----------------------------------------------------------------------
@@ -73,7 +72,8 @@ do_setup()
 
 do_cleanup()
 {
-    userdel $TEST_USER
+    userdel -r $TEST_USER
+    [ -d "$TEST_USER_HOMEDIR" ] && rm -rf "$TEST_USER_HOMEDIR"
     tst_cleanup
 }
 
-- 
1.8.3.1


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

[LTP] [PATCH 4/5] ssh: try to prevent invalid PASS when remote cmd fails

[Jiri Jaburek]

This change does not guarantee elimination of false PASS results,
but it makes them somewhat less likely to occur by matching sshd-like
Permission denied line. The regexp doesn't use ^ or $ or any kind of
more precise matching due to numerous problems with `expect' handling
the more complicated regexp strings across versions.

Signed-off-by: Jiri Jaburek <jjaburek@redhat.com>
---
 testcases/network/tcp_cmds/ssh/ssh01_s1 | 6 +++---
 testcases/network/tcp_cmds/ssh/ssh02_s1 | 6 +++---
 testcases/network/tcp_cmds/ssh/ssh03_s1 | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/testcases/network/tcp_cmds/ssh/ssh01_s1 b/testcases/network/tcp_cmds/ssh/ssh01_s1
index e64bbf0..c1cc127 100755
--- a/testcases/network/tcp_cmds/ssh/ssh01_s1
+++ b/testcases/network/tcp_cmds/ssh/ssh01_s1
@@ -50,10 +50,10 @@ while 1 {
 
         "Are you sure you want to continue connecting (yes/no)?" { exp_send "yes\r"}
         "assword:" {exp_send "$PASSWD\r"}
-        "Permission denied" {
+        -re "Permission denied (.*)\." {
             send_user "SSH would not allow $RUSER to login with invalid password, Test Passed \n"
             send_user "\nTEST_PASSED\n"
-            break
+            exit 0
         }
         "$RUSER" {
             send_user "SSH allowed $RUSER to login with invalid pass, Test Failed \n"
@@ -63,4 +63,4 @@ while 1 {
     sleep 1
 }
 
-exit 0
+exit 1
diff --git a/testcases/network/tcp_cmds/ssh/ssh02_s1 b/testcases/network/tcp_cmds/ssh/ssh02_s1
index 724ef97..d49e1e9 100755
--- a/testcases/network/tcp_cmds/ssh/ssh02_s1
+++ b/testcases/network/tcp_cmds/ssh/ssh02_s1
@@ -51,10 +51,10 @@ while 1 {
 
         "Are you sure you want to continue connecting (yes/no)?" { exp_send "yes\r"}
         "assword:" {exp_send "$PASSWD\r"}
-        "Permission denied" {
+        -re "Permission denied (.*)\." {
             send_user "SSH would not allow $RUSER to login with invalid password, Test Passed \n"
             send_user "\nTEST_PASSED\n"
-            break
+            exit 0
         }
         "$RUSER" {
             send_user "SSH allowed $RUSER to login with invalid pass, Test Failed \n"
@@ -64,4 +64,4 @@ while 1 {
     sleep 1
 }
 
-exit 0
+exit 1
diff --git a/testcases/network/tcp_cmds/ssh/ssh03_s1 b/testcases/network/tcp_cmds/ssh/ssh03_s1
index 9463a7f..bf6aada 100755
--- a/testcases/network/tcp_cmds/ssh/ssh03_s1
+++ b/testcases/network/tcp_cmds/ssh/ssh03_s1
@@ -48,16 +48,16 @@ while 1 {
 
         "Are you sure you want to continue connecting (yes/no)?" { exp_send "yes\r"}
         "assword:" {exp_send "$PASSWD\r"}
-        "Permission denied" {
+        -re "Permission denied (.*)\." {
             send_user "\nSSH would not allow $RUSER to login, Test FAILED \n"
             exit 1
         }
         "$RUSER" {
             send_user "SSH allowed $RUSER to login, Test PASSED \n"
-            break
+            exit 0
         }
     }
     sleep 1
 }
 
-exit 0
+exit 1
-- 
1.8.3.1


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

[LTP] [PATCH 5/5] ssh: don't use crypt-based pre-encrypted passwords

[Jiri Jaburek]

This change makes the ssh tests use passwd --stdin instead of
the -p argument to useradd, enabling the test to use the system-default
encryption algorithm defined in login.defs (ENCRYPT_METHOD), ensuring
greater compatibility.

Furthermore, the original hashes were wrong, at least for ssh01 and 02,
  'now_this_is_a_good_ltp_test_password' + salt '42' = 42lB8bQmUez4U
  'eal' + salt '42' = 42VmxaOByKwlA

The incorrect usage of now_this_is_a_good_ltp_test_password as PASSWD
with 42VmxaOByKwlA as ENCRYPTED_PASSWD in ssh0[12] dates back to 2004,
meaning those tests couldn't have failed (by a successful login) since
then (at least).

Signed-off-by: Jiri Jaburek <jjaburek@redhat.com>
---
 testcases/network/tcp_cmds/ssh/ssh01 | 6 +++---
 testcases/network/tcp_cmds/ssh/ssh02 | 6 +++---
 testcases/network/tcp_cmds/ssh/ssh03 | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/testcases/network/tcp_cmds/ssh/ssh01 b/testcases/network/tcp_cmds/ssh/ssh01
index 6abbf0d..a0c66f5 100755
--- a/testcases/network/tcp_cmds/ssh/ssh01
+++ b/testcases/network/tcp_cmds/ssh/ssh01
@@ -35,7 +35,6 @@ do_setup()
     export RHOST="localhost"
     export TEST_USER="ssh_usr1"
     export TEST_USER_PASSWD="now_this_is_a_good_ltp_test_password"
-    export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA"
     export TEST_USER_HOMEDIR="/home/$TEST_USER"
 
     exists expect ssh ssh01_s1 useradd userdel
@@ -49,11 +48,12 @@ do_setup()
 
     tst_setup
 
-    if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER \
-    -d "$TEST_USER_HOMEDIR"; then
+    if ! useradd -m -d "$TEST_USER_HOMEDIR" $TEST_USER; then
         end_testcase "Could not add test user $TEST_USER to system $RHOST."
     fi
 
+    echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER
+
     # create users home diretory (SLES 8 does not do this, even when specified
     # in adduser)
     if [ ! -d "$TEST_USER_HOMEDIR" ]; then
diff --git a/testcases/network/tcp_cmds/ssh/ssh02 b/testcases/network/tcp_cmds/ssh/ssh02
index d63e3ea..2d82acb 100755
--- a/testcases/network/tcp_cmds/ssh/ssh02
+++ b/testcases/network/tcp_cmds/ssh/ssh02
@@ -35,7 +35,6 @@ do_setup()
     export RHOST="localhost"
     export TEST_USER="ssh_usr2"
     export TEST_USER_PASSWD="now_this_is_a_good_ltp_test_password"
-    export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA"
     export TEST_USER_HOMEDIR="/home/$TEST_USER"
 
     exists expect ssh ssh02_s1 useradd userdel
@@ -49,11 +48,12 @@ do_setup()
 
     tst_setup
 
-    if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER \
-    -d "$TEST_USER_HOMEDIR"; then
+    if ! useradd -m -d "$TEST_USER_HOMEDIR" $TEST_USER; then
         end_testcase "Could not add test user $TEST_USER to system $RHOST."
     fi
 
+    echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER
+
     # create users home diretory (SLES 8 does not do this, even when specified
     # in adduser)
     if [ ! -d "$TEST_USER_HOMEDIR" ]; then
diff --git a/testcases/network/tcp_cmds/ssh/ssh03 b/testcases/network/tcp_cmds/ssh/ssh03
index ee89465..49b6527 100755
--- a/testcases/network/tcp_cmds/ssh/ssh03
+++ b/testcases/network/tcp_cmds/ssh/ssh03
@@ -35,7 +35,6 @@ do_setup()
     export RHOST="localhost"
     export TEST_USER="ssh_usr3"
     export TEST_USER_PASSWD="now_this_is_a_good_ltp_test_password"
-    export TEST_USER_ENCRYPTED_PASSWD="42VmxaOByKwlA"
     export TEST_USER_HOMEDIR="/home/$TEST_USER"
 
     exists expect ssh ssh03_s1 useradd userdel
@@ -49,11 +48,12 @@ do_setup()
 
     tst_setup
 
-    if ! useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER \
-    -d "$TEST_USER_HOMEDIR"; then
+    if ! useradd -m -d "$TEST_USER_HOMEDIR" $TEST_USER; then
         end_testcase "Could not add test user $TEST_USER to system $RHOST."
     fi
 
+    echo "$TEST_USER_PASSWD" | passwd --stdin $TEST_USER
+
     # create users home diretory (SLES 8 does not do this, even when specified
     # in adduser)
     if [ ! -d "$TEST_USER_HOMEDIR" ]; then
-- 
1.8.3.1


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH 0/5] various tcp_cmds/ssh/* fixes, rewrites

[Jiri Jaburek]

On 12/03/2013 11:16 AM, Jiri Jaburek wrote:
> Jiri Jaburek (5):
>   ssh: unify code style amongst ssh tests
>   ssh: remove unused ssh_set_passwd script
>   ssh: properly create/remove user home dir, if possible
>   ssh: try to prevent invalid PASS when remote cmd fails
>   ssh: don't use crypt-based pre-encrypted passwords
> 
>  testcases/network/tcp_cmds/ssh/ssh01          | 42 ++++++++++++------------
>  testcases/network/tcp_cmds/ssh/ssh01_s1       | 39 +++++++++++++----------
>  testcases/network/tcp_cmds/ssh/ssh02          | 39 +++++++++++------------
>  testcases/network/tcp_cmds/ssh/ssh02_s1       | 17 +++++-----
>  testcases/network/tcp_cmds/ssh/ssh03          | 46 +++++++++++++--------------
>  testcases/network/tcp_cmds/ssh/ssh03_s1       | 15 +++++----
>  testcases/network/tcp_cmds/ssh/ssh_set_passwd | 28 ----------------
>  7 files changed, 103 insertions(+), 123 deletions(-)
>  delete mode 100755 testcases/network/tcp_cmds/ssh/ssh_set_passwd
> 

Could somebody review these changes, please? All patches should be well
commented using commit messages.

Thanks,
Jiri


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH 0/5] various tcp_cmds/ssh/* fixes, rewrites

[Jan Stancek]

----- Original Message -----
> From: "Jiri Jaburek" <jjaburek@redhat.com>
> To: ltp-list@lists.sourceforge.net
> Sent: Monday, 6 January, 2014 12:39:55 PM
> Subject: Re: [LTP] [PATCH 0/5] various tcp_cmds/ssh/* fixes, rewrites
> 
> On 12/03/2013 11:16 AM, Jiri Jaburek wrote:
> > Jiri Jaburek (5):
> >   ssh: unify code style amongst ssh tests
> >   ssh: remove unused ssh_set_passwd script
> >   ssh: properly create/remove user home dir, if possible
> >   ssh: try to prevent invalid PASS when remote cmd fails
> >   ssh: don't use crypt-based pre-encrypted passwords
> > 
> >  testcases/network/tcp_cmds/ssh/ssh01          | 42
> >  ++++++++++++------------
> >  testcases/network/tcp_cmds/ssh/ssh01_s1       | 39 +++++++++++++----------
> >  testcases/network/tcp_cmds/ssh/ssh02          | 39 +++++++++++------------
> >  testcases/network/tcp_cmds/ssh/ssh02_s1       | 17 +++++-----
> >  testcases/network/tcp_cmds/ssh/ssh03          | 46
> >  +++++++++++++--------------
> >  testcases/network/tcp_cmds/ssh/ssh03_s1       | 15 +++++----
> >  testcases/network/tcp_cmds/ssh/ssh_set_passwd | 28 ----------------
> >  7 files changed, 103 insertions(+), 123 deletions(-)
> >  delete mode 100755 testcases/network/tcp_cmds/ssh/ssh_set_passwd
> > 
> 
> Could somebody review these changes, please? All patches should be well
> commented using commit messages.

Acked-by: Jan Stancek <jstancek@redhat.com>

Hi Jiri,

The patches look good to me. All applied cleanly on current latest
and I successfully ran these 3 testcases on RHEL 5.3/6.0/7Beta.

I'm adding diff of output below. Looking at sources this shouldn't matter
as I couldn't find any code actually depending on this output.

Even though the patches look simple, we are currently close to releasing
new LTP version, so I'll leave it up to Cyril, if he wants to include
this before or after.

Regards,
Jan

-----------

--- /tmp/before.txt	2014-01-13 14:11:23.828695492 +0100
+++ /tmp/after.txt	2014-01-13 14:11:33.835653955 +0100
@@ -1,9 +1,10 @@
 1.
+
 userdel: user 'ssh_usr1' does not exist
-useradd: warning: the home directory already exists.
-Not copying any file from skel directory into it.
 Creating mailbox file: File exists
-SSH Test Invalid Password 
+Changing password for user ssh_usr1.
+passwd: all authentication tokens updated successfully.
+TEST: SSH Test Invalid Password 
 spawn ssh -l ssh_usr1 localhost whoami
 ssh_usr1@localhost's password: 
 Permission denied, please try again.
@@ -14,14 +15,16 @@
 SSH would not allow ssh_usr1 to login with invalid password, Test Passed 
 
 TEST_PASSED
+userdel: /var/spool/mail/ssh_usr1 not owned by ssh_usr1, not removing
 ssh01       0  TINFO  :  Cleaning up.
 
 2.
 userdel: user 'ssh_usr2' does not exist
-useradd: warning: the home directory already exists.
-Not copying any file from skel directory into it.
+Creating mailbox file: File exists
+Changing password for user ssh_usr2.
+passwd: all authentication tokens updated successfully.
 TEST: Test to see if ssh rejects Invalid User 
-spawn ssh -l Invaild_User localhost
+spawn ssh -l Invaild_User localhost whoami
 Invaild_User@localhost's password: 
 Permission denied, please try again.
 Invaild_User@localhost's password: 
@@ -35,13 +38,13 @@
 
 3.
 userdel: user 'ssh_usr3' does not exist
-useradd: warning: the home directory already exists.
-Not copying any file from skel directory into it.
+Creating mailbox file: File exists
+Changing password for user ssh_usr3.
+passwd: all authentication tokens updated successfully.
 TEST: SSH allow (non-root) valid User 
 spawn ssh -l ssh_usr3 localhost whoami
 ssh_usr3@localhost's password: 
 ssh_usr3
-
 SSH allowed ssh_usr3 to login, Test PASSED 
 ssh03       0  TINFO  :  Cleaning up.
 

> 
> Thanks,
> Jiri
> 
> 
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Ltp-list mailing list
> Ltp-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ltp-list
> 

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH 0/5] various tcp_cmds/ssh/* fixes, rewrites

[chrubis]

Hi!
> Even though the patches look simple, we are currently close to releasing
> new LTP version, so I'll leave it up to Cyril, if he wants to include
> this before or after.

I would vote for applying these after the release, as far as I know they
do not fix build failures or regressions and came quite late.

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH 0/5] various tcp_cmds/ssh/* fixes, rewrites

[chrubis]

Hi!
This can go in now. Jan can you please check it in?

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list