From cf64f8854d51db965b52d86d061d280be275568d Mon Sep 17 00:00:00 2001 From: "litingt@cn.ibm.com" Date: Wed, 12 Apr 2017 04:56:52 -0400 Subject: [PATCH 1/4] add test cases for encrypted password, for bug #2827 --- xCAT-test/autotest/testcase/passwd/case0 | 304 +++++++++++++++++++++++ 1 file changed, 304 insertions(+) create mode 100644 xCAT-test/autotest/testcase/passwd/case0 diff --git a/xCAT-test/autotest/testcase/passwd/case0 b/xCAT-test/autotest/testcase/passwd/case0 new file mode 100644 index 000000000..bad868dc3 --- /dev/null +++ b/xCAT-test/autotest/testcase/passwd/case0 @@ -0,0 +1,304 @@ +start:encrypted_passwd_md5_diskfull +description: this case is to test when cryptmethod=md5 in passwd table, the password is encryped with the md5 method. When compute node is diskfull provisioned, users can login node with correct password. This case should be run when node is correctly defined. +cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +check:rc==0 +cmd:chtab key=system passwd.cryptmethod=md5 +check:rc==0 +cmd:tabdump passwd |grep -i md5 +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute +check:rc==0 +cmd:grep '\$1\$' /install/autoinst/$$CN +check:rc==0 +cmd:oldcryptmethod=`cat /tmp/tmpcryptmethod |sed 's/\"//g'`;chtab key=system passwd.cryptmethod=$oldcryptmethod +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute +check:rc==0 +cmd:rm -rf /tmp/tmpcryptmethod +end + +start:encrypted_passwd_md5_diskless +description: this case is to test when cryptmethod=md5 in passwd table, the password is encryped with the md5 method. When compute node is diskless provisioned, users can login node with correct password. This case should be run when node is correctly defined. +cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +check:rc==0 +cmd:chtab key=system passwd.cryptmethod=md5 +check:rc==0 +cmd:tabdump passwd |grep -i md5 +check:rc==0 +#config CN to do diskless provision +cmd:chdef -t node -o $$CN servicenode= monserver=$$MN nfsserver=$$MN tftpserver=$$MN xcatmaster=$$MN +check:rc==0 +cmd:makedns -n +check:rc==0 +cmd:makeconservercf $$CN +check:rc==0 +cmd:cat /etc/conserver.cf | grep $$CN +check:output=~$$CN +cmd:sleep 20 +cmd:if [[ "__GETNODEATTR($$CN,arch)__" =~ "ppc64" ]]; then getmacs -D $$CN; fi +check:rc==0 +cmd:makedhcp -n +check:rc==0 +cmd:makedhcp -a +check:rc==0 +cmd:a=0;while true; do [ $a -eq 100 ] && exit 1;output=$(makedhcp -q $$CN);[ $? -ne 0 ] && exit 1;echo $output|grep $$CN 2>/dev/null && exit 0;a=$[$a+1];sleep 1;done +check:rc==0 +cmd:copycds $$ISO +check:rc==0 +cmd:rootimgdir=`lsdef -t osimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute|grep rootimgdir|awk -F'=' '{print $2}'`; if [ -d $rootimgdir ]; then mv $rootimgdir $rootimgdir.regbak -f;fi +check:rc==0 +cmd:genimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:packimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:if [[ "__GETNODEATTR($$CN,arch)__" =~ "ppc64" ]]; then rnetboot $$CN;elif [[ "__GETNODEATTR($$CN,arch)__" =~ "x86_64" ]];then rpower $$CN boot; fi +check:rc==0 +cmd:sleep 900 +cmd:a=0;while ! `lsdef -l $$CN|grep status|grep booted >/dev/null`; do sleep 10;((a++));if [ $a -gt 60 ];then break;fi done +cmd:ping $$CN -c 3 +check:rc==0 +check:output=~64 bytes from $$CN +cmd:lsdef -l $$CN | grep status +check:rc==0 +check:output=~booted +cmd:scp $$CN:/etc/shadow /tmp +check:rc==0 +cmd:grep 'root:\$1\$' /tmp/shadow +check:rc==0 +cmd:rootimgdir=`lsdef -t osimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute|grep rootimgdir|awk -F'=' '{print $2}'`; if [ -d $rootimgdir.regbak ]; then rm -rf $rootimgdir; mv $rootimgdir.regbak $rootimgdir; fi +check:rc==0 +cmd:oldcryptmethod=`cat /tmp/tmpcryptmethod |sed 's/\"//g'`;chtab key=system passwd.cryptmethod=$oldcryptmethod +check:rc==0 +cmd:rm -rf /tmp/tmpcryptmethod /tmp/shadow +end + +start:encrypted_passwd_sha256_diskfull +description: this case is to test when cryptmethod=sha256 in passwd table, the password is encryped with the sha256 method. When compute node is diskfull provisioned, users can login node with correct password. This case should be run when node is correctly defined. +cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +check:rc==0 +cmd:chtab key=system passwd.cryptmethod=sha256 +check:rc==0 +cmd:tabdump passwd |grep -i sha256 +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute +check:rc==0 +cmd:grep '\$5\$' /install/autoinst/$$CN +check:rc==0 +cmd:oldcryptmethod=`cat /tmp/tmpcryptmethod |sed 's/\"//g'`;chtab key=system passwd.cryptmethod=$oldcryptmethod +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute +check:rc==0 +cmd:rm -rf /tmp/tmpcryptmethod +end + +start:encrypted_passwd_sha256_diskless +description: this case is to test when cryptmethod=sha256 in passwd table, the password is encryped with the sha256 method. When compute node is diskless provisioned, users can login node with correct password. This case should be run when node is correctly defined. +cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +check:rc==0 +cmd:chtab key=system passwd.cryptmethod=sha256 +check:rc==0 +cmd:tabdump passwd |grep -i sha256 +check:rc==0 +#config CN to do diskless provision +cmd:chdef -t node -o $$CN servicenode= monserver=$$MN nfsserver=$$MN tftpserver=$$MN xcatmaster=$$MN +check:rc==0 +cmd:makedns -n +check:rc==0 +cmd:makeconservercf $$CN +check:rc==0 +cmd:cat /etc/conserver.cf | grep $$CN +check:output=~$$CN +cmd:sleep 20 +cmd:if [[ "__GETNODEATTR($$CN,arch)__" =~ "ppc64" ]]; then getmacs -D $$CN; fi +check:rc==0 +cmd:makedhcp -n +check:rc==0 +cmd:makedhcp -a +check:rc==0 +cmd:a=0;while true; do [ $a -eq 100 ] && exit 1;output=$(makedhcp -q $$CN);[ $? -ne 0 ] && exit 1;echo $output|grep $$CN 2>/dev/null && exit 0;a=$[$a+1];sleep 1;done +check:rc==0 +cmd:copycds $$ISO +check:rc==0 +cmd:rootimgdir=`lsdef -t osimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute|grep rootimgdir|awk -F'=' '{print $2}'`; if [ -d $rootimgdir ]; then mv $rootimgdir $rootimgdir.regbak -f;fi +check:rc==0 +cmd:genimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:packimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:if [[ "__GETNODEATTR($$CN,arch)__" =~ "ppc64" ]]; then rnetboot $$CN;elif [[ "__GETNODEATTR($$CN,arch)__" =~ "x86_64" ]];then rpower $$CN boot; fi +check:rc==0 +cmd:sleep 900 +cmd:a=0;while ! `lsdef -l $$CN|grep status|grep booted >/dev/null`; do sleep 10;((a++));if [ $a -gt 60 ];then break;fi done +cmd:ping $$CN -c 3 +check:rc==0 +check:output=~64 bytes from $$CN +cmd:lsdef -l $$CN | grep status +check:rc==0 +check:output=~booted +cmd:scp $$CN:/etc/shadow /tmp +check:rc==0 +cmd:grep 'root:\$5\$' /tmp/shadow +check:rc==0 +cmd:rootimgdir=`lsdef -t osimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute|grep rootimgdir|awk -F'=' '{print $2}'`; if [ -d $rootimgdir.regbak ]; then rm -rf $rootimgdir; mv $rootimgdir.regbak $rootimgdir; fi +check:rc==0 +cmd:oldcryptmethod=`cat /tmp/tmpcryptmethod |sed 's/\"//g'`;chtab key=system passwd.cryptmethod=$oldcryptmethod +check:rc==0 +cmd:rm -rf /tmp/tmpcryptmethod /tmp/shadow +end + +start:encrypted_passwd_sha512_diskfull +description: this case is to test when cryptmethod=sha512 in passwd table, the password is encryped with the sha512 method. When compute node is diskfull provisioned, users can login node with correct password. This case should be run when node is correctly defined. +cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +check:rc==0 +cmd:chtab key=system passwd.cryptmethod=sha512 +check:rc==0 +cmd:tabdump passwd |grep -i sha512 +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute +check:rc==0 +cmd:grep '\$6\$' /install/autoinst/$$CN +check:rc==0 +cmd:oldcryptmethod=`cat /tmp/tmpcryptmethod |sed 's/\"//g'`;chtab key=system passwd.cryptmethod=$oldcryptmethod +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute +check:rc==0 +cmd:rm -rf /tmp/tmpcryptmethod +end + +start:encrypted_passwd_sha512_diskless +description: this case is to test when cryptmethod=sha512 in passwd table, the password is encryped with the sha512 method. When compute node is diskless provisioned, users can login node with correct password. This case should be run when node is correctly defined. +cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +check:rc==0 +cmd:chtab key=system passwd.cryptmethod=sha512 +check:rc==0 +cmd:tabdump passwd |grep -i sha512 +check:rc==0 +#config CN to do diskless provision +cmd:chdef -t node -o $$CN servicenode= monserver=$$MN nfsserver=$$MN tftpserver=$$MN xcatmaster=$$MN +check:rc==0 +cmd:makedns -n +check:rc==0 +cmd:makeconservercf $$CN +check:rc==0 +cmd:cat /etc/conserver.cf | grep $$CN +check:output=~$$CN +cmd:sleep 20 +cmd:if [[ "__GETNODEATTR($$CN,arch)__" =~ "ppc64" ]]; then getmacs -D $$CN; fi +check:rc==0 +cmd:makedhcp -n +check:rc==0 +cmd:makedhcp -a +check:rc==0 +cmd:a=0;while true; do [ $a -eq 100 ] && exit 1;output=$(makedhcp -q $$CN);[ $? -ne 0 ] && exit 1;echo $output|grep $$CN 2>/dev/null && exit 0;a=$[$a+1];sleep 1;done +check:rc==0 +cmd:copycds $$ISO +check:rc==0 +cmd:rootimgdir=`lsdef -t osimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute|grep rootimgdir|awk -F'=' '{print $2}'`; if [ -d $rootimgdir ]; then mv $rootimgdir $rootimgdir.regbak -f;fi +check:rc==0 +cmd:genimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:packimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:if [[ "__GETNODEATTR($$CN,arch)__" =~ "ppc64" ]]; then rnetboot $$CN;elif [[ "__GETNODEATTR($$CN,arch)__" =~ "x86_64" ]];then rpower $$CN boot; fi +check:rc==0 +cmd:sleep 900 +cmd:a=0;while ! `lsdef -l $$CN|grep status|grep booted >/dev/null`; do sleep 10;((a++));if [ $a -gt 60 ];then break;fi done +cmd:ping $$CN -c 3 +check:rc==0 +check:output=~64 bytes from $$CN +cmd:lsdef -l $$CN | grep status +check:rc==0 +check:output=~booted +cmd:scp $$CN:/etc/shadow /tmp +check:rc==0 +cmd:grep 'root:\$6\$' /tmp/shadow +check:rc==0 +cmd:rootimgdir=`lsdef -t osimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute|grep rootimgdir|awk -F'=' '{print $2}'`; if [ -d $rootimgdir.regbak ]; then rm -rf $rootimgdir; mv $rootimgdir.regbak $rootimgdir; fi +check:rc==0 +cmd:oldcryptmethod=`cat /tmp/tmpcryptmethod |sed 's/\"//g'`;chtab key=system passwd.cryptmethod=$oldcryptmethod +check:rc==0 +cmd:rm -rf /tmp/tmpcryptmethod /tmp/shadow +end + + +start:encrypted_passwd_openssl_diskfull +description: this case is to test when password is encrypted with openssl, the password is encryped in password table. When compute node is diskfull provisioned, users can login node with correct password. This case should be run when node is correctly defined. +cmd:tabdump passwd |grep -i system > /tmp/tmpcryptmethod +check:rc==0 +cmd:chtab key=system passwd.username=root passwd.password=`openssl passwd -1 abc123` +check:rc==0 +cmd:tabdump passwd |grep '\$1\$' +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute +check:rc==0 +cmd:grep '\$1\$' /install/autoinst/$$CN +check:rc==0 +cmd:oldpassword=`cat /tmp/tmpcryptmethod |awk -F , '{print $3}' |sed 's/\"//g'`;oldcryptmethod=`cat /tmp/tmpcryptmethod |awk -F , '{print $4}' |sed 's/\"//g'`;chtab key=system passwd.password=$oldpassword passwd.cryptmethod=$oldcryptmethod +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute +check:rc==0 +cmd:rm -rf /tmp/tmpcryptmethod +end + +start:encrypted_passwd_openssl_diskless +description: this case is to test when password is encrypted with openssl, the password is encryped in password table. When compute node is diskless provisioned, users can login node with correct password. This case should be run when node is correctly defined. +cmd:tabdump passwd |grep -i system > /tmp/tmpcryptmethod +check:rc==0 +cmd:chtab key=system passwd.username=root passwd.password=`openssl passwd -1 abc123` +check:rc==0 +cmd:tabdump passwd |grep '\$1\$' +check:rc==0 +#config CN to do diskless provision +cmd:chdef -t node -o $$CN servicenode= monserver=$$MN nfsserver=$$MN tftpserver=$$MN xcatmaster=$$MN +check:rc==0 +cmd:makedns -n +check:rc==0 +cmd:makeconservercf $$CN +check:rc==0 +cmd:cat /etc/conserver.cf | grep $$CN +check:output=~$$CN +cmd:sleep 20 +cmd:if [[ "__GETNODEATTR($$CN,arch)__" =~ "ppc64" ]]; then getmacs -D $$CN; fi +check:rc==0 +cmd:makedhcp -n +check:rc==0 +cmd:makedhcp -a +check:rc==0 +cmd:a=0;while true; do [ $a -eq 100 ] && exit 1;output=$(makedhcp -q $$CN);[ $? -ne 0 ] && exit 1;echo $output|grep $$CN 2>/dev/null && exit 0;a=$[$a+1];sleep 1;done +check:rc==0 +cmd:copycds $$ISO +check:rc==0 +cmd:rootimgdir=`lsdef -t osimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute|grep rootimgdir|awk -F'=' '{print $2}'`; if [ -d $rootimgdir ]; then mv $rootimgdir $rootimgdir.regbak -f;fi +check:rc==0 +cmd:genimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:packimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute +check:rc==0 +cmd:if [[ "__GETNODEATTR($$CN,arch)__" =~ "ppc64" ]]; then rnetboot $$CN;elif [[ "__GETNODEATTR($$CN,arch)__" =~ "x86_64" ]];then rpower $$CN boot; fi +check:rc==0 +cmd:sleep 900 +cmd:a=0;while ! `lsdef -l $$CN|grep status|grep booted >/dev/null`; do sleep 10;((a++));if [ $a -gt 60 ];then break;fi done +cmd:ping $$CN -c 3 +check:rc==0 +check:output=~64 bytes from $$CN +cmd:lsdef -l $$CN | grep status +check:rc==0 +check:output=~booted +cmd:scp $$CN:/etc/shadow /tmp +check:rc==0 +cmd:grep 'root:\$1\$' /tmp/shadow +check:rc==0 +cmd:rootimgdir=`lsdef -t osimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute|grep rootimgdir|awk -F'=' '{print $2}'`; if [ -d $rootimgdir.regbak ]; then rm -rf $rootimgdir; mv $rootimgdir.regbak $rootimgdir; fi +check:rc==0 +cmd:oldpassword=`cat /tmp/tmpcryptmethod |awk -F , '{print $3}' |sed 's/\"//g'`;oldcryptmethod=`cat /tmp/tmpcryptmethod |awk -F , '{print $4}' |sed 's/\"//g'`;chtab key=system passwd.password=$oldpassword passwd.cryptmethod=$oldcryptmethod +check:rc==0 +cmd:rm -rf /tmp/tmpcryptmethod /tmp/shadow +end From 191f6a03a0e84dad0d042ef5266416afa1a27c14 Mon Sep 17 00:00:00 2001 From: "litingt@cn.ibm.com" Date: Mon, 17 Apr 2017 03:22:23 -0400 Subject: [PATCH 2/4] update for comments --- xCAT-test/autotest/testcase/passwd/case0 | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/xCAT-test/autotest/testcase/passwd/case0 b/xCAT-test/autotest/testcase/passwd/case0 index bad868dc3..0c41c9b65 100644 --- a/xCAT-test/autotest/testcase/passwd/case0 +++ b/xCAT-test/autotest/testcase/passwd/case0 @@ -1,11 +1,9 @@ start:encrypted_passwd_md5_diskfull description: this case is to test when cryptmethod=md5 in passwd table, the password is encryped with the md5 method. When compute node is diskfull provisioned, users can login node with correct password. This case should be run when node is correctly defined. -cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +cmd:gettab key=system passwd.cryptmethod > /tmp/tmpcryptmethod check:rc==0 cmd:chtab key=system passwd.cryptmethod=md5 check:rc==0 -cmd:tabdump passwd |grep -i md5 -check:rc==0 cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute check:rc==0 cmd:grep '\$1\$' /install/autoinst/$$CN @@ -19,12 +17,10 @@ end start:encrypted_passwd_md5_diskless description: this case is to test when cryptmethod=md5 in passwd table, the password is encryped with the md5 method. When compute node is diskless provisioned, users can login node with correct password. This case should be run when node is correctly defined. -cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +cmd:gettab key=system passwd.cryptmethod > /tmp/tmpcryptmethod check:rc==0 cmd:chtab key=system passwd.cryptmethod=md5 check:rc==0 -cmd:tabdump passwd |grep -i md5 -check:rc==0 #config CN to do diskless provision cmd:chdef -t node -o $$CN servicenode= monserver=$$MN nfsserver=$$MN tftpserver=$$MN xcatmaster=$$MN check:rc==0 @@ -76,7 +72,7 @@ end start:encrypted_passwd_sha256_diskfull description: this case is to test when cryptmethod=sha256 in passwd table, the password is encryped with the sha256 method. When compute node is diskfull provisioned, users can login node with correct password. This case should be run when node is correctly defined. -cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +cmd:gettab key=system passwd.cryptmethod > /tmp/tmpcryptmethod check:rc==0 cmd:chtab key=system passwd.cryptmethod=sha256 check:rc==0 @@ -95,12 +91,10 @@ end start:encrypted_passwd_sha256_diskless description: this case is to test when cryptmethod=sha256 in passwd table, the password is encryped with the sha256 method. When compute node is diskless provisioned, users can login node with correct password. This case should be run when node is correctly defined. -cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +cmd:gettab key=system passwd.cryptmethod > /tmp/tmpcryptmethod check:rc==0 cmd:chtab key=system passwd.cryptmethod=sha256 check:rc==0 -cmd:tabdump passwd |grep -i sha256 -check:rc==0 #config CN to do diskless provision cmd:chdef -t node -o $$CN servicenode= monserver=$$MN nfsserver=$$MN tftpserver=$$MN xcatmaster=$$MN check:rc==0 @@ -152,12 +146,10 @@ end start:encrypted_passwd_sha512_diskfull description: this case is to test when cryptmethod=sha512 in passwd table, the password is encryped with the sha512 method. When compute node is diskfull provisioned, users can login node with correct password. This case should be run when node is correctly defined. -cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +cmd:gettab key=system passwd.cryptmethod > /tmp/tmpcryptmethod check:rc==0 cmd:chtab key=system passwd.cryptmethod=sha512 check:rc==0 -cmd:tabdump passwd |grep -i sha512 -check:rc==0 cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute check:rc==0 cmd:grep '\$6\$' /install/autoinst/$$CN @@ -171,12 +163,10 @@ end start:encrypted_passwd_sha512_diskless description: this case is to test when cryptmethod=sha512 in passwd table, the password is encryped with the sha512 method. When compute node is diskless provisioned, users can login node with correct password. This case should be run when node is correctly defined. -cmd:tabdump passwd |grep -i system| awk -F, '{print $4}' > /tmp/tmpcryptmethod +cmd:gettab key=system passwd.cryptmethod > /tmp/tmpcryptmethod check:rc==0 cmd:chtab key=system passwd.cryptmethod=sha512 check:rc==0 -cmd:tabdump passwd |grep -i sha512 -check:rc==0 #config CN to do diskless provision cmd:chdef -t node -o $$CN servicenode= monserver=$$MN nfsserver=$$MN tftpserver=$$MN xcatmaster=$$MN check:rc==0 From 0000e4edd89e1b8d30bdd6f5c31e6e8a9e66a912 Mon Sep 17 00:00:00 2001 From: "litingt@cn.ibm.com" Date: Mon, 17 Apr 2017 03:46:02 -0400 Subject: [PATCH 3/4] update for comments --- xCAT-test/autotest/testcase/passwd/case0 | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/xCAT-test/autotest/testcase/passwd/case0 b/xCAT-test/autotest/testcase/passwd/case0 index 0c41c9b65..74e7c52fc 100644 --- a/xCAT-test/autotest/testcase/passwd/case0 +++ b/xCAT-test/autotest/testcase/passwd/case0 @@ -76,8 +76,6 @@ cmd:gettab key=system passwd.cryptmethod > /tmp/tmpcryptmethod check:rc==0 cmd:chtab key=system passwd.cryptmethod=sha256 check:rc==0 -cmd:tabdump passwd |grep -i sha256 -check:rc==0 cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute check:rc==0 cmd:grep '\$5\$' /install/autoinst/$$CN @@ -219,30 +217,34 @@ end start:encrypted_passwd_openssl_diskfull description: this case is to test when password is encrypted with openssl, the password is encryped in password table. When compute node is diskfull provisioned, users can login node with correct password. This case should be run when node is correctly defined. -cmd:tabdump passwd |grep -i system > /tmp/tmpcryptmethod +cmd:gettab key=system passwd.cryptmethod > /tmp/tmpcryptmethod +check:rc==0 +cmd:gettab key=system passwd.password > /tmp/tmppassword check:rc==0 cmd:chtab key=system passwd.username=root passwd.password=`openssl passwd -1 abc123` check:rc==0 -cmd:tabdump passwd |grep '\$1\$' +cmd:gettab key=system passwd.password |grep '\$1\$' check:rc==0 cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute check:rc==0 cmd:grep '\$1\$' /install/autoinst/$$CN check:rc==0 -cmd:oldpassword=`cat /tmp/tmpcryptmethod |awk -F , '{print $3}' |sed 's/\"//g'`;oldcryptmethod=`cat /tmp/tmpcryptmethod |awk -F , '{print $4}' |sed 's/\"//g'`;chtab key=system passwd.password=$oldpassword passwd.cryptmethod=$oldcryptmethod +cmd:oldpassword=`cat /tmp/tmppassword |sed 's/\"//g'`;oldcryptmethod=`cat /tmp/tmpcryptmethod |sed 's/\"//g'`;chtab key=system passwd.password=$oldpassword passwd.cryptmethod=$oldcryptmethod check:rc==0 cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute check:rc==0 -cmd:rm -rf /tmp/tmpcryptmethod +cmd:rm -rf /tmp/tmpcryptmethod /tmp/tmppassword end start:encrypted_passwd_openssl_diskless description: this case is to test when password is encrypted with openssl, the password is encryped in password table. When compute node is diskless provisioned, users can login node with correct password. This case should be run when node is correctly defined. -cmd:tabdump passwd |grep -i system > /tmp/tmpcryptmethod +cmd:gettab key=system passwd.cryptmethod > /tmp/tmpcryptmethod +check:rc==0 +cmd:gettab key=system passwd.password > /tmp/tmppassword check:rc==0 cmd:chtab key=system passwd.username=root passwd.password=`openssl passwd -1 abc123` check:rc==0 -cmd:tabdump passwd |grep '\$1\$' +cmd:gettab key=system passwd.password |grep '\$1\$' check:rc==0 #config CN to do diskless provision cmd:chdef -t node -o $$CN servicenode= monserver=$$MN nfsserver=$$MN tftpserver=$$MN xcatmaster=$$MN @@ -288,7 +290,7 @@ cmd:grep 'root:\$1\$' /tmp/shadow check:rc==0 cmd:rootimgdir=`lsdef -t osimage __GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-netboot-compute|grep rootimgdir|awk -F'=' '{print $2}'`; if [ -d $rootimgdir.regbak ]; then rm -rf $rootimgdir; mv $rootimgdir.regbak $rootimgdir; fi check:rc==0 -cmd:oldpassword=`cat /tmp/tmpcryptmethod |awk -F , '{print $3}' |sed 's/\"//g'`;oldcryptmethod=`cat /tmp/tmpcryptmethod |awk -F , '{print $4}' |sed 's/\"//g'`;chtab key=system passwd.password=$oldpassword passwd.cryptmethod=$oldcryptmethod +cmd:oldpassword=`cat /tmp/tmppassword |sed 's/\"//g'`;oldcryptmethod=`cat /tmp/tmpcryptmethod |sed 's/\"//g'`;chtab key=system passwd.password=$oldpassword passwd.cryptmethod=$oldcryptmethod check:rc==0 -cmd:rm -rf /tmp/tmpcryptmethod /tmp/shadow +cmd:rm -rf /tmp/tmpcryptmethod /tmp/tmppassword /tmp/shadow end From a19114cf407a825477d2f4f2ba486a70dffe4eb6 Mon Sep 17 00:00:00 2001 From: "litingt@cn.ibm.com" Date: Tue, 18 Apr 2017 02:43:17 -0400 Subject: [PATCH 4/4] update for comments --- xCAT-test/autotest/testcase/passwd/case0 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/xCAT-test/autotest/testcase/passwd/case0 b/xCAT-test/autotest/testcase/passwd/case0 index 74e7c52fc..656898d2a 100644 --- a/xCAT-test/autotest/testcase/passwd/case0 +++ b/xCAT-test/autotest/testcase/passwd/case0 @@ -223,17 +223,19 @@ cmd:gettab key=system passwd.password > /tmp/tmppassword check:rc==0 cmd:chtab key=system passwd.username=root passwd.password=`openssl passwd -1 abc123` check:rc==0 -cmd:gettab key=system passwd.password |grep '\$1\$' +cmd:gettab key=system passwd.password > /tmp/tmpcryptedpasswd check:rc==0 cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute check:rc==0 -cmd:grep '\$1\$' /install/autoinst/$$CN +cmd:grep '\$1\$' /install/autoinst/$$CN |awk -F " " '{print $3}' > /tmp/instcryptedpasswd +check:rc==0 +cmd:diff /tmp/tmpcryptedpasswd /tmp/instcryptedpasswd check:rc==0 cmd:oldpassword=`cat /tmp/tmppassword |sed 's/\"//g'`;oldcryptmethod=`cat /tmp/tmpcryptmethod |sed 's/\"//g'`;chtab key=system passwd.password=$oldpassword passwd.cryptmethod=$oldcryptmethod check:rc==0 cmd:nodeset $$CN osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute check:rc==0 -cmd:rm -rf /tmp/tmpcryptmethod /tmp/tmppassword +cmd:rm -rf /tmp/tmpcryptmethod /tmp/tmppassword /tmp/tmpcryptedpasswd /tmp/instcryptedpasswd end start:encrypted_passwd_openssl_diskless