|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
#!/bin/bash
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
#
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# runtest.sh of /CoreOS/openCryptoki/Sanity/bz1054661-init-token-as-a-nonroot-user
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# Description: basic token initialization as a nonroot user
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# Author: Karel Srot <ksrot@redhat.com>
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
#
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
#
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# Copyright (c) 2014 Red Hat, Inc.
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
#
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# This copyrighted material is made available to anyone wishing
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# to use, modify, copy, or redistribute it subject to the terms
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# and conditions of the GNU General Public License version 2.
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
#
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# This program is distributed in the hope that it will be
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# PURPOSE. See the GNU General Public License for more details.
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
#
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# You should have received a copy of the GNU General Public
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# License along with this program; if not, write to the Free
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# Boston, MA 02110-1301, USA.
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
#
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# Include Beaker environment
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
PACKAGE="opencryptoki"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
USER="user$RANDOM"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
TESTDIR=`pwd`
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlJournalStart
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlPhaseStartSetup
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
2d46c2c |
rlRun "rlImport nvr/nvr" || rlDie "cannot import distribution/nvr library"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# need to find out the library path so a user can import it too
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
2d46c2c |
rlRun "rlImport ./token-manipulation" 2> import.log || rlDie "Could not import opencryptoki/token-manipulation library"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
2d46c2c |
LIBPATH=`grep 'Will try to import .\/token-manipulation from' import.log | sed 's/^.*token-manipulation from//'`
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
echo "LIBPATH=$LIBPATH"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlAssertRpm $PACKAGE
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "pushd $TmpDir"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "useradd -m $USER -G pkcs11"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlServiceStop pkcsslotd
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "pkcsResetTokens"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlServiceStart pkcsslotd
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlPhaseEnd
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlPhaseStartTest "listing available tokens as a testuser"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "su $USER -c 'pkcsconf -t' &> query1.log"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
cat query1.log
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
if nvrTestPackage opencryptoki '<' 3.14.0; then
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlAssertGrep "Model: IBM SoftTok" query1.log
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
else
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlAssertGrep "Model: Soft " query1.log
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
fi
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlPhaseEnd
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
# initialize every token available
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
for SLOT in `sed -n 's/^Token #\([0-9]\).*/\1/gp' query1.log`; do
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlPhaseStartTest "initialize token #$SLOT"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "su $USER -c 'source $LIBPATH && pkcsInitToken $SLOT'"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "su $USER -c 'pkcsconf -t -c $SLOT' &> query2.log"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
cat query2.log
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlAssertGrep 'Flags:.*LOGIN_REQUIRED.*USER_PIN_INITIALIZED.*TOKEN_INITIALIZED' query2.log -E
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlPhaseEnd
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
done
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlPhaseStartCleanup
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlServiceStop pkcsslotd
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "pkcsRestoreTokens"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlServiceRestore pkcsslotd
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "popd"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlLog "Waiting 12 for systemd --user process to exit..."
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
sleep 15
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlRun "userdel -r $USER" || ps -ef
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlPhaseEnd
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlJournalPrintText
|
|
![](https://seccdn.libravatar.org/avatar/65a491809f6af8190e3c4bc6817afe1ed1751466f32257701259bd40614acc9a?s=16&d=retro) |
c33e9f2 |
rlJournalEnd
|