From f4b5dae5c129670bfa5c03956e1a84e65f110244 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 4 Jan 2025 15:14:09 +0100 Subject: [PATCH 1/2] feat: extend test to check if a normal user can still login --- .gitignore | 2 ++ test.nix | 49 ++++++++++++++++++++++++++++++++++++------------- 2 files changed, 38 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index ea8c4bf..db1e858 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ /target +/.nixos-test-history +/result diff --git a/test.nix b/test.nix index 39c162b..ef1ce98 100644 --- a/test.nix +++ b/test.nix @@ -13,17 +13,40 @@ }; testScript = '' machine.wait_for_unit("multi-user.target") - machine.send_key("alt-f2") - machine.wait_until_succeeds("[ $(fgconsole) = 2 ]") - machine.wait_for_unit("getty@tty2.service") - machine.wait_until_succeeds("pgrep -f 'agetty.*tty2'") - machine.wait_until_tty_matches("2", "login: ") - machine.send_chars("Admin\n") - machine.wait_until_tty_matches("2", "login: Admin") - machine.wait_until_succeeds("pgrep login") - machine.wait_until_tty_matches("2", "Password: ") - machine.send_chars("AdminPwdQ1\n") - machine.wait_until_tty_matches("2", "login: ") - machine.succeed("journalctl | grep 'log in with the honeypot credentials'") - ''; + + with subtest("create user"): + machine.succeed("useradd -m alice") + machine.succeed("(echo foobar; echo foobar) | passwd alice") + + with subtest("Switch to tty2 and wait for agetty"): + machine.send_key("alt-f2") + machine.wait_until_succeeds("[ $(fgconsole) = 2 ]") + machine.wait_for_unit("getty@tty2.service") + machine.wait_until_succeeds("pgrep -f 'agetty.*tty2'") + + with subtest("Log in with honeypot credentials should fail and be logged"): + machine.wait_until_tty_matches("2", "login: ") + machine.send_chars("Admin\n") + machine.wait_until_tty_matches("2", "login: Admin") + machine.wait_until_succeeds("pgrep login") + machine.wait_until_tty_matches("2", "Password: ") + machine.send_chars("AdminPwdQ1\n") + machine.wait_until_tty_matches("2", "login: ") + machine.succeed("journalctl | grep 'log in with the honeypot credentials'") + + with subtest("Switch to tty3 and wait for agetty"): + machine.send_key("alt-f3") + machine.wait_until_succeeds("[ $(fgconsole) = 3 ]") + machine.wait_for_unit("getty@tty3.service") + machine.wait_until_succeeds("pgrep -f 'agetty.*tty3'") + + with subtest("Log in as alice on a virtual console should still work"): + machine.wait_until_tty_matches("3", "login: ") + machine.send_chars("alice\n") + machine.wait_until_tty_matches("3", "login: alice") + machine.wait_until_succeeds("pgrep login") + machine.wait_until_tty_matches("3", "Password: ") + machine.send_chars("foobar\n") + machine.wait_until_succeeds("pgrep -u alice bash") + ''; } From 90467eabe22c2aefb0819091b539958b9e2205ae Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 4 Jan 2025 15:15:49 +0100 Subject: [PATCH 2/2] fix: source code formating --- module.nix | 2 +- test.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/module.nix b/module.nix index 4e4c7dd..cc874e2 100644 --- a/module.nix +++ b/module.nix @@ -8,6 +8,6 @@ args = [ "user=Admin" "password=AdminPwdQ1" - ]; + ]; }; } diff --git a/test.nix b/test.nix index ef1ce98..ff7f49a 100644 --- a/test.nix +++ b/test.nix @@ -48,5 +48,5 @@ machine.wait_until_tty_matches("3", "Password: ") machine.send_chars("foobar\n") machine.wait_until_succeeds("pgrep -u alice bash") - ''; + ''; }