···
+
import ./make-test-python.nix ({ pkgs, lib, ... }:
+
dbPassword = "topsecret123";
+
mysqlUsername = "mysqltest";
+
mysqlPassword = "topsecretmysqluserpassword123";
+
mysqlGroup = "mysqlusers";
+
localUsername = "localtest";
+
localPassword = "topsecretlocaluserpassword123";
+
mysqlInit = pkgs.writeText "mysqlInit" ''
+
CREATE USER '${dbUser}'@'localhost' IDENTIFIED BY '${dbPassword}';
+
CREATE DATABASE ${dbName};
+
GRANT ALL PRIVILEGES ON ${dbName}.* TO '${dbUser}'@'localhost';
+
CREATE TABLE `groups` (
+
rowid int(11) NOT NULL auto_increment,
+
name char(255) NOT NULL,
+
name varchar(255) NOT NULL,
+
uid int(11) NOT NULL auto_increment,
+
password varchar(255) NOT NULL,
+
INSERT INTO `users` (name, uid, gid, password) VALUES
+
('${mysqlUsername}', 5000, 5000, SHA2('${mysqlPassword}', 256));
+
INSERT INTO `groups` (name, gid) VALUES ('${mysqlGroup}', 5000);
+
meta.maintainers = with lib.maintainers; [ netali ];
+
package = pkgs.mariadb;
+
settings.mysqld.bind-address = "127.0.0.1";
+
initialScript = mysqlInit;
+
users.users.${localUsername} = {
+
password = localPassword;
+
security.pam.services.login.makeHomeDir = true;
+
passwordFile = "${builtins.toFile "dbPassword" dbPassword}";
+
passwordColumn = "password";
+
passwordCrypt = "sha256";
+
disconnectEveryOperation = true;
+
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
+
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
+
SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \
+
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
+
SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \
+
SELECT name, 'x', gid FROM groups WHERE name='%1$s' LIMIT 1
+
SELECT name, 'x', gid FROM groups WHERE gid='%1$u' LIMIT 1
+
SELECT name, 'x', gid FROM groups
+
SELECT name FROM users WHERE gid=%1$u
+
SELECT gid FROM users WHERE name='%1$s'
+
def switch_to_tty(tty_number):
+
machine.fail(f"pgrep -f 'agetty.*tty{tty_number}'")
+
machine.send_key(f"alt-f{tty_number}")
+
machine.wait_until_succeeds(f"[ $(fgconsole) = {tty_number} ]")
+
machine.wait_for_unit(f"getty@tty{tty_number}.service")
+
machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{tty_number}'")
+
def try_login(tty_number, username, password):
+
machine.wait_until_tty_matches(tty_number, "login: ")
+
machine.send_chars(f"{username}\n")
+
machine.wait_until_tty_matches(tty_number, f"login: {username}")
+
machine.wait_until_succeeds("pgrep login")
+
machine.wait_until_tty_matches(tty_number, "Password: ")
+
machine.send_chars(f"{password}\n")
+
machine.wait_for_unit("multi-user.target")
+
machine.wait_for_unit("mysql.service")
+
machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'")
+
with subtest("Local login"):
+
try_login("2", "${localUsername}", "${localPassword}")
+
machine.wait_until_succeeds("pgrep -u ${localUsername} bash")
+
machine.send_chars("id > local_id.txt\n")
+
machine.wait_for_file("/home/${localUsername}/local_id.txt")
+
machine.succeed("cat /home/${localUsername}/local_id.txt | grep 'uid=1000(${localUsername}) gid=100(users) groups=100(users)'")
+
with subtest("Local incorrect login"):
+
try_login("3", "${localUsername}", "wrongpassword")
+
machine.wait_until_tty_matches("3", "Login incorrect")
+
machine.wait_until_tty_matches("3", "login:")
+
with subtest("MySQL login"):
+
try_login("4", "${mysqlUsername}", "${mysqlPassword}")
+
machine.wait_until_succeeds("pgrep -u ${mysqlUsername} bash")
+
machine.send_chars("id > mysql_id.txt\n")
+
machine.wait_for_file("/home/${mysqlUsername}/mysql_id.txt")
+
machine.succeed("cat /home/${mysqlUsername}/mysql_id.txt | grep 'uid=5000(${mysqlUsername}) gid=5000(${mysqlGroup}) groups=5000(${mysqlGroup})'")
+
with subtest("MySQL incorrect login"):
+
try_login("5", "${mysqlUsername}", "wrongpassword")
+
machine.wait_until_tty_matches("5", "Login incorrect")
+
machine.wait_until_tty_matches("5", "login:")
pyrox.dev