1 import ./make-test-python.nix ({ pkgs, lib, ... }:
5 dbPassword = "topsecret123";
8 mysqlUsername = "mysqltest";
9 mysqlPassword = "topsecretmysqluserpassword123";
10 mysqlGroup = "mysqlusers";
12 localUsername = "localtest";
13 localPassword = "topsecretlocaluserpassword123";
15 mysqlInit = pkgs.writeText "mysqlInit" ''
16 CREATE USER '${dbUser}'@'localhost' IDENTIFIED BY '${dbPassword}';
17 CREATE DATABASE ${dbName};
18 GRANT ALL PRIVILEGES ON ${dbName}.* TO '${dbUser}'@'localhost';
22 CREATE TABLE `groups` (
23 rowid int(11) NOT NULL auto_increment,
25 name char(255) NOT NULL,
29 CREATE TABLE `users` (
30 name varchar(255) NOT NULL,
31 uid int(11) NOT NULL auto_increment,
33 password varchar(255) NOT NULL,
36 ) AUTO_INCREMENT=5000;
38 INSERT INTO `users` (name, uid, gid, password) VALUES
39 ('${mysqlUsername}', 5000, 5000, SHA2('${mysqlPassword}', 256));
40 INSERT INTO `groups` (name, gid) VALUES ('${mysqlGroup}', 5000);
45 meta.maintainers = with lib.maintainers; [ netali ];
52 package = pkgs.mariadb;
53 settings.mysqld.bind-address = "127.0.0.1";
54 initialScript = mysqlInit;
57 users.users.${localUsername} = {
59 password = localPassword;
62 security.pam.services.login.makeHomeDir = true;
69 passwordFile = "${builtins.toFile "dbPassword" dbPassword}";
73 passwordColumn = "password";
74 passwordCrypt = "sha256";
75 disconnectEveryOperation = true;
79 SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
85 SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
91 SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \
97 SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
101 SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \
105 SELECT name, 'x', gid FROM groups WHERE name='%1$s' LIMIT 1
108 SELECT name, 'x', gid FROM groups WHERE gid='%1$u' LIMIT 1
111 SELECT name, 'x', gid FROM groups
114 SELECT name FROM users WHERE gid=%1$u
117 SELECT gid FROM users WHERE name='%1$s'
124 def switch_to_tty(tty_number):
125 machine.fail(f"pgrep -f 'agetty.*tty{tty_number}'")
126 machine.send_key(f"alt-f{tty_number}")
127 machine.wait_until_succeeds(f"[ $(fgconsole) = {tty_number} ]")
128 machine.wait_for_unit(f"getty@tty{tty_number}.service")
129 machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{tty_number}'")
132 def try_login(tty_number, username, password):
133 machine.wait_until_tty_matches(tty_number, "login: ")
134 machine.send_chars(f"{username}\n")
135 machine.wait_until_tty_matches(tty_number, f"login: {username}")
136 machine.wait_until_succeeds("pgrep login")
137 machine.wait_until_tty_matches(tty_number, "Password: ")
138 machine.send_chars(f"{password}\n")
141 machine.wait_for_unit("multi-user.target")
142 machine.wait_for_unit("mysql.service")
143 machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'")
145 with subtest("Local login"):
147 try_login("2", "${localUsername}", "${localPassword}")
149 machine.wait_until_succeeds("pgrep -u ${localUsername} bash")
150 machine.send_chars("id > local_id.txt\n")
151 machine.wait_for_file("/home/${localUsername}/local_id.txt")
152 machine.succeed("cat /home/${localUsername}/local_id.txt | grep 'uid=1000(${localUsername}) gid=100(users) groups=100(users)'")
154 with subtest("Local incorrect login"):
156 try_login("3", "${localUsername}", "wrongpassword")
158 machine.wait_until_tty_matches("3", "Login incorrect")
159 machine.wait_until_tty_matches("3", "login:")
161 with subtest("MySQL login"):
163 try_login("4", "${mysqlUsername}", "${mysqlPassword}")
165 machine.wait_until_succeeds("pgrep -u ${mysqlUsername} bash")
166 machine.send_chars("id > mysql_id.txt\n")
167 machine.wait_for_file("/home/${mysqlUsername}/mysql_id.txt")
168 machine.succeed("cat /home/${mysqlUsername}/mysql_id.txt | grep 'uid=5000(${mysqlUsername}) gid=5000(${mysqlGroup}) groups=5000(${mysqlGroup})'")
170 with subtest("MySQL incorrect login"):
172 try_login("5", "${mysqlUsername}", "wrongpassword")
174 machine.wait_until_tty_matches("5", "Login incorrect")
175 machine.wait_until_tty_matches("5", "login:")