| blob | b31f66cdd1c8040af557a4997fe079ca1a21f57e |
1 import ./make-test-python.nix (
2 { pkgs, lib, ... }:
3 let
4 password = "foobarfoo";
5 newPass = "barfoobar";
6 in
7 {
8 name = "systemd-homed";
9 nodes.machine =
10 { config, pkgs, ... }:
11 {
12 services.homed.enable = true;
14 users.users.test-normal-user = {
15 extraGroups = [ "wheel" ];
16 isNormalUser = true;
17 initialPassword = password;
18 };
19 };
20 testScript = ''
21 def switchTTY(number):
22 machine.send_key(f"alt-f{number}")
23 machine.wait_until_succeeds(f"[ $(fgconsole) = {number} ]")
24 machine.wait_for_unit(f"getty@tty{number}.service")
25 machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{number}'")
27 machine.wait_for_unit("multi-user.target")
29 # Smoke test to make sure the pam changes didn't break regular users.
30 machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'")
31 with subtest("login as regular user"):
32 switchTTY(2)
33 machine.wait_until_tty_matches("2", "login: ")
34 machine.send_chars("test-normal-user\n")
35 machine.wait_until_tty_matches("2", "login: test-normal-user")
36 machine.wait_until_tty_matches("2", "Password: ")
37 machine.send_chars("${password}\n")
38 machine.wait_until_succeeds("pgrep -u test-normal-user bash")
39 machine.send_chars("whoami > /tmp/1\n")
40 machine.wait_for_file("/tmp/1")
41 assert "test-normal-user" in machine.succeed("cat /tmp/1")
43 with subtest("create homed encrypted user"):
44 # TODO: Figure out how to pass password manually.
45 #
46 # This environment variable is used for homed internal testing
47 # and is not documented.
48 machine.succeed("NEWPASSWORD=${password} homectl create --shell=/run/current-system/sw/bin/bash --storage=luks -G wheel test-homed-user")
50 with subtest("login as homed user"):
51 switchTTY(3)
52 machine.wait_until_tty_matches("3", "login: ")
53 machine.send_chars("test-homed-user\n")
54 machine.wait_until_tty_matches("3", "login: test-homed-user")
55 machine.wait_until_tty_matches("3", "Password: ")
56 machine.send_chars("${password}\n")
57 machine.wait_until_succeeds("pgrep -t tty3 -u test-homed-user bash")
58 machine.send_chars("whoami > /tmp/2\n")
59 machine.wait_for_file("/tmp/2")
60 assert "test-homed-user" in machine.succeed("cat /tmp/2")
62 with subtest("change homed user password"):
63 switchTTY(4)
64 machine.wait_until_tty_matches("4", "login: ")
65 machine.send_chars("test-homed-user\n")
66 machine.wait_until_tty_matches("4", "login: test-homed-user")
67 machine.wait_until_tty_matches("4", "Password: ")
68 machine.send_chars("${password}\n")
69 machine.wait_until_succeeds("pgrep -t tty4 -u test-homed-user bash")
70 machine.send_chars("passwd\n")
71 # homed does it in a weird order, it asks for new passes, then it asks
72 # for the old one.
73 machine.sleep(2)
74 machine.send_chars("${newPass}\n")
75 machine.sleep(2)
76 machine.send_chars("${newPass}\n")
77 machine.sleep(4)
78 machine.send_chars("${password}\n")
79 machine.wait_until_fails("pgrep -t tty4 passwd")
81 @polling_condition
82 def not_logged_in_tty5():
83 machine.fail("pgrep -t tty5 bash")
85 switchTTY(5)
86 with not_logged_in_tty5: # type: ignore[union-attr]
87 machine.wait_until_tty_matches("5", "login: ")
88 machine.send_chars("test-homed-user\n")
89 machine.wait_until_tty_matches("5", "login: test-homed-user")
90 machine.wait_until_tty_matches("5", "Password: ")
91 machine.send_chars("${password}\n")
92 machine.wait_until_tty_matches("5", "Password incorrect or not sufficient for authentication of user test-homed-user.")
93 machine.wait_until_tty_matches("5", "Sorry, try again: ")
94 machine.send_chars("${newPass}\n")
95 machine.send_chars("whoami > /tmp/4\n")
96 machine.wait_for_file("/tmp/4")
97 assert "test-homed-user" in machine.succeed("cat /tmp/4")
99 with subtest("homed user should be in wheel according to NSS"):
100 machine.succeed("userdbctl group wheel -s io.systemd.NameServiceSwitch | grep test-homed-user")
101 '';
102 }
103 )