diff options
| author | Christian Breunig <christian@breunig.cc> | 2025-05-09 17:50:54 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2025-05-09 22:31:39 +0200 |
| commit | 9cf35f96450263279aeed1affd37e907d71a3081 (patch) | |
| tree | 5451248cc31136b0869912a21b8ad58772cfe115 /smoketest/scripts/cli/test_system_login.py | |
| parent | c8e468d4bf720f15e1c0232091399a45e8d9949b (diff) | |
| download | vyos-1x-9cf35f96450263279aeed1affd37e907d71a3081.tar.gz vyos-1x-9cf35f96450263279aeed1affd37e907d71a3081.zip | |
T7443: Un-restricting non-root logins after scheduled reboot/shutdown via pam_nologin
When using reboot in, reboot at, or shutdown in, non-root users are prevented
from logging in via SSH or console starting 5 minutes before the scheduled
shutdown or reboot time.
This behavior is intended by pam_nologin.so, which is included in the SSH and
login PAM stack (default on Debian). While expected, it may be inconvenient
and could be reconsidered.
Diffstat (limited to 'smoketest/scripts/cli/test_system_login.py')
| -rwxr-xr-x | smoketest/scripts/cli/test_system_login.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_system_login.py b/smoketest/scripts/cli/test_system_login.py index 71dec68d8..fd5af12ba 100755 --- a/smoketest/scripts/cli/test_system_login.py +++ b/smoketest/scripts/cli/test_system_login.py @@ -548,5 +548,34 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase): self.cli_commit() self.cli_discard() + def test_pam_nologin(self): + # Testcase for T7443, test if we can login with a non-privileged user + # when there are only 5 minutes left until the system reboots + username = users[0] + password = f'{username}-pSWd-t3st' + + self.cli_set(base_path + ['user', username, 'authentication', 'plaintext-password', password]) + self.cli_commit() + + # Login with proper credentials + out, err = self.ssh_send_cmd(ssh_test_command, username, password) + # verify login + self.assertFalse(err) + self.assertEqual(out, self.ssh_test_command_result) + + # Request system reboot in 5 minutes - this will activate pam_nologin.so + # and prevent any login - but we have this disabled, so we must be able + # to login to the router + self.op_mode(['reboot', 'in', '4']) + + # verify login + # Login with proper credentials - after reboot is pending + out, err = self.ssh_send_cmd(ssh_test_command, username, password) + self.assertFalse(err) + self.assertEqual(out, self.ssh_test_command_result) + + # Cancel pending reboot - we do wan't to preceed with the remaining tests + self.op_mode(['reboot', 'cancel']) + if __name__ == '__main__': unittest.main(verbosity=2) |