Added tests for faillog.

tests/log/faillog/01_faillog_no_faillog/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/01_faillog_no_faillog/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/01_faillog_no_faillog/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/01_faillog_no_faillog/config/etc/passwd

@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false

tests/log/faillog/01_faillog_no_faillog/config/etc/shadow

@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::

tests/log/faillog/01_faillog_no_faillog/data/faillog.err

@@ -0,0 +1 @@
+faillog: Cannot open /var/log/faillog: No such file or directory

tests/log/faillog/01_faillog_no_faillog/faillog.test

@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog detects missing /var/log/faillog and does not create it"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; touch /var/log/faillog' 0
+
+change_config
+
+echo -n "Remove /var/log/faillog (it will not be restored)..."
+rm -f /var/log/faillog
+echo "OK"
+
+echo -n "Execute faillog (faillog)..."
+faillog 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "usage message OK."
+rm -f tmp/faillog.err
+
+echo -n "Check that the /var/log/faillog file was not created"...
+test ! -f /var/log/faillog
+echo "OK"
+
+touch /var/log/faillog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/02_faillog_usage/config.txt

@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)

tests/log/faillog/02_faillog_usage/config/etc/group

@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:

tests/log/faillog/02_faillog_usage/config/etc/gshadow

@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::

tests/log/faillog/02_faillog_usage/config/etc/passwd

@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false

tests/log/faillog/02_faillog_usage/config/etc/shadow

@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::

tests/log/faillog/02_faillog_usage/data/usage.out

@@ -0,0 +1,13 @@
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+

tests/log/faillog/02_faillog_usage/faillog.test

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get faillog usage (faillog -h)..."
+faillog -h >tmp/usage.out
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/03_faillog_format/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/03_faillog_format/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/03_faillog_format/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/03_faillog_format/config/etc/pam.d/login

@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon succesful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon succesful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon succesful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)

tests/log/faillog/03_faillog_format/config/etc/passwd

@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh

tests/log/faillog/03_faillog_format/config/etc/shadow

@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:pass:12977:0:99999:7:::

tests/log/faillog/03_faillog_format/data/faillog.out

@@ -0,0 +1,2 @@
+Login       Failures Maximum Latest                   On
+

tests/log/faillog/03_faillog_format/data/lastlog.out

@@ -0,0 +1,20 @@
+Username         Port     From             Latest
+root                                       **Never logged in**
+daemon                                     **Never logged in**
+bin                                        **Never logged in**
+sys                                        **Never logged in**
+sync                                       **Never logged in**
+games                                      **Never logged in**
+man                                        **Never logged in**
+lp                                         **Never logged in**
+mail                                       **Never logged in**
+news                                       **Never logged in**
+uucp                                       **Never logged in**
+proxy                                      **Never logged in**
+www-data                                   **Never logged in**
+backup                                     **Never logged in**
+list                                       **Never logged in**
+irc                                        **Never logged in**
+gnats                                      **Never logged in**
+nobody                                     **Never logged in**
+Debian-exim                                **Never logged in**

tests/log/faillog/03_faillog_format/faillog.test

@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+cp data/faillog.out tmp/faillog.out1
+cp data/faillog.out tmp/faillog.out2
+TTY=$(ls /dev/pts | sort -n|tail -1)
+TTY=$((TTY+1))
+
+DATE=$(LC_ALL=C date +"%D %H:%M:%S %z")
+# pam_tally do not report the line of failure ?
+printf "%-9s   %5d    %5d   %s  %s\n" foo 1 0 "$DATE" "">> tmp/faillog.out1
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+DATE=$(LC_ALL=C date +"%D %H:%M:%S %z")
+# pam_tally do not report the line of failure ?
+printf "%-9s   %5d    %5d   %s  %s\n" foo 1 0 "$DATE" "">> tmp/faillog.out2
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the faillog message..."
+diff -au tmp/faillog.out tmp/faillog.out1 || diff -au tmp/faillog.out tmp/faillog.out2
+echo "faillog message OK."
+rm -f tmp/faillog.out tmp/faillog.out1 tmp/faillog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/03_faillog_format/login.exp

@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login foo\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0

tests/log/faillog/04_faillog_mulitple/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/04_faillog_mulitple/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/04_faillog_mulitple/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/04_faillog_mulitple/config/etc/pam.d/login

@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon succesful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon succesful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon succesful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)

tests/log/faillog/04_faillog_mulitple/config/etc/passwd

@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh

tests/log/faillog/04_faillog_mulitple/config/etc/shadow

@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::

tests/log/faillog/04_faillog_mulitple/data/faillog.list

@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  

tests/log/faillog/04_faillog_mulitple/faillog.test

@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/04_faillog_mulitple/login.exp

@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0

tests/log/faillog/05_faillog-u_ID/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/05_faillog-u_ID/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/05_faillog-u_ID/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/05_faillog-u_ID/config/etc/passwd

@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh

tests/log/faillog/05_faillog-u_ID/config/etc/shadow

@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::

tests/log/faillog/05_faillog-u_ID/data/faillog.list

@@ -0,0 +1,3 @@
+Login       Failures Maximum
+
+bar             0        0  

tests/log/faillog/05_faillog-u_ID/faillog.test

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u 1001..."
+faillog -u 1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/06_faillog-u_name/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/06_faillog-u_name/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/06_faillog-u_name/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/06_faillog-u_name/config/etc/passwd

@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh

tests/log/faillog/06_faillog-u_name/config/etc/shadow

@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::

tests/log/faillog/06_faillog-u_name/data/faillog.list

@@ -0,0 +1,3 @@
+Login
+
+baz

tests/log/faillog/06_faillog-u_name/faillog.test

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u baz..."
+faillog -u baz> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/faillog.out | cut -d" " -f1 > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/07_faillog-u_ID_invalid/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/07_faillog-u_ID_invalid/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/07_faillog-u_ID_invalid/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/07_faillog-u_ID_invalid/config/etc/passwd

@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh

tests/log/faillog/07_faillog-u_ID_invalid/config/etc/shadow

@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::

tests/log/faillog/07_faillog-u_ID_invalid/faillog.test

@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u 1003..."
+faillog -u 1003> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+diff -au data/faillog.list tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/08_faillog-u_name_invalid/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/08_faillog-u_name_invalid/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/08_faillog-u_name_invalid/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/08_faillog-u_name_invalid/config/etc/passwd

@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh

tests/log/faillog/08_faillog-u_name_invalid/config/etc/shadow

@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::

tests/log/faillog/08_faillog-u_name_invalid/data/faillog.err

@@ -0,0 +1 @@
+faillog: Unknown user or range: me

tests/log/faillog/08_faillog-u_name_invalid/faillog.test

@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u me..."
+faillog -u me 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/09_faillog-u_range/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/09_faillog-u_range/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/09_faillog-u_range/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/09_faillog-u_range/config/etc/pam.d/login

@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon succesful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon succesful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon succesful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)

tests/log/faillog/09_faillog-u_range/config/etc/passwd

@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh

tests/log/faillog/09_faillog-u_range/config/etc/shadow

@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::

tests/log/faillog/09_faillog-u_range/data/faillog.list

@@ -0,0 +1,4 @@
+Login       Failures Maximum
+
+irc             1        0  
+foo             1        0  

tests/log/faillog/09_faillog-u_range/faillog.test

@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Trigger a connection as irc..."
+./login.exp irc
+echo "OK"
+
+echo -n "faillog -u 38-1001..."
+faillog -u 38-1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/09_faillog-u_range/login.exp

@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0

tests/log/faillog/10_faillog-u_open_range/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/10_faillog-u_open_range/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/10_faillog-u_open_range/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/10_faillog-u_open_range/config/etc/passwd

@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh

tests/log/faillog/10_faillog-u_open_range/config/etc/shadow

@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::

tests/log/faillog/10_faillog-u_open_range/data/faillog.list

@@ -0,0 +1,22 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+Debian-exim       0        0
+foo             0        0  

tests/log/faillog/10_faillog-u_open_range/faillog.test

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog supports open ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u -1001..."
+faillog -a -u -1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/11_faillog-u_range_open/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/11_faillog-u_range_open/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/11_faillog-u_range_open/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/11_faillog-u_range_open/config/etc/passwd

@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh

tests/log/faillog/11_faillog-u_range_open/config/etc/shadow

@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::

tests/log/faillog/11_faillog-u_range_open/data/faillog.list

@@ -0,0 +1,10 @@
+Login       Failures Maximum
+
+bar             0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             0        0  
+baz             0        0  

tests/log/faillog/11_faillog-u_range_open/faillog.test

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog supports open ranges (2)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u 38-..."
+faillog -a -u 38-> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/12_faillog-u_range_invalid1/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/12_faillog-u_range_invalid1/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/12_faillog-u_range_invalid1/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/12_faillog-u_range_invalid1/config/etc/passwd

@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh

tests/log/faillog/12_faillog-u_range_invalid1/config/etc/shadow

@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::

tests/log/faillog/12_faillog-u_range_invalid1/data/faillog.err

@@ -0,0 +1 @@
+faillog: Unknown user or range: foo-bar

tests/log/faillog/12_faillog-u_range_invalid1/faillog.test

@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u foo-bar..."
+faillog -u foo-bar 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/13_faillog-u_range_invalid2/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/13_faillog-u_range_invalid2/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:

tests/log/faillog/13_faillog-u_range_invalid2/config/etc/gshadow

@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::

tests/log/faillog/13_faillog-u_range_invalid2/config/etc/passwd

@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh

tests/log/faillog/13_faillog-u_range_invalid2/config/etc/shadow

@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::

tests/log/faillog/13_faillog-u_range_invalid2/data/faillog.err

@@ -0,0 +1 @@
+faillog: Unknown user or range: foo-

tests/log/faillog/13_faillog-u_range_invalid2/faillog.test

@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u foo-..."
+faillog -u foo- 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+

tests/log/faillog/14_faillog-u_range_invalid3/config.txt

@@ -0,0 +1 @@
+user foo exists, UID 1000

tests/log/faillog/14_faillog-u_range_invalid3/config/etc/group

@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000: