From 9a125c3abad53d8de80ae6bf32e1e1362a23043d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 15 Apr 2016 11:15:32 +0200 Subject: [PATCH] tests: update tests to include the running username/group That removes the requirement to keep a uid_wrapper specific hack in check_upeer_id(). --- .gitlab-ci.yml | 4 ++-- configure.ac | 9 -------- src/common/system.c | 26 ----------------------- tests/common.sh | 4 ++++ tests/test-enc-key.config | 4 ++-- tests/test-enc-key2.config | 4 ++-- tests/test-group-pass.config | 4 ++-- tests/test-sighup-key-change.config | 4 ++-- tests/test-sighup.config | 4 ++-- tests/test-user-cert.config | 4 ++-- tests/test-user-group-cert-no-pass.config | 4 ++-- tests/test-user-group-cert.config | 4 ++-- tests/test1.config | 4 ++-- tests/test3.config | 4 ++-- 14 files changed, 26 insertions(+), 57 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2d5b2b00..63c80ac1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,7 @@ Build and Check with separate build dir: script: - git submodule update --init && autoreconf -fvi && mkdir -p build && cd build && - ../configure --with-all-tests && make -j4 && make check -j4 && make SKIP_LIBOPTS_CHECK=1 dist + ../configure && make -j4 && make check -j4 && make SKIP_LIBOPTS_CHECK=1 dist except: - tags Build with minimal setup: @@ -13,6 +13,6 @@ Build with minimal setup: Build and Check with asan: script: - git submodule update --init && autoreconf -fvi && CFLAGS="-fsanitize=address -g -O2" LDFLAGS="-static-libasan" && - ./configure --with-all-tests && make -j4 && make check -j4 + ./configure && make -j4 && make check -j4 except: - tags diff --git a/configure.ac b/configure.ac index 0bf4aaa1..5dc9fb23 100644 --- a/configure.ac +++ b/configure.ac @@ -200,16 +200,7 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([ LIBS="$oldlibs" fi -AC_ARG_WITH(all-tests, - AS_HELP_STRING([--with-all-tests], [do not include tests which require code in the server]), - all_tests=$withval, - all_tests=no) - -if test "$all_tests" != no;then PKG_CHECK_MODULES([CWRAP], [uid_wrapper, socket_wrapper], have_cwrap=yes, have_cwrap=no) -else -have_cwrap=no -fi if test "$have_cwrap" != no;then AC_DEFINE([HAVE_CWRAP], 1, [Enable testing with cwrap]) diff --git a/src/common/system.c b/src/common/system.c index 912a85fc..ea846e77 100644 --- a/src/common/system.c +++ b/src/common/system.c @@ -63,25 +63,6 @@ SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler) return old_action.sa_handler; } -#ifdef HAVE_CWRAP -static unsigned uid_wrapper_enabled(void) -{ - static unsigned int cval = -1; - const char *p; - - if (cval == -1) { - p = getenv("UID_WRAPPER"); - if (p != NULL && p[0] == '1') - cval = 1; - else - cval = 0; - } - return cval; -} -#else -# define uid_wrapper_enabled() 0 -#endif - /* Checks whether the peer in a socket has the expected @uid and @gid. * Returns zero on success. */ @@ -116,10 +97,6 @@ int check_upeer_id(const char *mod, int debug, int cfd, uid_t uid, uid_t gid, ui if (pid) *pid = cr.pid; - /* To enable testing we use uid_wrapper. That unfortunately cannot handle - * this credential checking, so we disable credential checking when using it */ - if (uid_wrapper_enabled() != 0) return 0; - if (cr.uid != 0 && (cr.uid != uid || cr.gid != gid)) { syslog(LOG_ERR, "%s: received unauthorized request from pid %u and uid %u", @@ -150,9 +127,6 @@ int check_upeer_id(const char *mod, int debug, int cfd, uid_t uid, uid_t gid, ui "%s: received request from a processes with uid %u", mod, (unsigned)euid); - /* see above */ - if (uid_wrapper_enabled() != 0) return 0; - if (euid != 0 && (euid != uid || egid != gid)) { syslog(LOG_ERR, "%s: received unauthorized request from a process with uid %u", diff --git a/tests/common.sh b/tests/common.sh index 88c9a3d2..1c2cb2af 100644 --- a/tests/common.sh +++ b/tests/common.sh @@ -46,7 +46,11 @@ fi update_config() { file=$1 + username=$(whoami) + group=$(groups|cut -f 1 -d ' ') cp ${srcdir}/${file} "$file.tmp" + sed -i 's|@USERNAME@|'${username}'|g' "$file.tmp" + sed -i 's|@GROUP@|'${group}'|g' "$file.tmp" sed -i 's|@SRCDIR@|'${srcdir}'|g' "$file.tmp" CONFIG="$file.tmp" } diff --git a/tests/test-enc-key.config b/tests/test-enc-key.config index fa5e480a..ba299741 100644 --- a/tests/test-enc-key.config +++ b/tests/test-enc-key.config @@ -135,8 +135,8 @@ socket-file = ./ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). -run-as-user = nobody -run-as-group = daemon +run-as-user = @USERNAME@ +run-as-group = @GROUP@ # Network settings diff --git a/tests/test-enc-key2.config b/tests/test-enc-key2.config index f330e8ac..2313f6d1 100644 --- a/tests/test-enc-key2.config +++ b/tests/test-enc-key2.config @@ -135,8 +135,8 @@ socket-file = ./ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). -run-as-user = nobody -run-as-group = daemon +run-as-user = @USERNAME@ +run-as-group = @GROUP@ # Network settings diff --git a/tests/test-group-pass.config b/tests/test-group-pass.config index f57f2faa..9f3d4bd2 100644 --- a/tests/test-group-pass.config +++ b/tests/test-group-pass.config @@ -142,8 +142,8 @@ socket-file = ./ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). -run-as-user = nobody -run-as-group = daemon +run-as-user = @USERNAME@ +run-as-group = @GROUP@ # Network settings diff --git a/tests/test-sighup-key-change.config b/tests/test-sighup-key-change.config index d1269bdd..d04cd18e 100644 --- a/tests/test-sighup-key-change.config +++ b/tests/test-sighup-key-change.config @@ -133,8 +133,8 @@ socket-file = ./ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). -run-as-user = nobody -run-as-group = daemon +run-as-user = @USERNAME@ +run-as-group = @GROUP@ # Network settings diff --git a/tests/test-sighup.config b/tests/test-sighup.config index 1b742060..864ed45c 100644 --- a/tests/test-sighup.config +++ b/tests/test-sighup.config @@ -133,8 +133,8 @@ socket-file = ./ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). -run-as-user = nobody -run-as-group = daemon +run-as-user = @USERNAME@ +run-as-group = @GROUP@ # Network settings diff --git a/tests/test-user-cert.config b/tests/test-user-cert.config index e6e99dd7..35758e40 100644 --- a/tests/test-user-cert.config +++ b/tests/test-user-cert.config @@ -133,8 +133,8 @@ socket-file = ./ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). -run-as-user = nobody -run-as-group = daemon +run-as-user = @USERNAME@ +run-as-group = @GROUP@ # Network settings diff --git a/tests/test-user-group-cert-no-pass.config b/tests/test-user-group-cert-no-pass.config index 16fad422..4aa7ff0d 100644 --- a/tests/test-user-group-cert-no-pass.config +++ b/tests/test-user-group-cert-no-pass.config @@ -140,8 +140,8 @@ socket-file = ./ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). -run-as-user = nobody -run-as-group = daemon +run-as-user = @USERNAME@ +run-as-group = @GROUP@ # Network settings diff --git a/tests/test-user-group-cert.config b/tests/test-user-group-cert.config index 68a5f20b..c4fd7da9 100644 --- a/tests/test-user-group-cert.config +++ b/tests/test-user-group-cert.config @@ -140,8 +140,8 @@ socket-file = ./ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). -run-as-user = nobody -run-as-group = daemon +run-as-user = @USERNAME@ +run-as-group = @GROUP@ # Network settings diff --git a/tests/test1.config b/tests/test1.config index 247e1aaa..a5d3c679 100644 --- a/tests/test1.config +++ b/tests/test1.config @@ -133,8 +133,8 @@ socket-file = ./ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). -run-as-user = nobody -run-as-group = daemon +run-as-user = @USERNAME@ +run-as-group = @GROUP@ # Network settings diff --git a/tests/test3.config b/tests/test3.config index 12e05052..267bdc05 100644 --- a/tests/test3.config +++ b/tests/test3.config @@ -133,8 +133,8 @@ socket-file = ./ocserv-socket # The user the worker processes will be run as. It should be # unique (no other services run as this user). -run-as-user = nobody -run-as-group = daemon +run-as-user = @USERNAME@ +run-as-group = @GROUP@ # Network settings