package ProFTPD::Tests::Modules::mod_ifsession; use lib qw(t/lib); use base qw(ProFTPD::TestSuite::Child); use strict; use File::Path qw(mkpath); use File::Spec; use IO::Handle; use ProFTPD::TestSuite::FTP; use ProFTPD::TestSuite::Utils qw(:auth :config :running :test :testsuite); $| = 1; my $order = 0; my $TESTS = { ifuser_allowoverwrite => { order => ++$order, test_class => [qw(forking)], }, ifgroup_dir_allow_mkd_bug3467 => { order => ++$order, test_class => [qw(bug forking rootprivs)], }, ifuser_dir_allow_mkd_bug3467 => { order => ++$order, test_class => [qw(bug forking)], }, ifclass_dir_allow_mkd_bug3467 => { order => ++$order, test_class => [qw(bug forking)], }, ifuser_login_deny_by_ip => { order => ++$order, test_class => [qw(forking)], }, ifgroup_ifclass_login_allowclass_bug3547 => { order => ++$order, test_class => [qw(bug forking)], }, ifuser_regex_login_deny_by_ip_bug3625 => { order => ++$order, test_class => [qw(bug forking)], }, }; sub new { return shift()->SUPER::new(@_); } sub list_tests { return testsuite_get_runnable_tests($TESTS); } sub ifuser_allowoverwrite { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/ifsess.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/ifsess.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/ifsess.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/ifsess.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/ifsess.group"); my $test_file = File::Spec->rel2abs($config_file); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $ftpaccess_file = File::Spec->rel2abs("$tmpdir/.ftpaccess"); if (open(my $fh, "> $ftpaccess_file")) { print $fh "AllowOverwrite on\n"; unless (close($fh)) { die("Can't write $ftpaccess_file: $!"); } } else { die("Can't open $ftpaccess_file: $!"); } my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't open $test_file: $!"); } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config, { NoAllowOverride => 1 }); # Append the mod_ifsession config to the end of the config file if (open(my $fh, ">> $config_file")) { print $fh < AllowOverride on AllowOverride off EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); $client->login($user, $passwd); my $conn = $client->stor_raw('test.txt'); unless ($conn) { die("Failed to STOR test.txt: " . $client->response_code() . " " . $client->response_msg()); } $conn->close(); $client->quit(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ifgroup_dir_allow_mkd_bug3467 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/ifsess.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/ifsess.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/ifsess.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/ifsess.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/ifsess.group"); my $test_file = File::Spec->rel2abs($config_file); my $user = 'proftpd'; my $group = 'ftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $user_dir = File::Spec->rel2abs("$home_dir/$user"); mkpath($user_dir); my $ftpaccess_file = File::Spec->rel2abs("$user_dir/.ftpaccess"); if (open(my $fh, "> $ftpaccess_file")) { print $fh "Umask 022\n"; unless (close($fh)) { die("Can't write $ftpaccess_file: $!"); } } else { die("Can't open $ftpaccess_file: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir, $user_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir, $user_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, AllowOverride => 'on', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, DefaultRoot => "~ $group", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Append the mod_ifsession config to the end of the config file if (open(my $fh, ">> $config_file")) { print $fh < DenyAll AllowAll EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); $client->login($user, $passwd); $client->pwd(); $client->mkd('foo'); $client->quit(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ifuser_dir_allow_mkd_bug3467 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/ifsess.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/ifsess.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/ifsess.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/ifsess.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/ifsess.group"); my $test_file = File::Spec->rel2abs($config_file); my $user = 'proftpd'; my $group = 'ftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'directory:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Append the mod_ifsession config to the end of the config file if (open(my $fh, ">> $config_file")) { print $fh < DenyAll AllowAll EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); $client->login($user, $passwd); $client->mkd('foo'); $client->quit(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ifclass_dir_allow_mkd_bug3467 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/ifsess.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/ifsess.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/ifsess.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/ifsess.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/ifsess.group"); my $test_file = File::Spec->rel2abs($config_file); my $user = 'proftpd'; my $group = 'ftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'directory:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Append the mod_ifsession config to the end of the config file if (open(my $fh, ">> $config_file")) { print $fh < From 127.0.0.1 DenyAll AllowAll EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); $client->login($user, $passwd); $client->mkd('foo'); $client->quit(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ifuser_login_deny_by_ip { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/ifsess.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/ifsess.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/ifsess.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/ifsess.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/ifsess.group"); my $test_file = File::Spec->rel2abs($config_file); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Inspired by: # # http://forums.proftpd.org/smf/index.php/topic,5153.0.html # # Append the mod_ifsession config to the end of the config file if (open(my $fh, ">> $config_file")) { print $fh < Deny from 127.0.0.1 EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); eval { $client->login($user, $passwd) }; unless ($@) { die("Login succeeded unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ifgroup_ifclass_login_allowclass_bug3547 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/ifsess.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/ifsess.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/ifsess.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/ifsess.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/ifsess.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $test_group = 'test'; my $test_gid = 501; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); auth_group_write($auth_group_file, $test_group, $test_gid, $user); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'ifsession:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); if (open(my $fh, ">> $config_file")) { print $fh < From 172.16.0.0/12 From 192.168.0.0/16 From 127.0.0.1 AllowClass test AllowClass local DenyAll AllowClass local DenyAll EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); $client->login($user, $passwd); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ifuser_regex_login_deny_by_ip_bug3625 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/ifsess.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/ifsess.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/ifsess.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/ifsess.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/ifsess.group"); my $test_file = File::Spec->rel2abs($config_file); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); if (open(my $fh, ">> $config_file")) { print $fh < Deny from 127.0.0.1 EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); eval { $client->login($user, $passwd) }; unless ($@) { die("Login succeeded unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } 1;