package ProFTPD::Tests::Config::AuthAliasOnly; use lib qw(t/lib); use base qw(ProFTPD::TestSuite::Child); use strict; use File::Spec; use IO::Handle; use ProFTPD::TestSuite::FTP; use ProFTPD::TestSuite::Utils qw(:auth :config :running :test :testsuite); $| = 1; my $order = 0; my $TESTS = { authaliasonly_on => { order => ++$order, test_class => [qw(forking)], }, authaliasonly_off_anon_bug2070 => { order => ++$order, test_class => [qw(bug forking rootprivs)], }, authaliasonly_on_anon_bug3501 => { order => ++$order, test_class => [qw(bug forking rootprivs)], }, authaliasonly_on_system_bug3501 => { order => ++$order, test_class => [qw(bug forking rootprivs)], }, authaliasonly_on_anon_bug4255 => { order => ++$order, test_class => [qw(bug forking rootprivs)], }, authaliasonly_on_anon_bug4314 => { order => ++$order, test_class => [qw(bug forking rootprivs)], }, }; sub new { return shift()->SUPER::new(@_); } sub list_tests { return testsuite_get_runnable_tests($TESTS); } sub authaliasonly_on { my $self = shift; my $tmpdir = $self->{tmpdir}; my $setup = test_setup($tmpdir, 'config'); my $alias = 'ftp'; my $config = { PidFile => $setup->{pid_file}, ScoreboardFile => $setup->{scoreboard_file}, SystemLog => $setup->{log_file}, AuthUserFile => $setup->{auth_user_file}, AuthGroupFile => $setup->{auth_group_file}, AuthOrder => 'mod_auth_file.c', UserAlias => "$alias $setup->{user}", AuthAliasOnly => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($setup->{config_file}, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port, 0, 1); $client->login($alias, $setup->{passwd}); $client->quit(); $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port, 0, 1); eval { $client->login($setup->{user}, $setup->{passwd}) }; unless ($@) { die("Login using user '$setup->{user}' succeeded unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($setup->{config_file}, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($setup->{pid_file}); $self->assert_child_ok($pid); test_cleanup($setup->{log_file}, $ex); } sub authaliasonly_off_anon_bug2070 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/config.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/config.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/config.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/config.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/config.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $alias = 'ftptest'; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_user_write($auth_user_file, $alias, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, "$user,$alias"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'auth:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AuthOrder => 'mod_auth_file.c', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); if (open(my $fh, ">> $config_file")) { print $fh < AuthAliasOnly off User $user Group ftpd UserAlias $alias $user RequireValidShell off AuthAliasOnly on AuthUsingAlias off EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); # Make sure that we are indeed logging in anonymously my ($resp_code, $resp_msg) = $client->login($alias, 'ftp@nospam.org'); my $expected = 230; $self->assert($expected == $resp_code, test_msg("Expected response code $expected, got $resp_code")); $expected = 'Anonymous access granted, restrictions apply'; $self->assert($expected eq $resp_msg, test_msg("Expected response message '$expected', got '$resp_msg'")); $client->quit(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub authaliasonly_on_anon_bug3501 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/config.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/config.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/config.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/config.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/config.group"); my $test_file = File::Spec->rel2abs($config_file); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my ($config_user, $config_group) = config_get_identity(); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, User => $config_user, Group => $config_group, AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AuthOrder => 'mod_auth_file.c', Anonymous => { $home_dir => { User => $config_user, Group => $config_group, RequireValidShell => 'off', UserAlias => "anonymous $config_user", AuthAliasOnly => 'on', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my $port; ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port, 0, 1); my ($resp_code, $resp_msg) = $client->user($config_user); my $expected = 331; $self->assert($expected == $resp_code, test_msg("Expected response code $expected, got $resp_code")); # Since AuthAliasOnly is true, it means that that anonymous login can # ONLY happen via the alias, NOT via the configured User. $expected = "Password required for $config_user"; $self->assert($expected eq $resp_msg, test_msg("Expected response message '$expected', got '$resp_msg'")); # What about using the alias, though? ($resp_code, $resp_msg) = $client->user('anonymous'); $expected = 331; $self->assert($expected == $resp_code, test_msg("Expected response code $expected, got $resp_code")); $expected = "Anonymous login ok, send your complete email address as your password"; $self->assert($expected eq $resp_msg, test_msg("Expected response message '$expected', got '$resp_msg'")); $client->quit(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub authaliasonly_on_system_bug3501 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/config.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/config.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/config.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/config.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/config.group"); my $test_file = File::Spec->rel2abs($config_file); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my ($config_user, $config_group) = config_get_identity(); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, User => $config_user, Group => $config_group, DefaultServer => 'on', RequireValidShell => 'on', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AuthOrder => 'mod_auth_file.c', Anonymous => { $home_dir => { User => $config_user, Group => $config_group, RequireValidShell => 'on', UserAlias => "anonymous $config_user", AuthAliasOnly => 'on', Limit => { WRITE => { DenyAll => '', }, }, }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my $port; ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); my ($resp_code, $resp_msg) = $client->user($user); my $expected = 331; $self->assert($expected == $resp_code, test_msg("Expected response code $expected, got $resp_code")); $expected = "Password required for $user"; $self->assert($expected eq $resp_msg, test_msg("Expected response message '$expected', got '$resp_msg'")); $client->quit(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub authaliasonly_on_anon_bug4255 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $setup = test_setup($tmpdir, 'config'); my ($config_user, $config_group) = config_get_identity(); my $config = { PidFile => $setup->{pid_file}, ScoreboardFile => $setup->{scoreboard_file}, SystemLog => $setup->{log_file}, TraceLog => $setup->{log_file}, Trace => 'auth:20', User => $config_user, Group => $config_group, AuthUserFile => $setup->{auth_user_file}, AuthGroupFile => $setup->{auth_group_file}, AuthOrder => 'mod_auth_file.c', AuthAliasOnly => 'on', Anonymous => { $setup->{home_dir} => { User => $config_user, Group => $config_group, RequireValidShell => 'off', UserAlias => "anonymous $config_user", }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my $port; ($port, $config_user, $config_group) = config_write($setup->{config_file}, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { sleep(1); # First, try logging in as user 'anonymous', i.e. the alias. my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port, 0, 1); my ($resp_code, $resp_msg) = $client->user("anonymous"); my $expected = 331; $self->assert($expected == $resp_code, test_msg("Expected response code $expected, got $resp_code")); $expected = 'Anonymous login ok, send your complete email address as your password'; $self->assert($expected eq $resp_msg, test_msg("Expected response message '$expected', got '$resp_msg'")); ($resp_code, $resp_msg) = $client->pass('ftp@nospam.org'); $expected = 230; $self->assert($expected == $resp_code, test_msg("Expected response code $expected, got $resp_code")); $expected = 'Anonymous access granted, restrictions apply'; $self->assert($expected eq $resp_msg, test_msg("Expected response message '$expected', got '$resp_msg'")); $client->quit(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($setup->{config_file}, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($setup->{pid_file}); $self->assert_child_ok($pid); test_cleanup($setup->{log_file}, $ex); } sub authaliasonly_on_anon_bug4314 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $setup = test_setup($tmpdir, 'config'); my ($config_user, $config_group) = config_get_identity(); my $config = { PidFile => $setup->{pid_file}, ScoreboardFile => $setup->{scoreboard_file}, SystemLog => $setup->{log_file}, TraceLog => $setup->{log_file}, Trace => 'auth:20', User => $config_user, Group => $config_group, AuthUserFile => $setup->{auth_user_file}, AuthGroupFile => $setup->{auth_group_file}, AuthOrder => 'mod_auth_file.c', Anonymous => { $setup->{home_dir} => { User => $setup->{user}, Group => $setup->{group}, RequireValidShell => 'off', UserAlias => "anonymous $setup->{user}", AuthAliasOnly => 'on', AnonRequirePassword => 'off', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my $port; ($port, $config_user, $config_group) = config_write($setup->{config_file}, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { sleep(1); # First, try logging in as user 'anonymous', i.e. the alias. my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port, 0, 1); my ($resp_code, $resp_msg) = $client->user("anonymous"); my $expected = 331; $self->assert($expected == $resp_code, "Expected response code $expected, got $resp_code"); $expected = 'Anonymous login ok, send your complete email address as your password'; $self->assert($expected eq $resp_msg, "Expected response message '$expected', got '$resp_msg'"); ($resp_code, $resp_msg) = $client->pass('ftp@nospam.org'); $expected = 230; $self->assert($expected == $resp_code, "Expected response code $expected, got $resp_code"); $expected = 'Anonymous access granted, restrictions apply'; $self->assert($expected eq $resp_msg, "Expected response message '$expected', got '$resp_msg'"); $client->quit(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($setup->{config_file}, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($setup->{pid_file}); $self->assert_child_ok($pid); test_cleanup($setup->{log_file}, $ex); } 1;