package ProFTPD::Tests::Config::UserOwner; use lib qw(t/lib); use base qw(ProFTPD::TestSuite::Child); use strict; use File::Spec; use IO::Handle; use ProFTPD::TestSuite::FTP; use ProFTPD::TestSuite::Utils qw(:auth :config :running :test :testsuite); $| = 1; my $order = 0; my $TESTS = { userowner_file => { order => ++$order, test_class => [qw(forking rootprivs)], }, userowner_dir => { order => ++$order, test_class => [qw(forking rootprivs)], }, userowner_failed_norootprivs => { order => ++$order, test_class => [qw(forking norootprivs)], }, userowner_anon_mkd => { order => ++$order, test_class => [qw(forking rootprivs)], }, }; sub new { return shift()->SUPER::new(@_); } sub list_tests { return testsuite_get_runnable_tests($TESTS); } sub userowner_file { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/config.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/config.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/config.scoreboard"); my $log_file = test_get_logfile(); my $auth_user_file = File::Spec->rel2abs("$tmpdir/config.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/config.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $owner = 'proftpd2'; my $owner_uid = 1000; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_user_write($auth_user_file, $owner, "none", $owner_uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AuthOrder => 'mod_auth_file.c', Directory => { '~' => { UserOwner => $owner, }, }, IfModules => { 'mod_cap.c' => { CapabilitiesEngine => 'off', }, 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); $client->login($user, $passwd); # Now upload a file into the directory, and make sure that the UserOwner # directive is applied properly my $conn = $client->stor_raw('test.txt'); unless ($conn) { die("Failed to STOR test.txt: " . $client->response_code() . " " . $client->response_msg()); } my $buf = "Hello, World!\n"; $conn->write($buf, length($buf), 25); eval { $conn->close() }; my $resp_code = $client->response_code(); my $resp_msg = $client->response_msg(); $self->assert_transfer_ok($resp_code, $resp_msg); $client->quit(); my $owning_uid = (stat($test_file))[4]; $self->assert($owner_uid == $owning_uid, test_msg("Expected $owner_uid, got $owning_uid")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { test_append_logfile($log_file, $ex); unlink($log_file); die($ex); } unlink($log_file); } sub userowner_dir { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/config.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/config.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/config.scoreboard"); my $log_file = test_get_logfile(); my $auth_user_file = File::Spec->rel2abs("$tmpdir/config.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/config.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $owner = 'proftpd2'; my $owner_uid = 1000; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_user_write($auth_user_file, $owner, "none", $owner_uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $test_dir = File::Spec->rel2abs("$tmpdir/test.d"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AuthOrder => 'mod_auth_file.c', Directory => { '~' => { UserOwner => $owner, }, }, IfModules => { 'mod_cap.c' => { CapabilitiesEngine => 'off', }, 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); $client->login($user, $passwd); my ($resp_code, $resp_msg) = $client->mkd('test.d'); my $expected; $expected = 257; $self->assert($expected == $resp_code, test_msg("Expected response code $expected, got $resp_code")); $expected = "\"$test_dir\" - Directory successfully created"; $self->assert($expected eq $resp_msg, test_msg("Expected response message '$expected', got '$resp_msg'")); $client->quit(); $self->assert(-d $test_dir, test_msg("$test_dir directory does not exist as expected")); my $owning_uid = (stat($test_dir))[4]; $self->assert($owner_uid == $owning_uid, test_msg("Expected owner UID $owner_uid, got $owning_uid")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { test_append_logfile($log_file, $ex); unlink($log_file); die($ex); } unlink($log_file); } sub userowner_failed_norootprivs { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/config.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/config.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/config.scoreboard"); my $log_file = test_get_logfile(); my $auth_user_file = File::Spec->rel2abs("$tmpdir/config.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/config.group"); my $owner = 'proftpd2'; my $owner_uid = 1000; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AuthOrder => 'mod_auth_file.c', Directory => { '~' => { UserOwner => $owner, }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my ($uid, $gid) = (getpwnam($config_user))[2,3]; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_user_write($auth_user_file, $owner, "none", $owner_uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); $client->login($user, $passwd); # Now upload a file into the directory, and make sure that the UserOwner # directive is applied properly my $conn = $client->stor_raw('test.txt'); unless ($conn) { die("Failed to STOR test.txt: " . $client->response_code() . " " . $client->response_msg()); } my $buf = "Hello, World!\n"; $conn->write($buf, length($buf), 25); eval { $conn->close() }; my $resp_code = $client->response_code(); my $resp_msg = $client->response_msg(); $self->assert_transfer_ok($resp_code, $resp_msg); $client->quit(); my $owning_uid = (stat($test_file))[4]; $self->assert($uid == $owning_uid, test_msg("Expected $uid, got $owning_uid")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { test_append_logfile($log_file, $ex); unlink($log_file); die($ex); } unlink($log_file); } sub userowner_anon_mkd { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/config.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/config.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/config.scoreboard"); my $log_file = test_get_logfile(); my $auth_user_file = File::Spec->rel2abs("$tmpdir/config.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/config.group"); my ($config_user, $config_group) = config_get_identity(); my $anon_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $anon_dir)) { die("Can't set perms on $anon_dir to 0755: $!"); } unless (chown($uid, $gid, $anon_dir)) { die("Can't set owner of $anon_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $config_user, 'foo', $uid, $gid, '/tmp', '/bin/bash'); auth_group_write($auth_group_file, $config_group, $gid, $config_user); my $test_dir = File::Spec->rel2abs("$anon_dir/test.d"); my $owner_uid = 0; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'fsio:10 fileperms:10', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AuthOrder => 'mod_auth_file.c', IfModules => { 'mod_cap.c' => { CapabilitiesEngine => 'off', }, 'mod_delay.c' => { DelayEngine => 'off', }, }, Anonymous => { $anon_dir => { User => $config_user, Group => $config_group, UserAlias => "anonymous $config_user", RequireValidShell => 'off', # Test the UserOwner directive in the setting UserOwner => 'root', }, }, }; my ($port, $user, $group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); $client->login('anonymous', 'ftp@nospam.org'); my ($resp_code, $resp_msg) = $client->mkd('test.d'); my $expected; $expected = 257; $self->assert($expected == $resp_code, test_msg("Expected response code $expected, got $resp_code")); $expected = "\"/test.d\" - Directory successfully created"; $self->assert($expected eq $resp_msg, test_msg("Expected response message '$expected', got '$resp_msg'")); $self->assert(-d $test_dir, test_msg("$test_dir directory does not exist as expected")); $client->quit(); my $owning_uid = (stat($test_dir))[4]; $self->assert($owner_uid == $owning_uid, test_msg("Expected owner UID $owner_uid, got $owning_uid")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { test_append_logfile($log_file, $ex); unlink($log_file); die($ex); } unlink($log_file); } 1;