File: user-t.c

package info (click to toggle)
remctl 3.18-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 5,612 kB
  • sloc: ansic: 19,504; sh: 5,386; perl: 1,778; java: 740; makefile: 715; xml: 502; python: 430
file content (164 lines) | stat: -rw-r--r-- 4,779 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
 
/*
 * Test suite for running commands as a designated user.
 *
 * Written by Russ Allbery <eagle@eyrie.org>
 * Copyright 2018 Russ Allbery <eagle@eyrie.org>
 * Copyright 2012-2014
 *     The Board of Trustees of the Leland Stanford Junior University
 *
 * SPDX-License-Identifier: MIT
 */

#include <config.h>
#include <portable/system.h>

#include <pwd.h>

#include <client/remctl.h>
#include <tests/tap/basic.h>
#include <tests/tap/kerberos.h>
#include <tests/tap/remctl.h>
#include <tests/tap/string.h>


/*
 * Run the remote user command with the given variable and parse the UID and
 * GID values from the server.  Return true on success and false if there was
 * an error.
 */
static bool
test_user(struct remctl *r, const char *subcommand, uid_t *uid, gid_t *gid)
{
    struct remctl_output *output;
    char *old, *end;
    char *data = NULL;
    long value;
    const char *command[] = {"test", NULL, NULL};

    /* Run the command and gather its output. */
    command[1] = subcommand;
    if (!remctl_command(r, command)) {
        diag("remctl error %s", remctl_error(r));
        return false;
    }
    do {
        output = remctl_output(r);
        switch (output->type) {
        case REMCTL_OUT_OUTPUT:
            if (data == NULL)
                data = bstrndup(output->data, output->length);
            else {
                old = data;
                basprintf(&data, "%s%.*s", data, (int) output->length,
                          output->data);
                free(old);
            }
            break;
        case REMCTL_OUT_STATUS:
            if (output->status != 0) {
                free(data);
                diag("test env returned status %d", output->status);
                return false;
            }
            break;
        case REMCTL_OUT_ERROR:
            free(data);
            diag("test env returned error: %.*s", (int) output->length,
                 output->data);
            return false;
        case REMCTL_OUT_DONE:
            free(data);
            diag("unexpected done token");
            return false;
        }
    } while (output->type == REMCTL_OUT_OUTPUT);

    /* If there is no output, fail. */
    if (data == NULL) {
        diag("test env returned no output");
        return false;
    }

    /* We have the output.  Now parse it into UID and GID. */
    data[strlen(data) - 1] = '\0';
    value = strtol(data, &end, 10);
    if (value < 0 || end == data) {
        diag("invalid output: %s", data);
        free(data);
        return false;
    }
    *uid = (uid_t) value;
    value = strtol(end, NULL, 10);
    if (value < 0) {
        diag("invalid output: %s", data);
        free(data);
        return false;
    }
    *gid = (gid_t) value;
    free(data);
    return true;
}


int
main(void)
{
    struct kerberos_config *config;
    uid_t uid = (uid_t) -1;
    gid_t gid = (gid_t) -1;
    struct passwd *pw;
    struct remctl *r;
    char *tmpdir, *confpath, *cmd;
    FILE *conf;

    /* Unless we have Kerberos available, we can't really do anything. */
    config = kerberos_setup(TAP_KRB_NEEDS_KEYTAB);

    /* Determine the UID and GID of the current user. */
    pw = getpwuid(getuid());
    if (pw == NULL)
        skip_all("cannot retrieve UID and GID");
    if (pw->pw_uid == 0)
        skip_all("must run as non-root user");

    /* Write out our temporary configuration file. */
    tmpdir = test_tmpdir();
    basprintf(&confpath, "%s/conf-user", tmpdir);
    cmd = test_file_path("data/cmd-user");
    if (cmd == NULL)
        bail("cannot find tests/data/cmd-user");
    conf = fopen(confpath, "w");
    if (conf == NULL)
        sysbail("cannot create %s", confpath);
    fprintf(conf, "test root %s ANYUSER\n", cmd);
    fprintf(conf, "test user %s user=%s ANYUSER\n", cmd, pw->pw_name);
    fclose(conf);

    /*
     * Now we can start remctl with our temporary configuration file.  We have
     * to start remctld under fakeroot so that it can change users.  This may
     * call skip_all if fakeroot wasn't found during configure.
     */
    remctld_start_fakeroot(config, "tmp/conf-user", NULL);

    plan(6);

    /* Finally, we can actually do some testing. */
    r = remctl_new();
    if (!remctl_open(r, "localhost", 14373, config->principal))
        bail("cannot contact remctld");
    ok(test_user(r, "root", &uid, &gid), "test root command");
    is_int(0, uid, "remctld thinks it's running UID 0");
    is_int(0, gid, "...and GID 0");
    ok(test_user(r, "user", &uid, &gid), "test user command");
    is_int(pw->pw_uid, uid, "Changing UID works");
    is_int(pw->pw_gid, gid, "Changing GID works");

    /* Clean up. */
    remctl_close(r);
    unlink(confpath);
    free(confpath);
    test_file_path_free(cmd);
    test_tmpdir_free(tmpdir);
    return 0;
}