From b00360537eae440f03ee47e9779ceeecd491dba7 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Thu, 17 Oct 2019 12:11:43 +0200 Subject: [PATCH] Verifying that named switches UID This test runs only under root, which is required for the user-switch `-u` option to work. Closes #537. --- bin/tests/system/conf.sh.common | 1 + bin/tests/system/conf.sh.in | 3 ++ bin/tests/system/runtime/clean.sh | 1 + .../system/runtime/ns2/named-alt9.conf.in | 18 ++++++++++++ bin/tests/system/runtime/tests.sh | 28 +++++++++++++++++++ 5 files changed, 51 insertions(+) create mode 100644 bin/tests/system/runtime/ns2/named-alt9.conf.in diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common index f2bafa76ce..c12b8317e6 100644 --- a/bin/tests/system/conf.sh.common +++ b/bin/tests/system/conf.sh.common @@ -562,5 +562,6 @@ export RRCHECKER export SAMPLEUPDATE export SIGNER export SUBDIRS +export TMPDIR export TSIGKEYGEN export WIRETEST diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 4cdad2a470..0d83fdfb9c 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -17,6 +17,9 @@ # Find the top of the BIND9 tree. TOP=@abs_top_builddir@ +# Provide TMPDIR variable for tests that need it. +TMPDIR=${TMPDIR:-/tmp} + # This is not the windows build. CYGWIN="" diff --git a/bin/tests/system/runtime/clean.sh b/bin/tests/system/runtime/clean.sh index 705e88e005..961857a4c0 100644 --- a/bin/tests/system/runtime/clean.sh +++ b/bin/tests/system/runtime/clean.sh @@ -17,6 +17,7 @@ rm -f *.pid rm -f rndc.out* [ -d ns2/nope ] && chmod 755 ns2/nope rm -rf ns2/nope +rm -rf ns2/tmp.* rm -f ns*/managed-keys.bind* rm -rf "ns2/`cat ctrl-char-dir-name`" rm -rf "ns2/$;" diff --git a/bin/tests/system/runtime/ns2/named-alt9.conf.in b/bin/tests/system/runtime/ns2/named-alt9.conf.in new file mode 100644 index 0000000000..7a5cb244e8 --- /dev/null +++ b/bin/tests/system/runtime/ns2/named-alt9.conf.in @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port @PORT@; + pid-file "named9.pid"; + listen-on { 127.0.0.1; }; + listen-on-v6 { none; }; + recursion no; +}; diff --git a/bin/tests/system/runtime/tests.sh b/bin/tests/system/runtime/tests.sh index 31fe17cad5..b56ea4cab7 100644 --- a/bin/tests/system/runtime/tests.sh +++ b/bin/tests/system/runtime/tests.sh @@ -1,3 +1,5 @@ +#!/bin/sh +# # Copyright (C) Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public @@ -159,5 +161,31 @@ cd .. if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo_i "verifying that named switches UID ($n)" +if [ "`id -u`" = 0 ] && [ ! "$CYGWIN" ]; then + ret=0 + TEMP_NAMED_DIR=`mktemp -d` + if [ -d "${TEMP_NAMED_DIR}" ]; then + copy_setports ns2/named-alt9.conf.in "${TEMP_NAMED_DIR}/named-alt9.conf" + chown -R nobody "${TEMP_NAMED_DIR}" + chmod 0700 "${TEMP_NAMED_DIR}" + ( cd "${TEMP_NAMED_DIR}" && $NAMED -u nobody -c named-alt9.conf -d 99 -g -U 4 >> named9.run 2>&1 & ) + sleep 2 + [ -s "${TEMP_NAMED_DIR}/named9.pid" ] || ret=1 + grep "loading configuration: permission denied" "${TEMP_NAMED_DIR}/named9.run" > /dev/null && ret=1 + pid=`cat "${TEMP_NAMED_DIR}/named9.pid" 2>/dev/null` + test "${pid:+set}" = set && $KILL -15 "${pid}" >/dev/null 2>&1 + mv "${TEMP_NAMED_DIR}" ns2/ + else + echo_i "mktemp failed" + ret=1 + fi + if [ $ret != 0 ]; then echo_i "failed"; fi + status=`expr $status + $ret` +else + echo_i "skipped, not running as root or running on Windows" +fi + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1