From f128ffd88b0a739e42a0e8cead04d7f60fc478e6 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 2 Feb 2016 11:28:07 +0100 Subject: [PATCH] tests: Fix running ssh-agent ssh-agent needs to be executed as the local user and not a fake user or we will not be able to add identies. Signed-off-by: Andreas Schneider --- tests/CMakeLists.txt | 11 ++++++++++- tests/client/torture_auth.c | 21 +++++++++++++++++++-- tests/etc/passwd.in | 5 +++-- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 222c3901..c1da7efb 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -60,7 +60,7 @@ if (WITH_CLIENT_TESTING) message(SEND_ERROR "Could not find sshd which is required for client testing") endif() - find_program(SSH_EXECUTABLE NAME ssh) + find_program(SSH_EXECUTABLE NAMES ssh) if (SSH_EXECUTABLE) execute_process(COMMAND ${SSH_EXECUTABLE} -V ERROR_VARIABLE OPENSSH_VERSION_STR) string(REGEX REPLACE "^OpenSSH_([0-9]).[0-9].*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}") @@ -68,6 +68,15 @@ if (WITH_CLIENT_TESTING) add_definitions(-DOPENSSH_VERSION_MAJOR=${OPENSSH_VERSION_MAJOR} -DOPENSSH_VERSION_MINOR=${OPENSSH_VERSION_MINOR}) endif() + set(LOCAL_USER "nobody") + set(LOCAL_UID "65533") + find_program(ID_EXECUTABLE NAMES id) + find_program(WHO_EXECUTABLE NAMES whoami) + if (ID_EXECUTABLE AND WHO_EXECUTABLE) + execute_process(COMMAND ${WHO_EXECUTABLE} OUTPUT_VARIABLE LOCAL_USER OUTPUT_STRIP_TRAILING_WHITESPACE) + execute_process(COMMAND ${ID_EXECUTABLE} -u OUTPUT_VARIABLE LOCAL_UID OUTPUT_STRIP_TRAILING_WHITESPACE) + endif() + # homedir will be used in passwd set(HOMEDIR ${CMAKE_CURRENT_BINARY_DIR}/home) diff --git a/tests/client/torture_auth.c b/tests/client/torture_auth.c index 84507d74..77a3c555 100644 --- a/tests/client/torture_auth.c +++ b/tests/client/torture_auth.c @@ -25,6 +25,8 @@ #include "libssh/libssh.h" #include "libssh/priv.h" #include "libssh/session.h" + +#include #include #include @@ -80,7 +82,9 @@ static int pubkey_setup(void **state) pwd = getpwnam("bob"); assert_non_null(pwd); - setuid(pwd->pw_uid); + + rc = setuid(pwd->pw_uid); + assert_return_code(rc, errno); /* Make sure we do not interfere with another ssh-agent */ unsetenv("SSH_AUTH_SOCK"); @@ -95,6 +99,8 @@ static int agent_setup(void **state) char ssh_agent_cmd[4096]; char ssh_agent_sock[1024]; char ssh_agent_pidfile[1024]; + char bob_ssh_key[1024]; + struct passwd *pwd; int rc; rc = pubkey_setup(state); @@ -102,6 +108,9 @@ static int agent_setup(void **state) return rc; } + pwd = getpwnam("bob"); + assert_non_null(pwd); + snprintf(ssh_agent_sock, sizeof(ssh_agent_cmd), "%s/agent.sock", @@ -118,13 +127,21 @@ static int agent_setup(void **state) "eval `ssh-agent -a %s`; echo $SSH_AGENT_PID > %s", ssh_agent_sock, ssh_agent_pidfile); + /* run ssh-agent and ssh-add as the normal user */ + unsetenv("UID_WRAPPER_ROOT"); + rc = system(ssh_agent_cmd); assert_return_code(rc, errno); setenv("SSH_AUTH_SOCK", ssh_agent_sock, 1); setenv("TORTURE_SSH_AGENT_PIDFILE", ssh_agent_pidfile, 1); - rc = system("ssh-add"); + snprintf(bob_ssh_key, + sizeof(bob_ssh_key), + "ssh-add %s/.ssh/id_rsa", + pwd->pw_dir); + + rc = system(bob_ssh_key); assert_return_code(rc, errno); return 0; diff --git a/tests/etc/passwd.in b/tests/etc/passwd.in index 8bcfd3e0..a3ddc979 100644 --- a/tests/etc/passwd.in +++ b/tests/etc/passwd.in @@ -1,5 +1,6 @@ -bob:x:5000:9000:bob gecos:@HOMEDIR@/bob:/bin/false -alice:x:5001:9000:alice gecos:@HOMEDIR@/alice:/bin/bash +bob:x:5000:9000:bob gecos:@HOMEDIR@/bob:/bin/sh +alice:x:5001:9000:alice gecos:@HOMEDIR@/alice:/bin/sh sshd:x:65530:65531:sshd:@HOMEDIR@:/sbin/nologin nobody:x:65533:65534:nobody gecos:@HOMEDIR@:/bin/false root:x:65534:65532:root gecos:@HOMEDIR@:/bin/false +@LOCAL_USER@:x:@LOCAL_UID@:9000:local user:@HOMEDIR@:/bin/false