diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-20 22:05:18 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-21 00:19:51 +0100 |
| commit | 74c0a11722cf1e01b9a9834e89a07b55eaf01080 (patch) | |
| tree | 8f12146e2a5b402fc6b846259c1be02ed2f10edc /tests | |
| parent | cf3d42c066d2f54d4a57aa38907a7c6c7d06aeb6 (diff) | |
lacme-accountd: new setting 'logfile' to log signature requests.
Prefixed with a timestamp.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/accountd | 27 | ||||
| -rw-r--r-- | tests/accountd-remote | 11 | ||||
| -rw-r--r-- | tests/spec-expansion | 12 |
3 files changed, 34 insertions, 16 deletions
diff --git a/tests/accountd b/tests/accountd index 4626c78..2798465 100644 --- a/tests/accountd +++ b/tests/accountd @@ -7,11 +7,11 @@ adduser --disabled-password \ # non-existent parent directory ! lacme --socket="/nonexistent/S.lacme" account 2>"$STDERR" || fail -grepstderr -Fxq "stat(/nonexistent): No such file or directory" +grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory" # word-writable parent directory ! lacme --socket="/tmp/S.lacme" account 2>"$STDERR" || fail -grepstderr -Fxq "Error: insecure permissions on /tmp" +grepstderr -Fxq "Error: Insecure permissions on /tmp" # missing socket SOCKET=~lacme-account/S.lacme @@ -25,21 +25,23 @@ grepstderr -Fxq "Can't stat $SOCKET: No such file or directory (Is lacme-account grepstderr -Fxq "Ignoring missing configuration file at default location /home/lacme-account/.config/lacme/lacme-accountd.conf" grepstderr -Fxq "Error: 'privkey' is not specified" -install -olacme-account -glacme-account -Ddm0700 ~lacme-account/.config/lacme +install -olacme-account -glacme-account -Ddm0700 -- \ + ~lacme-account/.config/lacme ~lacme-account/.local/share/lacme mv -t ~lacme-account/.config/lacme /etc/lacme/account.key chown lacme-account: ~lacme-account/.config/lacme/account.key cat >~lacme-account/.config/lacme/lacme-accountd.conf <<-EOF privkey = file:%E/lacme/account.key + logfile = %h/.local/share/lacme/accountd.log EOF # non-existent parent directory ! runuser -u lacme-account -- lacme-accountd --socket="/nonexistent/S.lacme" 2>"$STDERR" || fail -grepstderr -Fxq "stat(/nonexistent): No such file or directory" +grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory" # word-writable parent directory ! runuser -u lacme-account -- lacme-accountd --socket="%T/S.lacme" account 2>"$STDERR" || fail -grepstderr -Fxq "Error: insecure permissions on /tmp" +grepstderr -Fxq "Error: Insecure permissions on /tmp" # unset XDG_RUNTIME_DIR ! runuser -u lacme-account -- lacme-accountd 2>"$STDERR" || fail @@ -47,7 +49,7 @@ grepstderr "Error: undefined expansion %t in \"%t/S.lacme\"" # non-existent $XDG_RUNTIME_DIR ! runuser -u lacme-account -- env XDG_RUNTIME_DIR="/nonexistent" lacme-accountd 2>"$STDERR" || fail -grepstderr -Fxq "stat(/nonexistent): No such file or directory" +grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory" # test running accountd runuser -u lacme-account -- env XDG_RUNTIME_DIR=/home/lacme-account lacme-accountd --debug 2>"$STDERR" & PID=$! @@ -57,7 +59,11 @@ wait || fail grepstderr -Fxq "Using configuration file: /home/lacme-account/.config/lacme/lacme-accountd.conf" grepstderr -Fxq "Starting lacme Account Key Manager at /home/lacme-account/S.lacme" -# spawn accountd +# make sure errors are logged too +grep -F "Error: " ~lacme-account/.local/share/lacme/accountd.log + +# rotate the log and start accountd +rm -f ~lacme-account/.local/share/lacme/accountd.log runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$! # run lacme(8) multiple times using that single lacme-accountd(1) instance @@ -70,4 +76,11 @@ kill $PID wait ! test -e "$SOCKET" +# ensure signature requests are logged +grep -Fq "Starting lacme Account Key Manager at /home/lacme-account/S.lacme" ~lacme-account/.local/share/lacme/accountd.log +grep -Fq "[0] >>> Accepted new connection" ~lacme-account/.local/share/lacme/accountd.log +grep -Fq "[1] >>> Accepted new connection" ~lacme-account/.local/share/lacme/accountd.log +grep -Fq "Shutting down and closing lacme Account Key Manager" ~lacme-account/.local/share/lacme/accountd.log +grep -F ">>> Incoming signature request for " ~lacme-account/.local/share/lacme/accountd.log + # vim: set filetype=sh : diff --git a/tests/accountd-remote b/tests/accountd-remote index bd5d99f..05850c2 100644 --- a/tests/accountd-remote +++ b/tests/accountd-remote @@ -31,20 +31,25 @@ lacme newOrder --debug 2>"$STDERR" || fail # intentionally use --debug, ssh shou test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key # and now with an authorized_keys(5) restriction -sed -ri "s|^[^#]|restrict,from=\"127.0.0.1\",command=\"/usr/bin/lacme-accountd --stdio\" &|" ~lacme-account/.ssh/authorized_keys +sed -ri "s|^[^#]|restrict,from=\"127.0.0.1\",command=\"/usr/bin/lacme-accountd --quiet --stdio\" &|" ~lacme-account/.ssh/authorized_keys rm -vf /etc/lacme/simpletest.rsa.crt ! lacme newOrder 2>"$STDERR" || fail # --config= (and --debug) should be ignored grepstderr -Fxq "Error: 'privkey' is not specified" grepstderr -Fxq "[simpletest-rsa] Error: Couldn't issue X.509 certificate!" -install -olacme-account -glacme-account -Ddm0700 ~lacme-account/.config/lacme +install -olacme-account -glacme-account -Ddm0700 -- \ + ~lacme-account/.config/lacme ~lacme-account/.local/share/lacme mv -t ~lacme-account/.config/lacme /etc/lacme/account.key cat >~lacme-account/.config/lacme/lacme-accountd.conf <<-EOF privkey = file:%E/lacme/account.key + logfile = %h/.local/share/lacme/accountd.log EOF -lacme newOrder || fail +lacme newOrder test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key +# ensure signature requests are logged +grep -F ">>> Incoming signature request for " ~lacme-account/.local/share/lacme/accountd.log + # vim: set filetype=sh : diff --git a/tests/spec-expansion b/tests/spec-expansion index 722bdfc..273fa51 100644 --- a/tests/spec-expansion +++ b/tests/spec-expansion @@ -48,11 +48,11 @@ grepstderr -Fxq "Reading /etc/lacme/certs.conf.d" # 'config' setting in [accountd] section (expands after privilege drop) sed -ri 's|^#?config\s*=\s*$|config = /nonexistent/%u:%g.conf|' /etc/lacme/lacme.conf ! lacme account 2>"$STDERR" || fail -grepstderr -Fxq "Failed to open file '/nonexistent/root:root.conf' for reading: No such file or directory" +grepstderr -Fxq "Error: Failed to open file '/nonexistent/root:root.conf' for reading: No such file or directory" sed -ri 's|^#?user\s*=\s*$|user = nobody|' /etc/lacme/lacme.conf ! lacme account 2>"$STDERR" || fail -grepstderr -Fxq "Failed to open file '/nonexistent/nobody:root.conf' for reading: No such file or directory" +grepstderr -Fxq "Error: Failed to open file '/nonexistent/nobody:root.conf' for reading: No such file or directory" # 'command' setting in [accountd] section (expands after privilege drop) sed -ri 's|^#?command\s*=.*/lacme-accountd$|command = /usr/bin/lacme-accountd --%u|' /etc/lacme/lacme.conf @@ -68,12 +68,12 @@ grepstderr -Eq "^Can't exec \"/nonexistent/nobody/root\": No such file or direct # lacme-accountd --config=, all specifiers, root privileges ! lacme-accountd --config="%C %E %t %h %T %g %G %u %U %%.conf" 2>"$STDERR" || fail -grepstderr -Fxq "Failed to open file '/var/cache /etc /run /root /tmp root 0 root 0 %.conf' for reading: No such file or directory" +grepstderr -Fxq "Error: Failed to open file '/var/cache /etc /run /root /tmp root 0 root 0 %.conf' for reading: No such file or directory" # lacme-accountd --config=, all specifiers, root privileges, defined XDG_* ! env XDG_CACHE_HOME=/foo/cache XDG_CONFIG_HOME=/foo/config XDG_RUNTIME_DIR=/foo/run HOME=/foo/home USER=myuser TMPDIR=/foo/tmp \ lacme-accountd --config="%C %E %t %h %T %g %G %u %U %%.conf" 2>"$STDERR" || fail -grepstderr -Fxq "Failed to open file '/var/cache /etc /run /root /foo/tmp root 0 root 0 %.conf' for reading: No such file or directory" +grepstderr -Fxq "Error: Failed to open file '/var/cache /etc /run /root /foo/tmp root 0 root 0 %.conf' for reading: No such file or directory" # lacme-accountd --config=, all specifiers, non-root, unset XDG_RUNTIME_DIR ! runuser -u nobody -- lacme-accountd --config="%C %E %t %h %T %g %G %u %U %%.conf" account 2>"$STDERR" || fail @@ -82,12 +82,12 @@ grepstderr -Fxq "Error: undefined expansion %t in \"%C %E %t %h %T %g %G %u %U % # lacme-accountd --config=, all specifiers, non-root, defined XDG_RUNTIME_DIR, no other XDG_* ! runuser -u nobody -g www-data -- env XDG_RUNTIME_DIR=/foo/run \ lacme-accountd --config="%C %E %t %h %T %g %G %u %U %%.conf" 2>"$STDERR" || fail -grepstderr -Fxq "Failed to open file '/nonexistent/.cache /nonexistent/.config /foo/run /nonexistent /tmp www-data 33 nobody 65534 %.conf' for reading: No such file or directory" +grepstderr -Fxq "Error: Failed to open file '/nonexistent/.cache /nonexistent/.config /foo/run /nonexistent /tmp www-data 33 nobody 65534 %.conf' for reading: No such file or directory" # lacme-accountd --config=, all specifiers, non-root, defined XDG_* ! runuser -u nobody -- env XDG_CACHE_HOME=/foo/cache XDG_CONFIG_HOME=/foo/config XDG_RUNTIME_DIR=/foo/run HOME=/foo/home USER=myuser TMPDIR=/foo/tmp \ lacme-accountd --config="%C %E %t %h %T %g %G %u %U %%.conf" 2>"$STDERR" || fail -grepstderr -Fxq "Failed to open file '/foo/cache /foo/config /foo/run /nonexistent /foo/tmp nogroup 65534 nobody 65534 %.conf' for reading: No such file or directory" +grepstderr -Fxq "Error: Failed to open file '/foo/cache /foo/config /foo/run /nonexistent /foo/tmp nogroup 65534 nobody 65534 %.conf' for reading: No such file or directory" # lacme-accountd --privkey= ! lacme-accountd --privkey="file:%h/lacme-accountd.key" --debug 2>"$STDERR" || fail |