aboutsummaryrefslogtreecommitdiffstats
path: root/tests/accountd
diff options
context:
space:
mode:
Diffstat (limited to 'tests/accountd')
-rw-r--r--tests/accountd87
1 files changed, 87 insertions, 0 deletions
diff --git a/tests/accountd b/tests/accountd
new file mode 100644
index 0000000..a603c16
--- /dev/null
+++ b/tests/accountd
@@ -0,0 +1,87 @@
+# Use a separate accountd server process
+
+adduser --disabled-password \
+ --home /home/lacme-account \
+ --gecos "lacme account user" \
+ --quiet lacme-account
+
+# non-existent parent directory
+! lacme --socket="/nonexistent/S.lacme" account 2>"$STDERR" || fail
+grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory"
+
+# word-writable parent directory
+! lacme --socket="/tmp/S.lacme" account 2>"$STDERR" || fail
+grepstderr -Fxq "Error: Insecure permissions on /tmp"
+
+# missing socket
+SOCKET=~lacme-account/S.lacme
+! lacme --socket="$SOCKET" account 2>"$STDERR" || fail
+grepstderr -Fxq "Can't stat $SOCKET: No such file or directory (Is lacme-accountd running?)"
+
+#######################################################################
+
+# missing configuration at default location
+! runuser -u lacme-account -- lacme-accountd --debug 2>"$STDERR" || fail
+grepstderr -Fxq "Ignoring missing configuration file at default location /home/lacme-account/.config/lacme/lacme-accountd.conf"
+grepstderr -Fxq "Error: 'privkey' is not specified"
+
+install -olacme-account -glacme-account -Ddm0700 -- \
+ ~lacme-account/.config/lacme ~lacme-account/.local/share/lacme
+mv -t ~lacme-account/.config/lacme /etc/lacme/account.key
+chown lacme-account: ~lacme-account/.config/lacme/account.key
+
+cat >~lacme-account/.config/lacme/lacme-accountd.conf <<-EOF
+ privkey = file:%E/lacme/account.key
+ logfile = %h/.local/share/lacme/accountd.log
+EOF
+
+# non-existent parent directory
+! runuser -u lacme-account -- lacme-accountd --socket="/nonexistent/S.lacme" 2>"$STDERR" || fail
+grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory"
+
+# word-writable parent directory
+! runuser -u lacme-account -- lacme-accountd --socket="%T/S.lacme" account 2>"$STDERR" || fail
+grepstderr -Fxq "Error: Insecure permissions on /tmp"
+
+# unset XDG_RUNTIME_DIR
+! runuser -u lacme-account -- lacme-accountd 2>"$STDERR" || fail
+grepstderr "Error: Undefined expansion %t in \"%t/S.lacme\""
+
+# non-existent $XDG_RUNTIME_DIR
+! runuser -u lacme-account -- env XDG_RUNTIME_DIR="/nonexistent" lacme-accountd 2>"$STDERR" || fail
+grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory"
+
+# test running accountd
+runuser -u lacme-account -- env XDG_RUNTIME_DIR=/home/lacme-account lacme-accountd --debug 2>"$STDERR" & PID=$!
+sleep 1
+kill $PID || fail
+wait || fail
+grepstderr -Fxq "Using configuration file: /home/lacme-account/.config/lacme/lacme-accountd.conf"
+grepstderr -Fxq "Starting lacme Account Key Manager at /home/lacme-account/S.lacme"
+
+# make sure errors are logged too
+grep -F "Error: " ~lacme-account/.local/share/lacme/accountd.log
+
+# rotate the log and start accountd
+rm -f ~lacme-account/.local/share/lacme/accountd.log
+runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$!
+
+# run lacme(8) multiple times using that single lacme-accountd(1) instance
+lacme --socket="$SOCKET" --debug account 2>"$STDERR" || fail
+grepstderr -F "Received extra greeting data from accountd:"
+lacme --socket="$SOCKET" newOrder 2>"$STDERR" || fail
+test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
+
+# terminate accountd and check that it removes the socket
+kill $PID
+wait
+! test -e "$SOCKET"
+
+# ensure signature requests are logged
+grep -Fq "Starting lacme Account Key Manager at /home/lacme-account/S.lacme" ~lacme-account/.local/share/lacme/accountd.log
+grep -Fq "[0] >>> Accepted new connection" ~lacme-account/.local/share/lacme/accountd.log
+grep -Fq "[1] >>> Accepted new connection" ~lacme-account/.local/share/lacme/accountd.log
+grep -Fq "Shutting down and closing lacme Account Key Manager" ~lacme-account/.local/share/lacme/accountd.log
+grep -F ">>> OK signing request:" ~lacme-account/.local/share/lacme/accountd.log
+
+# vim: set filetype=sh :