From 83bcf394a15c4c2797353c040f1814c6b03b5db3 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 24 Feb 2021 13:00:32 +0100
Subject: tests/drop-privileges: Ensure failure to drop privileges yields an
 error.

And doesn't retain root privileges.
---
 tests/drop-privileges | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'tests/drop-privileges')

diff --git a/tests/drop-privileges b/tests/drop-privileges
index 0596e31..fd432d9 100644
--- a/tests/drop-privileges
+++ b/tests/drop-privileges
@@ -1,6 +1,17 @@
 # Check privilige drop: UID/GID changes, chdir, environment, and file
 # descriptors
 
+# ensure failure to drop privileges doesn't retain root privileges
+sed -ri 's/^#(user|group)\s*=\s*$/\1 = nonexistent-\1/' /etc/lacme/lacme.conf
+! lacme account 2>"$STDERR" || fail
+grepstderr -Fxq "getgrnam(nonexistent-group)"
+grepstderr -Fxq "Error: Invalid client version"
+
+sed -ri 's/^group\s*=\s*nonexistent.*/#&/' /etc/lacme/lacme.conf
+! lacme account 2>"$STDERR" || fail
+grepstderr -Fxq "getpwnam(nonexistent-user)"
+grepstderr -Fxq "Error: Invalid client version"
+
 # create wrapper to inspect processes
 STATUSDIR="/dev/shm/lacme-wrap"
 install -oroot -groot -m0755 /dev/stdin /run/lacme-wrap <<-EOF
@@ -24,8 +35,7 @@ adduser --system --group \
        --home /nonexistent --no-create-home \
        --gecos "lacme account user" \
        --quiet lacme-account
-sed -ri 's|^#user\s*=\s*$|user = lacme-account|' /etc/lacme/lacme.conf
-sed -ri 's|^#group\s*=\s*$|group = lacme-account|' /etc/lacme/lacme.conf
+sed -ri 's/^#?(user|group)\s*=\s*nonexistent.*/\1 = lacme-account/' /etc/lacme/lacme.conf
 chown lacme-account: /etc/lacme/account.key
 
 install -oroot -groot -dm0755 -- "$STATUSDIR"
-- 
cgit v1.2.3


From 9a8f705eddd18ccc9a24fe0e7efe6b5a87b2be09 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 25 Feb 2021 01:41:59 +0100
Subject: lacme: pass a temporary JSON file with the client configuration to
 the internal client.

So it doesn't have to parse the INI file again.  Also, while lacme.conf
is world-readable by default, one might restrict permissions and add
private information in there, not realizing that everything, including
comments, will be readable by the client.
---
 tests/drop-privileges | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'tests/drop-privileges')

diff --git a/tests/drop-privileges b/tests/drop-privileges
index fd432d9..8deb8f1 100644
--- a/tests/drop-privileges
+++ b/tests/drop-privileges
@@ -123,8 +123,8 @@ check_client() {
     grep -Exq "[0-9]+ 0700 $UID:$GID socket:\[[0-9]+\]" "$prefix/fd" || return 1
     sed -ri '0,\#^[0-9]+ .* socket:\[[0-9]+\]$# {//d}' "$prefix/fd"
 
-    grep -Exq "[0-9]+ 0500 $UID:$GID /etc/lacme/lacme\.conf" "$prefix/fd" || return 1
-    sed -ri '0,\#^[0-9]+ .* /etc/lacme/lacme\.conf$# {//d}' "$prefix/fd"
+    grep -Eq "^[0-9]+ 0500 $UID:$GID /tmp/lacme-client.conf\.json-" "$prefix/fd" || return 1
+    sed -ri '0,\#^[0-9]+ .* /tmp/lacme-client.conf\.json-# {//d}' "$prefix/fd"
     ! test -s "$prefix/fd" || return 1
 }
 check_webserver() {
-- 
cgit v1.2.3