* Implemented backend daemon drop privileges after initialization to

run as non-privileged user
2019-09-14 18:34:32 +02:00 · 2019-09-14 18:34:32 +02:00 · 27fd99e7cd
commit 27fd99e7cd
parent cacba627b5
61 changed files with 673 additions and 207 deletions
--- a/test/test_privileges.sh
+++ b/test/test_privileges.sh
@ -0,0 +1,121 @@
+#!/bin/bash
+# Start clixon backend as root and unprivileged user (clicon)
+# Drop privileges from root to clicon
+# Test could do more:
+# - test file ownership
+# - drop_temp check if you can restore
+
+# Magic line must be first in script (see README.md)
+s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
+
+APPNAME=example
+
+cfg=$dir/conf_startup.xml
+
+if [ $valgrindtest -ne 0 ]; then
+    return -1 # skip
+fi
+
+# Here $dir is created by the user that runs the script
+
+cat <<EOF > $cfg
+<clixon-config xmlns="http://clicon.org/config">
+  <CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
+  <CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
+  <CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>
+  <CLICON_SOCK>$dir/$APPNAME.sock</CLICON_SOCK>
+  <CLICON_BACKEND_PIDFILE>/var/tmp/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
+  <CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR>
+</clixon-config>
+EOF
+
+
+# Create a pre-set running, startup and (extra) config.
+# The configs are identified by an interface called run, startup, extra.
+# Depending on startup mode (init, none, running, or startup)
+# expect different output of an initial get-config of running
+testrun(){
+    startuser=$1
+    beuser=$2
+    expectuser=$3
+    priv_mode=$4
+    expecterr=$5
+
+    # change owner (recursively) of all files in the test dir
+    sudo chown -R $startuser $dir
+
+    # change group (recursively) of all files in the test dir
+    sudo chgrp -R $startuser $dir
+
+    # kill old backend (if any)
+    new "kill old backend"
+    sudo clixon_backend -zf $cfg
+    if [ $? -ne 0 ]; then
+	err 
+    fi
+    # Kill all backends regardless of user or pid files (we mess with them in this test)
+    sudo pkill clixon_backend
+    
+    # start backend as user
+
+    new "start backend -f $cfg -s init -D $DBG -o CLICON_BACKEND_PRIVILEGES=$priv_mode -o CLICON_BACKEND_USER=$beuser"
+    sudo -u $startuser $clixon_backend -f $cfg -s init -D $DBG -o CLICON_BACKEND_PRIVILEGES=$priv_mode -o CLICON_BACKEND_USER=$beuser
+    if [ $? -ne 0 ]; then
+	err 
+    fi
+
+    pid=$(pgrep -f clixon_backend)    
+    if [ $? -ne 0 ]; then
+	if [ $expecterr -eq 1 ]; then
+	    return 0
+	fi
+	err
+    fi
+    new "waiting"
+    wait_backend
+
+    if [ $expecterr -eq 1 ]; then
+	err "Expected error"
+    fi
+    
+    # Get uid now, and compare with expected user
+    u=$(ps -p $pid -uh | awk '{print $1}')
+    if [ $u != $expectuser ]; then
+	err "$expectuser but user is $u"
+    fi
+
+    new "Kill backend"
+    # Check if premature kill
+    pid=$(pgrep -f clixon_backend)
+    if [ -z "$pid" ]; then
+	err "backend already dead"
+    fi
+    # kill backend
+    stop_backend -f $cfg
+} # testrun
+
+new "Start as non-privileged user, expect same"
+testrun $BUSER $BUSER $BUSER none 0
+
+new "Start as privileged user , expect same"
+testrun root root root none 0
+
+new "Start as privileged user, drop privileges permanent"
+testrun root $BUSER $BUSER drop_perm 0
+
+new "Start as privileged user, drop privileges temporary"
+testrun root $BUSER $BUSER drop_temp 0
+
+new "Start as root, drop to root (strange usecase)"
+testrun root root root drop_perm 0
+
+new "Start as root, drop to root (strange usecase)"
+testrun root root root drop_perm 0
+
+new "Start as root, set user but dont drop (expect still root)"
+testrun root $BUSER root none 0
+
+new "Start as non-privileged, try to drop"
+testrun $(whoami) $BUSER $BUSER drop_perm 1
+
+sudo rm -rf $dir