stas 2003/12/13 18:09:04
Modified: perl-framework/Apache-Test/lib/Apache TestRun.pm perl-framework/Apache-Test Changes Log: Another attempt at providing a test function that verifies whether Apache when switching from 'root' to 'nobody' or another user will be able to access and create files under the t/ directory. This time using perl's vars $(, $< since POSIX equivalents seem to be broken on some systems. Also using a better test that actually tries to write/read/execute in the path under test. Revision Changes Path 1.124 +47 -11 httpd-test/perl-framework/Apache-Test/lib/Apache/TestRun.pm Index: TestRun.pm =================================================================== RCS file: /home/cvs/httpd-test/perl-framework/Apache-Test/lib/Apache/TestRun.pm,v retrieving revision 1.123 retrieving revision 1.124 diff -u -u -r1.123 -r1.124 --- TestRun.pm 24 Nov 2003 08:28:34 -0000 1.123 +++ TestRun.pm 14 Dec 2003 02:09:04 -0000 1.124 @@ -13,7 +13,7 @@ use File::Find qw(finddepth); use File::Spec::Functions qw(catfile); -use File::Basename qw(basename); +use File::Basename qw(basename dirname); use Getopt::Long qw(GetOptions); use Config; @@ -809,6 +809,44 @@ } } +# this sub is executed from an external process only, since it +# "sudo"'s into a uid/gid of choice +sub run_root_fs_test { + my($uid, $gid, $dir) = @_; + + # first must change gid and egid + $( = $) = $gid+0; + die "failed to change gid to $gid" unless $( == $gid; + + # only now can change uid and euid + $< = $> = $uid+0; + die "failed to change uid to $uid" unless $< == $uid; + + my $file = catfile $dir, ".apache-test-file-$$-".time.int(rand); + eval "END { unlink q[$file] }"; + + # unfortunately we can't run the what seems to be an obvious test: + # -r $dir && -w _ && -x _ + # since not all perl implementations do it right (e.g. sometimes + # acls are ignored, at other times setid/gid change is ignored) + # therefore we test by trying to attempt to read/write/execute + + # -w + open TEST, ">$file" or die "failed to open $file: $!"; + + # -x + -f $file or die "$file cannot be looked up"; + close TEST; + + # -r + opendir DIR, $dir or die "failed to open dir $dir: $!"; + defined readdir DIR or die "failed to read dir $dir: $!"; + close DIR; + + # all tests passed + print "OK"; +} + sub check_perms { my ($self, $user, $uid, $gid) = @_; @@ -817,16 +855,14 @@ my $dir = $vars->{t_dir}; my $perl = $vars->{perl}; - my $check = <<"EOC"; -$perl -e ' - require POSIX; - POSIX::setuid($uid); - POSIX::setgid($gid); - print -r q{$dir} && -w _ && -x _ ? q{OK} : q{NOK}; -' -EOC - $check =~ s/\n/ /g; - warning "$check\n"; + # find where Apache::TestRun was loaded from, so we load this + # exact package from the external process + my $inc = dirname dirname $INC{"Apache/TestRun.pm"}; + my $sub = "Apache::TestRun::run_root_fs_test"; + my $check = <<"EOI"; +$perl -Mlib=$inc -MApache::TestRun -e 'eval { $sub($uid, $gid, q[$dir]) }'; +EOI + warning "testing whether '$user' is able to -rwx $dir\n$check\n"; my $res = qx[$check] || ''; warning "result: $res"; 1.72 +7 -0 httpd-test/perl-framework/Apache-Test/Changes Index: Changes =================================================================== RCS file: /home/cvs/httpd-test/perl-framework/Apache-Test/Changes,v retrieving revision 1.71 retrieving revision 1.72 diff -u -u -r1.71 -r1.72 --- Changes 10 Dec 2003 02:26:30 -0000 1.71 +++ Changes 14 Dec 2003 02:09:04 -0000 1.72 @@ -8,6 +8,13 @@ =item 1.07-dev +Another attempt at providing a test function that verifies whether +Apache when switching from 'root' to 'nobody' or another user will be +able to access and create files under the t/ directory. This time +using perl's vars $(, $< since POSIX equivalents seem to be broken on +some systems. Also using a better test that actually tries to +write/read/execute in the path under test. [Stas] + Cleanly exit (and complain) if the default hostname resolution has failed (usually due to a missing localhost entry in /etc/hosts) [Stas]