END_TEST START_TEST (auth_gid2name_test) { int res; const char *name; authtable authtab; char *sym_name = "gid2name"; pr_auth_cache_set(FALSE, PR_AUTH_CACHE_FL_BAD_GID2NAME); name = pr_auth_gid2name(NULL, -1); fail_unless(name == NULL, "Found name unexpectedly: %s", name); fail_unless(errno == EINVAL, "Failed to set errno to EINVAL, got %d (%s)", errno, strerror(errno)); mark_point(); name = pr_auth_gid2name(p, PR_TEST_AUTH_GID); fail_unless(name != NULL, "Failed to find name for GID %lu: %s", (unsigned long) PR_TEST_AUTH_GID, strerror(errno)); fail_unless(strcmp(name, PR_TEST_AUTH_GID_STR) == 0, "Expected name '%s', got '%s'", PR_TEST_AUTH_GID_STR, name); fail_unless(gid2name_count == 0, "Expected call count 0, got %u", gid2name_count); mark_point(); /* Load the appropriate AUTH symbol, and call it. */ memset(&authtab, 0, sizeof(authtab)); authtab.name = sym_name; authtab.handler = handle_gid2name; authtab.m = &unit_tests_module; res = pr_stash_add_symbol(PR_SYM_AUTH, &authtab); fail_unless(res == 0, "Failed to add '%s' AUTH symbol: %s", sym_name, strerror(errno)); mark_point(); name = pr_auth_gid2name(p, PR_TEST_AUTH_GID); fail_unless(name != NULL, "Expected name, got null"); fail_unless(strcmp(name, PR_TEST_AUTH_NAME) == 0, "Expected name '%s', got '%s'", PR_TEST_AUTH_NAME, name); fail_unless(gid2name_count == 1, "Expected call count 1, got %u", gid2name_count); pr_stash_remove_symbol(PR_SYM_AUTH, sym_name, &unit_tests_module); }
END_TEST START_TEST (auth_cache_gid2name_test) { int res; const char *name; authtable authtab; char *sym_name = "gid2name"; /* Load the appropriate AUTH symbol, and call it. */ memset(&authtab, 0, sizeof(authtab)); authtab.name = sym_name; authtab.handler = handle_gid2name; authtab.m = &unit_tests_module; res = pr_stash_add_symbol(PR_SYM_AUTH, &authtab); fail_unless(res == 0, "Failed to add '%s' AUTH symbol: %s", sym_name, strerror(errno)); mark_point(); name = pr_auth_gid2name(p, PR_TEST_AUTH_GID); fail_unless(name != NULL, "Expected name, got null"); fail_unless(strcmp(name, PR_TEST_AUTH_NAME) == 0, "Expected name '%s', got '%s'", PR_TEST_AUTH_NAME, name); fail_unless(gid2name_count == 1, "Expected call count 1, got %u", gid2name_count); /* Call again; the call counter should NOT increment due to caching. */ name = pr_auth_gid2name(p, PR_TEST_AUTH_GID); fail_unless(name != NULL, "Expected name, got null"); fail_unless(strcmp(name, PR_TEST_AUTH_NAME) == 0, "Expected name '%s', got '%s'", PR_TEST_AUTH_NAME, name); fail_unless(gid2name_count == 1, "Expected call count 1, got %u", gid2name_count); pr_stash_remove_symbol(PR_SYM_AUTH, sym_name, &unit_tests_module); }
int proxy_session_setup_env(pool *p, const char *user, int flags) { struct passwd *pw; config_rec *c; int i, res = 0, xerrno = 0; const char *xferlog = NULL; session.hide_password = TRUE; /* Note: the given user name may not be known locally on the proxy; thus * having pr_auth_getpwnam() returning NULL here is not an unexpected * use case. */ pw = pr_auth_getpwnam(p, user); if (pw != NULL) { if (pw->pw_uid == PR_ROOT_UID) { int root_login = FALSE; pr_event_generate("mod_auth.root-login", NULL); c = find_config(main_server->conf, CONF_PARAM, "RootLogin", FALSE); if (c != NULL) { root_login = *((int *) c->argv[0]); } if (root_login == FALSE) { (void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION, "root login attempted, denied by RootLogin configuration"); pr_log_auth(PR_LOG_NOTICE, "SECURITY VIOLATION: Root login attempted."); return -1; } pr_log_auth(PR_LOG_WARNING, "ROOT proxy login successful"); } res = pr_auth_is_valid_shell(main_server->conf, pw->pw_shell); if (res == FALSE) { (void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION, "authentication for user '%s' failed: Invalid shell", user); pr_log_auth(PR_LOG_NOTICE, "USER %s (Login failed): Invalid shell: '%s'", user, pw->pw_shell); errno = EPERM; return -1; } res = pr_auth_banned_by_ftpusers(main_server->conf, pw->pw_name); if (res == TRUE) { (void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION, "authentication for user '%s' failed: User in " PR_FTPUSERS_PATH, user); pr_log_auth(PR_LOG_NOTICE, "USER %s (Login failed): User in " PR_FTPUSERS_PATH, pw->pw_name); errno = EPERM; return -1; } session.user = pstrdup(p, pw->pw_name); session.group = pstrdup(p, pr_auth_gid2name(p, pw->pw_gid)); session.login_uid = pw->pw_uid; session.login_gid = pw->pw_gid; } else { session.user = pstrdup(session.pool, user); /* XXX What should session.group, session.login_uid, session.login_gid * be? Kept as is? */ } if (session.gids == NULL && session.groups == NULL) { res = pr_auth_getgroups(p, session.user, &session.gids, &session.groups); if (res < 1 && errno != ENOENT) { (void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION, "no supplemental groups found for user '%s'", session.user); } } if (flags & PROXY_SESSION_FL_CHECK_LOGIN_ACL) { int login_acl; login_acl = login_check_limits(main_server->conf, FALSE, TRUE, &i); if (!login_acl) { pr_log_auth(PR_LOG_NOTICE, "USER %s (Login failed): Limit configuration " "denies login", user); return -1; } } /* XXX Will users want wtmp logging for a proxy login? */ session.wtmp_log = FALSE; c = find_config(main_server->conf, CONF_PARAM, "TransferLog", FALSE); if (c == NULL) { xferlog = PR_XFERLOG_PATH; } else { xferlog = c->argv[0]; } PRIVS_ROOT if (strncasecmp(xferlog, "none", 5) == 0) { xferlog_open(NULL); } else { xferlog_open(xferlog); } res = xerrno = 0; if (pw != NULL) { res = set_groups(p, pw->pw_gid, session.gids); xerrno = errno; } PRIVS_RELINQUISH if (res < 0) { pr_log_pri(PR_LOG_WARNING, "unable to set process groups: %s", strerror(xerrno)); } session.disable_id_switching = TRUE; session.proc_prefix = pstrdup(session.pool, session.c->remote_name); session.sf_flags = 0; pr_scoreboard_entry_update(session.pid, PR_SCORE_USER, session.user, PR_SCORE_CWD, pr_fs_getcwd(), NULL); if (session.group != NULL) { session.group = pstrdup(session.pool, session.group); } if (session.groups != NULL) { session.groups = copy_array_str(session.pool, session.groups); } proxy_sess_state |= PROXY_SESS_STATE_PROXY_AUTHENTICATED; pr_timer_remove(PR_TIMER_LOGIN, ANY_MODULE); return 0; }