/
0101-munged-security-socket.t
executable file
·225 lines (202 loc) · 7.4 KB
/
0101-munged-security-socket.t
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
#!/bin/sh
test_description='Check munged security of socket'
. "$(dirname "$0")/sharness.sh"
# Setup the environment for checking the socket.
# MUNGE_SOCKETDIR is redefined to add a sub-directory for testing changes to
# directory ownership and permissions. It is kept in TMPDIR since NFS can
# cause problems for the lockfile (the location of which is derived from the
# socket name),
##
test_expect_success 'setup' '
MUNGE_SOCKETDIR="${TMPDIR:-"/tmp"}/munge-$$/socketdir-$$" &&
munged_setup_env &&
munged_create_key
'
# Check the permissions on the socket dir.
##
test_expect_success 'socket dir perms' '
test "$(find "${MUNGE_SOCKETDIR}" -type d -perm 1777)" = \
"${MUNGE_SOCKETDIR}" &&
munged_start_daemon &&
munged_stop_daemon
'
# Check the file type and permissions on the socket.
# MUNGE_SOCKET must be examined while munged is running since the socket is
# removed when the daemon terminates.
# Testing TYPE and PERM after munged terminates allows the daemon to be stopped
# even if the tests fail.
##
test_expect_success 'socket type and perms' '
local TYPE PERM &&
munged_start_daemon &&
TYPE=$(find "${MUNGE_SOCKET}" -type s) &&
PERM=$(find "${MUNGE_SOCKET}" -perm 0777) &&
munged_stop_daemon &&
test "${TYPE}" = "${MUNGE_SOCKET}" &&
test "${PERM}" = "${MUNGE_SOCKET}"
'
# Check a socket dir that is owned by the EUID.
##
test_expect_success 'socket dir owned by euid' '
local DIR_UID MY_EUID &&
DIR_UID=$(ls -d -l -n "${MUNGE_SOCKETDIR}" | awk "{ print \$3 }") &&
MY_EUID=$(id -u) &&
test "${DIR_UID}" = "${MY_EUID}" &&
munged_start_daemon &&
munged_stop_daemon
'
# Create an alternate socket dir that can be chwon'd.
# This dir is placed in a subdir of TMPDIR since chowning something as root can
# fail if NFS is configured for squashed access.
##
test_expect_success SUDO 'alt socket dir setup' '
ALT_SOCKETDIR="${TMPDIR:-"/tmp"}/munge-$$/alt-socketdir-$$" &&
mkdir -m 1777 -p "${ALT_SOCKETDIR}" &&
ALT_SOCKET="${ALT_SOCKETDIR}/munged.sock.$$" &&
test_set_prereq ALT
'
# Check a socket dir that is owned by root.
##
test_expect_success ALT,SUDO 'socket dir owned by root' '
sudo chown root "${ALT_SOCKETDIR}" &&
munged_start_daemon --socket="${ALT_SOCKET}" &&
munged_stop_daemon --socket="${ALT_SOCKET}"
'
# Check for an error when the socket dir is not owned by the EUID or root.
##
test_expect_success ALT,SUDO 'socket dir owned by other failure' '
test "$(id -u)" != "1" &&
sudo chown 1 "${ALT_SOCKETDIR}" &&
test_must_fail munged_start_daemon --socket="${ALT_SOCKET}" &&
egrep "Error:.* Socket.* invalid ownership of \"${ALT_SOCKETDIR}\"" \
"${MUNGE_LOGFILE}"
'
# Check if the error can be overridden when the socket dir is not owned by the
# EUID or root.
##
test_expect_success ALT,SUDO 'socket dir owned by other override' '
test "$(id -u)" != "1" &&
sudo chown 1 "${ALT_SOCKETDIR}" &&
munged_start_daemon --socket="${ALT_SOCKET}" --force &&
munged_stop_daemon --socket="${ALT_SOCKET}" &&
egrep "Warning:.* Socket.* invalid ownership of \"${ALT_SOCKETDIR}\"" \
"${MUNGE_LOGFILE}"
'
# Cleanup the alternate socket dir.
##
test_expect_success ALT 'alt socket dir cleanup' '
rmdir "${ALT_SOCKETDIR}" &&
unset ALT_SOCKETDIR &&
unset ALT_SOCKET
'
# Check if the socket dir can be writable by group (without the sticky bit set)
# when a trusted group is specified that matches the directory's group.
##
test_expect_success 'socket dir writable by trusted group' '
local GID &&
GID=$(ls -d -l -n "${MUNGE_SOCKETDIR}" | awk "{ print \$4 }") &&
chmod 0771 "${MUNGE_SOCKETDIR}" &&
munged_start_daemon --trusted-group="${GID}" &&
munged_stop_daemon &&
chmod 1777 "${MUNGE_SOCKETDIR}"
'
# Check for an error when the socket dir is writable (without the sticky bit
# set) by a group that does not match the specified trusted group.
##
test_expect_success 'socket dir writable by untrusted group failure' '
local GID &&
GID=$(ls -d -l -n "${MUNGE_SOCKETDIR}" | awk "{ print \$4 }") &&
GID=$(( ${GID} + 1 )) &&
chmod 0771 "${MUNGE_SOCKETDIR}" &&
test_must_fail munged_start_daemon --trusted-group="${GID}" &&
chmod 1777 "${MUNGE_SOCKETDIR}"
'
# Check for an error when the socket dir is writable by group without the
# sticky bit set.
##
test_expect_success 'socket dir writable by group failure' '
chmod 0771 "${MUNGE_SOCKETDIR}" &&
test_must_fail munged_start_daemon &&
chmod 1777 "${MUNGE_SOCKETDIR}" &&
egrep "Error:.* group-writable permissions without sticky bit set" \
"${MUNGE_LOGFILE}"
'
# Check if the error can be overridden when the socket dir is writable by group
# without the sticky bit set.
##
test_expect_success 'socket dir writable by group override' '
chmod 0771 "${MUNGE_SOCKETDIR}" &&
munged_start_daemon --force &&
munged_stop_daemon &&
chmod 1777 "${MUNGE_SOCKETDIR}" &&
egrep "Warning:.* group-writable permissions without sticky bit set" \
"${MUNGE_LOGFILE}"
'
# Check if the socket dir can be writable by group with the sticky bit set.
##
test_expect_success 'socket dir writable by group with sticky bit' '
chmod 1771 "${MUNGE_SOCKETDIR}" &&
munged_start_daemon &&
munged_stop_daemon &&
chmod 1777 "${MUNGE_SOCKETDIR}"
'
# Check for an error when the socket dir is writable by other without the
# sticky bit set.
##
test_expect_success 'socket dir writable by other failure' '
chmod 0717 "${MUNGE_SOCKETDIR}" &&
test_must_fail munged_start_daemon &&
chmod 1777 "${MUNGE_SOCKETDIR}" &&
egrep "Error:.* world-writable permissions without sticky bit set" \
"${MUNGE_LOGFILE}"
'
# Check if the error can be overridden when the socket dir is writable by other
# without the sticky bit set.
##
test_expect_success 'socket dir writable by other override' '
chmod 0717 "${MUNGE_SOCKETDIR}" &&
munged_start_daemon --force &&
munged_stop_daemon &&
chmod 1777 "${MUNGE_SOCKETDIR}" &&
egrep "Warning:.* world-writable permissions without sticky bit set" \
"${MUNGE_LOGFILE}"
'
# Check if the socket dir can be writable by other with the sticky bit set.
##
test_expect_success 'socket dir writable by other with sticky bit' '
chmod 1717 "${MUNGE_SOCKETDIR}" &&
munged_start_daemon &&
munged_stop_daemon &&
chmod 1777 "${MUNGE_SOCKETDIR}"
'
# Check for an error when the socket dir does not have execute permissions
# for all.
##
test_expect_success 'socket dir inaccessible by all failure' '
chmod 0700 "${MUNGE_SOCKETDIR}" &&
test_must_fail munged_start_daemon &&
chmod 1777 "${MUNGE_SOCKETDIR}" &&
egrep "Error:.* Socket is inaccessible.* \"${MUNGE_SOCKETDIR}\"" \
"${MUNGE_LOGFILE}"
'
#
# Check if the error can be overridden when the socket dir does not have
# execute permissions for all.
##
test_expect_success 'socket dir inaccessible by all override' '
chmod 0700 "${MUNGE_SOCKETDIR}" &&
munged_start_daemon --force &&
munged_stop_daemon &&
chmod 1777 "${MUNGE_SOCKETDIR}" &&
egrep "Warning:.* Socket is inaccessible.* \"${MUNGE_SOCKETDIR}\"" \
"${MUNGE_LOGFILE}"
'
# Clean up detritus from testing. This may include an errant munged process
# that has not terminated.
##
test_expect_success 'cleanup' '
rmdir "${MUNGE_SOCKETDIR}" &&
if rmdir "$(dirname "${MUNGE_SOCKETDIR}")" 2>/dev/null; then :; fi &&
munged_cleanup
'
test_done