Merge branch 'trac3056'

92ebabdb · Mukund Sivaraman · 15471a94 · d7c133c2 · 92ebabdb · 92ebabdb
Commit 92ebabdb authored Jul 19, 2013 by Mukund Sivaraman
6 changed files
--- a/src/bin/auth/tests/datasrc_clients_builder_unittest.cc
+++ b/src/bin/auth/tests/datasrc_clients_builder_unittest.cc
@@ -528,6 +528,13 @@ TEST_F(DataSrcClientsBuilderTest, loadBrokenZone) {
 }

 TEST_F(DataSrcClientsBuilderTest, loadUnreadableZone) {
+    // If the test is run as the root user, it will fail as insufficient
+    // permissions will not stop the root user from using a file.
+    if (getuid() == 0) {
+        std::cerr << "Skipping test as it's run as the root user" << std::endl;
+        return;
+    }
+
    configureZones();

    // install the zone file as unreadable

--- a/src/bin/cmdctl/tests/b10-certgen_test.py
+++ b/src/bin/cmdctl/tests/b10-certgen_test.py
@@ -200,6 +200,8 @@ class TestCertGenTool(unittest.TestCase):
        # No such file
        self.run_check(105, None, None, [self.TOOL, '-c', 'foo'])

+    @unittest.skipIf(os.getuid() == 0,
+                     'test cannot be run as root user')
    def test_permissions(self):
        """
        Test some combinations of correct and bad permissions.

--- a/src/bin/cmdctl/tests/cmdctl_test.py
+++ b/src/bin/cmdctl/tests/cmdctl_test.py
@@ -680,11 +680,15 @@ class TestSecureHTTPServer(unittest.TestCase):
        # Just some file that we know exists
        file_name = BUILD_FILE_PATH + 'cmdctl-keyfile.pem'
        check_file(file_name)
-        with UnreadableFile(file_name):
-            self.assertRaises(CmdctlException, check_file, file_name)
        self.assertRaises(CmdctlException, check_file, '/local/not-exist')
        self.assertRaises(CmdctlException, check_file, '/')

+    @unittest.skipIf(os.getuid() == 0,
+                     'test cannot be run as root user')
+    def test_check_file_for_unreadable(self):
+        file_name = BUILD_FILE_PATH + 'cmdctl-keyfile.pem'
+        with UnreadableFile(file_name):
+            self.assertRaises(CmdctlException, check_file, file_name)

    def test_check_key_and_cert(self):
        keyfile = BUILD_FILE_PATH + 'cmdctl-keyfile.pem'
@@ -702,6 +706,15 @@ class TestSecureHTTPServer(unittest.TestCase):
        self.assertRaises(CmdctlException, self.server._check_key_and_cert,
                         '/', certfile)

+        # All OK (also happens to check the context code above works)
+        self.server._check_key_and_cert(keyfile, certfile)
+
+    @unittest.skipIf(os.getuid() == 0,
+                     'test cannot be run as root user')
+    def test_check_key_and_cert_for_unreadable(self):
+        keyfile = BUILD_FILE_PATH + 'cmdctl-keyfile.pem'
+        certfile = BUILD_FILE_PATH + 'cmdctl-certfile.pem'
+
        # no read permission
        with UnreadableFile(certfile):
            self.assertRaises(CmdctlException,
@@ -713,9 +726,6 @@ class TestSecureHTTPServer(unittest.TestCase):
                              self.server._check_key_and_cert,
                              keyfile, certfile)

-        # All OK (also happens to check the context code above works)
-        self.server._check_key_and_cert(keyfile, certfile)
-
    def test_wrap_sock_in_ssl_context(self):
        sock = socket.socket()


--- a/src/bin/memmgr/tests/memmgr_test.py
+++ b/src/bin/memmgr/tests/memmgr_test.py
@@ -137,9 +137,24 @@ class TestMemmgr(unittest.TestCase):
        self.assertEqual(1, answer[0])
        self.assertIsNotNone(re.search('not a directory', answer[1]))

-        # Bad update: directory exists but is not readable.
-        os.mkdir(self.__test_mapped_file_dir, 0o500) # drop writable bit
+    @unittest.skipIf(os.getuid() == 0,
+                     'test cannot be run as root user')
+    def test_configure_bad_permissions(self):
+        self.__mgr._setup_ccsession()
+
+        # Pretend specified directories exist and writable
+        os.path.isdir = lambda x: True
+        os.access = lambda x, y: True
+
+        # Initial configuration.
+        self.assertEqual((0, None),
+                         parse_answer(self.__mgr._config_handler({})))
+
+        os.path.isdir = self.__orig_isdir
        os.access = self.__orig_os_access
+
+        # Bad update: directory exists but is not writable.
+        os.mkdir(self.__test_mapped_file_dir, 0o500) # drop writable bit
        user_cfg = {'mapped_file_dir': self.__test_mapped_file_dir}
        answer = parse_answer(self.__mgr._config_handler(user_cfg))
        self.assertEqual(1, answer[0])

--- a/src/bin/usermgr/tests/b10-cmdctl-usermgr_test.py
+++ b/src/bin/usermgr/tests/b10-cmdctl-usermgr_test.py
@@ -399,6 +399,19 @@ Options:
                         'add', 'user1', 'pass1'
                       ])

+    @unittest.skipIf(os.getuid() == 0,
+                     'test cannot be run as root user')
+    def test_bad_file_permissions(self):
+        """
+        Check for graceful handling of bad file argument
+        """
+        # Create the test file
+        self.run_check(0, None, None,
+                       [ self.TOOL,
+                         '-f', self.OUTPUT_FILE,
+                         'add', 'user1', 'pass1'
+                       ])
+
        # Make it non-writable (don't worry about cleanup, the
        # file should be deleted after each test anyway
        os.chmod(self.OUTPUT_FILE, stat.S_IRUSR)

--- a/src/lib/util/tests/memory_segment_mapped_unittest.cc
+++ b/src/lib/util/tests/memory_segment_mapped_unittest.cc
@@ -237,6 +237,15 @@ TEST_F(MemorySegmentMappedTest, allocate) {
 }

 TEST_F(MemorySegmentMappedTest, badAllocate) {
+    // If the test is run as the root user, the following allocate()
+    // call will result in a successful MemorySegmentGrown exception,
+    // instead of an abort (due to insufficient permissions during
+    // reopen).
+    if (getuid() == 0) {
+        std::cerr << "Skipping test as it's run as the root user" << std::endl;
+        return;
+    }
+
    // Make the mapped file non-writable; managed_mapped_file::grow() will
    // fail, resulting in abort.
    const int ret = chmod(mapped_file, 0444);