Verifying that named switches UID

This test runs only under root, which is required for the user-switch
`-u` option to work.

Closes #537.

diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common
index f2bafa76ce2967e3595a12a406cb28cf4988f1a3..c12b8317e63d6d2f1bd0cc57f1fc247123de853f 100644 (file)
--- a/bin/tests/system/conf.sh.common
+++ b/bin/tests/system/conf.sh.common
@@ -562,5 +562,6 @@ export RRCHECKER
 export SAMPLEUPDATE
 export SIGNER
 export SUBDIRS
+export TMPDIR
 export TSIGKEYGEN
 export WIRETEST

diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 4cdad2a4703ec1e863074c36628cb9f75b66af20..0d83fdfb9c98888f43cfe6c0263ef9655b615624 100644 (file)
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -17,6 +17,9 @@
 # Find the top of the BIND9 tree.
 TOP=@abs_top_builddir@
 
+# Provide TMPDIR variable for tests that need it.
+TMPDIR=${TMPDIR:-/tmp}
+
 # This is not the windows build.
 CYGWIN=""
 

diff --git a/bin/tests/system/runtime/clean.sh b/bin/tests/system/runtime/clean.sh
index 705e88e0051195f010c6d6db7912739f04741da5..961857a4c0eb45625a1a0c8a18eccc3d627d706d 100644 (file)
--- a/bin/tests/system/runtime/clean.sh
+++ b/bin/tests/system/runtime/clean.sh
@@ -17,6 +17,7 @@ rm -f *.pid
 rm -f rndc.out*
 [ -d ns2/nope ] && chmod 755 ns2/nope
 rm -rf ns2/nope
+rm -rf ns2/tmp.*
 rm -f ns*/managed-keys.bind*
 rm -rf "ns2/`cat ctrl-char-dir-name`"
 rm -rf "ns2/$;"

diff --git a/bin/tests/system/runtime/ns2/named-alt9.conf.in b/bin/tests/system/runtime/ns2/named-alt9.conf.in
new file mode 100644 (file)
index 0000000..7a5cb24
--- /dev/null
+++ b/bin/tests/system/runtime/ns2/named-alt9.conf.in
@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+       port @PORT@;
+       pid-file "named9.pid";
+       listen-on { 127.0.0.1; };
+       listen-on-v6 { none; };
+       recursion no;
+};

diff --git a/bin/tests/system/runtime/tests.sh b/bin/tests/system/runtime/tests.sh
index 31fe17cad5ff21b8506764f0ac9c7ddea588247c..b56ea4cab78972a9f24176b053581a6d718c75d3 100644 (file)
--- a/bin/tests/system/runtime/tests.sh
+++ b/bin/tests/system/runtime/tests.sh
@@ -1,3 +1,5 @@
+#!/bin/sh
+#
 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
@@ -159,5 +161,31 @@ cd ..
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo_i "verifying that named switches UID ($n)"
+if [ "`id -u`" = 0 ] && [ ! "$CYGWIN" ]; then
+    ret=0
+    TEMP_NAMED_DIR=`mktemp -d`
+    if [ -d "${TEMP_NAMED_DIR}" ]; then
+        copy_setports ns2/named-alt9.conf.in "${TEMP_NAMED_DIR}/named-alt9.conf"
+        chown -R nobody "${TEMP_NAMED_DIR}"
+        chmod 0700 "${TEMP_NAMED_DIR}"
+        ( cd "${TEMP_NAMED_DIR}" && $NAMED -u nobody -c named-alt9.conf -d 99 -g -U 4 >> named9.run 2>&1 & )
+        sleep 2
+        [ -s "${TEMP_NAMED_DIR}/named9.pid" ] || ret=1
+        grep "loading configuration: permission denied" "${TEMP_NAMED_DIR}/named9.run" > /dev/null && ret=1
+        pid=`cat "${TEMP_NAMED_DIR}/named9.pid" 2>/dev/null`
+        test "${pid:+set}" = set && $KILL -15 "${pid}" >/dev/null 2>&1
+        mv "${TEMP_NAMED_DIR}" ns2/
+    else
+        echo_i "mktemp failed"
+        ret=1
+    fi
+    if [ $ret != 0 ]; then echo_i "failed"; fi
+    status=`expr $status + $ret`
+else
+    echo_i "skipped, not running as root or running on Windows"
+fi
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1