Skip to content

Commit d234a27

Browse files
yosuke-wolfsslejohnstown
authored andcommitted
Add unit tests for wolfSSHD_AuthReducePermissionsUser
1 parent fd33457 commit d234a27

3 files changed

Lines changed: 132 additions & 0 deletions

File tree

apps/wolfsshd/auth.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,11 @@
7979
#define HAVE_SHADOW
8080
#endif
8181

82+
#if defined(WOLFSSHD_UNIT_TEST) && !defined(_WIN32)
83+
int (*wsshd_setregid_cb)(WGID_T, WGID_T) = setregid;
84+
int (*wsshd_setreuid_cb)(WUID_T, WUID_T) = setreuid;
85+
#endif
86+
8287
struct WOLFSSHD_AUTH {
8388
CallbackCheckUser checkUserCb;
8489
CallbackCheckPassword checkPasswordCb;
@@ -1543,12 +1548,20 @@ int wolfSSHD_AuthReducePermissionsUser(WOLFSSHD_AUTH* auth, WUID_T uid,
15431548
WGID_T gid)
15441549
{
15451550
#ifndef WIN32
1551+
#ifdef WOLFSSHD_UNIT_TEST
1552+
if (wsshd_setregid_cb(gid, gid) != 0) {
1553+
#else
15461554
if (setregid(gid, gid) != 0) {
1555+
#endif
15471556
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting user gid");
15481557
return WS_FATAL_ERROR;
15491558
}
15501559

1560+
#ifdef WOLFSSHD_UNIT_TEST
1561+
if (wsshd_setreuid_cb(uid, uid) != 0) {
1562+
#else
15511563
if (setreuid(uid, uid) != 0) {
1564+
#endif
15521565
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting user uid");
15531566
return WS_FATAL_ERROR;
15541567
}

apps/wolfsshd/auth.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,10 @@ int wolfSSHD_GetHomeDirectory(WOLFSSHD_AUTH* auth, WOLFSSH* ssh, WCHAR* out, int
8080
#endif
8181

8282
#ifdef WOLFSSHD_UNIT_TEST
83+
#ifndef _WIN32
84+
extern int (*wsshd_setregid_cb)(WGID_T, WGID_T);
85+
extern int (*wsshd_setreuid_cb)(WUID_T, WUID_T);
86+
#endif
8387
#if defined(WOLFSSH_HAVE_LIBCRYPT) || defined(WOLFSSH_HAVE_LIBLOGIN)
8488
int CheckPasswordHashUnix(const char* input, char* stored);
8589
#endif

apps/wolfsshd/test/test_configuration.c

Lines changed: 115 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -593,6 +593,116 @@ static int test_CheckAuthKeysLine(void)
593593
}
594594
#endif /* WOLFSSL_BASE64_ENCODE */
595595

596+
#ifndef _WIN32
597+
static WGID_T s_setregid_arg0, s_setregid_arg1;
598+
static WUID_T s_setreuid_arg0, s_setreuid_arg1;
599+
static int s_setregid_ret;
600+
static int s_setreuid_ret;
601+
static int s_setregid_called;
602+
static int s_setreuid_called;
603+
604+
static int stub_setregid(WGID_T rgid, WGID_T egid)
605+
{
606+
s_setregid_called = 1;
607+
s_setregid_arg0 = rgid;
608+
s_setregid_arg1 = egid;
609+
return s_setregid_ret;
610+
}
611+
612+
static int stub_setreuid(WUID_T ruid, WUID_T euid)
613+
{
614+
s_setreuid_called = 1;
615+
s_setreuid_arg0 = ruid;
616+
s_setreuid_arg1 = euid;
617+
return s_setreuid_ret;
618+
}
619+
620+
static void InstallPrivDropStubs(int regidRet, int reuidRet,
621+
int (**savedRegid)(WGID_T, WGID_T),
622+
int (**savedReuid)(WUID_T, WUID_T))
623+
{
624+
*savedRegid = wsshd_setregid_cb;
625+
*savedReuid = wsshd_setreuid_cb;
626+
wsshd_setregid_cb = stub_setregid;
627+
wsshd_setreuid_cb = stub_setreuid;
628+
s_setregid_ret = regidRet;
629+
s_setreuid_ret = reuidRet;
630+
s_setregid_called = 0;
631+
s_setreuid_called = 0;
632+
s_setregid_arg0 = s_setregid_arg1 = 0;
633+
s_setreuid_arg0 = s_setreuid_arg1 = 0;
634+
}
635+
636+
static int test_AuthReducePermissionsUser_ok(void)
637+
{
638+
int ret = WS_SUCCESS;
639+
WUID_T testUid = 1001;
640+
WGID_T testGid = 1002;
641+
int (*savedRegid)(WGID_T, WGID_T);
642+
int (*savedReuid)(WUID_T, WUID_T);
643+
644+
InstallPrivDropStubs(0, 0, &savedRegid, &savedReuid);
645+
646+
if (wolfSSHD_AuthReducePermissionsUser(NULL, testUid, testGid)
647+
!= WS_SUCCESS)
648+
ret = WS_FATAL_ERROR;
649+
if (ret == WS_SUCCESS && !s_setregid_called)
650+
ret = WS_FATAL_ERROR;
651+
if (ret == WS_SUCCESS
652+
&& (s_setregid_arg0 != testGid || s_setregid_arg1 != testGid))
653+
ret = WS_FATAL_ERROR;
654+
if (ret == WS_SUCCESS && !s_setreuid_called)
655+
ret = WS_FATAL_ERROR;
656+
if (ret == WS_SUCCESS
657+
&& (s_setreuid_arg0 != testUid || s_setreuid_arg1 != testUid))
658+
ret = WS_FATAL_ERROR;
659+
660+
wsshd_setregid_cb = savedRegid;
661+
wsshd_setreuid_cb = savedReuid;
662+
return ret;
663+
}
664+
665+
static int test_AuthReducePermissionsUser_gid_fail(void)
666+
{
667+
int ret = WS_SUCCESS;
668+
int (*savedRegid)(WGID_T, WGID_T);
669+
int (*savedReuid)(WUID_T, WUID_T);
670+
671+
InstallPrivDropStubs(-1, 0, &savedRegid, &savedReuid);
672+
673+
if (wolfSSHD_AuthReducePermissionsUser(NULL, 1001, 1002)
674+
!= WS_FATAL_ERROR)
675+
ret = WS_FATAL_ERROR;
676+
if (ret == WS_SUCCESS && !s_setregid_called)
677+
ret = WS_FATAL_ERROR;
678+
if (ret == WS_SUCCESS && s_setreuid_called)
679+
ret = WS_FATAL_ERROR;
680+
681+
wsshd_setregid_cb = savedRegid;
682+
wsshd_setreuid_cb = savedReuid;
683+
return ret;
684+
}
685+
686+
static int test_AuthReducePermissionsUser_uid_fail(void)
687+
{
688+
int ret = WS_SUCCESS;
689+
int (*savedRegid)(WGID_T, WGID_T);
690+
int (*savedReuid)(WUID_T, WUID_T);
691+
692+
InstallPrivDropStubs(0, -1, &savedRegid, &savedReuid);
693+
694+
if (wolfSSHD_AuthReducePermissionsUser(NULL, 1001, 1002)
695+
!= WS_FATAL_ERROR)
696+
ret = WS_FATAL_ERROR;
697+
if (ret == WS_SUCCESS && !s_setreuid_called)
698+
ret = WS_FATAL_ERROR;
699+
700+
wsshd_setregid_cb = savedRegid;
701+
wsshd_setreuid_cb = savedReuid;
702+
return ret;
703+
}
704+
#endif /* !_WIN32 */
705+
596706
const TEST_CASE testCases[] = {
597707
TEST_DECL(test_ConfigDefaults),
598708
TEST_DECL(test_ParseConfigLine),
@@ -601,6 +711,11 @@ const TEST_CASE testCases[] = {
601711
#ifdef WOLFSSL_BASE64_ENCODE
602712
TEST_DECL(test_CheckAuthKeysLine),
603713
#endif
714+
#ifndef _WIN32
715+
TEST_DECL(test_AuthReducePermissionsUser_ok),
716+
TEST_DECL(test_AuthReducePermissionsUser_gid_fail),
717+
TEST_DECL(test_AuthReducePermissionsUser_uid_fail),
718+
#endif
604719
#if defined(WOLFSSH_HAVE_LIBCRYPT) || defined(WOLFSSH_HAVE_LIBLOGIN)
605720
TEST_DECL(test_CheckPasswordHashUnix),
606721
#endif

0 commit comments

Comments
 (0)