lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-09 15:41:10 +03:00
Code Activity

tests: Introduce chown wrapper to avoid OpenSSH touching PTY ownership

Browse Source 
The OpenSSH as part of the new test torture_request_pty_modes attempts to chown
the pty to the faked user, which is obviously not permitted when the test does
not run as a root. But since all the permissions for SSH are faked, just
ignoring these requests should be safe enough giving expected results.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2024-03-07 13:51:27 +01:00
parent 9ee8d8cd20
commit 6a03f6cefe
2 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/CMakeLists.txt
View File

@@ -234,6 +234,16 @@ if (CLIENT_TESTING OR SERVER_TESTING)
set(CHROOT_WRAPPER "${CHROOT_WRAPPER_LIBRARY}") set(CHROOT_WRAPPER "${CHROOT_WRAPPER_LIBRARY}")
endif() endif()
# chown wrapper
add_library(chown_wrapper SHARED chown_wrapper.c)
set(CHOWN_WRAPPER_LIBRARY
${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}chown_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX})
set(TEST_TARGET_LIBRARIES
${TEST_TARGET_LIBRARIES}
chown_wrapper
)
set(CHOWN_WRAPPER "${CHOWN_WRAPPER_LIBRARY}")
# ssh_ping # ssh_ping
add_executable(ssh_ping ssh_ping.c) add_executable(ssh_ping ssh_ping.c)
target_compile_options(ssh_ping PRIVATE ${DEFAULT_C_COMPILE_FLAGS}) target_compile_options(ssh_ping PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
@@ -253,7 +263,8 @@ if (CLIENT_TESTING OR SERVER_TESTING)
configure_file(etc/pam.d/sshd.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d/sshd @ONLY) configure_file(etc/pam.d/sshd.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d/sshd @ONLY)
set(TORTURE_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}") set(TORTURE_ENVIRONMENT
"LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}:${CHOWN_WRAPPER}")
if (priv_wrapper_FOUND) if (priv_wrapper_FOUND)
list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER=1 PRIV_WRAPPER_CHROOT_DISABLE=1) list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER=1 PRIV_WRAPPER_CHROOT_DISABLE=1)
list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER_PRCTL_DISABLE="ALL" PRIV_WRAPPER_SETRLIMIT_DISABLE="ALL") list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER_PRCTL_DISABLE="ALL" PRIV_WRAPPER_SETRLIMIT_DISABLE="ALL")

21
tests/chown_wrapper.c Normal file
View File

@@ -0,0 +1,21 @@
#define _GNU_SOURCE
#include <unistd.h>
#include <string.h>
#include <dlfcn.h>
typedef int (*__libc_chown)(const char *pathname, uid_t owner, gid_t group);
/* silent gcc */
int chown(const char *pathname, uid_t owner, gid_t group);
int chown(const char *pathname, uid_t owner, gid_t group)
{
__libc_chown original_chown;
if (strlen(pathname) > 7 && strncmp(pathname, "/dev/pt", 7) == 0) {
/* fake it! */
return 0;
}
original_chown = (__libc_chown)dlsym(RTLD_NEXT, "chown");
return (*original_chown)(pathname, owner, group);
}