[prev in list] [next in list] [prev in thread] [next in thread]
List: proftpd-committers
Subject: [ProFTPD-committers] proftpd/tests/t/lib/ProFTPD/Tests/Modules mod_ban.pm, 1.17, 1.18
From: TJ Saunders <castaglia () users ! sourceforge ! net>
Date: 2014-02-23 17:10:35
Message-ID: E1WHcZY-0006lo-8D () sfs-ml-3 ! v29 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Update of /cvsroot/proftp/proftpd/tests/t/lib/ProFTPD/Tests/Modules
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv9717/tests/t/lib/ProFTPD/Tests/Modules
Modified Files:
mod_ban.pm
Log Message:
Make it possible to ban clients which attempt to login as root.
Index: mod_ban.pm
===================================================================
RCS file: /cvsroot/proftp/proftpd/tests/t/lib/ProFTPD/Tests/Modules/mod_ban.pm,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- mod_ban.pm 1 Mar 2013 19:43:37 -0000 1.17
+++ mod_ban.pm 23 Feb 2014 17:10:33 -0000 1.18
@@ -71,6 +71,11 @@
test_class => [qw(forking mod_tls)],
},
+ ban_on_event_rootlogin => {
+ order => ++$order,
+ test_class => [qw(forking)],
+ },
+
};
sub new {
@@ -1982,4 +1987,185 @@
unlink($log_file);
}
+sub ban_on_event_rootlogin {
+ my $self = shift;
+ my $tmpdir = $self->{tmpdir};
+
+ my $config_file = "$tmpdir/ban.conf";
+ my $pid_file = File::Spec->rel2abs("$tmpdir/ban.pid");
+ my $scoreboard_file = File::Spec->rel2abs("$tmpdir/ban.scoreboard");
+
+ my $log_file = test_get_logfile();
+
+ my $ban_tab = File::Spec->rel2abs("$tmpdir/ban.tab");
+
+ my $auth_user_file = File::Spec->rel2abs("$tmpdir/ban.passwd");
+ my $auth_group_file = File::Spec->rel2abs("$tmpdir/ban.group");
+
+ my $user = 'proftpd';
+ my $passwd = 'test';
+ my $group = 'ftpd';
+ my $home_dir = File::Spec->rel2abs($tmpdir);
+ my $uid = 500;
+ my $gid = 500;
+
+ my $root_user = 'root';
+ my $root_passwd = 'root';
+ my $root_group = 'ftpd';
+ my $root_home_dir = File::Spec->rel2abs($tmpdir);
+ my $root_uid = 0;
+ my $root_gid = 0;
+
+ # Make sure that, if we're running as root, that the home directory has
+ # permissions/privs set for the account we create
+ if ($< == 0) {
+ unless (chmod(0755, $home_dir)) {
+ die("Can't set perms on $home_dir to 0755: $!");
+ }
+
+ unless (chown($uid, $gid, $home_dir)) {
+ die("Can't set owner of $home_dir to $uid/$gid: $!");
+ }
+ }
+
+ auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir,
+ '/bin/bash');
+ auth_group_write($auth_group_file, $group, $gid, $user);
+
+ auth_user_write($auth_user_file, $root_user, $root_passwd, $root_uid,
+ $root_gid, $root_home_dir, '/bin/bash');
+ auth_group_write($auth_group_file, $root_group, $root_gid, $root_user);
+
+ my $config = {
+ PidFile => $pid_file,
+ ScoreboardFile => $scoreboard_file,
+ SystemLog => $log_file,
+ TraceLog => $log_file,
+ Trace => 'event:10',
+
+ AuthUserFile => $auth_user_file,
+ AuthGroupFile => $auth_group_file,
+ RootLogin => 'off',
+
+ IfModules => {
+ 'mod_ban.c' => {
+ BanEngine => 'on',
+ BanLog => $log_file,
+
+ # This says to ban a client which requests a root login more than twice
+ # in the last 1 minute will be banned for 5 secs
+ BanOnEvent => 'RootLogin 2/00:01:00 00:00:05',
+
+ BanTable => $ban_tab,
+ },
+
+ 'mod_delay.c' => {
+ DelayEngine => 'off',
+ },
+ },
+ };
+
+ my ($port, $config_user, $config_group) = config_write($config_file, $config);
+
+ # Open pipes, for use between the parent and child processes. Specifically,
+ # the child will indicate when it's done with its test by writing a message
+ # to the parent.
+ my ($rfh, $wfh);
+ unless (pipe($rfh, $wfh)) {
+ die("Can't open pipe: $!");
+ }
+
+ require Net::FTPSSL;
+
+ my $ex;
+
+ # Fork child
+ $self->handle_sigchld();
+ defined(my $pid = fork()) or die("Can't fork: $!");
+ if ($pid) {
+ eval {
+ # Give server time to start up
+ sleep(2);
+
+ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
+ eval { $client->login($root_user, $root_passwd) };
+ unless ($@) {
+ die("Login succeeded unexpectedly");
+ }
+
+ my $resp_code = $client->response_code();
+ my $resp_msg = $client->response_msg();
+
+ my $expected;
+
+ $expected = 530;
+ $self->assert($expected == $resp_code,
+ test_msg("Expected response code $expected, got $resp_code"));
+
+ $expected = "Login incorrect.";
+ $self->assert($expected eq $resp_msg,
+ test_msg("Expected response message '$expected', got '$resp_msg'"));
+ $client->quit();
+
+ $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
+ $client->user($root_user);
+ eval { $client->pass($root_passwd) };
+ unless ($@) {
+ die("PASS succeeded unexpectedly");
+ }
+
+ $resp_code = $client->response_code();
+ $resp_msg = $client->response_msg();
+
+ $expected = 000;
+ $self->assert($expected == $resp_code,
+ test_msg("Expected response code $expected, got $resp_code"));
+
+ # Now try again with the correct info; we should be banned. Note
+ # that we have to create a separate connection for this.
+ eval { $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port,
+ undef, 0) };
+ unless ($@) {
+ die("Connect succeeded unexpectedly");
+ }
+
+ my $conn_ex = ProFTPD::TestSuite::FTP::get_connect_exception();
+
+ $expected = "";
+ $self->assert($expected eq $conn_ex,
+ test_msg("Expected '$expected', got '$conn_ex'"));
+ };
+
+ if ($@) {
+ $ex = $@;
+ }
+
+ $wfh->print("done\n");
+ $wfh->flush();
+
+ } else {
+ eval { server_wait($config_file, $rfh) };
+ if ($@) {
+ warn($@);
+ exit 1;
+ }
+
+ exit 0;
+ }
+
+ # Stop server
+ server_stop($pid_file);
+
+ $self->assert_child_ok($pid);
+
+ if ($ex) {
+ test_append_logfile($log_file, $ex);
+ unlink($log_file);
+
+ die($ex);
+ }
+
+ unlink($log_file);
+}
+
1;
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Committers Mailing List
proftpd-committers@proftpd.org
https://lists.sourceforge.net/lists/listinfo/proftp-committers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic