1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
package root_test
import (
"os"
"runtime"
"syscall"
"testing"
"github.com/rfjakob/gocryptfs/tests/test_helpers"
)
func asUser(uid int, gid int, supplementaryGroups []int, f func() error) error {
runtime.LockOSThread()
defer runtime.UnlockOSThread()
err := syscall.Setgroups(supplementaryGroups)
if err != nil {
return err
}
defer syscall.Setgroups(nil)
err = syscall.Setregid(-1, gid)
if err != nil {
return err
}
defer syscall.Setregid(-1, 0)
err = syscall.Setreuid(-1, uid)
if err != nil {
return err
}
defer syscall.Setreuid(-1, 0)
return f()
}
func TestSupplementaryGroups(t *testing.T) {
if os.Getuid() != 0 {
t.Skip("must run as root")
}
cDir := test_helpers.InitFS(t)
os.Chmod(cDir, 0755)
pDir := cDir + ".mnt"
test_helpers.MountOrFatal(t, cDir, pDir, "-allow_other", "-extpass=echo test")
defer test_helpers.UnmountPanic(pDir)
// We need an unrestricted umask
syscall.Umask(0000)
dir1 := pDir + "/dir1"
err := os.Mkdir(dir1, 0770)
if err != nil {
t.Fatal(err)
}
err = os.Chown(dir1, 0, 1234)
if err != nil {
t.Fatal(err)
}
err = asUser(1235, 1235, []int{1234}, func() error { return os.Mkdir(dir1+"/dir2", 0700) })
if err != nil {
t.Error(err)
}
err = asUser(1235, 1235, []int{1234}, func() error {
f, err := os.Create(dir1 + "/file1")
if err == nil {
f.Close()
}
return err
})
if err != nil {
t.Error(err)
}
}
|