commit 41fda6f0f9b9dd737c3e67642f92562b4fac35f7 from: Stefan Sperling date: Tue Jul 22 10:51:54 2025 UTC fix gotsysd behaviour when the anonymous user is removed from gotsys.conf The gotsys-useradd process would run into a bogus error regarding an invalid user name "anonymous" instead of locking the anonymous user account as expected. Add test coverage. commit - 4b6c492110655391bfc6554d0b4968e305ef4b55 commit + 41fda6f0f9b9dd737c3e67642f92562b4fac35f7 blob - 8c2238b281ee524d944079247a1c70606b88362f blob + c7dbe6c154af86c95cb78fd351ade423c0e54aef --- gotsysd/libexec/gotsys-useradd/gotsys-useradd.c +++ gotsysd/libexec/gotsys-useradd/gotsys-useradd.c @@ -440,9 +440,12 @@ add_users(void) if (user != NULL) continue; /* will go on existing_users list */ - err = gotsys_conf_validate_name(pw->pw_name, "user"); - if (err) - goto done; + if (strcmp(pw->pw_name, "anonymous") != 0) { + err = gotsys_conf_validate_name(pw->pw_name, "user"); + if (err) { + goto done; + } + } err = gotsys_conf_new_user(&user, pw->pw_name); if (err) blob - 5bd0e83515bd1d7c8a3a6c47b024bb737e84d76d blob + a26ccdab2420b379ec584c361b270ed32e8b1b2a --- regress/gotsysd/test_gotsysd.sh +++ regress/gotsysd/test_gotsysd.sh @@ -1097,10 +1097,105 @@ EOF ret=$? if [ $ret -ne 0 ]; then echo "got clone failed unexpectedly" >&2 + test_done "$testroot" 1 + return 1 + fi + + test_done "$testroot" "$ret" +} + +test_user_anonymous_remove() { + local testroot=`test_init user_anonymous_remove 1` + + got checkout -q $testroot/${GOTSYS_REPO} $testroot/wt >/dev/null + ret=$? + if [ $ret -ne 0 ]; then + echo "got checkout failed unexpectedly" >&2 + test_done "$testroot" 1 + return 1 + fi + + crypted_vm_pw=`echo ${GOTSYSD_VM_PASSWORD} | encrypt | tr -d '\n'` + crypted_pw=`echo ${GOTSYSD_DEV_PASSWORD} | encrypt | tr -d '\n'` + sshkey=`cat ${GOTSYSD_SSH_PUBKEY}` + cat > ${testroot}/wt/gotsys.conf </dev/null) + local commit_id=`git_show_head $testroot/${GOTSYS_REPO}` + + got send -q -i ${GOTSYSD_SSH_KEY} -r ${testroot}/${GOTSYS_REPO} + ret=$? + if [ $ret -ne 0 ]; then + echo "got send failed unexpectedly" >&2 + test_done "$testroot" 1 + return 1 + fi + + # Wait for gotsysd to apply the new configuration. + echo "$commit_id" > $testroot/stdout.expected + for i in 1 2 3 4 5; do + sleep 1 + ssh -i ${GOTSYSD_SSH_KEY} root@${VMIP} \ + cat /var/db/gotsysd/commit > $testroot/stdout + if cmp -s $testroot/stdout.expected $testroot/stdout; then + break; + fi + done + cmp -s $testroot/stdout.expected $testroot/stdout + ret=$? + if [ $ret -ne 0 ]; then + echo "gotsysd failed to apply configuration" >&2 + diff -u $testroot/stdout.expected $testroot/stdout + test_done "$testroot" "$ret" + return 1 + fi + + # Repository foo should no longer be readable anonymously. + env SSH_ASKPASS="/usr/bin/true" SSH_ASKPASS_REQUIRE=force \ + got clone anonymous@${VMIP}:foo.git \ + $testroot/foo-anonclone.git > /dev/null 2> $testroot/stderr + ret=$? + if [ $ret -eq 0 ]; then + echo "got clone succeeded unexpectedly" >&2 test_done "$testroot" 1 return 1 fi + printf "Permission denied, please try again.\r\n" \ + > $testroot/stderr.expected + printf "Permission denied, please try again.\r\n" \ + >> $testroot/stderr.expected + printf "anonymous@${VMIP}: Permission denied (publickey,password,keyboard-interactive).\r\n" \ + >> $testroot/stderr.expected + echo "got-fetch-pack: unexpected end of file" \ + >> $testroot/stderr.expected + echo "got: unexpected end of file" >> $testroot/stderr.expected + + cmp -s $testroot/stderr.expected $testroot/stderr + ret=$? + if [ $ret -ne 0 ]; then + diff -u $testroot/stderr.expected $testroot/stderr + test_done "$testroot" "$ret" + return 1 + fi + test_done "$testroot" "$ret" } @@ -1795,6 +1890,7 @@ run_test test_group_add run_test test_group_del run_test test_repo_create run_test test_user_anonymous +run_test test_user_anonymous_remove run_test test_bad_gotsysconf run_test test_bad_ref_in_gotsysconf run_test test_set_head