X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/6bf5d8f2ca7524fd63f803032cada89e54544cf3..d468a0d66b02f64fedb46f469b7ccd1d435ec3c7:/test/runtest diff --git a/test/runtest b/test/runtest index 51658b878..c0258c69c 100755 --- a/test/runtest +++ b/test/runtest @@ -23,7 +23,15 @@ use Time::Local; # Start by initializing some global variables -$testversion = "4.78 (08-May-12)"; +$testversion = "4.80 (08-May-12)"; + +# This gets embedded in the D-H params filename, and the value comes +# from asking GnuTLS for "normal", but there appears to be no way to +# use certtool/... to ask what that value currently is. *sigh* +# We also clamp it because of NSS interop, see addition of tls_dh_max_bits. +# This value is correct as of GnuTLS 2.12.18 as clamped by tls_dh_max_bits. +# normal = 2432 tls_dh_max_bits = 2236 +$gnutls_dh_bits_normal = 2236; $cf = "bin/cf -exact"; $cr = "\r"; @@ -67,6 +75,9 @@ $parm_port_d2 = 1226; # Additional for daemon $parm_port_d3 = 1227; # Additional for daemon $parm_port_d4 = 1228; # Additional for daemon +# Manually set locale +$ENV{'LC_ALL'} = 'C'; + ############################################################################### @@ -324,7 +335,7 @@ $spid = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; # that are specific to certain file types, though there are also some of those # inline too. -while() +LINE: while() { RESET_AFTER_EXTRA_LINE_READ: # Check for "*** truncated ***" @@ -336,6 +347,9 @@ RESET_AFTER_EXTRA_LINE_READ: # But convert "name=the.local.host address=127.0.0.1" to use "localhost" s/name=the\.local\.host address=127\.0\.0\.1/name=localhost address=127.0.0.1/g; + # The name of the shell may vary + s/\s\Q$parm_shell\E\b/ ENV_SHELL/; + # Replace the path to the testsuite directory s?\Q$parm_cwd\E?TESTSUITE?g; @@ -383,9 +397,6 @@ RESET_AFTER_EXTRA_LINE_READ: # The message for a non-listening FIFO varies s/:[^:]+: while opening named pipe/: Error: while opening named pipe/; - # The name of the shell may vary - s/\s\Q$parm_shell\E\b/ SHELL/; - # Debugging output of lists of hosts may have different sort keys s/sort=\S+/sort=xx/ if /^\S+ (?:\d+\.){3}\d+ mx=\S+ sort=\S+/; @@ -477,6 +488,8 @@ RESET_AFTER_EXTRA_LINE_READ: # So far, have seen: # TLSv1:AES256-SHA:256 # TLSv1.2:AES256-GCM-SHA384:256 + # TLSv1.2:DHE-RSA-AES256-SHA:256 + # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 # We also need to handle the ciphersuite without the TLS part present, for # client-ssl's output. We also see some older forced ciphersuites, but # negotiating TLS 1.2 instead of 1.0. @@ -485,6 +498,42 @@ RESET_AFTER_EXTRA_LINE_READ: s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.2:/$1TLSv1:/xg; s/\bAES256-GCM-SHA384\b/AES256-SHA/g; + s/\bDHE-RSA-AES256-SHA\b/AES256-SHA/g; + + # GnuTLS have seen: + # TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical) + # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 + # + # X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256 + # X=TLS1.2:RSA_AES_256_CBC_SHA1:256 + # X=TLS1.1:RSA_AES_256_CBC_SHA1:256 + # X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256 + # and as stand-alone cipher: + # DHE-RSA-AES256-SHA256 + # DHE-RSA-AES256-SHA + # picking latter as canonical simply because regex easier that way. + s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g; + s/TLS1.[012]:(DHE_)?RSA_AES_256_CBC_SHA(1|256):256/TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256/g; + s/\bDHE-RSA-AES256-SHA256\b/DHE-RSA-AES256-SHA/g; + + # -d produces a list of environement variables as they are checked if they exist in the + # in the environment. Unfortunately this list isn't always in the same order. For now we + # just remove this list + # + if (/^\w+ in keep_environment/) + { + my @lines = $_; + while () + { + if (/^\w+ in keep_environment/) + { + push @lines, $_; + next; + } + print MUNGED sort grep { !/^(SHLVL|_) / } @lines; + redo LINE; + } + } # ======== Caller's login, uid, gid, home, gecos ======== @@ -692,7 +741,6 @@ RESET_AFTER_EXTRA_LINE_READ: s/(TLS error on connection (?:from|to) .*? \(SSL_\w+\): error:)(.*)/$1 <>/; - # ======== Maildir things ======== # timestamp output in maildir processing s/(timestamp=|\(timestamp_only\): )\d+/$1ddddddd/g; @@ -825,6 +873,15 @@ RESET_AFTER_EXTRA_LINE_READ: # be the case next if /^changing group to \d+ failed: Operation not permitted/; + # We might not keep this check; rather than change all the tests, just + # ignore it as long as it succeeds; then we only need to change the + # TLS tests where tls_require_ciphers has been set. + if (m{^changed uid/gid: calling tls_validate_require_cipher}) { + my $discard = ; + next; + } + next if /^tls_validate_require_cipher child \d+ ended: status=0x0/; + # We invoke Exim with -D, so we hit this new messag as of Exim 4.73: next if /^macros_trusted overridden to true by whitelisting/; @@ -1423,6 +1480,8 @@ my($commandnameref) = $_[3]; my($aux_info) = $_[4]; my($yield) = 1; +our %ENV = map { $_ => $ENV{$_} } grep { /^(?:USER|SHELL|PATH|TERM|EXIM_TEST_.*)$/ } keys %ENV; + if (/^(\d+)\s*$/) # Handle unusual return code { my($r) = $_[2]; @@ -1578,9 +1637,10 @@ if (/^eximstats\s+(.*)/) if (/^gnutls/) { - run_system "sudo cp -p aux-fixed/gnutls-params spool/gnutls-params;" . - "sudo chown $parm_eximuser:$parm_eximgroup spool/gnutls-params;" . - "sudo chmod 0400 spool/gnutls-params"; + my $gen_fn = "spool/gnutls-params-$gnutls_dh_bits_normal"; + run_system "sudo cp -p aux-fixed/gnutls-params $gen_fn;" . + "sudo chown $parm_eximuser:$parm_eximgroup $gen_fn;" . + "sudo chmod 0400 $gen_fn"; return 1; } @@ -1790,12 +1850,12 @@ if (/^client/ || /^(sudo\s+)?perl\b/) # not drop privilege when -C and -D options are present. To run the exim # command as root, we use sudo. -elsif (/^([A-Z_]+=\S+\s+)?(\d+)?\s*(sudo\s+)?exim(_\S+)?\s+(.*)$/) +elsif (/^((?i:[A-Z\d_]+=\S+\s+)+)?(\d+)?\s*(sudo(?:\s+-u\s+(\w+))?\s+)?exim(_\S+)?\s+(.*)$/) { - $args = $5; + $args = $6; my($envset) = (defined $1)? $1 : ""; - my($sudo) = (defined $3)? "sudo " : ""; - my($special)= (defined $4)? $4 : ""; + my($sudo) = (defined $3)? "sudo " . (defined $4 ? "-u $4 ":"") : ""; + my($special)= (defined $5)? $5 : ""; $wait_time = (defined $2)? $2 : 0; # Return 2 rather than 1 afterwards @@ -2689,9 +2749,11 @@ if ($parm_hostname !~ /\./) print "\n*** Host name is not fully qualified: this may cause problems ***\n\n"; } -# Find the user's shell +if ($parm_hostname =~ /[[:upper:]]/) + { + print "\n*** Host name has upper case characters: this may cause problems ***\n\n"; + } -$parm_shell = $ENV{'SHELL'}; ################################################## @@ -3012,6 +3074,10 @@ foreach $basedir ("aux-var", "dnszones") } } +# Set a user's shell, distinguishable from /bin/sh + +symlink("/bin/sh","aux-var/sh"); +$ENV{'SHELL'} = $parm_shell = $parm_cwd . "/aux-var/sh"; ################################################## # Create fake DNS zones for this host #