From: Stefan Sperling <stsp@stsp.name>
Subject: Re: gotd regress and doas(1)
To: Mikhail <mp39590@gmail.com>
Cc: gameoftrees@openbsd.org
Date: Fri, 9 Dec 2022 09:19:13 +0100

On Thu, Dec 08, 2022 at 04:27:22PM +0300, Mikhail wrote:
> On Wed, Dec 07, 2022 at 10:26:36AM +0100, Stefan Sperling wrote:
> > As found by Mikhail, gotd regress test script run as root when the
> > test suite is invoked via doas(1). This happens because doas sets
> > the $LOGNAME environment veriable to the target user (root). Unlike
> > su(1) which leaves $LOGNAME set to the name of the original user.
> > 
> > This patch adds a sanity check to prevent running test scripts as root,
> > and switches to $USERNAME which works with both doas(1) and su(1).
> 
> Sorry for the late reply.
> 
> I don't have $USERNAME env variable set (I'm using default
> current+xterm+tmux+ksh) and environ(7) talks only about $USER and
> $LOGNAME. Because of this tests are failing for me with:
> 
> idea:~/work/got$ doas make server-regress                          
> make -C regress/gotd                                                                                                                  usage: userinfo [-e] user                                          
> ==== test_repo_read ====                                                                                                              
> usage: userinfo [-e] user
> [...]
> 
> Which software sets $USERNAME? I can see the var on FreeBSD+zsh though.

Indeed, USERNAME is empty when I log into a tty outside of my X session.
It seems to be set by gdm in my case:

daemon/gdm-launch-environment.c:        g_hash_table_insert (hash, g_strdup ("USERNAME"), g_strdup (launch_environment->user_name));

We should rely on $USER instead.
However, because doas(1) sets $USER to the target user we need to handle
it as a special case.

We could probe $DOAS_USER/$SUDO_USER first, with a fallback on $USER.

diff /home/stsp/src/got
commit - d10629e6628f13c08f5b6013d0f1b68630acc383
path + /home/stsp/src/got
blob - 1f10771a98fe00cf4c3029d94a41ae32341873e7
file + regress/gotd/Makefile
--- regress/gotd/Makefile
+++ regress/gotd/Makefile
@@ -12,7 +12,13 @@ GOTD_TEST_USER?=${USERNAME}
 GOTD_TEST_REPO!?=mktemp -d "$(GOTD_TEST_ROOT)/gotd-test-repo-XXXXXXXXX"
 GOTD_TEST_REPO_URL=ssh://${GOTD_DEVUSER}@127.0.0.1/test-repo
 
-GOTD_TEST_USER?=${USERNAME}
+GOTD_TEST_USER?=${DOAS_USER}
+.if empty(GOTD_TEST_USER)
+GOTD_TEST_USER=${SUDO_USER}
+.endif
+.if empty(GOTD_TEST_USER)
+GOTD_TEST_USER=${USER}
+.endif
 GOTD_TEST_USER_HOME!=userinfo $(GOTD_TEST_USER) | awk '/^dir/ {print $$2}'
 
 # gotd.conf parameters