emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Create a new libsubid

Browse Source 
Closes #154

Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.

I might be mistaken about what -disable-man means;  some of
the code suggests it means just don't re-generate them, but
not totally ignore them.  But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.

Remove --disable-shared.  I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.

Create a tests/run_some, a shorter version of run_all.  I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.

Also, don't touch man/ if not -enable-man.

Changelog:
	Apr 22: change the subid list api as recomended by Dan Walsh.
	Apr 23: implement get_subid_owner
	Apr 24: implement range add/release
	Apr 25: finish tests and rebase
	May 10: make @owner const

Signed-off-by: Serge Hallyn <serge@hallyn.com>
This commit is contained in:
Serge Hallyn
2020-04-18 18:03:54 -05:00
parent 43a917cce5
commit 0a7888b1fa
31 changed files with 1105 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
tests/libsubid/01_list_ranges/config.txt Normal file
View File

2
tests/libsubid/01_list_ranges/config/etc/subgid Normal file
View File

@@ -0,0 +1,2 @@
foo:200000:10000
root:500000:1000

3
tests/libsubid/01_list_ranges/config/etc/subuid Normal file
View File

@@ -0,0 +1,3 @@
foo:300000:10000
foo:400000:10000
root:500000:1000

38
tests/libsubid/01_list_ranges/list_ranges.test Executable file
View File

@@ -0,0 +1,38 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../common/config.sh
. ../../common/log.sh
log_start "$0" "list_ranges shows subid ranges"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "list foo's ranges..."
${build_path}/src/list_subid_ranges foo > /tmp/subuidlistout
${build_path}/src/list_subid_ranges -g foo > /tmp/subgidlistout
echo "OK"
echo -n "Check the subuid ranges..."
[ $(wc -l /tmp/subuidlistout | awk '{ print $1 }') -eq 2 ]
grep "0: foo 300000 10000" /tmp/subuidlistout
grep "1: foo 400000 10000" /tmp/subuidlistout
echo "OK"
echo -n "Check the subgid ranges..."
[ $(wc -l /tmp/subgidlistout | awk '{ print $1 }') -eq 1 ]
grep "0: foo 200000 10000" /tmp/subgidlistout
echo "OK"
log_status "$0" "SUCCESS"
restore_config
trap '' 0

0
tests/libsubid/02_get_subid_owners/config.txt Normal file
View File

20
tests/libsubid/02_get_subid_owners/config/etc/passwd Normal file
View File

@@ -0,0 +1,20 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/false

2
tests/libsubid/02_get_subid_owners/config/etc/subgid Normal file
View File

@@ -0,0 +1,2 @@
foo:200000:10000
root:500000:1000

4
tests/libsubid/02_get_subid_owners/config/etc/subuid Normal file
View File

@@ -0,0 +1,4 @@
foo:300000:10000
foo:400000:10000
foo:500000:10000
root:500000:1000

52
tests/libsubid/02_get_subid_owners/get_subid_owners.test Executable file
View File

@@ -0,0 +1,52 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../common/config.sh
. ../../common/log.sh
log_start "$0" "get subid owners"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Noone owns 0 as a subid..."
[ -z "$(${build_path}/src/get_subid_owners 0)" ]
echo "OK"
echo -n "foo owns subuid 300000..."
[ "$(${build_path}/src/get_subid_owners 300000)" = "1000" ]
echo "OK"
echo -n "foo owns subgid 200000..."
[ "$(${build_path}/src/get_subid_owners -g 200000)" = "1000" ]
echo "OK"
echo -n "Noone owns subuid 200000..."
[ -z "$(${build_path}/src/get_subid_owners -g 300000)" ]
echo "OK"
echo -n "Noone owns subgid 300000..."
[ -z "$(${build_path}/src/get_subid_owners -g 300000)" ]
echo "OK"
echo -n "Both foo and root own subuid 500000..."
cat > /tmp/expected << EOF
1000
0
EOF
${build_path}/src/get_subid_owners 500000 > /tmp/actual
diff /tmp/expected /tmp/actual
echo "OK"
log_status "$0" "SUCCESS"
restore_config
trap '' 0

59
tests/libsubid/03_add_remove/add_remove_subids.test Executable file
View File

@@ -0,0 +1,59 @@
#!/bin/sh
set -e
cd $(dirname $0)
. ../../common/config.sh
. ../../common/log.sh
log_start "$0" "add and remove subid ranges"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
echo -n "Existing ranges returned when possible..."
res=$(${build_path}/src/new_subid_range foo 500)
echo "debug"
echo "res is $res"
echo "wanted Subuid range 300000:10000"
echo "end debug"
[ "$res" = "Subuid range 300000:10000" ]
[ $(grep -c foo /etc/subuid) -eq 1 ]
echo "OK"
echo -n "New range returned if requested..."
res=$(${build_path}/src/new_subid_range foo 500 -n)
[ "$res" = "Subuid range 310000:500" ]
[ $(grep -c foo /etc/subuid) -eq 2 ]
echo "OK"
echo -n "Free works..."
res=$(${build_path}/src/free_subid_range foo 310000 500)
[ $(grep -c foo /etc/subuid) -eq 1 ]
echo "OK"
echo -n "Subgids work too..."
res=$(${build_path}/src/new_subid_range -g foo 100000)
echo "DEBUG: res is ${res}"
[ "$res" = "Subuid range 501000:100000" ]
echo "DEBUG: subgid is:"
cat /etc/subgid
[ $(grep -c foo /etc/subgid) -eq 2 ]
echo -n "Subgid free works..."
res=$(${build_path}/src/free_subid_range -g foo 501000 100000)
echo "DEBUG: res is ${res}"
echo "DEBUG: subgid is:"
cat /etc/subgid
[ $(grep -c foo /etc/subgid) -eq 1 ]
echo "OK"
log_status "$0" "SUCCESS"
restore_config
trap '' 0

0
tests/libsubid/03_add_remove/config.txt Normal file
View File

20
tests/libsubid/03_add_remove/config/etc/passwd Normal file
View File

@@ -0,0 +1,20 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
foo:x:1000:1000::/home/foo:/bin/false

2
tests/libsubid/03_add_remove/config/etc/subgid Normal file
View File

@@ -0,0 +1,2 @@
foo:200000:10000
root:500000:1000

1
tests/libsubid/03_add_remove/config/etc/subuid Normal file
View File

@@ -0,0 +1 @@
foo:300000:10000

136
tests/run_some Executable file
View File

@@ -0,0 +1,136 @@
#!/bin/sh
set -e
export LC_ALL=C
unset LANG
unset LANGUAGE
. common/config.sh
USE_PAM="yes"
FAILURE_TESTS="yes"
succeeded=0
failed=0
failed_tests=""
run_test()
{
[ -f RUN_TEST.STOP ] && exit 1
if $1 > $1.log
then
succeeded=$((succeeded+1))
echo -n "+"
else
failed=$((failed+1))
failed_tests="$failed_tests $1"
echo -n "-"
fi
cat $1.log >> testsuite.log
[ -f /etc/passwd.lock ] && echo $1 /etc/passwd.lock || true
[ -f /etc/group.lock ] && echo $1 /etc/group.lock || true
[ -f /etc/shadow.lock ] && echo $1 /etc/shadow.lock || true
[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
if [ "$(stat -c"%G" /etc/shadow)" != "shadow" ]
then
echo $1
ls -l /etc/shadow
chgrp shadow /etc/shadow
fi
if [ -d /nonexistent ]
then
echo $1 /nonexistent
rmdir /nonexistent
fi
}
echo "+: test passed"
echo "-: test failed"
# Empty the complete log.
> testsuite.log
find ${build_path} -name "*.gcda" -delete
run_test ./su/01/su_root.test
run_test ./su/01/su_user.test
find ${build_path} -name "*.gcda" -exec chmod a+rw {} \;
run_test ./su/02/env_FOO-options_--login
run_test ./su/02/env_FOO-options_--login_bash
run_test ./su/02/env_FOO-options_--preserve-environment
run_test ./su/02/env_FOO-options_--preserve-environment_bash
run_test ./su/02/env_FOO-options_-
run_test ./su/02/env_FOO-options_-_bash
run_test ./su/02/env_FOO-options_-l-m
run_test ./su/02/env_FOO-options_-l-m_bash
run_test ./su/02/env_FOO-options_-l
run_test ./su/02/env_FOO-options_-l_bash
run_test ./su/02/env_FOO-options_-m_bash
run_test ./su/02/env_FOO-options_-m
run_test ./su/02/env_FOO-options_-p
run_test ./su/02/env_FOO-options_-p_bash
run_test ./su/02/env_FOO-options__bash
run_test ./su/02/env_FOO-options_
run_test ./su/02/env_FOO-options_-p-
run_test ./su/02/env_FOO-options_-p-_bash
run_test ./su/02/env_special-options_-l-p
run_test ./su/02/env_special-options_-l
run_test ./su/02/env_special-options_-l-p_bash
run_test ./su/02/env_special-options_-l_bash
run_test ./su/02/env_special-options_-p
run_test ./su/02/env_special-options_-p_bash
run_test ./su/02/env_special-options_
run_test ./su/02/env_special-options__bash
run_test ./su/02/env_special_root-options_-l-p
run_test ./su/02/env_special_root-options_-l-p_bash
run_test ./su/02/env_special_root-options_-l
run_test ./su/02/env_special_root-options_-l_bash
run_test ./su/02/env_special_root-options_-p
run_test ./su/02/env_special_root-options_-p_bash
run_test ./su/02/env_special_root-options_
run_test ./su/02/env_special_root-options__bash
run_test ./su/03/su_run_command01.test
run_test ./su/03/su_run_command02.test
run_test ./su/03/su_run_command03.test
run_test ./su/03/su_run_command04.test
run_test ./su/03/su_run_command05.test
run_test ./su/03/su_run_command06.test
run_test ./su/03/su_run_command07.test
run_test ./su/03/su_run_command08.test
run_test ./su/03/su_run_command09.test
run_test ./su/03/su_run_command10.test
run_test ./su/03/su_run_command11.test
run_test ./su/03/su_run_command12.test
run_test ./su/03/su_run_command13.test
run_test ./su/03/su_run_command14.test
run_test ./su/03/su_run_command15.test
run_test ./su/03/su_run_command16.test
run_test ./su/03/su_run_command17.test
run_test ./su/04/su_wrong_user.test
run_test ./su/04/su_user_wrong_passwd.test
run_test ./su/04/su_user_wrong_passwd_syslog.test
run_test ./su/05/su_user_wrong_passwd_syslog.test
run_test ./su/06/su_user_syslog.test
run_test ./su/07/su_user_syslog.test
run_test ./su/08/env_special-options_
run_test ./su/08/env_special_root-options_
run_test ./su/09/env_special-options_
run_test ./su/09/env_special_root-options_
run_test ./su/10_su_sulog_success/su.test
run_test ./su/11_su_sulog_failure/su.test
run_test ./su/12_su_child_failure/su.test
run_test ./su/13_su_child_success/su.test
run_test ./libsubid/01_list_ranges/list_ranges.test
run_test ./libsubid/02_get_subid_owners/get_subid_owners.test
run_test ./libsubid/03_add_remove/add_remove_subids.test
echo
echo "$succeeded test(s) passed"
echo "$failed test(s) failed"
echo "log written in 'testsuite.log'"
if [ "$failed" != "0" ]
then
echo "the following tests failed:"
echo $failed_tests
fi