Create a new libsubid

Closes #154 Currently this has three functions: one which returns the list of subuid ranges for a user, one returning the subgids, and one which frees the ranges lists. I might be mistaken about what -disable-man means; some of the code suggests it means just don't re-generate them, but not totally ignore them. But that doesn't seem to really work, so let's just ignore man/ when -disable-man. Remove --disable-shared. I'm not sure why it was there, but it stems from long, long ago, and I suspect it comes from some ancient toolchain bug. Create a tests/run_some, a shorter version of run_all. I'll slowly add tests to this as I verify they work, then I can work on fixing the once which don't. Also, don't touch man/ if not -enable-man. Changelog: Apr 22: change the subid list api as recomended by Dan Walsh. Apr 23: implement get_subid_owner Apr 24: implement range add/release Apr 25: finish tests and rebase May 10: make @owner const Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-18 18:03:54 -05:00
parent 43a917cce5
commit 0a7888b1fa
31 changed files with 1105 additions and 17 deletions
--- a/tests/libsubid/01_list_ranges/config.txt
+++ b/tests/libsubid/01_list_ranges/config.txt
--- a/tests/libsubid/01_list_ranges/config/etc/subgid
+++ b/tests/libsubid/01_list_ranges/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:500000:1000
--- a/tests/libsubid/01_list_ranges/config/etc/subuid
+++ b/tests/libsubid/01_list_ranges/config/etc/subuid
@@ -0,0 +1,3 @@
+foo:300000:10000
+foo:400000:10000
+root:500000:1000
--- a/tests/libsubid/01_list_ranges/list_ranges.test
+++ b/tests/libsubid/01_list_ranges/list_ranges.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "list_ranges shows subid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "list foo's ranges..."
+${build_path}/src/list_subid_ranges foo > /tmp/subuidlistout
+${build_path}/src/list_subid_ranges -g foo > /tmp/subgidlistout
+echo "OK"
+
+echo -n "Check the subuid ranges..."
+[ $(wc -l /tmp/subuidlistout | awk '{ print $1 }') -eq 2 ]
+grep "0: foo 300000 10000" /tmp/subuidlistout
+grep "1: foo 400000 10000" /tmp/subuidlistout
+echo "OK"
+
+echo -n "Check the subgid ranges..."
+[ $(wc -l /tmp/subgidlistout | awk '{ print $1 }') -eq 1 ]
+grep "0: foo 200000 10000" /tmp/subgidlistout
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
--- a/tests/libsubid/02_get_subid_owners/config.txt
+++ b/tests/libsubid/02_get_subid_owners/config.txt
--- a/tests/libsubid/02_get_subid_owners/config/etc/passwd
+++ b/tests/libsubid/02_get_subid_owners/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
--- a/tests/libsubid/02_get_subid_owners/config/etc/subgid
+++ b/tests/libsubid/02_get_subid_owners/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:500000:1000
--- a/tests/libsubid/02_get_subid_owners/config/etc/subuid
+++ b/tests/libsubid/02_get_subid_owners/config/etc/subuid
@@ -0,0 +1,4 @@
+foo:300000:10000
+foo:400000:10000
+foo:500000:10000
+root:500000:1000
--- a/tests/libsubid/02_get_subid_owners/get_subid_owners.test
+++ b/tests/libsubid/02_get_subid_owners/get_subid_owners.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "get subid owners"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Noone owns 0 as a subid..."
+[ -z "$(${build_path}/src/get_subid_owners 0)" ]
+echo "OK"
+
+echo -n "foo owns subuid 300000..."
+[ "$(${build_path}/src/get_subid_owners 300000)" = "1000" ]
+echo "OK"
+
+echo -n "foo owns subgid 200000..."
+[ "$(${build_path}/src/get_subid_owners -g 200000)" = "1000" ]
+echo "OK"
+
+echo -n "Noone owns subuid 200000..."
+[ -z "$(${build_path}/src/get_subid_owners -g 300000)" ]
+echo "OK"
+
+echo -n "Noone owns subgid 300000..."
+[ -z "$(${build_path}/src/get_subid_owners -g 300000)" ]
+echo "OK"
+
+echo -n "Both foo and root own subuid 500000..."
+cat > /tmp/expected << EOF
+1000
+0
+EOF
+${build_path}/src/get_subid_owners 500000 > /tmp/actual
+diff /tmp/expected /tmp/actual
+
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
--- a/tests/libsubid/03_add_remove/add_remove_subids.test
+++ b/tests/libsubid/03_add_remove/add_remove_subids.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "add and remove subid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Existing ranges returned when possible..."
+res=$(${build_path}/src/new_subid_range foo 500)
+echo "debug"
+echo "res is $res"
+echo "wanted Subuid range 300000:10000"
+echo "end debug"
+[ "$res" = "Subuid range 300000:10000" ]
+[ $(grep -c foo /etc/subuid) -eq 1 ]
+echo "OK"
+
+echo -n "New range returned if requested..."
+res=$(${build_path}/src/new_subid_range foo 500 -n)
+[ "$res" = "Subuid range 310000:500" ]
+[ $(grep -c foo /etc/subuid) -eq 2 ]
+echo "OK"
+
+echo -n "Free works..."
+res=$(${build_path}/src/free_subid_range foo 310000 500)
+[ $(grep -c foo /etc/subuid) -eq 1 ]
+echo "OK"
+
+echo -n "Subgids work too..."
+res=$(${build_path}/src/new_subid_range -g foo 100000)
+echo "DEBUG: res is ${res}"
+[ "$res" = "Subuid range 501000:100000" ]
+echo "DEBUG: subgid is:"
+cat /etc/subgid
+[ $(grep -c foo /etc/subgid) -eq 2 ]
+
+echo -n "Subgid free works..."
+res=$(${build_path}/src/free_subid_range -g foo 501000 100000)
+echo "DEBUG: res is ${res}"
+echo "DEBUG: subgid is:"
+cat /etc/subgid
+[ $(grep -c foo /etc/subgid) -eq 1 ]
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
--- a/tests/libsubid/03_add_remove/config.txt
+++ b/tests/libsubid/03_add_remove/config.txt
--- a/tests/libsubid/03_add_remove/config/etc/passwd
+++ b/tests/libsubid/03_add_remove/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
--- a/tests/libsubid/03_add_remove/config/etc/subgid
+++ b/tests/libsubid/03_add_remove/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:500000:1000
--- a/tests/libsubid/03_add_remove/config/etc/subuid
+++ b/tests/libsubid/03_add_remove/config/etc/subuid
@@ -0,0 +1 @@
+foo:300000:10000