]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
2822da4f | 2 | |
ca78ad1d | 3 | #include <stdio.h> |
6bedfcbb LP |
4 | #include <sys/prctl.h> |
5 | ||
b5efdb8a | 6 | #include "alloc-util.h" |
2822da4f | 7 | #include "cap-list.h" |
430f0182 | 8 | #include "capability-util.h" |
6bedfcbb | 9 | #include "parse-util.h" |
6088cefb | 10 | #include "string-util.h" |
6bedfcbb | 11 | #include "util.h" |
2822da4f | 12 | |
80b43783 DH |
13 | /* verify the capability parser */ |
14 | static void test_cap_list(void) { | |
2822da4f | 15 | assert_se(!capability_to_name(-1)); |
097df453 | 16 | assert_se(!capability_to_name(capability_list_length())); |
2822da4f | 17 | |
57007803 | 18 | for (int i = 0; i < capability_list_length(); i++) { |
2822da4f LP |
19 | const char *n; |
20 | ||
21 | assert_se(n = capability_to_name(i)); | |
22 | assert_se(capability_from_name(n) == i); | |
23 | printf("%s = %i\n", n, i); | |
24 | } | |
25 | ||
26 | assert_se(capability_from_name("asdfbsd") == -EINVAL); | |
27 | assert_se(capability_from_name("CAP_AUDIT_READ") == CAP_AUDIT_READ); | |
34a3e4ec LP |
28 | assert_se(capability_from_name("cap_audit_read") == CAP_AUDIT_READ); |
29 | assert_se(capability_from_name("cAp_aUdIt_rEAd") == CAP_AUDIT_READ); | |
2822da4f LP |
30 | assert_se(capability_from_name("0") == 0); |
31 | assert_se(capability_from_name("15") == 15); | |
417770f3 ZJS |
32 | assert_se(capability_from_name("63") == 63); |
33 | assert_se(capability_from_name("64") == -EINVAL); | |
2822da4f LP |
34 | assert_se(capability_from_name("-1") == -EINVAL); |
35 | ||
57007803 | 36 | for (int i = 0; i < capability_list_length(); i++) { |
4b7c1d5d LP |
37 | _cleanup_cap_free_charp_ char *a = NULL; |
38 | const char *b; | |
39 | unsigned u; | |
40 | ||
41 | assert_se(a = cap_to_name(i)); | |
42 | ||
dbf1f77b ZJS |
43 | /* quit the loop as soon as libcap starts returning |
44 | * numeric ids, formatted as strings */ | |
4b7c1d5d LP |
45 | if (safe_atou(a, &u) >= 0) |
46 | break; | |
47 | ||
48 | assert_se(b = capability_to_name(i)); | |
49 | ||
50 | printf("%s vs. %s\n", a, b); | |
51 | ||
dbf1f77b | 52 | assert_se(strcasecmp(a, b) == 0); |
4b7c1d5d | 53 | } |
80b43783 DH |
54 | } |
55 | ||
23cc81e7 YW |
56 | static void test_capability_set_one(uint64_t c, const char *t) { |
57 | _cleanup_free_ char *t1 = NULL; | |
58 | uint64_t c1, c_masked = c & ((UINT64_C(1) << capability_list_length()) - 1); | |
6088cefb | 59 | |
23cc81e7 YW |
60 | assert_se(capability_set_to_string_alloc(c, &t1) == 0); |
61 | assert_se(streq(t1, t)); | |
6088cefb | 62 | |
23cc81e7 YW |
63 | assert_se(capability_set_from_string(t1, &c1) == 0); |
64 | assert_se(c1 == c_masked); | |
6088cefb | 65 | |
23cc81e7 YW |
66 | free(t1); |
67 | assert_se(t1 = strjoin("'cap_chown cap_dac_override' \"cap_setgid cap_setuid\"", t, | |
417770f3 | 68 | " hogehoge foobar 18446744073709551616 3.14 -3 ", t)); |
23cc81e7 YW |
69 | assert_se(capability_set_from_string(t1, &c1) == 0); |
70 | assert_se(c1 == c_masked); | |
71 | } | |
72 | ||
73 | static void test_capability_set(void) { | |
74 | uint64_t c; | |
75 | ||
76 | assert_se(capability_set_from_string(NULL, &c) == 0); | |
77 | assert_se(c == 0); | |
78 | ||
79 | assert_se(capability_set_from_string("", &c) == 0); | |
80 | assert_se(c == 0); | |
81 | ||
82 | assert_se(capability_set_from_string("0", &c) == 0); | |
83 | assert_se(c == UINT64_C(1)); | |
84 | ||
85 | assert_se(capability_set_from_string("1", &c) == 0); | |
86 | assert_se(c == UINT64_C(1) << 1); | |
87 | ||
88 | assert_se(capability_set_from_string("0 1 2 3", &c) == 0); | |
89 | assert_se(c == (UINT64_C(1) << 4) - 1); | |
90 | ||
91 | test_capability_set_one(0, ""); | |
92 | test_capability_set_one( | |
93 | UINT64_C(1) << CAP_DAC_OVERRIDE, | |
94 | "cap_dac_override"); | |
95 | test_capability_set_one( | |
96 | UINT64_C(1) << CAP_DAC_OVERRIDE | | |
97 | UINT64_C(1) << capability_list_length(), | |
98 | "cap_dac_override"); | |
99 | test_capability_set_one( | |
100 | UINT64_C(1) << capability_list_length(), ""); | |
101 | test_capability_set_one( | |
102 | UINT64_C(1) << CAP_CHOWN | | |
103 | UINT64_C(1) << CAP_DAC_OVERRIDE | | |
104 | UINT64_C(1) << CAP_DAC_READ_SEARCH | | |
105 | UINT64_C(1) << CAP_FOWNER | | |
106 | UINT64_C(1) << CAP_SETGID | | |
107 | UINT64_C(1) << CAP_SETUID | | |
108 | UINT64_C(1) << CAP_SYS_PTRACE | | |
109 | UINT64_C(1) << CAP_SYS_ADMIN | | |
110 | UINT64_C(1) << CAP_AUDIT_CONTROL | | |
111 | UINT64_C(1) << CAP_MAC_OVERRIDE | | |
112 | UINT64_C(1) << CAP_SYSLOG | | |
113 | UINT64_C(1) << (capability_list_length() + 1), | |
114 | "cap_chown cap_dac_override cap_dac_read_search cap_fowner " | |
115 | "cap_setgid cap_setuid cap_sys_ptrace cap_sys_admin " | |
116 | "cap_audit_control cap_mac_override cap_syslog"); | |
6088cefb ZJS |
117 | } |
118 | ||
80b43783 DH |
119 | int main(int argc, char *argv[]) { |
120 | test_cap_list(); | |
23cc81e7 | 121 | test_capability_set(); |
4b7c1d5d | 122 | |
2822da4f LP |
123 | return 0; |
124 | } |