]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-condition.c
Merge pull request #9274 from poettering/comment-header-cleanup
[thirdparty/systemd.git] / src / test / test-condition.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright © 2014 Ronny Chevalier
4 ***/
5
6 #include <stdio.h>
7 #include <sys/types.h>
8 #include <sys/utsname.h>
9 #include <unistd.h>
10
11 #include "sd-id128.h"
12
13 #include "alloc-util.h"
14 #include "apparmor-util.h"
15 #include "architecture.h"
16 #include "audit-util.h"
17 #include "cgroup-util.h"
18 #include "condition.h"
19 #include "hostname-util.h"
20 #include "id128-util.h"
21 #include "ima-util.h"
22 #include "log.h"
23 #include "macro.h"
24 #include "selinux-util.h"
25 #include "set.h"
26 #include "smack-util.h"
27 #include "string-util.h"
28 #include "strv.h"
29 #include "user-util.h"
30 #include "util.h"
31 #include "virt.h"
32
33 static void test_condition_test_path(void) {
34 Condition *condition;
35
36 condition = condition_new(CONDITION_PATH_EXISTS, "/bin/sh", false, false);
37 assert_se(condition);
38 assert_se(condition_test(condition));
39 condition_free(condition);
40
41 condition = condition_new(CONDITION_PATH_EXISTS, "/bin/s?", false, false);
42 assert_se(condition);
43 assert_se(!condition_test(condition));
44 condition_free(condition);
45
46 condition = condition_new(CONDITION_PATH_EXISTS_GLOB, "/bin/s?", false, false);
47 assert_se(condition);
48 assert_se(condition_test(condition));
49 condition_free(condition);
50
51 condition = condition_new(CONDITION_PATH_EXISTS_GLOB, "/bin/s?", false, true);
52 assert_se(condition);
53 assert_se(!condition_test(condition));
54 condition_free(condition);
55
56 condition = condition_new(CONDITION_PATH_EXISTS, "/thiscertainlywontexist", false, false);
57 assert_se(condition);
58 assert_se(!condition_test(condition));
59 condition_free(condition);
60
61 condition = condition_new(CONDITION_PATH_EXISTS, "/thiscertainlywontexist", false, true);
62 assert_se(condition);
63 assert_se(condition_test(condition));
64 condition_free(condition);
65
66 condition = condition_new(CONDITION_PATH_IS_DIRECTORY, "/bin", false, false);
67 assert_se(condition);
68 assert_se(condition_test(condition));
69 condition_free(condition);
70
71 condition = condition_new(CONDITION_DIRECTORY_NOT_EMPTY, "/bin", false, false);
72 assert_se(condition);
73 assert_se(condition_test(condition));
74 condition_free(condition);
75
76 condition = condition_new(CONDITION_FILE_NOT_EMPTY, "/bin/sh", false, false);
77 assert_se(condition);
78 assert_se(condition_test(condition));
79 condition_free(condition);
80
81 condition = condition_new(CONDITION_FILE_IS_EXECUTABLE, "/bin/sh", false, false);
82 assert_se(condition);
83 assert_se(condition_test(condition));
84 condition_free(condition);
85
86 condition = condition_new(CONDITION_FILE_IS_EXECUTABLE, "/etc/passwd", false, false);
87 assert_se(condition);
88 assert_se(!condition_test(condition));
89 condition_free(condition);
90
91 condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/proc", false, false);
92 assert_se(condition);
93 assert_se(condition_test(condition));
94 condition_free(condition);
95
96 condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/", false, false);
97 assert_se(condition);
98 assert_se(condition_test(condition));
99 condition_free(condition);
100
101 condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/bin", false, false);
102 assert_se(condition);
103 assert_se(!condition_test(condition));
104 condition_free(condition);
105
106 condition = condition_new(CONDITION_PATH_IS_READ_WRITE, "/tmp", false, false);
107 assert_se(condition);
108 assert_se(condition_test(condition));
109 condition_free(condition);
110
111 condition = condition_new(CONDITION_PATH_IS_SYMBOLIC_LINK, "/dev/stdout", false, false);
112 assert_se(condition);
113 assert_se(condition_test(condition));
114 condition_free(condition);
115 }
116
117 static int test_condition_test_control_group_controller(void) {
118 Condition *condition;
119 CGroupMask system_mask;
120 CGroupController controller;
121 _cleanup_free_ char *controller_name = NULL;
122 int r;
123
124 r = cg_unified_flush();
125 if (r < 0) {
126 log_notice_errno(r, "Skipping ConditionControlGroupController tests: %m");
127 return EXIT_TEST_SKIP;
128 }
129
130 /* Invalid controllers are ignored */
131 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "thisisnotarealcontroller", false, false);
132 assert_se(condition);
133 assert_se(condition_test(condition));
134 condition_free(condition);
135
136 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "thisisnotarealcontroller", false, true);
137 assert_se(condition);
138 assert_se(!condition_test(condition));
139 condition_free(condition);
140
141 assert_se(cg_mask_supported(&system_mask) >= 0);
142
143 /* Individual valid controllers one by one */
144 for (controller = 0; controller < _CGROUP_CONTROLLER_MAX; controller++) {
145 const char *local_controller_name = cgroup_controller_to_string(controller);
146 log_info("chosen controller is '%s'", local_controller_name);
147 if (system_mask & CGROUP_CONTROLLER_TO_MASK(controller)) {
148 log_info("this controller is available");
149 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, false);
150 assert_se(condition);
151 assert_se(condition_test(condition));
152 condition_free(condition);
153
154 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, true);
155 assert_se(condition);
156 assert_se(!condition_test(condition));
157 condition_free(condition);
158 } else {
159 log_info("this controller is unavailable");
160 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, false);
161 assert_se(condition);
162 assert_se(!condition_test(condition));
163 condition_free(condition);
164
165 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, true);
166 assert_se(condition);
167 assert_se(condition_test(condition));
168 condition_free(condition);
169 }
170 }
171
172 /* Multiple valid controllers at the same time */
173 assert_se(cg_mask_to_string(system_mask, &controller_name) >= 0);
174
175 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, strempty(controller_name), false, false);
176 assert_se(condition);
177 assert_se(condition_test(condition));
178 condition_free(condition);
179
180 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, strempty(controller_name), false, true);
181 assert_se(condition);
182 assert_se(!condition_test(condition));
183 condition_free(condition);
184
185 return EXIT_SUCCESS;
186 }
187
188 static void test_condition_test_ac_power(void) {
189 Condition *condition;
190
191 condition = condition_new(CONDITION_AC_POWER, "true", false, false);
192 assert_se(condition);
193 assert_se(condition_test(condition) == on_ac_power());
194 condition_free(condition);
195
196 condition = condition_new(CONDITION_AC_POWER, "false", false, false);
197 assert_se(condition);
198 assert_se(condition_test(condition) != on_ac_power());
199 condition_free(condition);
200
201 condition = condition_new(CONDITION_AC_POWER, "false", false, true);
202 assert_se(condition);
203 assert_se(condition_test(condition) == on_ac_power());
204 condition_free(condition);
205 }
206
207 static void test_condition_test_host(void) {
208 _cleanup_free_ char *hostname = NULL;
209 char sid[SD_ID128_STRING_MAX];
210 Condition *condition;
211 sd_id128_t id;
212 int r;
213
214 r = sd_id128_get_machine(&id);
215 assert_se(r >= 0);
216 assert_se(sd_id128_to_string(id, sid));
217
218 condition = condition_new(CONDITION_HOST, sid, false, false);
219 assert_se(condition);
220 assert_se(condition_test(condition));
221 condition_free(condition);
222
223 condition = condition_new(CONDITION_HOST, "garbage value jjjjjjjjjjjjjj", false, false);
224 assert_se(condition);
225 assert_se(!condition_test(condition));
226 condition_free(condition);
227
228 condition = condition_new(CONDITION_HOST, sid, false, true);
229 assert_se(condition);
230 assert_se(!condition_test(condition));
231 condition_free(condition);
232
233 hostname = gethostname_malloc();
234 assert_se(hostname);
235
236 /* if hostname looks like an id128 then skip testing it */
237 if (id128_is_valid(hostname))
238 log_notice("hostname is an id128, skipping test");
239 else {
240 condition = condition_new(CONDITION_HOST, hostname, false, false);
241 assert_se(condition);
242 assert_se(condition_test(condition));
243 condition_free(condition);
244 }
245 }
246
247 static void test_condition_test_architecture(void) {
248 Condition *condition;
249 const char *sa;
250 int a;
251
252 a = uname_architecture();
253 assert_se(a >= 0);
254
255 sa = architecture_to_string(a);
256 assert_se(sa);
257
258 condition = condition_new(CONDITION_ARCHITECTURE, sa, false, false);
259 assert_se(condition);
260 assert_se(condition_test(condition) > 0);
261 condition_free(condition);
262
263 condition = condition_new(CONDITION_ARCHITECTURE, "garbage value", false, false);
264 assert_se(condition);
265 assert_se(condition_test(condition) == 0);
266 condition_free(condition);
267
268 condition = condition_new(CONDITION_ARCHITECTURE, sa, false, true);
269 assert_se(condition);
270 assert_se(condition_test(condition) == 0);
271 condition_free(condition);
272 }
273
274 static void test_condition_test_kernel_command_line(void) {
275 Condition *condition;
276
277 condition = condition_new(CONDITION_KERNEL_COMMAND_LINE, "thisreallyshouldntbeonthekernelcommandline", false, false);
278 assert_se(condition);
279 assert_se(!condition_test(condition));
280 condition_free(condition);
281
282 condition = condition_new(CONDITION_KERNEL_COMMAND_LINE, "andthis=neither", false, false);
283 assert_se(condition);
284 assert_se(!condition_test(condition));
285 condition_free(condition);
286 }
287
288 static void test_condition_test_kernel_version(void) {
289 Condition *condition;
290 struct utsname u;
291 const char *v;
292
293 condition = condition_new(CONDITION_KERNEL_VERSION, "*thisreallyshouldntbeinthekernelversion*", false, false);
294 assert_se(condition);
295 assert_se(!condition_test(condition));
296 condition_free(condition);
297
298 condition = condition_new(CONDITION_KERNEL_VERSION, "*", false, false);
299 assert_se(condition);
300 assert_se(condition_test(condition));
301 condition_free(condition);
302
303 condition = condition_new(CONDITION_KERNEL_VERSION, "", false, false);
304 assert_se(condition);
305 assert_se(!condition_test(condition));
306 condition_free(condition);
307
308 assert_se(uname(&u) >= 0);
309
310 condition = condition_new(CONDITION_KERNEL_VERSION, u.release, false, false);
311 assert_se(condition);
312 assert_se(condition_test(condition));
313 condition_free(condition);
314
315 strshorten(u.release, 4);
316 strcpy(strchr(u.release, 0), "*");
317
318 condition = condition_new(CONDITION_KERNEL_VERSION, u.release, false, false);
319 assert_se(condition);
320 assert_se(condition_test(condition));
321 condition_free(condition);
322
323 /* 0.1.2 would be a very very very old kernel */
324 condition = condition_new(CONDITION_KERNEL_VERSION, "> 0.1.2", false, false);
325 assert_se(condition);
326 assert_se(condition_test(condition));
327 condition_free(condition);
328
329 condition = condition_new(CONDITION_KERNEL_VERSION, ">= 0.1.2", false, false);
330 assert_se(condition);
331 assert_se(condition_test(condition));
332 condition_free(condition);
333
334 condition = condition_new(CONDITION_KERNEL_VERSION, "< 0.1.2", false, false);
335 assert_se(condition);
336 assert_se(!condition_test(condition));
337 condition_free(condition);
338
339 condition = condition_new(CONDITION_KERNEL_VERSION, "<= 0.1.2", false, false);
340 assert_se(condition);
341 assert_se(!condition_test(condition));
342 condition_free(condition);
343
344 condition = condition_new(CONDITION_KERNEL_VERSION, "= 0.1.2", false, false);
345 assert_se(condition);
346 assert_se(!condition_test(condition));
347 condition_free(condition);
348
349 /* 4711.8.15 is a very very very future kernel */
350 condition = condition_new(CONDITION_KERNEL_VERSION, "< 4711.8.15", false, false);
351 assert_se(condition);
352 assert_se(condition_test(condition));
353 condition_free(condition);
354
355 condition = condition_new(CONDITION_KERNEL_VERSION, "<= 4711.8.15", false, false);
356 assert_se(condition);
357 assert_se(condition_test(condition));
358 condition_free(condition);
359
360 condition = condition_new(CONDITION_KERNEL_VERSION, "= 4711.8.15", false, false);
361 assert_se(condition);
362 assert_se(!condition_test(condition));
363 condition_free(condition);
364
365 condition = condition_new(CONDITION_KERNEL_VERSION, "> 4711.8.15", false, false);
366 assert_se(condition);
367 assert_se(!condition_test(condition));
368 condition_free(condition);
369
370 condition = condition_new(CONDITION_KERNEL_VERSION, ">= 4711.8.15", false, false);
371 assert_se(condition);
372 assert_se(!condition_test(condition));
373 condition_free(condition);
374
375 assert_se(uname(&u) >= 0);
376
377 v = strjoina(">=", u.release);
378 condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
379 assert_se(condition);
380 assert_se(condition_test(condition));
381 condition_free(condition);
382
383 v = strjoina("= ", u.release);
384 condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
385 assert_se(condition);
386 assert_se(condition_test(condition));
387 condition_free(condition);
388
389 v = strjoina("<=", u.release);
390 condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
391 assert_se(condition);
392 assert_se(condition_test(condition));
393 condition_free(condition);
394
395 v = strjoina("> ", u.release);
396 condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
397 assert_se(condition);
398 assert_se(!condition_test(condition));
399 condition_free(condition);
400
401 v = strjoina("< ", u.release);
402 condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
403 assert_se(condition);
404 assert_se(!condition_test(condition));
405 condition_free(condition);
406 }
407
408 static void test_condition_test_null(void) {
409 Condition *condition;
410
411 condition = condition_new(CONDITION_NULL, NULL, false, false);
412 assert_se(condition);
413 assert_se(condition_test(condition));
414 condition_free(condition);
415
416 condition = condition_new(CONDITION_NULL, NULL, false, true);
417 assert_se(condition);
418 assert_se(!condition_test(condition));
419 condition_free(condition);
420 }
421
422 static void test_condition_test_security(void) {
423 Condition *condition;
424
425 condition = condition_new(CONDITION_SECURITY, "garbage oifdsjfoidsjoj", false, false);
426 assert_se(condition);
427 assert_se(!condition_test(condition));
428 condition_free(condition);
429
430 condition = condition_new(CONDITION_SECURITY, "selinux", false, true);
431 assert_se(condition);
432 assert_se(condition_test(condition) != mac_selinux_use());
433 condition_free(condition);
434
435 condition = condition_new(CONDITION_SECURITY, "ima", false, false);
436 assert_se(condition);
437 assert_se(condition_test(condition) == use_ima());
438 condition_free(condition);
439
440 condition = condition_new(CONDITION_SECURITY, "apparmor", false, false);
441 assert_se(condition);
442 assert_se(condition_test(condition) == mac_apparmor_use());
443 condition_free(condition);
444
445 condition = condition_new(CONDITION_SECURITY, "smack", false, false);
446 assert_se(condition);
447 assert_se(condition_test(condition) == mac_smack_use());
448 condition_free(condition);
449
450 condition = condition_new(CONDITION_SECURITY, "audit", false, false);
451 assert_se(condition);
452 assert_se(condition_test(condition) == use_audit());
453 condition_free(condition);
454 }
455
456 static void test_condition_test_virtualization(void) {
457 Condition *condition;
458 const char *virt;
459 int r;
460
461 condition = condition_new(CONDITION_VIRTUALIZATION, "garbage oifdsjfoidsjoj", false, false);
462 assert_se(condition);
463 r = condition_test(condition);
464 log_info("ConditionVirtualization=garbage → %i", r);
465 assert_se(r == 0);
466 condition_free(condition);
467
468 condition = condition_new(CONDITION_VIRTUALIZATION, "container", false, false);
469 assert_se(condition);
470 r = condition_test(condition);
471 log_info("ConditionVirtualization=container → %i", r);
472 assert_se(r == !!detect_container());
473 condition_free(condition);
474
475 condition = condition_new(CONDITION_VIRTUALIZATION, "vm", false, false);
476 assert_se(condition);
477 r = condition_test(condition);
478 log_info("ConditionVirtualization=vm → %i", r);
479 assert_se(r == (detect_vm() && !detect_container()));
480 condition_free(condition);
481
482 condition = condition_new(CONDITION_VIRTUALIZATION, "private-users", false, false);
483 assert_se(condition);
484 r = condition_test(condition);
485 log_info("ConditionVirtualization=private-users → %i", r);
486 assert_se(r == !!running_in_userns());
487 condition_free(condition);
488
489 NULSTR_FOREACH(virt,
490 "kvm\0"
491 "qemu\0"
492 "bochs\0"
493 "xen\0"
494 "uml\0"
495 "vmware\0"
496 "oracle\0"
497 "microsoft\0"
498 "zvm\0"
499 "parallels\0"
500 "bhyve\0"
501 "vm_other\0") {
502
503 condition = condition_new(CONDITION_VIRTUALIZATION, virt, false, false);
504 assert_se(condition);
505 r = condition_test(condition);
506 log_info("ConditionVirtualization=%s → %i", virt, r);
507 assert_se(r >= 0);
508 condition_free(condition);
509 }
510 }
511
512 static void test_condition_test_user(void) {
513 Condition *condition;
514 char* uid;
515 char* username;
516 int r;
517
518 condition = condition_new(CONDITION_USER, "garbage oifdsjfoidsjoj", false, false);
519 assert_se(condition);
520 r = condition_test(condition);
521 log_info("ConditionUser=garbage → %i", r);
522 assert_se(r == 0);
523 condition_free(condition);
524
525 assert_se(asprintf(&uid, "%"PRIu32, UINT32_C(0xFFFF)) > 0);
526 condition = condition_new(CONDITION_USER, uid, false, false);
527 assert_se(condition);
528 r = condition_test(condition);
529 log_info("ConditionUser=%s → %i", uid, r);
530 assert_se(r == 0);
531 condition_free(condition);
532 free(uid);
533
534 assert_se(asprintf(&uid, "%u", (unsigned)getuid()) > 0);
535 condition = condition_new(CONDITION_USER, uid, false, false);
536 assert_se(condition);
537 r = condition_test(condition);
538 log_info("ConditionUser=%s → %i", uid, r);
539 assert_se(r > 0);
540 condition_free(condition);
541 free(uid);
542
543 assert_se(asprintf(&uid, "%u", (unsigned)getuid()+1) > 0);
544 condition = condition_new(CONDITION_USER, uid, false, false);
545 assert_se(condition);
546 r = condition_test(condition);
547 log_info("ConditionUser=%s → %i", uid, r);
548 assert_se(r == 0);
549 condition_free(condition);
550 free(uid);
551
552 username = getusername_malloc();
553 assert_se(username);
554 condition = condition_new(CONDITION_USER, username, false, false);
555 assert_se(condition);
556 r = condition_test(condition);
557 log_info("ConditionUser=%s → %i", username, r);
558 assert_se(r > 0);
559 condition_free(condition);
560 free(username);
561
562 username = (char*)(geteuid() == 0 ? NOBODY_USER_NAME : "root");
563 condition = condition_new(CONDITION_USER, username, false, false);
564 assert_se(condition);
565 r = condition_test(condition);
566 log_info("ConditionUser=%s → %i", username, r);
567 assert_se(r == 0);
568 condition_free(condition);
569
570 condition = condition_new(CONDITION_USER, "@system", false, false);
571 assert_se(condition);
572 r = condition_test(condition);
573 log_info("ConditionUser=@system → %i", r);
574 if (uid_is_system(getuid()) || uid_is_system(geteuid()))
575 assert_se(r > 0);
576 else
577 assert_se(r == 0);
578 condition_free(condition);
579 }
580
581 static void test_condition_test_group(void) {
582 Condition *condition;
583 char* gid;
584 char* groupname;
585 gid_t *gids, max_gid;
586 int ngroups_max, ngroups, r, i;
587
588 assert_se(0 < asprintf(&gid, "%u", UINT32_C(0xFFFF)));
589 condition = condition_new(CONDITION_GROUP, gid, false, false);
590 assert_se(condition);
591 r = condition_test(condition);
592 log_info("ConditionGroup=%s → %i", gid, r);
593 assert_se(r == 0);
594 condition_free(condition);
595 free(gid);
596
597 assert_se(0 < asprintf(&gid, "%u", getgid()));
598 condition = condition_new(CONDITION_GROUP, gid, false, false);
599 assert_se(condition);
600 r = condition_test(condition);
601 log_info("ConditionGroup=%s → %i", gid, r);
602 assert_se(r > 0);
603 condition_free(condition);
604 free(gid);
605
606 ngroups_max = sysconf(_SC_NGROUPS_MAX);
607 assert(ngroups_max > 0);
608
609 gids = newa(gid_t, ngroups_max);
610
611 ngroups = getgroups(ngroups_max, gids);
612 assert(ngroups >= 0);
613
614 max_gid = getgid();
615 for (i = 0; i < ngroups; i++) {
616 assert_se(0 < asprintf(&gid, "%u", gids[i]));
617 condition = condition_new(CONDITION_GROUP, gid, false, false);
618 assert_se(condition);
619 r = condition_test(condition);
620 log_info("ConditionGroup=%s → %i", gid, r);
621 assert_se(r > 0);
622 condition_free(condition);
623 free(gid);
624 max_gid = gids[i] > max_gid ? gids[i] : max_gid;
625
626 groupname = gid_to_name(gids[i]);
627 assert_se(groupname);
628 condition = condition_new(CONDITION_GROUP, groupname, false, false);
629 assert_se(condition);
630 r = condition_test(condition);
631 log_info("ConditionGroup=%s → %i", groupname, r);
632 assert_se(r > 0);
633 condition_free(condition);
634 free(groupname);
635 max_gid = gids[i] > max_gid ? gids[i] : max_gid;
636 }
637
638 assert_se(0 < asprintf(&gid, "%u", max_gid+1));
639 condition = condition_new(CONDITION_GROUP, gid, false, false);
640 assert_se(condition);
641 r = condition_test(condition);
642 log_info("ConditionGroup=%s → %i", gid, r);
643 assert_se(r == 0);
644 condition_free(condition);
645 free(gid);
646
647 groupname = (char*)(geteuid() == 0 ? NOBODY_GROUP_NAME : "root");
648 condition = condition_new(CONDITION_GROUP, groupname, false, false);
649 assert_se(condition);
650 r = condition_test(condition);
651 log_info("ConditionGroup=%s → %i", groupname, r);
652 assert_se(r == 0);
653 condition_free(condition);
654 }
655
656 int main(int argc, char *argv[]) {
657 log_set_max_level(LOG_DEBUG);
658 log_parse_environment();
659 log_open();
660
661 test_condition_test_path();
662 test_condition_test_ac_power();
663 test_condition_test_host();
664 test_condition_test_architecture();
665 test_condition_test_kernel_command_line();
666 test_condition_test_kernel_version();
667 test_condition_test_null();
668 test_condition_test_security();
669 test_condition_test_virtualization();
670 test_condition_test_user();
671 test_condition_test_group();
672 test_condition_test_control_group_controller();
673
674 return 0;
675 }