tests: add canonicalize test

* add canonicalize_path_restricted() to test_canonicalize program

* add test for root and non-root (but suid) user

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/lib/canonicalize.c b/lib/canonicalize.c
index 728783d3a661ae0b7e56d91c1cd7f80780f9aa66..9109b36303eeb27aedd9191296b3d4cdeb08dace 100644 (file)
--- a/lib/canonicalize.c
+++ b/lib/canonicalize.c
@@ -256,13 +256,23 @@ done:
 #ifdef TEST_PROGRAM_CANONICALIZE
 int main(int argc, char **argv)
 {
+       char *p;
+
        if (argc < 2) {
                fprintf(stderr, "usage: %s <device>\n", argv[0]);
                exit(EXIT_FAILURE);
        }
 
-       fprintf(stdout, "orig: %s\n", argv[1]);
-       fprintf(stdout, "real: %s\n", canonicalize_path(argv[1]));
+       fprintf(stdout, "orig:            %s\n", argv[1]);
+
+       p = canonicalize_path(argv[1]);
+       fprintf(stdout, "real:            %s\n", p);
+       free(p);
+
+       p = canonicalize_path_restricted(argv[1]);
+       fprintf(stdout, "real-restricted: %s\n", p);
+       free(p);
+
        exit(EXIT_SUCCESS);
 }
 #endif

diff --git a/tests/commands.sh b/tests/commands.sh
index fe989a541aa4915334b8680d1aeafc35bcccd11b..00be9665547f49a50471a6ad259634403fd2a992 100644 (file)
--- a/tests/commands.sh
+++ b/tests/commands.sh
@@ -4,6 +4,7 @@ TS_TESTUSER=${TS_TESTUSER:-"nobody"}
 # helpers
 TS_HELPER_BOILERPLATE="${ts_helpersdir}test_boilerplate"
 TS_HELPER_BYTESWAP="${ts_helpersdir}test_byteswap"
+TS_HELPER_CANONICALIZE="${ts_helpersdir}test_canonicalize"
 TS_HELPER_COLORS="${ts_helpersdir}test_colors"
 TS_HELPER_CPUSET="${ts_helpersdir}test_cpuset"
 TS_HELPER_CAP="${ts_helpersdir}test_cap"

diff --git a/tests/expected/misc/canonicalize-non-root-user b/tests/expected/misc/canonicalize-non-root-user
new file mode 100644 (file)
index 0000000..204e83b
--- /dev/null
+++ b/tests/expected/misc/canonicalize-non-root-user
@@ -0,0 +1,3 @@
+orig:            /root-sym/foo
+real:            /root/foo
+real-restricted: (null)

diff --git a/tests/expected/misc/canonicalize-root-user b/tests/expected/misc/canonicalize-root-user
new file mode 100644 (file)
index 0000000..87213a7
--- /dev/null
+++ b/tests/expected/misc/canonicalize-root-user
@@ -0,0 +1,3 @@
+orig:            /aaa/bbb/ccc-sym/ddd
+real:            /ccc/ddd
+real-restricted: /ccc/ddd

diff --git a/tests/ts/misc/canonicalize b/tests/ts/misc/canonicalize
new file mode 100755 (executable)
index 0000000..2e11165
--- /dev/null
+++ b/tests/ts/misc/canonicalize
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+# Copyright (C) 2025 Karel Zak <kzak@redhat.com>
+#
+# This file is part of util-linux.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+TS_TOPDIR="${0%/*}/../.."
+TS_DESC="canonicalize"
+
+. "$TS_TOPDIR"/functions.sh
+ts_init "$*"
+
+ts_skip_nonroot
+
+ts_check_prog "getent"
+ts_check_test_command "$TS_CMD_MOUNT"
+ts_check_test_command "$TS_CMD_UMOUNT"
+ts_check_test_command "$TS_CMD_SETPRIV"
+ts_check_test_command "$TS_HELPER_CANONICALIZE"
+
+grep -q 'nodev[[:space:]]*tmpfs' /proc/filesystems || \
+       ts_skip_subtest "tmpfs unsupported"
+
+mkdir -p $TS_MOUNTPOINT &>  /dev/null
+$TS_CMD_MOUNT -t tmpfs tmpfs $TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
+[ $? -eq 0 ] || ts_skip "tmpfs mount failed"
+
+# reuse the same TS_MOUNTPOINT in all subtests
+BASE=$TS_MOUNTPOINT
+
+# setup suid binary
+TESTPROG=${BASE}/$(basename $TS_HELPER_CANONICALIZE)
+cp $TS_HELPER_CANONICALIZE $TESTPROG
+chown root:root $TESTPROG
+chmod +x,u+s $TESTPROG
+
+if [ ! -u "$TESTPROG" ] || [ ! -x "$TESTPROG" ]; then
+       $TS_CMD_UMOUNT $BASE
+       ts_skip "cannot setup suid test"
+fi
+
+
+ts_init_subtest root-user
+mkdir -p ${BASE}/aaa/bbb
+mkdir -p ${BASE}/ccc/ddd
+ln -s ${BASE}/ccc ${BASE}/aaa/bbb/ccc-sym
+$TESTPROG ${BASE}/aaa/bbb/ccc-sym/ddd | sed "s:${BASE}::g" >> $TS_OUTPUT 2>> $TS_ERRLOG
+ts_finalize_subtest
+
+
+ts_init_subtest non-root-user
+uid="nobody"
+if id $uid &>/dev/null; then
+       mkdir -p ${BASE}/root/foo
+       chown -R root:root ${BASE}/root
+       chmod -R o-rwx ${BASE}/root
+       ln -s ${BASE}/root ${BASE}/root-sym
+
+       gid=$(getent passwd "$uid" | cut -d: -f4)
+
+       $TS_CMD_SETPRIV --reuid="$uid" --regid="$gid" --clear-groups \
+                       --inh-caps=-all --reset-env \
+                       -- $TESTPROG ${BASE}/root-sym/foo \
+               | sed "s:${BASE}::g" >> $TS_OUTPUT 2>> $TS_ERRLOG
+
+       ts_finalize_subtest
+else
+       ts_skip_subtest "nobody user is missing"
+fi
+
+
+# cleanup
+$TS_CMD_UMOUNT $BASE &> /dev/null
+
+ts_finalize