[thirdparty/systemd.git] / test / test-sysusers.sh.in

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e

SYSUSERS="${1:-systemd-sysusers}"

# shellcheck disable=SC1090
[ -e "$(dirname "$0")/../systemd-runtest.env" ] && . "$(dirname "$0")/../systemd-runtest.env"
SYSTEMD_TEST_DATA=${SYSTEMD_TEST_DATA:-@SYSTEMD_TEST_DATA@}
SOURCE=$SYSTEMD_TEST_DATA/test-sysusers

TESTDIR=$(mktemp --tmpdir --directory "test-sysusers.XXXXXXXXXX")
# shellcheck disable=SC2064
trap "rm -rf '$TESTDIR'" EXIT INT QUIT PIPE

prepare_testdir() {
    mkdir -p "$TESTDIR/etc/sysusers.d/"
    mkdir -p "$TESTDIR/usr/lib/sysusers.d/"
    rm -f "$TESTDIR"/etc/*{passwd,group,shadow}
    for i in $1.initial-{passwd,group,shadow}; do
        test -f "$i" && cp "$i" "$TESTDIR/etc/${i#*.initial-}"
    done
    return 0
}

# shellcheck disable=SC2050
[ @SYSTEM_UID_MAX@ -lt @SYSTEM_GID_MAX@ ] && system_guid_max=@SYSTEM_UID_MAX@ || system_guid_max=@SYSTEM_GID_MAX@

preprocess() {
    m=${2:-$system_guid_max}

    # shellcheck disable=SC2140
    sed -e "s/SYSTEM_UGID_MAX/$m/g;
            s#NOLOGIN#@NOLOGIN@#g" "$1"
}

compare() {
    if ! diff -u "$TESTDIR/etc/passwd" <(preprocess "$1.expected-passwd" "$3"); then
        echo >&2 "**** Unexpected output for $f $2"
        exit 1
    fi

    if ! diff -u "$TESTDIR/etc/group" <(preprocess "$1.expected-group" "$3"); then
        echo >&2 "**** Unexpected output for $f $2"
        exit 1
    fi
}

rm -f "$TESTDIR"/etc/sysusers.d/* "$TESTDIR"/usr/lib/sysusers.d/*

# happy tests
for f in $(find "$SOURCE"/test-*.input | sort -V); do
    echo "*** Running $f"
    prepare_testdir "${f%.input}"
    cp "$f" "$TESTDIR/usr/lib/sysusers.d/test.conf"
    $SYSUSERS --root="$TESTDIR"

    compare "${f%.*}" ""
done

for f in $(find "$SOURCE"/test-*.input | sort -V); do
    echo "*** Running $f on stdin"
    prepare_testdir "${f%.input}"
    touch "$TESTDIR/etc/sysusers.d/test.conf"
    $SYSUSERS --root="$TESTDIR" - <"$f"

    compare "${f%.*}" "on stdin"
done

for f in $(find "$SOURCE"/test-*.input | sort -V); do
    echo "*** Running $f on stdin with --replace"
    prepare_testdir "${f%.input}"
    touch "$TESTDIR/etc/sysusers.d/test.conf"
    # this overrides test.conf which is masked on disk
    $SYSUSERS --root="$TESTDIR" --replace=/etc/sysusers.d/test.conf - <"$f"
    # this should be ignored
    $SYSUSERS --root="$TESTDIR" --replace=/usr/lib/sysusers.d/test.conf - <"$SOURCE/test-1.input"

    compare "${f%.*}" "on stdin with --replace"
done

# test --inline
echo "*** Testing --inline"
prepare_testdir "$SOURCE/inline"
# copy a random file to make sure it is ignored
cp "$f" "$TESTDIR/etc/sysusers.d/confuse.conf"
$SYSUSERS --root="$TESTDIR" --inline \
          "u     u1   222 -     - /bin/zsh" \
          "g     g1   111"

compare "$SOURCE/inline" "(--inline)"

# test --replace
echo "*** Testing --inline with --replace"
prepare_testdir "$SOURCE/inline"
# copy a random file to make sure it is ignored
cp "$f" "$TESTDIR/etc/sysusers.d/confuse.conf"
$SYSUSERS --root="$TESTDIR" \
          --inline \
          --replace=/etc/sysusers.d/confuse.conf \
          "u     u1   222 -     - /bin/zsh" \
          "g     g1   111"

compare "$SOURCE/inline" "(--inline --replace=…)"

echo "*** Testing --inline with no /etc"
rm -rf "${TESTDIR:?}/etc"
$SYSUSERS --root="$TESTDIR" --inline \
          "u     u1   222 -     - /bin/zsh" \
          "g     g1   111"

compare "$SOURCE/inline" "(--inline)"

rm -f "$TESTDIR"/etc/sysusers.d/* "$TESTDIR"/usr/lib/sysusers.d/*

cat >"$TESTDIR/etc/login.defs" <<EOF
SYS_UID_MIN abcd
SYS_UID_MAX abcd
SYS_GID_MIN abcd
SYS_GID_MAX abcd
SYS_UID_MIN 401
SYS_UID_MAX 555
SYS_GID_MIN 405
SYS_GID_MAX 666
SYS_UID_MIN abcd
SYS_UID_MAX abcd
SYS_GID_MIN abcd
SYS_GID_MAX abcd
SYS_UID_MIN999
SYS_UID_MAX999
SYS_GID_MIN999
SYS_GID_MAX999
EOF

for f in $(find "$SOURCE"/test-*.input | sort -V); do
    echo "*** Running $f (with login.defs)"
    prepare_testdir "${f%.input}"
    cp "$f" "$TESTDIR/usr/lib/sysusers.d/test.conf"
    $SYSUSERS --root="$TESTDIR"

    # shellcheck disable=SC2050
    [ @ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES@ = 1 ] && bound=555 || bound=$system_guid_max
    compare "${f%.*}" "(with login.defs)" "$bound"
done

rm -f "$TESTDIR"/etc/sysusers.d/* "$TESTDIR"/usr/lib/sysusers.d/*

mv "$TESTDIR/etc/login.defs" "$TESTDIR/etc/login.defs.moved"
ln -s ../../../../../etc/login.defs.moved "$TESTDIR/etc/login.defs"

for f in $(find "$SOURCE"/test-*.input | sort -V); do
    echo "*** Running $f (with login.defs symlinked)"
    prepare_testdir "${f%.input}"
    cp "$f" "$TESTDIR/usr/lib/sysusers.d/test.conf"
    $SYSUSERS --root="$TESTDIR"

    # shellcheck disable=SC2050
    [ @ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES@ = 1 ] && bound=555 || bound=$system_guid_max
    compare "${f%.*}" "(with login.defs symlinked)" "$bound"
done

rm -f "$TESTDIR"/etc/sysusers.d/* "$TESTDIR"/usr/lib/sysusers.d/*

# tests for error conditions
for f in $(find "$SOURCE"/unhappy-*.input | sort -V); do
    echo "*** Running test $f"
    prepare_testdir "${f%.input}"
    cp "$f" "$TESTDIR/usr/lib/sysusers.d/test.conf"
    SYSTEMD_LOG_LEVEL=info $SYSUSERS --root="$TESTDIR" 2>&1 | tail -n1 | sed -r 's/^[^:]+:[^:]+://' >"$TESTDIR/err"
    if ! diff -u "$TESTDIR/err"  "${f%.*}.expected-err"; then
        echo >&2 "**** Unexpected error output for $f"
        cat >&2 "$TESTDIR/err"
        exit 1
    fi
done
Commit	Line	Data
bd7e6aa7	1	#!/usr/bin/env bash
8f5bcd61	2	# SPDX-License-Identifier: LGPL-2.1-or-later
bd7e6aa7 ZJS	3	set -e
	4
	5	SYSUSERS="${1:-systemd-sysusers}"
	6
d79881c5 LB	7	# shellcheck disable=SC1090
d79881c5 LB	8	[ -e "$(dirname "$0")/../systemd-runtest.env" ] && . "$(dirname "$0")/../systemd-runtest.env"
bd7e6aa7 ZJS	9	SYSTEMD_TEST_DATA=${SYSTEMD_TEST_DATA:-@SYSTEMD_TEST_DATA@}
	10	SOURCE=$SYSTEMD_TEST_DATA/test-sysusers
	11
	12	TESTDIR=$(mktemp --tmpdir --directory "test-sysusers.XXXXXXXXXX")
d79881c5	13	# shellcheck disable=SC2064
bd7e6aa7 ZJS	14	trap "rm -rf '$TESTDIR'" EXIT INT QUIT PIPE
	15
	16	prepare_testdir() {
d79881c5 LB	17	mkdir -p "$TESTDIR/etc/sysusers.d/"
	18	mkdir -p "$TESTDIR/usr/lib/sysusers.d/"
	19	rm -f "$TESTDIR"/etc/*{passwd,group,shadow}
bd7e6aa7	20	for i in $1.initial-{passwd,group,shadow}; do
d79881c5	21	test -f "$i" && cp "$i" "$TESTDIR/etc/${i#*.initial-}"
bd7e6aa7 ZJS	22	done
	23	return 0
	24	}
	25
d79881c5	26	# shellcheck disable=SC2050
aa25270c ZJS	27	[ @SYSTEM_UID_MAX@ -lt @SYSTEM_GID_MAX@ ] && system_guid_max=@SYSTEM_UID_MAX@ \|\| system_guid_max=@SYSTEM_GID_MAX@
aa25270c ZJS	28
bd7e6aa7	29	preprocess() {
aa25270c ZJS	30	m=${2:-$system_guid_max}
aa25270c ZJS	31
d79881c5	32	# shellcheck disable=SC2140
aa25270c ZJS	33	sed -e "s/SYSTEM_UGID_MAX/$m/g;
aa25270c ZJS	34	s#NOLOGIN#@NOLOGIN@#g" "$1"
bd7e6aa7 ZJS	35	}
	36
	37	compare() {
d79881c5	38	if ! diff -u "$TESTDIR/etc/passwd" <(preprocess "$1.expected-passwd" "$3"); then
78643f26	39	echo >&2 "**** Unexpected output for $f $2"
bd7e6aa7 ZJS	40	exit 1
	41	fi
	42
d79881c5	43	if ! diff -u "$TESTDIR/etc/group" <(preprocess "$1.expected-group" "$3"); then
78643f26	44	echo >&2 "**** Unexpected output for $f $2"
bd7e6aa7 ZJS	45	exit 1
	46	fi
	47	}
	48
d79881c5	49	rm -f "$TESTDIR"/etc/sysusers.d/* "$TESTDIR"/usr/lib/sysusers.d/*
bd7e6aa7 ZJS	50
bd7e6aa7 ZJS	51	# happy tests
d79881c5	52	for f in $(find "$SOURCE"/test-*.input \| sort -V); do
bd7e6aa7	53	echo "*** Running $f"
d79881c5 LB	54	prepare_testdir "${f%.input}"
	55	cp "$f" "$TESTDIR/usr/lib/sysusers.d/test.conf"
	56	$SYSUSERS --root="$TESTDIR"
bd7e6aa7	57
d79881c5	58	compare "${f%.*}" ""
bd7e6aa7 ZJS	59	done
bd7e6aa7 ZJS	60
d79881c5	61	for f in $(find "$SOURCE"/test-*.input \| sort -V); do
bd7e6aa7	62	echo "*** Running $f on stdin"
d79881c5 LB	63	prepare_testdir "${f%.input}"
	64	touch "$TESTDIR/etc/sysusers.d/test.conf"
	65	$SYSUSERS --root="$TESTDIR" - <"$f"
bd7e6aa7	66
d79881c5	67	compare "${f%.*}" "on stdin"
bd7e6aa7 ZJS	68	done
bd7e6aa7 ZJS	69
d79881c5	70	for f in $(find "$SOURCE"/test-*.input \| sort -V); do
bd7e6aa7	71	echo "*** Running $f on stdin with --replace"
d79881c5 LB	72	prepare_testdir "${f%.input}"
d79881c5 LB	73	touch "$TESTDIR/etc/sysusers.d/test.conf"
bd7e6aa7	74	# this overrides test.conf which is masked on disk
d79881c5	75	$SYSUSERS --root="$TESTDIR" --replace=/etc/sysusers.d/test.conf - <"$f"
bd7e6aa7	76	# this should be ignored
d79881c5	77	$SYSUSERS --root="$TESTDIR" --replace=/usr/lib/sysusers.d/test.conf - <"$SOURCE/test-1.input"
bd7e6aa7	78
d79881c5	79	compare "${f%.*}" "on stdin with --replace"
bd7e6aa7 ZJS	80	done
	81
	82	# test --inline
	83	echo "*** Testing --inline"
d79881c5	84	prepare_testdir "$SOURCE/inline"
bd7e6aa7	85	# copy a random file to make sure it is ignored
d79881c5 LB	86	cp "$f" "$TESTDIR/etc/sysusers.d/confuse.conf"
d79881c5 LB	87	$SYSUSERS --root="$TESTDIR" --inline \
bd7e6aa7 ZJS	88	"u u1 222 - - /bin/zsh" \
	89	"g g1 111"
	90
d79881c5	91	compare "$SOURCE/inline" "(--inline)"
bd7e6aa7 ZJS	92
	93	# test --replace
	94	echo "*** Testing --inline with --replace"
d79881c5	95	prepare_testdir "$SOURCE/inline"
bd7e6aa7	96	# copy a random file to make sure it is ignored
d79881c5 LB	97	cp "$f" "$TESTDIR/etc/sysusers.d/confuse.conf"
d79881c5 LB	98	$SYSUSERS --root="$TESTDIR" \
bd7e6aa7 ZJS	99	--inline \
	100	--replace=/etc/sysusers.d/confuse.conf \
	101	"u u1 222 - - /bin/zsh" \
	102	"g g1 111"
	103
d79881c5	104	compare "$SOURCE/inline" "(--inline --replace=…)"
bd7e6aa7	105
3e74e6a1	106	echo "*** Testing --inline with no /etc"
d79881c5 LB	107	rm -rf "${TESTDIR:?}/etc"
d79881c5 LB	108	$SYSUSERS --root="$TESTDIR" --inline \
3e74e6a1 ZJS	109	"u u1 222 - - /bin/zsh" \
	110	"g g1 111"
	111
d79881c5	112	compare "$SOURCE/inline" "(--inline)"
3e74e6a1	113
d79881c5	114	rm -f "$TESTDIR"/etc/sysusers.d/* "$TESTDIR"/usr/lib/sysusers.d/*
bd7e6aa7	115
d79881c5	116	cat >"$TESTDIR/etc/login.defs" <<EOF
aa25270c ZJS	117	SYS_UID_MIN abcd
	118	SYS_UID_MAX abcd
	119	SYS_GID_MIN abcd
	120	SYS_GID_MAX abcd
	121	SYS_UID_MIN 401
	122	SYS_UID_MAX 555
	123	SYS_GID_MIN 405
	124	SYS_GID_MAX 666
	125	SYS_UID_MIN abcd
	126	SYS_UID_MAX abcd
	127	SYS_GID_MIN abcd
	128	SYS_GID_MAX abcd
	129	SYS_UID_MIN999
	130	SYS_UID_MAX999
	131	SYS_GID_MIN999
	132	SYS_GID_MAX999
	133	EOF
	134
d79881c5	135	for f in $(find "$SOURCE"/test-*.input \| sort -V); do
aa25270c	136	echo "*** Running $f (with login.defs)"
d79881c5 LB	137	prepare_testdir "${f%.input}"
	138	cp "$f" "$TESTDIR/usr/lib/sysusers.d/test.conf"
	139	$SYSUSERS --root="$TESTDIR"
aa25270c	140
d79881c5	141	# shellcheck disable=SC2050
aa25270c	142	[ @ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES@ = 1 ] && bound=555 \|\| bound=$system_guid_max
6aea5ce8	143	compare "${f%.*}" "(with login.defs)" "$bound"
aa25270c ZJS	144	done
aa25270c ZJS	145
d79881c5	146	rm -f "$TESTDIR"/etc/sysusers.d/* "$TESTDIR"/usr/lib/sysusers.d/*
aa25270c	147
d79881c5 LB	148	mv "$TESTDIR/etc/login.defs" "$TESTDIR/etc/login.defs.moved"
d79881c5 LB	149	ln -s ../../../../../etc/login.defs.moved "$TESTDIR/etc/login.defs"
aa25270c	150
d79881c5	151	for f in $(find "$SOURCE"/test-*.input \| sort -V); do
aa25270c	152	echo "*** Running $f (with login.defs symlinked)"
d79881c5 LB	153	prepare_testdir "${f%.input}"
	154	cp "$f" "$TESTDIR/usr/lib/sysusers.d/test.conf"
	155	$SYSUSERS --root="$TESTDIR"
aa25270c	156
d79881c5	157	# shellcheck disable=SC2050
aa25270c	158	[ @ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES@ = 1 ] && bound=555 \|\| bound=$system_guid_max
6aea5ce8	159	compare "${f%.*}" "(with login.defs symlinked)" "$bound"
aa25270c ZJS	160	done
aa25270c ZJS	161
d79881c5	162	rm -f "$TESTDIR"/etc/sysusers.d/* "$TESTDIR"/usr/lib/sysusers.d/*
aa25270c	163
bd7e6aa7	164	# tests for error conditions
d79881c5	165	for f in $(find "$SOURCE"/unhappy-*.input \| sort -V); do
bd7e6aa7	166	echo "*** Running test $f"
d79881c5 LB	167	prepare_testdir "${f%.input}"
d79881c5 LB	168	cp "$f" "$TESTDIR/usr/lib/sysusers.d/test.conf"
88d4b97a	169	SYSTEMD_LOG_LEVEL=info $SYSUSERS --root="$TESTDIR" 2>&1 \| tail -n1 \| sed -r 's/^[^:]+:[^:]+://' >"$TESTDIR/err"
d79881c5	170	if ! diff -u "$TESTDIR/err" "${f%.*}.expected-err"; then
78643f26 YW	171	echo >&2 "**** Unexpected error output for $f"
78643f26 YW	172	cat >&2 "$TESTDIR/err"
bd7e6aa7 ZJS	173	exit 1
	174	fi
	175	done