From: Adrian Vovk Date: Wed, 24 Apr 2024 23:41:03 +0000 (-0400) Subject: test: Test user record selfModifiable behavior X-Git-Tag: v257-rc1~62^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F31153%2Fhead;p=thirdparty%2Fsystemd.git test: Test user record selfModifiable behavior --- diff --git a/src/test/meson.build b/src/test/meson.build index 2157e7c1f3d..9f74a7b56aa 100644 --- a/src/test/meson.build +++ b/src/test/meson.build @@ -183,6 +183,7 @@ simple_tests += files( 'test-umask-util.c', 'test-unaligned.c', 'test-unit-file.c', + 'test-user-record.c', 'test-user-util.c', 'test-utf8.c', 'test-verbs.c', diff --git a/src/test/test-user-record.c b/src/test/test-user-record.c new file mode 100644 index 00000000000..3a7e8e28afc --- /dev/null +++ b/src/test/test-user-record.c @@ -0,0 +1,101 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "json-util.h" +#include "macro.h" +#include "tests.h" +#include "user-record.h" + +#define USER(ret, ...) \ + ({ \ + typeof(ret) _r = (ret); \ + user_record_unref(*_r); \ + assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(__VA_ARGS__)) >= 0); \ + 0; \ + }) + +TEST(self_changes) { + _cleanup_(user_record_unrefp) UserRecord *curr = NULL, *new = NULL; + + /* not allowlisted */ + USER(&curr, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 11111)); + USER(&new, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 99999)); + assert_se(!user_record_self_changes_allowed(curr, new)); + + /* manually allowlisted */ + USER(&curr, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 11111), + SD_JSON_BUILD_PAIR_ARRAY("selfModifiableFields", SD_JSON_BUILD_STRING("notInHardCodedList"))); + USER(&new, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_ARRAY("selfModifiableFields", SD_JSON_BUILD_STRING("notInHardCodedList")), + /* change in order shouldn't affect things */ + SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 99999)); + assert_se(user_record_self_changes_allowed(curr, new)); + + /* default allowlisted */ + USER(&curr, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_STRING("realName", "Old Name")); + USER(&new, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_STRING("realName", "New Name")); + assert_se(user_record_self_changes_allowed(curr, new)); + + /* introduced new default allowlisted */ + USER(&curr, + SD_JSON_BUILD_PAIR_STRING("userName", "test")); + USER(&new, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_STRING("realName", "New Name")); + assert_se(user_record_self_changes_allowed(curr, new)); + + /* introduced new not allowlisted */ + USER(&curr, + SD_JSON_BUILD_PAIR_STRING("userName", "test")); + USER(&new, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 99999)); + assert_se(!user_record_self_changes_allowed(curr, new)); + + /* privileged section: default allowlisted */ + USER(&curr, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_OBJECT("privileged", + SD_JSON_BUILD_PAIR_STRING("passwordHint", "Old Hint"))); + USER(&new, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_OBJECT("privileged", + SD_JSON_BUILD_PAIR_STRING("passwordHint", "New Hint"))); + assert_se(user_record_self_changes_allowed(curr, new)); + + /* privileged section: not allowlisted */ + USER(&curr, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_OBJECT("privileged", + SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 11111))); + USER(&new, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_OBJECT("privileged", + SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 99999))); + assert_se(!user_record_self_changes_allowed(curr, new)); + + /* privileged section: manually allowlisted */ + USER(&curr, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_ARRAY("selfModifiablePrivileged", SD_JSON_BUILD_STRING("notInHardCodedList")), + SD_JSON_BUILD_PAIR_OBJECT("privileged", + SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 11111))); + USER(&new, + SD_JSON_BUILD_PAIR_STRING("userName", "test"), + SD_JSON_BUILD_PAIR_ARRAY("selfModifiablePrivileged", SD_JSON_BUILD_STRING("notInHardCodedList")), + SD_JSON_BUILD_PAIR_OBJECT("privileged", + SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 99999))); + assert_se(user_record_self_changes_allowed(curr, new)); +} + +DEFINE_TEST_MAIN(LOG_INFO);