Line data Source code
1 : /* SPDX-License-Identifier: LGPL-2.1+ */
2 :
3 : #include <stdio.h>
4 : #include <sys/types.h>
5 : #include <sys/utsname.h>
6 : #include <unistd.h>
7 :
8 : #include "sd-id128.h"
9 :
10 : #include "alloc-util.h"
11 : #include "apparmor-util.h"
12 : #include "architecture.h"
13 : #include "audit-util.h"
14 : #include "cgroup-util.h"
15 : #include "condition.h"
16 : #include "cpu-set-util.h"
17 : #include "efivars.h"
18 : #include "hostname-util.h"
19 : #include "id128-util.h"
20 : #include "ima-util.h"
21 : #include "limits-util.h"
22 : #include "log.h"
23 : #include "macro.h"
24 : #include "nulstr-util.h"
25 : #include "process-util.h"
26 : #include "selinux-util.h"
27 : #include "set.h"
28 : #include "smack-util.h"
29 : #include "string-util.h"
30 : #include "strv.h"
31 : #include "tests.h"
32 : #include "tomoyo-util.h"
33 : #include "user-util.h"
34 : #include "virt.h"
35 :
36 1 : static void test_condition_test_path(void) {
37 : Condition *condition;
38 :
39 1 : condition = condition_new(CONDITION_PATH_EXISTS, "/bin/sh", false, false);
40 1 : assert_se(condition);
41 1 : assert_se(condition_test(condition));
42 1 : condition_free(condition);
43 :
44 1 : condition = condition_new(CONDITION_PATH_EXISTS, "/bin/s?", false, false);
45 1 : assert_se(condition);
46 1 : assert_se(condition_test(condition) == 0);
47 1 : condition_free(condition);
48 :
49 1 : condition = condition_new(CONDITION_PATH_EXISTS_GLOB, "/bin/s?", false, false);
50 1 : assert_se(condition);
51 1 : assert_se(condition_test(condition) > 0);
52 1 : condition_free(condition);
53 :
54 1 : condition = condition_new(CONDITION_PATH_EXISTS_GLOB, "/bin/s?", false, true);
55 1 : assert_se(condition);
56 1 : assert_se(condition_test(condition) == 0);
57 1 : condition_free(condition);
58 :
59 1 : condition = condition_new(CONDITION_PATH_EXISTS, "/thiscertainlywontexist", false, false);
60 1 : assert_se(condition);
61 1 : assert_se(condition_test(condition) == 0);
62 1 : condition_free(condition);
63 :
64 1 : condition = condition_new(CONDITION_PATH_EXISTS, "/thiscertainlywontexist", false, true);
65 1 : assert_se(condition);
66 1 : assert_se(condition_test(condition) > 0);
67 1 : condition_free(condition);
68 :
69 1 : condition = condition_new(CONDITION_PATH_IS_DIRECTORY, "/bin", false, false);
70 1 : assert_se(condition);
71 1 : assert_se(condition_test(condition) > 0);
72 1 : condition_free(condition);
73 :
74 1 : condition = condition_new(CONDITION_DIRECTORY_NOT_EMPTY, "/bin", false, false);
75 1 : assert_se(condition);
76 1 : assert_se(condition_test(condition) > 0);
77 1 : condition_free(condition);
78 :
79 1 : condition = condition_new(CONDITION_FILE_NOT_EMPTY, "/bin/sh", false, false);
80 1 : assert_se(condition);
81 1 : assert_se(condition_test(condition) > 0);
82 1 : condition_free(condition);
83 :
84 1 : condition = condition_new(CONDITION_FILE_IS_EXECUTABLE, "/bin/sh", false, false);
85 1 : assert_se(condition);
86 1 : assert_se(condition_test(condition) > 0);
87 1 : condition_free(condition);
88 :
89 1 : condition = condition_new(CONDITION_FILE_IS_EXECUTABLE, "/etc/passwd", false, false);
90 1 : assert_se(condition);
91 1 : assert_se(condition_test(condition) == 0);
92 1 : condition_free(condition);
93 :
94 1 : condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/proc", false, false);
95 1 : assert_se(condition);
96 1 : assert_se(condition_test(condition) > 0);
97 1 : condition_free(condition);
98 :
99 1 : condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/", false, false);
100 1 : assert_se(condition);
101 1 : assert_se(condition_test(condition) > 0);
102 1 : condition_free(condition);
103 :
104 1 : condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/bin", false, false);
105 1 : assert_se(condition);
106 1 : assert_se(condition_test(condition) == 0);
107 1 : condition_free(condition);
108 :
109 1 : condition = condition_new(CONDITION_PATH_IS_READ_WRITE, "/tmp", false, false);
110 1 : assert_se(condition);
111 1 : assert_se(condition_test(condition) > 0);
112 1 : condition_free(condition);
113 :
114 1 : condition = condition_new(CONDITION_PATH_IS_SYMBOLIC_LINK, "/dev/stdout", false, false);
115 1 : assert_se(condition);
116 1 : assert_se(condition_test(condition) > 0);
117 1 : condition_free(condition);
118 1 : }
119 :
120 1 : static void test_condition_test_control_group_controller(void) {
121 : Condition *condition;
122 : CGroupMask system_mask;
123 : CGroupController controller;
124 1 : _cleanup_free_ char *controller_name = NULL;
125 : int r;
126 :
127 1 : r = cg_unified_flush();
128 1 : if (r < 0) {
129 0 : log_notice_errno(r, "Skipping ConditionControlGroupController tests: %m");
130 0 : return;
131 : }
132 :
133 : /* Invalid controllers are ignored */
134 1 : condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "thisisnotarealcontroller", false, false);
135 1 : assert_se(condition);
136 1 : assert_se(condition_test(condition) > 0);
137 1 : condition_free(condition);
138 :
139 1 : condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "thisisnotarealcontroller", false, true);
140 1 : assert_se(condition);
141 1 : assert_se(condition_test(condition) == 0);
142 1 : condition_free(condition);
143 :
144 1 : assert_se(cg_mask_supported(&system_mask) >= 0);
145 :
146 : /* Individual valid controllers one by one */
147 10 : for (controller = 0; controller < _CGROUP_CONTROLLER_MAX; controller++) {
148 9 : const char *local_controller_name = cgroup_controller_to_string(controller);
149 9 : log_info("chosen controller is '%s'", local_controller_name);
150 9 : if (system_mask & CGROUP_CONTROLLER_TO_MASK(controller)) {
151 6 : log_info("this controller is available");
152 6 : condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, false);
153 6 : assert_se(condition);
154 6 : assert_se(condition_test(condition) > 0);
155 6 : condition_free(condition);
156 :
157 6 : condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, true);
158 6 : assert_se(condition);
159 6 : assert_se(condition_test(condition) == 0);
160 6 : condition_free(condition);
161 : } else {
162 3 : log_info("this controller is unavailable");
163 3 : condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, false);
164 3 : assert_se(condition);
165 3 : assert_se(condition_test(condition) == 0);
166 3 : condition_free(condition);
167 :
168 3 : condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, true);
169 3 : assert_se(condition);
170 3 : assert_se(condition_test(condition) > 0);
171 3 : condition_free(condition);
172 : }
173 : }
174 :
175 : /* Multiple valid controllers at the same time */
176 1 : assert_se(cg_mask_to_string(system_mask, &controller_name) >= 0);
177 :
178 1 : condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, strempty(controller_name), false, false);
179 1 : assert_se(condition);
180 1 : assert_se(condition_test(condition) > 0);
181 1 : condition_free(condition);
182 :
183 1 : condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, strempty(controller_name), false, true);
184 1 : assert_se(condition);
185 1 : assert_se(condition_test(condition) == 0);
186 1 : condition_free(condition);
187 : }
188 :
189 1 : static void test_condition_test_ac_power(void) {
190 : Condition *condition;
191 :
192 1 : condition = condition_new(CONDITION_AC_POWER, "true", false, false);
193 1 : assert_se(condition);
194 1 : assert_se(condition_test(condition) == on_ac_power());
195 1 : condition_free(condition);
196 :
197 1 : condition = condition_new(CONDITION_AC_POWER, "false", false, false);
198 1 : assert_se(condition);
199 1 : assert_se(condition_test(condition) != on_ac_power());
200 1 : condition_free(condition);
201 :
202 1 : condition = condition_new(CONDITION_AC_POWER, "false", false, true);
203 1 : assert_se(condition);
204 1 : assert_se(condition_test(condition) == on_ac_power());
205 1 : condition_free(condition);
206 1 : }
207 :
208 1 : static void test_condition_test_host(void) {
209 1 : _cleanup_free_ char *hostname = NULL;
210 : char sid[SD_ID128_STRING_MAX];
211 : Condition *condition;
212 : sd_id128_t id;
213 : int r;
214 :
215 1 : r = sd_id128_get_machine(&id);
216 1 : assert_se(r >= 0);
217 1 : assert_se(sd_id128_to_string(id, sid));
218 :
219 1 : condition = condition_new(CONDITION_HOST, sid, false, false);
220 1 : assert_se(condition);
221 1 : assert_se(condition_test(condition) > 0);
222 1 : condition_free(condition);
223 :
224 1 : condition = condition_new(CONDITION_HOST, "garbage value jjjjjjjjjjjjjj", false, false);
225 1 : assert_se(condition);
226 1 : assert_se(condition_test(condition) == 0);
227 1 : condition_free(condition);
228 :
229 1 : condition = condition_new(CONDITION_HOST, sid, false, true);
230 1 : assert_se(condition);
231 1 : assert_se(condition_test(condition) == 0);
232 1 : condition_free(condition);
233 :
234 1 : hostname = gethostname_malloc();
235 1 : assert_se(hostname);
236 :
237 : /* if hostname looks like an id128 then skip testing it */
238 1 : if (id128_is_valid(hostname))
239 0 : log_notice("hostname is an id128, skipping test");
240 : else {
241 1 : condition = condition_new(CONDITION_HOST, hostname, false, false);
242 1 : assert_se(condition);
243 1 : assert_se(condition_test(condition) > 0);
244 1 : condition_free(condition);
245 : }
246 1 : }
247 :
248 1 : static void test_condition_test_architecture(void) {
249 : Condition *condition;
250 : const char *sa;
251 : int a;
252 :
253 1 : a = uname_architecture();
254 1 : assert_se(a >= 0);
255 :
256 1 : sa = architecture_to_string(a);
257 1 : assert_se(sa);
258 :
259 1 : condition = condition_new(CONDITION_ARCHITECTURE, sa, false, false);
260 1 : assert_se(condition);
261 1 : assert_se(condition_test(condition) > 0);
262 1 : condition_free(condition);
263 :
264 1 : condition = condition_new(CONDITION_ARCHITECTURE, "garbage value", false, false);
265 1 : assert_se(condition);
266 1 : assert_se(condition_test(condition) == 0);
267 1 : condition_free(condition);
268 :
269 1 : condition = condition_new(CONDITION_ARCHITECTURE, sa, false, true);
270 1 : assert_se(condition);
271 1 : assert_se(condition_test(condition) == 0);
272 1 : condition_free(condition);
273 1 : }
274 :
275 1 : static void test_condition_test_kernel_command_line(void) {
276 : Condition *condition;
277 :
278 1 : condition = condition_new(CONDITION_KERNEL_COMMAND_LINE, "thisreallyshouldntbeonthekernelcommandline", false, false);
279 1 : assert_se(condition);
280 1 : assert_se(condition_test(condition) == 0);
281 1 : condition_free(condition);
282 :
283 1 : condition = condition_new(CONDITION_KERNEL_COMMAND_LINE, "andthis=neither", false, false);
284 1 : assert_se(condition);
285 1 : assert_se(condition_test(condition) == 0);
286 1 : condition_free(condition);
287 1 : }
288 :
289 1 : static void test_condition_test_kernel_version(void) {
290 : Condition *condition;
291 : struct utsname u;
292 : const char *v;
293 :
294 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "*thisreallyshouldntbeinthekernelversion*", false, false);
295 1 : assert_se(condition);
296 1 : assert_se(condition_test(condition) == 0);
297 1 : condition_free(condition);
298 :
299 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "*", false, false);
300 1 : assert_se(condition);
301 1 : assert_se(condition_test(condition) > 0);
302 1 : condition_free(condition);
303 :
304 : /* An artificially empty condition. It evaluates to true, but normally
305 : * such condition cannot be created, because the condition list is reset instead. */
306 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "", false, false);
307 1 : assert_se(condition);
308 1 : assert_se(condition_test(condition) > 0);
309 1 : condition_free(condition);
310 :
311 1 : assert_se(uname(&u) >= 0);
312 :
313 1 : condition = condition_new(CONDITION_KERNEL_VERSION, u.release, false, false);
314 1 : assert_se(condition);
315 1 : assert_se(condition_test(condition) > 0);
316 1 : condition_free(condition);
317 :
318 1 : strshorten(u.release, 4);
319 1 : strcpy(strchr(u.release, 0), "*");
320 :
321 1 : condition = condition_new(CONDITION_KERNEL_VERSION, u.release, false, false);
322 1 : assert_se(condition);
323 1 : assert_se(condition_test(condition) > 0);
324 1 : condition_free(condition);
325 :
326 : /* 0.1.2 would be a very very very old kernel */
327 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "> 0.1.2", false, false);
328 1 : assert_se(condition);
329 1 : assert_se(condition_test(condition) > 0);
330 1 : condition_free(condition);
331 :
332 1 : condition = condition_new(CONDITION_KERNEL_VERSION, ">0.1.2", false, false);
333 1 : assert_se(condition);
334 1 : assert_se(condition_test(condition) > 0);
335 1 : condition_free(condition);
336 :
337 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "'>0.1.2' '<9.0.0'", false, false);
338 1 : assert_se(condition);
339 1 : assert_se(condition_test(condition) > 0);
340 1 : condition_free(condition);
341 :
342 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "> 0.1.2 < 9.0.0", false, false);
343 1 : assert_se(condition);
344 1 : assert_se(condition_test(condition) == -EINVAL);
345 1 : condition_free(condition);
346 :
347 1 : condition = condition_new(CONDITION_KERNEL_VERSION, ">", false, false);
348 1 : assert_se(condition);
349 1 : assert_se(condition_test(condition) == -EINVAL);
350 1 : condition_free(condition);
351 :
352 1 : condition = condition_new(CONDITION_KERNEL_VERSION, ">= 0.1.2", false, false);
353 1 : assert_se(condition);
354 1 : assert_se(condition_test(condition) > 0);
355 1 : condition_free(condition);
356 :
357 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "< 0.1.2", false, false);
358 1 : assert_se(condition);
359 1 : assert_se(condition_test(condition) == 0);
360 1 : condition_free(condition);
361 :
362 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "<= 0.1.2", false, false);
363 1 : assert_se(condition);
364 1 : assert_se(condition_test(condition) == 0);
365 1 : condition_free(condition);
366 :
367 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "= 0.1.2", false, false);
368 1 : assert_se(condition);
369 1 : assert_se(condition_test(condition) == 0);
370 1 : condition_free(condition);
371 :
372 : /* 4711.8.15 is a very very very future kernel */
373 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "< 4711.8.15", false, false);
374 1 : assert_se(condition);
375 1 : assert_se(condition_test(condition) > 0);
376 1 : condition_free(condition);
377 :
378 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "<= 4711.8.15", false, false);
379 1 : assert_se(condition);
380 1 : assert_se(condition_test(condition) > 0);
381 1 : condition_free(condition);
382 :
383 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "= 4711.8.15", false, false);
384 1 : assert_se(condition);
385 1 : assert_se(condition_test(condition) == 0);
386 1 : condition_free(condition);
387 :
388 1 : condition = condition_new(CONDITION_KERNEL_VERSION, "> 4711.8.15", false, false);
389 1 : assert_se(condition);
390 1 : assert_se(condition_test(condition) == 0);
391 1 : condition_free(condition);
392 :
393 1 : condition = condition_new(CONDITION_KERNEL_VERSION, ">= 4711.8.15", false, false);
394 1 : assert_se(condition);
395 1 : assert_se(condition_test(condition) == 0);
396 1 : condition_free(condition);
397 :
398 1 : assert_se(uname(&u) >= 0);
399 :
400 5 : v = strjoina(">=", u.release);
401 1 : condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
402 1 : assert_se(condition);
403 1 : assert_se(condition_test(condition) > 0);
404 1 : condition_free(condition);
405 :
406 5 : v = strjoina("= ", u.release);
407 1 : condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
408 1 : assert_se(condition);
409 1 : assert_se(condition_test(condition) > 0);
410 1 : condition_free(condition);
411 :
412 5 : v = strjoina("<=", u.release);
413 1 : condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
414 1 : assert_se(condition);
415 1 : assert_se(condition_test(condition) > 0);
416 1 : condition_free(condition);
417 :
418 5 : v = strjoina("> ", u.release);
419 1 : condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
420 1 : assert_se(condition);
421 1 : assert_se(condition_test(condition) == 0);
422 1 : condition_free(condition);
423 :
424 5 : v = strjoina("< ", u.release);
425 1 : condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
426 1 : assert_se(condition);
427 1 : assert_se(condition_test(condition) == 0);
428 1 : condition_free(condition);
429 1 : }
430 :
431 1 : static void test_condition_test_null(void) {
432 : Condition *condition;
433 :
434 1 : condition = condition_new(CONDITION_NULL, NULL, false, false);
435 1 : assert_se(condition);
436 1 : assert_se(condition_test(condition) > 0);
437 1 : condition_free(condition);
438 :
439 1 : condition = condition_new(CONDITION_NULL, NULL, false, true);
440 1 : assert_se(condition);
441 1 : assert_se(condition_test(condition) == 0);
442 1 : condition_free(condition);
443 1 : }
444 :
445 1 : static void test_condition_test_security(void) {
446 : Condition *condition;
447 :
448 1 : condition = condition_new(CONDITION_SECURITY, "garbage oifdsjfoidsjoj", false, false);
449 1 : assert_se(condition);
450 1 : assert_se(condition_test(condition) == 0);
451 1 : condition_free(condition);
452 :
453 1 : condition = condition_new(CONDITION_SECURITY, "selinux", false, true);
454 1 : assert_se(condition);
455 1 : assert_se(condition_test(condition) != mac_selinux_use());
456 1 : condition_free(condition);
457 :
458 1 : condition = condition_new(CONDITION_SECURITY, "apparmor", false, false);
459 1 : assert_se(condition);
460 1 : assert_se(condition_test(condition) == mac_apparmor_use());
461 1 : condition_free(condition);
462 :
463 1 : condition = condition_new(CONDITION_SECURITY, "tomoyo", false, false);
464 1 : assert_se(condition);
465 1 : assert_se(condition_test(condition) == mac_tomoyo_use());
466 1 : condition_free(condition);
467 :
468 1 : condition = condition_new(CONDITION_SECURITY, "ima", false, false);
469 1 : assert_se(condition);
470 1 : assert_se(condition_test(condition) == use_ima());
471 1 : condition_free(condition);
472 :
473 1 : condition = condition_new(CONDITION_SECURITY, "smack", false, false);
474 1 : assert_se(condition);
475 1 : assert_se(condition_test(condition) == mac_smack_use());
476 1 : condition_free(condition);
477 :
478 1 : condition = condition_new(CONDITION_SECURITY, "audit", false, false);
479 1 : assert_se(condition);
480 1 : assert_se(condition_test(condition) == use_audit());
481 1 : condition_free(condition);
482 :
483 1 : condition = condition_new(CONDITION_SECURITY, "uefi-secureboot", false, false);
484 1 : assert_se(condition);
485 1 : assert_se(condition_test(condition) == is_efi_secure_boot());
486 1 : condition_free(condition);
487 1 : }
488 :
489 1 : static void print_securities(void) {
490 1 : log_info("------ enabled security technologies ------");
491 1 : log_info("SELinux: %s", yes_no(mac_selinux_use()));
492 1 : log_info("AppArmor: %s", yes_no(mac_apparmor_use()));
493 1 : log_info("Tomoyo: %s", yes_no(mac_tomoyo_use()));
494 1 : log_info("IMA: %s", yes_no(use_ima()));
495 1 : log_info("SMACK: %s", yes_no(mac_smack_use()));
496 1 : log_info("Audit: %s", yes_no(use_audit()));
497 1 : log_info("UEFI secure boot: %s", yes_no(is_efi_secure_boot()));
498 1 : log_info("-------------------------------------------");
499 1 : }
500 :
501 1 : static void test_condition_test_virtualization(void) {
502 : Condition *condition;
503 : const char *virt;
504 : int r;
505 :
506 1 : condition = condition_new(CONDITION_VIRTUALIZATION, "garbage oifdsjfoidsjoj", false, false);
507 1 : assert_se(condition);
508 1 : r = condition_test(condition);
509 1 : log_info("ConditionVirtualization=garbage → %i", r);
510 1 : assert_se(r == 0);
511 1 : condition_free(condition);
512 :
513 1 : condition = condition_new(CONDITION_VIRTUALIZATION, "container", false, false);
514 1 : assert_se(condition);
515 1 : r = condition_test(condition);
516 1 : log_info("ConditionVirtualization=container → %i", r);
517 1 : assert_se(r == !!detect_container());
518 1 : condition_free(condition);
519 :
520 1 : condition = condition_new(CONDITION_VIRTUALIZATION, "vm", false, false);
521 1 : assert_se(condition);
522 1 : r = condition_test(condition);
523 1 : log_info("ConditionVirtualization=vm → %i", r);
524 1 : assert_se(r == (detect_vm() && !detect_container()));
525 1 : condition_free(condition);
526 :
527 1 : condition = condition_new(CONDITION_VIRTUALIZATION, "private-users", false, false);
528 1 : assert_se(condition);
529 1 : r = condition_test(condition);
530 1 : log_info("ConditionVirtualization=private-users → %i", r);
531 1 : assert_se(r == !!running_in_userns());
532 1 : condition_free(condition);
533 :
534 13 : NULSTR_FOREACH(virt,
535 : "kvm\0"
536 : "qemu\0"
537 : "bochs\0"
538 : "xen\0"
539 : "uml\0"
540 : "vmware\0"
541 : "oracle\0"
542 : "microsoft\0"
543 : "zvm\0"
544 : "parallels\0"
545 : "bhyve\0"
546 : "vm_other\0") {
547 :
548 12 : condition = condition_new(CONDITION_VIRTUALIZATION, virt, false, false);
549 12 : assert_se(condition);
550 12 : r = condition_test(condition);
551 12 : log_info("ConditionVirtualization=%s → %i", virt, r);
552 12 : assert_se(r >= 0);
553 12 : condition_free(condition);
554 : }
555 1 : }
556 :
557 1 : static void test_condition_test_user(void) {
558 : Condition *condition;
559 : char* uid;
560 : char* username;
561 : int r;
562 :
563 1 : condition = condition_new(CONDITION_USER, "garbage oifdsjfoidsjoj", false, false);
564 1 : assert_se(condition);
565 1 : r = condition_test(condition);
566 1 : log_info("ConditionUser=garbage → %i", r);
567 1 : assert_se(r == 0);
568 1 : condition_free(condition);
569 :
570 1 : assert_se(asprintf(&uid, "%"PRIu32, UINT32_C(0xFFFF)) > 0);
571 1 : condition = condition_new(CONDITION_USER, uid, false, false);
572 1 : assert_se(condition);
573 1 : r = condition_test(condition);
574 1 : log_info("ConditionUser=%s → %i", uid, r);
575 1 : assert_se(r == 0);
576 1 : condition_free(condition);
577 1 : free(uid);
578 :
579 1 : assert_se(asprintf(&uid, "%u", (unsigned)getuid()) > 0);
580 1 : condition = condition_new(CONDITION_USER, uid, false, false);
581 1 : assert_se(condition);
582 1 : r = condition_test(condition);
583 1 : log_info("ConditionUser=%s → %i", uid, r);
584 1 : assert_se(r > 0);
585 1 : condition_free(condition);
586 1 : free(uid);
587 :
588 1 : assert_se(asprintf(&uid, "%u", (unsigned)getuid()+1) > 0);
589 1 : condition = condition_new(CONDITION_USER, uid, false, false);
590 1 : assert_se(condition);
591 1 : r = condition_test(condition);
592 1 : log_info("ConditionUser=%s → %i", uid, r);
593 1 : assert_se(r == 0);
594 1 : condition_free(condition);
595 1 : free(uid);
596 :
597 1 : username = getusername_malloc();
598 1 : assert_se(username);
599 1 : condition = condition_new(CONDITION_USER, username, false, false);
600 1 : assert_se(condition);
601 1 : r = condition_test(condition);
602 1 : log_info("ConditionUser=%s → %i", username, r);
603 1 : assert_se(r > 0);
604 1 : condition_free(condition);
605 1 : free(username);
606 :
607 1 : username = (char*)(geteuid() == 0 ? NOBODY_USER_NAME : "root");
608 1 : condition = condition_new(CONDITION_USER, username, false, false);
609 1 : assert_se(condition);
610 1 : r = condition_test(condition);
611 1 : log_info("ConditionUser=%s → %i", username, r);
612 1 : assert_se(r == 0);
613 1 : condition_free(condition);
614 :
615 1 : condition = condition_new(CONDITION_USER, "@system", false, false);
616 1 : assert_se(condition);
617 1 : r = condition_test(condition);
618 1 : log_info("ConditionUser=@system → %i", r);
619 1 : if (uid_is_system(getuid()) || uid_is_system(geteuid()))
620 0 : assert_se(r > 0);
621 : else
622 1 : assert_se(r == 0);
623 1 : condition_free(condition);
624 1 : }
625 :
626 1 : static void test_condition_test_group(void) {
627 : Condition *condition;
628 : char* gid;
629 : char* groupname;
630 : gid_t *gids, max_gid;
631 : int ngroups_max, ngroups, r, i;
632 :
633 1 : assert_se(0 < asprintf(&gid, "%u", UINT32_C(0xFFFF)));
634 1 : condition = condition_new(CONDITION_GROUP, gid, false, false);
635 1 : assert_se(condition);
636 1 : r = condition_test(condition);
637 1 : log_info("ConditionGroup=%s → %i", gid, r);
638 1 : assert_se(r == 0);
639 1 : condition_free(condition);
640 1 : free(gid);
641 :
642 1 : assert_se(0 < asprintf(&gid, "%u", getgid()));
643 1 : condition = condition_new(CONDITION_GROUP, gid, false, false);
644 1 : assert_se(condition);
645 1 : r = condition_test(condition);
646 1 : log_info("ConditionGroup=%s → %i", gid, r);
647 1 : assert_se(r > 0);
648 1 : condition_free(condition);
649 1 : free(gid);
650 :
651 1 : ngroups_max = sysconf(_SC_NGROUPS_MAX);
652 1 : assert(ngroups_max > 0);
653 :
654 1 : gids = newa(gid_t, ngroups_max);
655 :
656 1 : ngroups = getgroups(ngroups_max, gids);
657 1 : assert(ngroups >= 0);
658 :
659 1 : max_gid = getgid();
660 10 : for (i = 0; i < ngroups; i++) {
661 9 : assert_se(0 < asprintf(&gid, "%u", gids[i]));
662 9 : condition = condition_new(CONDITION_GROUP, gid, false, false);
663 9 : assert_se(condition);
664 9 : r = condition_test(condition);
665 9 : log_info("ConditionGroup=%s → %i", gid, r);
666 9 : assert_se(r > 0);
667 9 : condition_free(condition);
668 9 : free(gid);
669 9 : max_gid = gids[i] > max_gid ? gids[i] : max_gid;
670 :
671 9 : groupname = gid_to_name(gids[i]);
672 9 : assert_se(groupname);
673 9 : condition = condition_new(CONDITION_GROUP, groupname, false, false);
674 9 : assert_se(condition);
675 9 : r = condition_test(condition);
676 9 : log_info("ConditionGroup=%s → %i", groupname, r);
677 9 : assert_se(r > 0);
678 9 : condition_free(condition);
679 9 : free(groupname);
680 9 : max_gid = gids[i] > max_gid ? gids[i] : max_gid;
681 : }
682 :
683 1 : assert_se(0 < asprintf(&gid, "%u", max_gid+1));
684 1 : condition = condition_new(CONDITION_GROUP, gid, false, false);
685 1 : assert_se(condition);
686 1 : r = condition_test(condition);
687 1 : log_info("ConditionGroup=%s → %i", gid, r);
688 1 : assert_se(r == 0);
689 1 : condition_free(condition);
690 1 : free(gid);
691 :
692 1 : groupname = (char*)(geteuid() == 0 ? NOBODY_GROUP_NAME : "root");
693 1 : condition = condition_new(CONDITION_GROUP, groupname, false, false);
694 1 : assert_se(condition);
695 1 : r = condition_test(condition);
696 1 : log_info("ConditionGroup=%s → %i", groupname, r);
697 1 : assert_se(r == 0);
698 1 : condition_free(condition);
699 1 : }
700 :
701 18 : static void test_condition_test_cpus_one(const char *s, bool result) {
702 : Condition *condition;
703 : int r;
704 :
705 18 : log_debug("%s=%s", condition_type_to_string(CONDITION_CPUS), s);
706 :
707 18 : condition = condition_new(CONDITION_CPUS, s, false, false);
708 18 : assert_se(condition);
709 :
710 18 : r = condition_test(condition);
711 18 : assert_se(r >= 0);
712 18 : assert_se(r == result);
713 18 : condition_free(condition);
714 18 : }
715 :
716 1 : static void test_condition_test_cpus(void) {
717 2 : _cleanup_free_ char *t = NULL;
718 : int cpus;
719 :
720 1 : cpus = cpus_in_affinity_mask();
721 1 : assert_se(cpus >= 0);
722 :
723 1 : test_condition_test_cpus_one("> 0", true);
724 1 : test_condition_test_cpus_one(">= 0", true);
725 1 : test_condition_test_cpus_one("!= 0", true);
726 1 : test_condition_test_cpus_one("<= 0", false);
727 1 : test_condition_test_cpus_one("< 0", false);
728 1 : test_condition_test_cpus_one("= 0", false);
729 :
730 1 : test_condition_test_cpus_one("> 100000", false);
731 1 : test_condition_test_cpus_one("= 100000", false);
732 1 : test_condition_test_cpus_one(">= 100000", false);
733 1 : test_condition_test_cpus_one("< 100000", true);
734 1 : test_condition_test_cpus_one("!= 100000", true);
735 1 : test_condition_test_cpus_one("<= 100000", true);
736 :
737 1 : assert_se(asprintf(&t, "= %i", cpus) >= 0);
738 1 : test_condition_test_cpus_one(t, true);
739 1 : t = mfree(t);
740 :
741 1 : assert_se(asprintf(&t, "<= %i", cpus) >= 0);
742 1 : test_condition_test_cpus_one(t, true);
743 1 : t = mfree(t);
744 :
745 1 : assert_se(asprintf(&t, ">= %i", cpus) >= 0);
746 1 : test_condition_test_cpus_one(t, true);
747 1 : t = mfree(t);
748 :
749 1 : assert_se(asprintf(&t, "!= %i", cpus) >= 0);
750 1 : test_condition_test_cpus_one(t, false);
751 1 : t = mfree(t);
752 :
753 1 : assert_se(asprintf(&t, "< %i", cpus) >= 0);
754 1 : test_condition_test_cpus_one(t, false);
755 1 : t = mfree(t);
756 :
757 1 : assert_se(asprintf(&t, "> %i", cpus) >= 0);
758 1 : test_condition_test_cpus_one(t, false);
759 1 : t = mfree(t);
760 1 : }
761 :
762 18 : static void test_condition_test_memory_one(const char *s, bool result) {
763 : Condition *condition;
764 : int r;
765 :
766 18 : log_debug("%s=%s", condition_type_to_string(CONDITION_MEMORY), s);
767 :
768 18 : condition = condition_new(CONDITION_MEMORY, s, false, false);
769 18 : assert_se(condition);
770 :
771 18 : r = condition_test(condition);
772 18 : assert_se(r >= 0);
773 18 : assert_se(r == result);
774 18 : condition_free(condition);
775 18 : }
776 :
777 1 : static void test_condition_test_memory(void) {
778 2 : _cleanup_free_ char *t = NULL;
779 : uint64_t memory;
780 :
781 1 : memory = physical_memory();
782 :
783 1 : test_condition_test_memory_one("> 0", true);
784 1 : test_condition_test_memory_one(">= 0", true);
785 1 : test_condition_test_memory_one("!= 0", true);
786 1 : test_condition_test_memory_one("<= 0", false);
787 1 : test_condition_test_memory_one("< 0", false);
788 1 : test_condition_test_memory_one("= 0", false);
789 :
790 1 : test_condition_test_memory_one("> 18446744073709547520", false);
791 1 : test_condition_test_memory_one("= 18446744073709547520", false);
792 1 : test_condition_test_memory_one(">= 18446744073709547520", false);
793 1 : test_condition_test_memory_one("< 18446744073709547520", true);
794 1 : test_condition_test_memory_one("!= 18446744073709547520", true);
795 1 : test_condition_test_memory_one("<= 18446744073709547520", true);
796 :
797 1 : assert_se(asprintf(&t, "= %" PRIu64, memory) >= 0);
798 1 : test_condition_test_memory_one(t, true);
799 1 : t = mfree(t);
800 :
801 1 : assert_se(asprintf(&t, "<= %" PRIu64, memory) >= 0);
802 1 : test_condition_test_memory_one(t, true);
803 1 : t = mfree(t);
804 :
805 1 : assert_se(asprintf(&t, ">= %" PRIu64, memory) >= 0);
806 1 : test_condition_test_memory_one(t, true);
807 1 : t = mfree(t);
808 :
809 1 : assert_se(asprintf(&t, "!= %" PRIu64, memory) >= 0);
810 1 : test_condition_test_memory_one(t, false);
811 1 : t = mfree(t);
812 :
813 1 : assert_se(asprintf(&t, "< %" PRIu64, memory) >= 0);
814 1 : test_condition_test_memory_one(t, false);
815 1 : t = mfree(t);
816 :
817 1 : assert_se(asprintf(&t, "> %" PRIu64, memory) >= 0);
818 1 : test_condition_test_memory_one(t, false);
819 1 : t = mfree(t);
820 1 : }
821 :
822 1 : int main(int argc, char *argv[]) {
823 1 : test_setup_logging(LOG_DEBUG);
824 :
825 1 : test_condition_test_path();
826 1 : test_condition_test_ac_power();
827 1 : test_condition_test_host();
828 1 : test_condition_test_architecture();
829 1 : test_condition_test_kernel_command_line();
830 1 : test_condition_test_kernel_version();
831 1 : test_condition_test_null();
832 1 : test_condition_test_security();
833 1 : print_securities();
834 1 : test_condition_test_virtualization();
835 1 : test_condition_test_user();
836 1 : test_condition_test_group();
837 1 : test_condition_test_control_group_controller();
838 1 : test_condition_test_cpus();
839 1 : test_condition_test_memory();
840 :
841 1 : return 0;
842 : }
|
