1#!/bin/sh 2# Verify that the credentials are changed correctly. 3 4# Copyright (C) 2009-2023 Free Software Foundation, Inc. 5 6# This program is free software: you can redistribute it and/or modify 7# it under the terms of the GNU General Public License as published by 8# the Free Software Foundation, either version 3 of the License, or 9# (at your option) any later version. 10 11# This program is distributed in the hope that it will be useful, 12# but WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14# GNU General Public License for more details. 15 16# You should have received a copy of the GNU General Public License 17# along with this program. If not, see <https://www.gnu.org/licenses/>. 18 19 20. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src 21print_ver_ chroot 22 23require_root_ 24 25EXIT_CANCELED=125 26 27grep '^#define HAVE_SETGROUPS 1' "$CONFIG_HEADER" >/dev/null \ 28 && HAVE_SETGROUPS=1 29 30root=$(id -nu 0) || skip_ "Couldn't look up root username" 31 32# verify numeric IDs looked up similarly to names 33NON_ROOT_UID=$(id -u $NON_ROOT_USERNAME) 34NON_ROOT_GROUP=$NON_ROOT_GID # Used where we want name lookups to occur 35 36# "uid:" is supported (unlike chown etc.) since we treat it like "uid" 37chroot --userspec=$NON_ROOT_UID: / true || fail=1 38 39# verify that invalid groups are diagnosed 40for g in ' ' ',' '0trail'; do 41 returns_ $EXIT_CANCELED chroot --groups="$g" / id -G >invalid || fail=1 42 compare /dev/null invalid || fail=1 43done 44 45# Verify that root credentials are kept. 46test $(chroot / whoami) = "$root" || fail=1 47test "$(groups)" = "$(chroot / groups)" || fail=1 48 49# Verify that credentials are changed correctly. 50whoami_after_chroot=$( 51 chroot --userspec=$NON_ROOT_USERNAME:$NON_ROOT_GROUP / whoami 52) 53test "$whoami_after_chroot" != "$root" || fail=1 54 55# Verify that when specifying only a group we don't change the 56# list of supplemental groups 57test "$(chroot --userspec=:$NON_ROOT_GROUP / id -G)" = \ 58 "$NON_ROOT_GID $(id -G)" || fail=1 59 60if ! test "$HAVE_SETGROUPS"; then 61 Exit $fail 62fi 63 64# Change all whitespaces to newlines, then sort the input. 65# Use for tests with more groups in 'id' output. 66num_sort() { tr -s ' ' '\n' | sort -n; } 67 68# Verify that there are no additional groups. 69id_G_after_chroot=$( 70 chroot --userspec=$NON_ROOT_USERNAME:$NON_ROOT_GROUP \ 71 --groups=$NON_ROOT_GROUP / id -G 72) 73test "$id_G_after_chroot" = $NON_ROOT_GID || fail=1 74 75# Verify that when specifying only the user name we get all their groups 76test "$(chroot --userspec=$NON_ROOT_USERNAME / id -G | num_sort)" = \ 77 "$(id -G $NON_ROOT_USERNAME | num_sort)" || fail=1 78 79# Ditto with trailing : on the user name. 80test "$(chroot --userspec=$NON_ROOT_USERNAME: / id -G | num_sort)" = \ 81 "$(id -G $NON_ROOT_USERNAME | num_sort)" || fail=1 82 83# Verify that when specifying only the user and clearing supplemental groups 84# that we only get the primary group 85test "$(chroot --userspec=$NON_ROOT_USERNAME --groups='' / id -G)" = \ 86 $NON_ROOT_GID || fail=1 87 88# Verify that when specifying only the UID we get all their groups 89test "$(chroot --userspec=$NON_ROOT_UID / id -G | num_sort)" = \ 90 "$(id -G $NON_ROOT_USERNAME | num_sort)" || fail=1 91 92# Verify that when specifying only the user and clearing supplemental groups 93# that we only get the primary group. Note this variant with prepended '+' 94# results in no lookups in the name database which could be useful depending 95# on your chroot setup. 96test "$(chroot --userspec=+$NON_ROOT_UID:+$NON_ROOT_GID --groups='' / id -G)" =\ 97 $NON_ROOT_GID || fail=1 98 99# Verify that when specifying only a group we get the current user ID 100test "$(chroot --userspec=:$NON_ROOT_GROUP / id -u)" = "$(id -u)" \ 101 || fail=1 102 103# verify that arbitrary numeric IDs are supported 104test "$(chroot --userspec=1234:+5678 --groups=' +8765,4321' / id -G)" \ 105 || fail=1 106 107# demonstrate that extraneous commas are supported 108test "$(chroot --userspec=1234:+5678 --groups=',8765,,4321,' / id -G)" \ 109 || fail=1 110 111# demonstrate that --groups is not cumulative 112test "$(chroot --groups='invalid ignored' --groups='' / id -G)" \ 113 || fail=1 114 115if ! id -u +12342; then 116 # Ensure supplemental groups cleared from some arbitrary unknown ID 117 test "$(chroot --userspec=+12342:+5678 / id -G)" = '5678' || fail=1 118 119 # Ensure we fail when we don't know what groups to set for an unknown ID 120 returns_ $EXIT_CANCELED chroot --userspec=+12342 / true || fail=1 121fi 122 123Exit $fail 124