]>
Commit | Line | Data |
---|---|---|
52ad194e | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
f47781d8 MP |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2014 Lennart Poettering | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU Lesser General Public License as published by | |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
10 | (at your option) any later version. | |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | Lesser General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU Lesser General Public License | |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
19 | ***/ | |
20 | ||
e735f4d4 | 21 | #include <sys/prctl.h> |
f47781d8 | 22 | |
db2df898 MP |
23 | #include "alloc-util.h" |
24 | #include "cap-list.h" | |
25 | #include "capability-util.h" | |
db2df898 | 26 | #include "parse-util.h" |
f5e65279 | 27 | #include "string-util.h" |
db2df898 MP |
28 | #include "util.h" |
29 | ||
e735f4d4 MP |
30 | /* verify the capability parser */ |
31 | static void test_cap_list(void) { | |
f47781d8 MP |
32 | int i; |
33 | ||
34 | assert_se(!capability_to_name(-1)); | |
e735f4d4 | 35 | assert_se(!capability_to_name(capability_list_length())); |
f47781d8 | 36 | |
e735f4d4 | 37 | for (i = 0; i < capability_list_length(); i++) { |
f47781d8 MP |
38 | const char *n; |
39 | ||
40 | assert_se(n = capability_to_name(i)); | |
41 | assert_se(capability_from_name(n) == i); | |
42 | printf("%s = %i\n", n, i); | |
43 | } | |
44 | ||
45 | assert_se(capability_from_name("asdfbsd") == -EINVAL); | |
46 | assert_se(capability_from_name("CAP_AUDIT_READ") == CAP_AUDIT_READ); | |
e735f4d4 MP |
47 | assert_se(capability_from_name("cap_audit_read") == CAP_AUDIT_READ); |
48 | assert_se(capability_from_name("cAp_aUdIt_rEAd") == CAP_AUDIT_READ); | |
f47781d8 MP |
49 | assert_se(capability_from_name("0") == 0); |
50 | assert_se(capability_from_name("15") == 15); | |
51 | assert_se(capability_from_name("-1") == -EINVAL); | |
52 | ||
e735f4d4 MP |
53 | for (i = 0; i < capability_list_length(); i++) { |
54 | _cleanup_cap_free_charp_ char *a = NULL; | |
55 | const char *b; | |
56 | unsigned u; | |
57 | ||
58 | assert_se(a = cap_to_name(i)); | |
59 | ||
60 | /* quit the loop as soon as libcap starts returning | |
61 | * numeric ids, formatted as strings */ | |
62 | if (safe_atou(a, &u) >= 0) | |
63 | break; | |
64 | ||
65 | assert_se(b = capability_to_name(i)); | |
66 | ||
67 | printf("%s vs. %s\n", a, b); | |
68 | ||
69 | assert_se(strcasecmp(a, b) == 0); | |
70 | } | |
71 | } | |
72 | ||
52ad194e MB |
73 | static void test_capability_set_one(uint64_t c, const char *t) { |
74 | _cleanup_free_ char *t1 = NULL; | |
75 | uint64_t c1, c_masked = c & ((UINT64_C(1) << capability_list_length()) - 1); | |
e735f4d4 | 76 | |
52ad194e MB |
77 | assert_se(capability_set_to_string_alloc(c, &t1) == 0); |
78 | assert_se(streq(t1, t)); | |
e735f4d4 | 79 | |
52ad194e MB |
80 | assert_se(capability_set_from_string(t1, &c1) == 0); |
81 | assert_se(c1 == c_masked); | |
e735f4d4 | 82 | |
52ad194e MB |
83 | free(t1); |
84 | assert_se(t1 = strjoin("'cap_chown cap_dac_override' \"cap_setgid cap_setuid\"", t, | |
85 | " hogehoge foobar 12345 3.14 -3 ", t)); | |
86 | assert_se(capability_set_from_string(t1, &c1) == 0); | |
87 | assert_se(c1 == c_masked); | |
e735f4d4 MP |
88 | } |
89 | ||
52ad194e MB |
90 | static void test_capability_set(void) { |
91 | uint64_t c; | |
92 | ||
93 | assert_se(capability_set_from_string(NULL, &c) == 0); | |
94 | assert_se(c == 0); | |
95 | ||
96 | assert_se(capability_set_from_string("", &c) == 0); | |
97 | assert_se(c == 0); | |
98 | ||
99 | assert_se(capability_set_from_string("0", &c) == 0); | |
100 | assert_se(c == UINT64_C(1)); | |
101 | ||
102 | assert_se(capability_set_from_string("1", &c) == 0); | |
103 | assert_se(c == UINT64_C(1) << 1); | |
104 | ||
105 | assert_se(capability_set_from_string("0 1 2 3", &c) == 0); | |
106 | assert_se(c == (UINT64_C(1) << 4) - 1); | |
107 | ||
108 | test_capability_set_one(0, ""); | |
109 | test_capability_set_one( | |
110 | UINT64_C(1) << CAP_DAC_OVERRIDE, | |
111 | "cap_dac_override"); | |
112 | test_capability_set_one( | |
113 | UINT64_C(1) << CAP_DAC_OVERRIDE | | |
114 | UINT64_C(1) << capability_list_length(), | |
115 | "cap_dac_override"); | |
116 | test_capability_set_one( | |
117 | UINT64_C(1) << capability_list_length(), ""); | |
118 | test_capability_set_one( | |
119 | UINT64_C(1) << CAP_CHOWN | | |
120 | UINT64_C(1) << CAP_DAC_OVERRIDE | | |
121 | UINT64_C(1) << CAP_DAC_READ_SEARCH | | |
122 | UINT64_C(1) << CAP_FOWNER | | |
123 | UINT64_C(1) << CAP_SETGID | | |
124 | UINT64_C(1) << CAP_SETUID | | |
125 | UINT64_C(1) << CAP_SYS_PTRACE | | |
126 | UINT64_C(1) << CAP_SYS_ADMIN | | |
127 | UINT64_C(1) << CAP_AUDIT_CONTROL | | |
128 | UINT64_C(1) << CAP_MAC_OVERRIDE | | |
129 | UINT64_C(1) << CAP_SYSLOG | | |
130 | UINT64_C(1) << (capability_list_length() + 1), | |
131 | "cap_chown cap_dac_override cap_dac_read_search cap_fowner " | |
132 | "cap_setgid cap_setuid cap_sys_ptrace cap_sys_admin " | |
133 | "cap_audit_control cap_mac_override cap_syslog"); | |
f5e65279 MB |
134 | } |
135 | ||
e735f4d4 MP |
136 | int main(int argc, char *argv[]) { |
137 | test_cap_list(); | |
52ad194e | 138 | test_capability_set(); |
e735f4d4 | 139 | |
f47781d8 MP |
140 | return 0; |
141 | } |