]> git.proxmox.com Git - systemd.git/blob - src/test/test-condition.c
projects / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
New upstream version 249~rc1
[systemd.git] / src / test / test-condition.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <stdio.h>
4 #include <sys/types.h>
5 #include <sys/utsname.h>
6 #include <unistd.h>
7
8 #include "sd-id128.h"
9
10 #include "alloc-util.h"
11 #include "apparmor-util.h"
12 #include "architecture.h"
13 #include "audit-util.h"
14 #include "cgroup-util.h"
15 #include "condition.h"
16 #include "cpu-set-util.h"
17 #include "efi-loader.h"
18 #include "errno-util.h"
19 #include "hostname-util.h"
20 #include "id128-util.h"
21 #include "ima-util.h"
22 #include "limits-util.h"
23 #include "log.h"
24 #include "macro.h"
25 #include "nulstr-util.h"
26 #include "process-util.h"
27 #include "selinux-util.h"
28 #include "set.h"
29 #include "smack-util.h"
30 #include "string-util.h"
31 #include "strv.h"
32 #include "tests.h"
33 #include "tomoyo-util.h"
34 #include "user-record.h"
35 #include "user-util.h"
36 #include "virt.h"
37
38 static void test_condition_test_path(void) {
39 Condition *condition;
40
41 condition = condition_new(CONDITION_PATH_EXISTS, "/bin/sh", false, false);
42 assert_se(condition);
43 assert_se(condition_test(condition, environ));
44 condition_free(condition);
45
46 condition = condition_new(CONDITION_PATH_EXISTS, "/bin/s?", false, false);
47 assert_se(condition);
48 assert_se(condition_test(condition, environ) == 0);
49 condition_free(condition);
50
51 condition = condition_new(CONDITION_PATH_EXISTS_GLOB, "/bin/s?", false, false);
52 assert_se(condition);
53 assert_se(condition_test(condition, environ) > 0);
54 condition_free(condition);
55
56 condition = condition_new(CONDITION_PATH_EXISTS_GLOB, "/bin/s?", false, true);
57 assert_se(condition);
58 assert_se(condition_test(condition, environ) == 0);
59 condition_free(condition);
60
61 condition = condition_new(CONDITION_PATH_EXISTS, "/thiscertainlywontexist", false, false);
62 assert_se(condition);
63 assert_se(condition_test(condition, environ) == 0);
64 condition_free(condition);
65
66 condition = condition_new(CONDITION_PATH_EXISTS, "/thiscertainlywontexist", false, true);
67 assert_se(condition);
68 assert_se(condition_test(condition, environ) > 0);
69 condition_free(condition);
70
71 condition = condition_new(CONDITION_PATH_IS_DIRECTORY, "/bin", false, false);
72 assert_se(condition);
73 assert_se(condition_test(condition, environ) > 0);
74 condition_free(condition);
75
76 condition = condition_new(CONDITION_DIRECTORY_NOT_EMPTY, "/bin", false, false);
77 assert_se(condition);
78 assert_se(condition_test(condition, environ) > 0);
79 condition_free(condition);
80
81 condition = condition_new(CONDITION_FILE_NOT_EMPTY, "/bin/sh", false, false);
82 assert_se(condition);
83 assert_se(condition_test(condition, environ) > 0);
84 condition_free(condition);
85
86 condition = condition_new(CONDITION_FILE_IS_EXECUTABLE, "/bin/sh", false, false);
87 assert_se(condition);
88 assert_se(condition_test(condition, environ) > 0);
89 condition_free(condition);
90
91 condition = condition_new(CONDITION_FILE_IS_EXECUTABLE, "/etc/passwd", false, false);
92 assert_se(condition);
93 assert_se(condition_test(condition, environ) == 0);
94 condition_free(condition);
95
96 condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/proc", false, false);
97 assert_se(condition);
98 assert_se(condition_test(condition, environ) > 0);
99 condition_free(condition);
100
101 condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/", false, false);
102 assert_se(condition);
103 assert_se(condition_test(condition, environ) > 0);
104 condition_free(condition);
105
106 condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/bin", false, false);
107 assert_se(condition);
108 assert_se(condition_test(condition, environ) == 0);
109 condition_free(condition);
110
111 condition = condition_new(CONDITION_PATH_IS_READ_WRITE, "/tmp", false, false);
112 assert_se(condition);
113 assert_se(condition_test(condition, environ) > 0);
114 condition_free(condition);
115
116 condition = condition_new(CONDITION_PATH_IS_ENCRYPTED, "/sys", false, false);
117 assert_se(condition);
118 assert_se(condition_test(condition, environ) == 0);
119 condition_free(condition);
120
121 condition = condition_new(CONDITION_PATH_IS_SYMBOLIC_LINK, "/dev/stdout", false, false);
122 assert_se(condition);
123 assert_se(condition_test(condition, environ) > 0);
124 condition_free(condition);
125 }
126
127 static void test_condition_test_control_group_hierarchy(void) {
128 Condition *condition;
129 int r;
130
131 r = cg_unified();
132 if (r == -ENOMEDIUM) {
133 log_tests_skipped("cgroup not mounted");
134 return;
135 }
136 assert_se(r >= 0);
137
138 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "v1", false, false);
139 assert_se(condition);
140 assert_se(condition_test(condition, environ) == (r < CGROUP_UNIFIED_ALL));
141 condition_free(condition);
142
143 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "v2", false, false);
144 assert_se(condition);
145 assert_se(condition_test(condition, environ) == (r >= CGROUP_UNIFIED_ALL));
146 condition_free(condition);
147 }
148
149 static void test_condition_test_control_group_controller(void) {
150 Condition *condition;
151 CGroupMask system_mask;
152 _cleanup_free_ char *controller_name = NULL;
153 int r;
154
155 r = cg_unified();
156 if (r == -ENOMEDIUM) {
157 log_tests_skipped("cgroup not mounted");
158 return;
159 }
160 assert_se(r >= 0);
161
162 /* Invalid controllers are ignored */
163 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "thisisnotarealcontroller", false, false);
164 assert_se(condition);
165 assert_se(condition_test(condition, environ) > 0);
166 condition_free(condition);
167
168 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "thisisnotarealcontroller", false, true);
169 assert_se(condition);
170 assert_se(condition_test(condition, environ) == 0);
171 condition_free(condition);
172
173 assert_se(cg_mask_supported(&system_mask) >= 0);
174
175 /* Individual valid controllers one by one */
176 for (CGroupController controller = 0; controller < _CGROUP_CONTROLLER_MAX; controller++) {
177 const char *local_controller_name = cgroup_controller_to_string(controller);
178 log_info("chosen controller is '%s'", local_controller_name);
179 if (system_mask & CGROUP_CONTROLLER_TO_MASK(controller)) {
180 log_info("this controller is available");
181 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, false);
182 assert_se(condition);
183 assert_se(condition_test(condition, environ) > 0);
184 condition_free(condition);
185
186 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, true);
187 assert_se(condition);
188 assert_se(condition_test(condition, environ) == 0);
189 condition_free(condition);
190 } else {
191 log_info("this controller is unavailable");
192 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, false);
193 assert_se(condition);
194 assert_se(condition_test(condition, environ) == 0);
195 condition_free(condition);
196
197 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, true);
198 assert_se(condition);
199 assert_se(condition_test(condition, environ) > 0);
200 condition_free(condition);
201 }
202 }
203
204 /* Multiple valid controllers at the same time */
205 assert_se(cg_mask_to_string(system_mask, &controller_name) >= 0);
206
207 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, strempty(controller_name), false, false);
208 assert_se(condition);
209 assert_se(condition_test(condition, environ) > 0);
210 condition_free(condition);
211
212 condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, strempty(controller_name), false, true);
213 assert_se(condition);
214 assert_se(condition_test(condition, environ) == 0);
215 condition_free(condition);
216 }
217
218 static void test_condition_test_ac_power(void) {
219 Condition *condition;
220
221 condition = condition_new(CONDITION_AC_POWER, "true", false, false);
222 assert_se(condition);
223 assert_se(condition_test(condition, environ) == on_ac_power());
224 condition_free(condition);
225
226 condition = condition_new(CONDITION_AC_POWER, "false", false, false);
227 assert_se(condition);
228 assert_se(condition_test(condition, environ) != on_ac_power());
229 condition_free(condition);
230
231 condition = condition_new(CONDITION_AC_POWER, "false", false, true);
232 assert_se(condition);
233 assert_se(condition_test(condition, environ) == on_ac_power());
234 condition_free(condition);
235 }
236
237 static void test_condition_test_host(void) {
238 _cleanup_free_ char *hostname = NULL;
239 char sid[SD_ID128_STRING_MAX];
240 Condition *condition;
241 sd_id128_t id;
242 int r;
243
244 r = sd_id128_get_machine(&id);
245 assert_se(r >= 0);
246 assert_se(sd_id128_to_string(id, sid));
247
248 condition = condition_new(CONDITION_HOST, sid, false, false);
249 assert_se(condition);
250 assert_se(condition_test(condition, environ) > 0);
251 condition_free(condition);
252
253 condition = condition_new(CONDITION_HOST, "garbage value jjjjjjjjjjjjjj", false, false);
254 assert_se(condition);
255 assert_se(condition_test(condition, environ) == 0);
256 condition_free(condition);
257
258 condition = condition_new(CONDITION_HOST, sid, false, true);
259 assert_se(condition);
260 assert_se(condition_test(condition, environ) == 0);
261 condition_free(condition);
262
263 hostname = gethostname_malloc();
264 assert_se(hostname);
265
266 /* if hostname looks like an id128 then skip testing it */
267 if (id128_is_valid(hostname))
268 log_notice("hostname is an id128, skipping test");
269 else {
270 condition = condition_new(CONDITION_HOST, hostname, false, false);
271 assert_se(condition);
272 assert_se(condition_test(condition, environ) > 0);
273 condition_free(condition);
274 }
275 }
276
277 static void test_condition_test_architecture(void) {
278 Condition *condition;
279 const char *sa;
280 int a;
281
282 a = uname_architecture();
283 assert_se(a >= 0);
284
285 sa = architecture_to_string(a);
286 assert_se(sa);
287
288 condition = condition_new(CONDITION_ARCHITECTURE, sa, false, false);
289 assert_se(condition);
290 assert_se(condition_test(condition, environ) > 0);
291 condition_free(condition);
292
293 condition = condition_new(CONDITION_ARCHITECTURE, "garbage value", false, false);
294 assert_se(condition);
295 assert_se(condition_test(condition, environ) == 0);
296 condition_free(condition);
297
298 condition = condition_new(CONDITION_ARCHITECTURE, sa, false, true);
299 assert_se(condition);
300 assert_se(condition_test(condition, environ) == 0);
301 condition_free(condition);
302 }
303
304 static void test_condition_test_kernel_command_line(void) {
305 Condition *condition;
306 int r;
307
308 condition = condition_new(CONDITION_KERNEL_COMMAND_LINE, "thisreallyshouldntbeonthekernelcommandline", false, false);
309 assert_se(condition);
310 r = condition_test(condition, environ);
311 if (ERRNO_IS_PRIVILEGE(r))
312 return;
313 assert_se(r == 0);
314 condition_free(condition);
315
316 condition = condition_new(CONDITION_KERNEL_COMMAND_LINE, "andthis=neither", false, false);
317 assert_se(condition);
318 assert_se(condition_test(condition, environ) == 0);
319 condition_free(condition);
320 }
321
322 static void test_condition_test_kernel_version(void) {
323 Condition *condition;
324 struct utsname u;
325 const char *v;
326
327 condition = condition_new(CONDITION_KERNEL_VERSION, "*thisreallyshouldntbeinthekernelversion*", false, false);
328 assert_se(condition);
329 assert_se(condition_test(condition, environ) == 0);
330 condition_free(condition);
331
332 condition = condition_new(CONDITION_KERNEL_VERSION, "*", false, false);
333 assert_se(condition);
334 assert_se(condition_test(condition, environ) > 0);
335 condition_free(condition);
336
337 /* An artificially empty condition. It evaluates to true, but normally
338 * such condition cannot be created, because the condition list is reset instead. */
339 condition = condition_new(CONDITION_KERNEL_VERSION, "", false, false);
340 assert_se(condition);
341 assert_se(condition_test(condition, environ) > 0);
342 condition_free(condition);
343
344 assert_se(uname(&u) >= 0);
345
346 condition = condition_new(CONDITION_KERNEL_VERSION, u.release, false, false);
347 assert_se(condition);
348 assert_se(condition_test(condition, environ) > 0);
349 condition_free(condition);
350
351 strshorten(u.release, 4);
352 strcpy(strchr(u.release, 0), "*");
353
354 condition = condition_new(CONDITION_KERNEL_VERSION, u.release, false, false);
355 assert_se(condition);
356 assert_se(condition_test(condition, environ) > 0);
357 condition_free(condition);
358
359 /* 0.1.2 would be a very very very old kernel */
360 condition = condition_new(CONDITION_KERNEL_VERSION, "> 0.1.2", false, false);
361 assert_se(condition);
362 assert_se(condition_test(condition, environ) > 0);
363 condition_free(condition);
364
365 condition = condition_new(CONDITION_KERNEL_VERSION, ">0.1.2", false, false);
366 assert_se(condition);
367 assert_se(condition_test(condition, environ) > 0);
368 condition_free(condition);
369
370 condition = condition_new(CONDITION_KERNEL_VERSION, "'>0.1.2' '<9.0.0'", false, false);
371 assert_se(condition);
372 assert_se(condition_test(condition, environ) > 0);
373 condition_free(condition);
374
375 condition = condition_new(CONDITION_KERNEL_VERSION, "> 0.1.2 < 9.0.0", false, false);
376 assert_se(condition);
377 assert_se(condition_test(condition, environ) == -EINVAL);
378 condition_free(condition);
379
380 condition = condition_new(CONDITION_KERNEL_VERSION, ">", false, false);
381 assert_se(condition);
382 assert_se(condition_test(condition, environ) == -EINVAL);
383 condition_free(condition);
384
385 condition = condition_new(CONDITION_KERNEL_VERSION, ">= 0.1.2", false, false);
386 assert_se(condition);
387 assert_se(condition_test(condition, environ) > 0);
388 condition_free(condition);
389
390 condition = condition_new(CONDITION_KERNEL_VERSION, "< 0.1.2", false, false);
391 assert_se(condition);
392 assert_se(condition_test(condition, environ) == 0);
393 condition_free(condition);
394
395 condition = condition_new(CONDITION_KERNEL_VERSION, "<= 0.1.2", false, false);
396 assert_se(condition);
397 assert_se(condition_test(condition, environ) == 0);
398 condition_free(condition);
399
400 condition = condition_new(CONDITION_KERNEL_VERSION, "= 0.1.2", false, false);
401 assert_se(condition);
402 assert_se(condition_test(condition, environ) == 0);
403 condition_free(condition);
404
405 /* 4711.8.15 is a very very very future kernel */
406 condition = condition_new(CONDITION_KERNEL_VERSION, "< 4711.8.15", false, false);
407 assert_se(condition);
408 assert_se(condition_test(condition, environ) > 0);
409 condition_free(condition);
410
411 condition = condition_new(CONDITION_KERNEL_VERSION, "<= 4711.8.15", false, false);
412 assert_se(condition);
413 assert_se(condition_test(condition, environ) > 0);
414 condition_free(condition);
415
416 condition = condition_new(CONDITION_KERNEL_VERSION, "= 4711.8.15", false, false);
417 assert_se(condition);
418 assert_se(condition_test(condition, environ) == 0);
419 condition_free(condition);
420
421 condition = condition_new(CONDITION_KERNEL_VERSION, "> 4711.8.15", false, false);
422 assert_se(condition);
423 assert_se(condition_test(condition, environ) == 0);
424 condition_free(condition);
425
426 condition = condition_new(CONDITION_KERNEL_VERSION, ">= 4711.8.15", false, false);
427 assert_se(condition);
428 assert_se(condition_test(condition, environ) == 0);
429 condition_free(condition);
430
431 assert_se(uname(&u) >= 0);
432
433 v = strjoina(">=", u.release);
434 condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
435 assert_se(condition);
436 assert_se(condition_test(condition, environ) > 0);
437 condition_free(condition);
438
439 v = strjoina("= ", u.release);
440 condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
441 assert_se(condition);
442 assert_se(condition_test(condition, environ) > 0);
443 condition_free(condition);
444
445 v = strjoina("<=", u.release);
446 condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
447 assert_se(condition);
448 assert_se(condition_test(condition, environ) > 0);
449 condition_free(condition);
450
451 v = strjoina("> ", u.release);
452 condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
453 assert_se(condition);
454 assert_se(condition_test(condition, environ) == 0);
455 condition_free(condition);
456
457 v = strjoina("< ", u.release);
458 condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
459 assert_se(condition);
460 assert_se(condition_test(condition, environ) == 0);
461 condition_free(condition);
462 }
463
464 #if defined(__i386__) || defined(__x86_64__)
465 static void test_condition_test_cpufeature(void) {
466 Condition *condition;
467
468 condition = condition_new(CONDITION_CPU_FEATURE, "fpu", false, false);
469 assert_se(condition);
470 assert_se(condition_test(condition, environ) > 0);
471 condition_free(condition);
472
473 condition = condition_new(CONDITION_CPU_FEATURE, "somecpufeaturethatreallydoesntmakesense", false, false);
474 assert_se(condition);
475 assert_se(condition_test(condition, environ) == 0);
476 condition_free(condition);
477
478 condition = condition_new(CONDITION_CPU_FEATURE, "a", false, false);
479 assert_se(condition);
480 assert_se(condition_test(condition, environ) == 0);
481 condition_free(condition);
482 }
483 #endif
484
485 static void test_condition_test_security(void) {
486 Condition *condition;
487
488 condition = condition_new(CONDITION_SECURITY, "garbage oifdsjfoidsjoj", false, false);
489 assert_se(condition);
490 assert_se(condition_test(condition, environ) == 0);
491 condition_free(condition);
492
493 condition = condition_new(CONDITION_SECURITY, "selinux", false, true);
494 assert_se(condition);
495 assert_se(condition_test(condition, environ) != mac_selinux_use());
496 condition_free(condition);
497
498 condition = condition_new(CONDITION_SECURITY, "apparmor", false, false);
499 assert_se(condition);
500 assert_se(condition_test(condition, environ) == mac_apparmor_use());
501 condition_free(condition);
502
503 condition = condition_new(CONDITION_SECURITY, "tomoyo", false, false);
504 assert_se(condition);
505 assert_se(condition_test(condition, environ) == mac_tomoyo_use());
506 condition_free(condition);
507
508 condition = condition_new(CONDITION_SECURITY, "ima", false, false);
509 assert_se(condition);
510 assert_se(condition_test(condition, environ) == use_ima());
511 condition_free(condition);
512
513 condition = condition_new(CONDITION_SECURITY, "smack", false, false);
514 assert_se(condition);
515 assert_se(condition_test(condition, environ) == mac_smack_use());
516 condition_free(condition);
517
518 condition = condition_new(CONDITION_SECURITY, "audit", false, false);
519 assert_se(condition);
520 assert_se(condition_test(condition, environ) == use_audit());
521 condition_free(condition);
522
523 condition = condition_new(CONDITION_SECURITY, "uefi-secureboot", false, false);
524 assert_se(condition);
525 assert_se(condition_test(condition, environ) == is_efi_secure_boot());
526 condition_free(condition);
527 }
528
529 static void print_securities(void) {
530 log_info("------ enabled security technologies ------");
531 log_info("SELinux: %s", yes_no(mac_selinux_use()));
532 log_info("AppArmor: %s", yes_no(mac_apparmor_use()));
533 log_info("Tomoyo: %s", yes_no(mac_tomoyo_use()));
534 log_info("IMA: %s", yes_no(use_ima()));
535 log_info("SMACK: %s", yes_no(mac_smack_use()));
536 log_info("Audit: %s", yes_no(use_audit()));
537 log_info("UEFI secure boot: %s", yes_no(is_efi_secure_boot()));
538 log_info("-------------------------------------------");
539 }
540
541 static void test_condition_test_virtualization(void) {
542 Condition *condition;
543 const char *virt;
544 int r;
545
546 condition = condition_new(CONDITION_VIRTUALIZATION, "garbage oifdsjfoidsjoj", false, false);
547 assert_se(condition);
548 r = condition_test(condition, environ);
549 if (ERRNO_IS_PRIVILEGE(r))
550 return;
551 log_info("ConditionVirtualization=garbage → %i", r);
552 assert_se(r == 0);
553 condition_free(condition);
554
555 condition = condition_new(CONDITION_VIRTUALIZATION, "container", false, false);
556 assert_se(condition);
557 r = condition_test(condition, environ);
558 log_info("ConditionVirtualization=container → %i", r);
559 assert_se(r == !!detect_container());
560 condition_free(condition);
561
562 condition = condition_new(CONDITION_VIRTUALIZATION, "vm", false, false);
563 assert_se(condition);
564 r = condition_test(condition, environ);
565 log_info("ConditionVirtualization=vm → %i", r);
566 assert_se(r == (detect_vm() && !detect_container()));
567 condition_free(condition);
568
569 condition = condition_new(CONDITION_VIRTUALIZATION, "private-users", false, false);
570 assert_se(condition);
571 r = condition_test(condition, environ);
572 log_info("ConditionVirtualization=private-users → %i", r);
573 assert_se(r == !!running_in_userns());
574 condition_free(condition);
575
576 NULSTR_FOREACH(virt,
577 "kvm\0"
578 "amazon\0"
579 "qemu\0"
580 "bochs\0"
581 "xen\0"
582 "uml\0"
583 "vmware\0"
584 "oracle\0"
585 "microsoft\0"
586 "zvm\0"
587 "parallels\0"
588 "bhyve\0"
589 "vm_other\0") {
590
591 condition = condition_new(CONDITION_VIRTUALIZATION, virt, false, false);
592 assert_se(condition);
593 r = condition_test(condition, environ);
594 log_info("ConditionVirtualization=%s → %i", virt, r);
595 assert_se(r >= 0);
596 condition_free(condition);
597 }
598 }
599
600 static void test_condition_test_user(void) {
601 Condition *condition;
602 char* uid;
603 char* username;
604 int r;
605
606 condition = condition_new(CONDITION_USER, "garbage oifdsjfoidsjoj", false, false);
607 assert_se(condition);
608 r = condition_test(condition, environ);
609 log_info("ConditionUser=garbage → %i", r);
610 assert_se(r == 0);
611 condition_free(condition);
612
613 assert_se(asprintf(&uid, "%"PRIu32, UINT32_C(0xFFFF)) > 0);
614 condition = condition_new(CONDITION_USER, uid, false, false);
615 assert_se(condition);
616 r = condition_test(condition, environ);
617 log_info("ConditionUser=%s → %i", uid, r);
618 assert_se(r == 0);
619 condition_free(condition);
620 free(uid);
621
622 assert_se(asprintf(&uid, "%u", (unsigned)getuid()) > 0);
623 condition = condition_new(CONDITION_USER, uid, false, false);
624 assert_se(condition);
625 r = condition_test(condition, environ);
626 log_info("ConditionUser=%s → %i", uid, r);
627 assert_se(r > 0);
628 condition_free(condition);
629 free(uid);
630
631 assert_se(asprintf(&uid, "%u", (unsigned)getuid()+1) > 0);
632 condition = condition_new(CONDITION_USER, uid, false, false);
633 assert_se(condition);
634 r = condition_test(condition, environ);
635 log_info("ConditionUser=%s → %i", uid, r);
636 assert_se(r == 0);
637 condition_free(condition);
638 free(uid);
639
640 username = getusername_malloc();
641 assert_se(username);
642 condition = condition_new(CONDITION_USER, username, false, false);
643 assert_se(condition);
644 r = condition_test(condition, environ);
645 log_info("ConditionUser=%s → %i", username, r);
646 assert_se(r > 0);
647 condition_free(condition);
648 free(username);
649
650 username = (char*)(geteuid() == 0 ? NOBODY_USER_NAME : "root");
651 condition = condition_new(CONDITION_USER, username, false, false);
652 assert_se(condition);
653 r = condition_test(condition, environ);
654 log_info("ConditionUser=%s → %i", username, r);
655 assert_se(r == 0);
656 condition_free(condition);
657
658 condition = condition_new(CONDITION_USER, "@system", false, false);
659 assert_se(condition);
660 r = condition_test(condition, environ);
661 log_info("ConditionUser=@system → %i", r);
662 if (uid_is_system(getuid()) || uid_is_system(geteuid()))
663 assert_se(r > 0);
664 else
665 assert_se(r == 0);
666 condition_free(condition);
667 }
668
669 static void test_condition_test_group(void) {
670 Condition *condition;
671 char* gid;
672 char* groupname;
673 gid_t *gids, max_gid;
674 int ngroups_max, ngroups, r, i;
675
676 assert_se(0 < asprintf(&gid, "%u", UINT32_C(0xFFFF)));
677 condition = condition_new(CONDITION_GROUP, gid, false, false);
678 assert_se(condition);
679 r = condition_test(condition, environ);
680 log_info("ConditionGroup=%s → %i", gid, r);
681 assert_se(r == 0);
682 condition_free(condition);
683 free(gid);
684
685 assert_se(0 < asprintf(&gid, "%u", getgid()));
686 condition = condition_new(CONDITION_GROUP, gid, false, false);
687 assert_se(condition);
688 r = condition_test(condition, environ);
689 log_info("ConditionGroup=%s → %i", gid, r);
690 assert_se(r > 0);
691 condition_free(condition);
692 free(gid);
693
694 ngroups_max = sysconf(_SC_NGROUPS_MAX);
695 assert(ngroups_max > 0);
696
697 gids = newa(gid_t, ngroups_max);
698
699 ngroups = getgroups(ngroups_max, gids);
700 assert(ngroups >= 0);
701
702 max_gid = getgid();
703 for (i = 0; i < ngroups; i++) {
704 assert_se(0 < asprintf(&gid, "%u", gids[i]));
705 condition = condition_new(CONDITION_GROUP, gid, false, false);
706 assert_se(condition);
707 r = condition_test(condition, environ);
708 log_info("ConditionGroup=%s → %i", gid, r);
709 assert_se(r > 0);
710 condition_free(condition);
711 free(gid);
712 max_gid = gids[i] > max_gid ? gids[i] : max_gid;
713
714 groupname = gid_to_name(gids[i]);
715 assert_se(groupname);
716 condition = condition_new(CONDITION_GROUP, groupname, false, false);
717 assert_se(condition);
718 r = condition_test(condition, environ);
719 log_info("ConditionGroup=%s → %i", groupname, r);
720 assert_se(r > 0);
721 condition_free(condition);
722 free(groupname);
723 max_gid = gids[i] > max_gid ? gids[i] : max_gid;
724 }
725
726 assert_se(0 < asprintf(&gid, "%u", max_gid+1));
727 condition = condition_new(CONDITION_GROUP, gid, false, false);
728 assert_se(condition);
729 r = condition_test(condition, environ);
730 log_info("ConditionGroup=%s → %i", gid, r);
731 assert_se(r == 0);
732 condition_free(condition);
733 free(gid);
734
735 groupname = (char*)(getegid() == 0 ? NOBODY_GROUP_NAME : "root");
736 condition = condition_new(CONDITION_GROUP, groupname, false, false);
737 assert_se(condition);
738 r = condition_test(condition, environ);
739 log_info("ConditionGroup=%s → %i", groupname, r);
740 assert_se(r == 0);
741 condition_free(condition);
742 }
743
744 static void test_condition_test_cpus_one(const char *s, bool result) {
745 Condition *condition;
746 int r;
747
748 log_debug("%s=%s", condition_type_to_string(CONDITION_CPUS), s);
749
750 condition = condition_new(CONDITION_CPUS, s, false, false);
751 assert_se(condition);
752
753 r = condition_test(condition, environ);
754 assert_se(r >= 0);
755 assert_se(r == result);
756 condition_free(condition);
757 }
758
759 static void test_condition_test_cpus(void) {
760 _cleanup_free_ char *t = NULL;
761 int cpus;
762
763 cpus = cpus_in_affinity_mask();
764 assert_se(cpus >= 0);
765
766 test_condition_test_cpus_one("> 0", true);
767 test_condition_test_cpus_one(">= 0", true);
768 test_condition_test_cpus_one("!= 0", true);
769 test_condition_test_cpus_one("<= 0", false);
770 test_condition_test_cpus_one("< 0", false);
771 test_condition_test_cpus_one("= 0", false);
772
773 test_condition_test_cpus_one("> 100000", false);
774 test_condition_test_cpus_one("= 100000", false);
775 test_condition_test_cpus_one(">= 100000", false);
776 test_condition_test_cpus_one("< 100000", true);
777 test_condition_test_cpus_one("!= 100000", true);
778 test_condition_test_cpus_one("<= 100000", true);
779
780 assert_se(asprintf(&t, "= %i", cpus) >= 0);
781 test_condition_test_cpus_one(t, true);
782 t = mfree(t);
783
784 assert_se(asprintf(&t, "<= %i", cpus) >= 0);
785 test_condition_test_cpus_one(t, true);
786 t = mfree(t);
787
788 assert_se(asprintf(&t, ">= %i", cpus) >= 0);
789 test_condition_test_cpus_one(t, true);
790 t = mfree(t);
791
792 assert_se(asprintf(&t, "!= %i", cpus) >= 0);
793 test_condition_test_cpus_one(t, false);
794 t = mfree(t);
795
796 assert_se(asprintf(&t, "< %i", cpus) >= 0);
797 test_condition_test_cpus_one(t, false);
798 t = mfree(t);
799
800 assert_se(asprintf(&t, "> %i", cpus) >= 0);
801 test_condition_test_cpus_one(t, false);
802 t = mfree(t);
803 }
804
805 static void test_condition_test_memory_one(const char *s, bool result) {
806 Condition *condition;
807 int r;
808
809 log_debug("%s=%s", condition_type_to_string(CONDITION_MEMORY), s);
810
811 condition = condition_new(CONDITION_MEMORY, s, false, false);
812 assert_se(condition);
813
814 r = condition_test(condition, environ);
815 assert_se(r >= 0);
816 assert_se(r == result);
817 condition_free(condition);
818 }
819
820 static void test_condition_test_memory(void) {
821 _cleanup_free_ char *t = NULL;
822 uint64_t memory;
823
824 memory = physical_memory();
825
826 test_condition_test_memory_one("> 0", true);
827 test_condition_test_memory_one(">= 0", true);
828 test_condition_test_memory_one("!= 0", true);
829 test_condition_test_memory_one("<= 0", false);
830 test_condition_test_memory_one("< 0", false);
831 test_condition_test_memory_one("= 0", false);
832
833 test_condition_test_memory_one("> 18446744073709547520", false);
834 test_condition_test_memory_one("= 18446744073709547520", false);
835 test_condition_test_memory_one(">= 18446744073709547520", false);
836 test_condition_test_memory_one("< 18446744073709547520", true);
837 test_condition_test_memory_one("!= 18446744073709547520", true);
838 test_condition_test_memory_one("<= 18446744073709547520", true);
839
840 assert_se(asprintf(&t, "= %" PRIu64, memory) >= 0);
841 test_condition_test_memory_one(t, true);
842 t = mfree(t);
843
844 assert_se(asprintf(&t, "<= %" PRIu64, memory) >= 0);
845 test_condition_test_memory_one(t, true);
846 t = mfree(t);
847
848 assert_se(asprintf(&t, ">= %" PRIu64, memory) >= 0);
849 test_condition_test_memory_one(t, true);
850 t = mfree(t);
851
852 assert_se(asprintf(&t, "!= %" PRIu64, memory) >= 0);
853 test_condition_test_memory_one(t, false);
854 t = mfree(t);
855
856 assert_se(asprintf(&t, "< %" PRIu64, memory) >= 0);
857 test_condition_test_memory_one(t, false);
858 t = mfree(t);
859
860 assert_se(asprintf(&t, "> %" PRIu64, memory) >= 0);
861 test_condition_test_memory_one(t, false);
862 t = mfree(t);
863 }
864
865 static void test_condition_test_environment_one(const char *s, bool result) {
866 Condition *condition;
867 int r;
868
869 log_debug("%s=%s", condition_type_to_string(CONDITION_ENVIRONMENT), s);
870
871 condition = condition_new(CONDITION_ENVIRONMENT, s, false, false);
872 assert_se(condition);
873
874 r = condition_test(condition, environ);
875 assert_se(r >= 0);
876 assert_se(r == result);
877 condition_free(condition);
878 }
879
880 static void test_condition_test_environment(void) {
881 assert_se(setenv("EXISTINGENVVAR", "foo", false) >= 0);
882
883 test_condition_test_environment_one("MISSINGENVVAR", false);
884 test_condition_test_environment_one("MISSINGENVVAR=foo", false);
885 test_condition_test_environment_one("MISSINGENVVAR=", false);
886
887 test_condition_test_environment_one("EXISTINGENVVAR", true);
888 test_condition_test_environment_one("EXISTINGENVVAR=foo", true);
889 test_condition_test_environment_one("EXISTINGENVVAR=bar", false);
890 test_condition_test_environment_one("EXISTINGENVVAR=", false);
891 }
892
893 int main(int argc, char *argv[]) {
894 test_setup_logging(LOG_DEBUG);
895
896 test_condition_test_path();
897 test_condition_test_ac_power();
898 test_condition_test_host();
899 test_condition_test_architecture();
900 test_condition_test_kernel_command_line();
901 test_condition_test_kernel_version();
902 test_condition_test_security();
903 print_securities();
904 test_condition_test_virtualization();
905 test_condition_test_user();
906 test_condition_test_group();
907 test_condition_test_control_group_hierarchy();
908 test_condition_test_control_group_controller();
909 test_condition_test_cpus();
910 test_condition_test_memory();
911 test_condition_test_environment();
912 #if defined(__i386__) || defined(__x86_64__)
913 test_condition_test_cpufeature();
914 #endif
915
916 return 0;
917 }
systemd for Proxmox projects