[Pkg-shadow-devel] [Git][debian/adduser][master] 4 commits: more docs
Marc Haber (@zugschlus)
gitlab at salsa.debian.org
Wed Mar 5 16:51:54 GMT 2025
Marc Haber pushed to branch master at Debian / adduser
Commits:
82fe4f35 by Marc Haber at 2025-03-05T12:12:57+01:00
more docs
Git-Dch: ignore
- - - - -
27a9489b by Marc Haber at 2025-03-05T16:58:35+01:00
add assert functions for system uid/gid ranges
Git-Dch: ignore
- - - - -
be4080ca by Marc Haber at 2025-03-05T16:58:35+01:00
test whether created account is actually system
- - - - -
dc561b33 by Marc Haber at 2025-03-05T16:58:35+01:00
re-work system_status.t
Git-Dch: ignore
get rid of foo as name
repeat check for users as well
check whether account/group are actually in the correct id range
check whether conversion of regular accoun/group to system is correctly
refused
- - - - -
3 changed files:
- debian/tests/f/adduser_system.t
- debian/tests/f/system_status.t
- debian/tests/lib/AdduserTestsCommon.pm
Changes:
=====================================
debian/tests/f/adduser_system.t
=====================================
@@ -28,6 +28,8 @@ for (100..999) {
last;
}
+# check whether two identical calls in a row do succeed
+# result in a policy compliant user
assert_command_success('/usr/sbin/deluser',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
'--system',
@@ -40,12 +42,14 @@ assert_command_success('/usr/sbin/adduser',
'--system',
'aust');
assert_user_exists('aust');
+assert_user_is_system('aust');
assert_command_success('/usr/sbin/adduser',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
'--system',
'aust');
assert_user_exists('aust');
+assert_user_is_system('aust');
assert_user_has_uid('aust', $uid);
assert_group_does_not_exist('aust');
@@ -67,12 +71,14 @@ while (defined(getpwuid($uid))) {
assert_user_does_not_exist('aust2');
assert_path_does_not_exist('/nonexistent');
+# create account with specified shell
assert_command_success('/usr/sbin/adduser',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
'--system',
'--shell', '/bin/sh',
'aust2');
assert_user_exists('aust2');
+assert_user_is_system('aust');
assert_user_has_uid('aust2', $uid);
assert_group_does_not_exist('aust2');
@@ -88,7 +94,9 @@ assert_user_has_disabled_password('aust2');
# Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004710
assert_path_does_not_exist('/var/mail/aust2');
-# Ref: bug #1099470, create and recreate a locked account
+# Ref: bug #1099470, create and recreate a passwordless account
+# (this is actually the same as without --disabled password, but
+# some packages still call that explicitly)
# This might cause some grief when we address #1008082 - #1008084
assert_command_success('/usr/sbin/deluser',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
@@ -101,6 +109,7 @@ assert_command_success('/usr/sbin/adduser',
'--disabled-password',
'aust');
assert_user_exists('aust');
+assert_user_is_system('aust');
assert_command_success('/usr/sbin/adduser',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
@@ -108,7 +117,10 @@ assert_command_success('/usr/sbin/adduser',
'--disabled-password',
'aust');
assert_user_exists('aust');
+assert_user_is_system('aust');
+# Ref: bug #1099470, create and recreate a locked account
+# This might cause some grief when we address #1008082 - #1008084
assert_command_success('/usr/sbin/deluser',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
'--system',
@@ -120,6 +132,7 @@ assert_command_success('/usr/sbin/adduser',
'--disabled-login',
'aust');
assert_user_exists('aust');
+assert_user_is_system('aust');
assert_command_success('/usr/sbin/adduser',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
@@ -127,7 +140,11 @@ assert_command_success('/usr/sbin/adduser',
'--disabled-login',
'aust');
assert_user_exists('aust');
+assert_user_is_system('aust');
+# create an account, set password to
+# *, !, *something, !something
+# explicitly, try to recreate account
assert_command_success('/usr/sbin/deluser',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
'--system',
@@ -139,6 +156,7 @@ assert_command_success('/usr/sbin/adduser',
'--disabled-login',
'aust');
assert_user_exists('aust');
+assert_user_is_system('aust');
system('echo "aust:*" | chpasswd --encrypted');
assert_command_success('/usr/sbin/adduser',
@@ -147,6 +165,7 @@ assert_command_success('/usr/sbin/adduser',
'--disabled-login',
'aust');
assert_user_exists('aust');
+assert_user_is_system('aust');
system('echo "aust:!foobar" | chpasswd --encrypted');
assert_command_success('/usr/sbin/adduser',
@@ -155,6 +174,7 @@ assert_command_success('/usr/sbin/adduser',
'--disabled-login',
'aust');
assert_user_exists('aust');
+assert_user_is_system('aust');
system('echo "aust:*foobar" | chpasswd --encrypted');
assert_command_success('/usr/sbin/adduser',
@@ -163,6 +183,7 @@ assert_command_success('/usr/sbin/adduser',
'--disabled-login',
'aust');
assert_user_exists('aust');
+assert_user_is_system('aust');
# clean up
assert_command_success('/usr/sbin/deluser',
=====================================
debian/tests/f/system_status.t
=====================================
@@ -9,27 +9,155 @@ use warnings;
use AdduserTestsCommon;
+my $name;
-assert_group_does_not_exist('foo');
+
+# create system group, delete system group
+$name="aussystat1";
+assert_group_does_not_exist($name);
assert_command_success('/usr/sbin/addgroup',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
'--system',
- 'foo');
-assert_group_exists('foo');
+ $name);
+assert_group_exists($name);
+assert_group_is_system($name);
assert_command_success('/usr/sbin/addgroup',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
'--system',
- 'foo');
+ $name);
+assert_group_exists($name);
+assert_group_is_system($name);
assert_command_success('/usr/sbin/delgroup',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
'--system',
- 'foo');
-assert_group_does_not_exist('foo');
+ $name);
+assert_group_does_not_exist($name);
assert_command_success('/usr/sbin/delgroup',
'--stdoutmsglevel=error', '--stderrmsglevel=error',
'--system',
- 'foo');
+ $name);
+assert_group_does_not_exist($name);
+
+# create non-system group, delete system group
+$name="aussystat2";
+assert_group_does_not_exist($name);
+
+assert_command_success('/usr/sbin/addgroup',
+ '--stdoutmsglevel=error', '--stderrmsglevel=error',
+ $name);
+assert_group_exists($name);
+assert_group_is_non_system($name);
+
+assert_command_failure_silent('/usr/sbin/delgroup',
+ '--stdoutmsglevel=error', '--stderrmsglevel=error',
+ '--system',
+ $name);
+assert_group_exists($name);
+assert_group_is_non_system($name);
+assert_command_success('/usr/sbin/delgroup',
+ '--stdoutmsglevel=error', '--stderrmsglevel=error',
+ $name);
+assert_group_does_not_exist($name);
+
+# create system group, delete non-system group
+# that one fails in current adduser, see #1099606
+#$name="aussystat3";
+#assert_group_does_not_exist($name);
+#
+#assert_command_success('/usr/sbin/addgroup',
+# '--stdoutmsglevel=error', '--stderrmsglevel=error',
+# '--system',
+# $name);
+#assert_group_exists($name);
+#assert_group_is_system($name);
+#
+#assert_command_failure_silent('/usr/sbin/delgroup',
+# '--stdoutmsglevel=error', '--stderrmsglevel=error',
+# $name);
+#assert_group_exists($name);
+#assert_group_is_system($name);
+#assert_command_success('/usr/sbin/delgroup',
+# '--stdoutmsglevel=error', '--stderrmsglevel=error',
+# $name);
+#assert_group_does_not_exist($name);
+
+# create system user, delete system user
+$name="aussystat4";
+assert_user_does_not_exist($name);
+
+assert_command_success('/usr/sbin/adduser',
+ '--stdoutmsglevel=error', '--stderrmsglevel=error',
+ '--system',
+ $name);
+assert_user_exists($name);
+assert_user_is_system($name);
+assert_command_success('/usr/sbin/adduser',
+ '--stdoutmsglevel=error', '--stderrmsglevel=error',
+ '--system',
+ $name);
+assert_user_exists($name);
+assert_user_is_system($name);
+
+assert_command_success('/usr/sbin/deluser',
+ '--stdoutmsglevel=error', '--stderrmsglevel=error',
+ '--system',
+ $name);
+assert_user_does_not_exist($name);
+assert_command_success('/usr/sbin/deluser',
+ '--stdoutmsglevel=error', '--stderrmsglevel=error',
+ '--system',
+ $name);
+assert_user_does_not_exist($name);
+
+# create non-system user, delete system user
+$name="aussystat5";
+assert_user_does_not_exist($name);
+
+assert_command_success('/usr/sbin/adduser',
+ '--stdoutmsglevel=error', '--stderrmsglevel=error',
+ '--no-create-home',
+ '--disabled-password',
+ '--comment', '',
+ $name);
+assert_user_exists($name);
+assert_user_is_non_system($name);
+
+assert_command_failure_silent('/usr/sbin/deluser',
+ '--stdoutmsglevel=error', '--stderrmsglevel=error',
+ '--system',
+ $name);
+assert_user_exists($name);
+assert_user_is_non_system($name);
+assert_command_success('/usr/sbin/deluser',
+ '--stdoutmsglevel=error', '--stderrmsglevel=error',
+ $name);
+assert_user_does_not_exist($name);
+
+# create system user, delete non-system user
+# that one fails in current adduser, see #1099606
+#$name="aussystat6";
+#assert_user_does_not_exist($name);
+#
+#assert_command_success('/usr/sbin/adduser',
+# '--stdoutmsglevel=error', '--stderrmsglevel=error',
+# '--system',
+# $name);
+#assert_user_exists($name);
+#assert_user_is_system($name);
+#
+#assert_command_failure_silent('/usr/sbin/deluser',
+# '--stdoutmsglevel=error', '--stderrmsglevel=error',
+# '--no-create-home',
+# '--disabled-password',
+# '--comment', '',
+# $name);
+#assert_user_exists($name);
+#assert_user_is_system($name);
+#assert_command_success('/usr/sbin/deluser',
+# '--stdoutmsglevel=error', '--stderrmsglevel=error',
+# $name);
+#assert_user_does_not_exist($name);
# vim: tabstop=4 shiftwidth=4 expandtab
=====================================
debian/tests/lib/AdduserTestsCommon.pm
=====================================
@@ -46,6 +46,14 @@ sub egetpwnam {
return getpwnam($name);
}
+sub in_range {
+ my ($id, $first, $last) = @_;
+ $first = 100 if( !$first );
+ $last = 999 if( !$last );
+ return 0 if not defined($id);
+ return ($id >= $first && $id <= $last);
+}
+
sub assert_command_success {
system(@_);
is($? >> 8, 0, "command success: @_");
@@ -80,6 +88,47 @@ sub assert_group_does_not_exist {
is(egetgrnam($group), undef, "group does not exist: $group");
}
+sub assert_group_is_system {
+ my $group = shift;
+ my $id = egetgrnam($group);
+
+ if( defined($id) ) {
+ is(in_range($id), 1, "is a system group: $group ($id)");
+ } else {
+ fail("group does not exist: $group") if not defined($id);
+ }
+}
+
+sub assert_group_is_non_system {
+ my $group = shift;
+ my $id = egetgrnam($group);
+ if( defined($id) ) {
+ isnt(in_range($id), 1, "is not a system group: $group ($id)");
+ } else {
+ fail("group does not exist: $group") if not defined($id);
+ }
+}
+
+sub assert_user_is_system {
+ my $user = shift;
+ my $id = egetpwnam($user);
+ if( defined($id) ) {
+ is(in_range($id,0), 1, "is a system user: $user ($id)");
+ } else {
+ fail("user does not exist: $user") if not defined($id);
+ }
+}
+
+sub assert_user_is_non_system {
+ my $user = shift;
+ my $id = egetpwnam($user);
+ if( defined($id) ) {
+ isnt(in_range($id,0), 1, "is not a system user: $user ($id)");
+ } else {
+ fail("user does not exist: $user") if not defined($id);
+ }
+}
+
sub assert_gid_does_not_exist {
my $gid = shift;
is(getgrgid($gid), undef, "gid does not exist: $gid");
View it on GitLab: https://salsa.debian.org/debian/adduser/-/compare/1f652448abda698d8b90c1f87e0506e4d8d50868...dc561b330b6f2a80245105ce79660286a2ecf014
--
View it on GitLab: https://salsa.debian.org/debian/adduser/-/compare/1f652448abda698d8b90c1f87e0506e4d8d50868...dc561b330b6f2a80245105ce79660286a2ecf014
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20250305/75865e0a/attachment-0001.htm>
More information about the Pkg-shadow-devel
mailing list