libamxrt  0.4.2
Ambiorix Run Time Library
Functions
test_amxrt_caps.c File Reference
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <setjmp.h>
#include <stdarg.h>
#include <cmocka.h>
#include <cap-ng.h>
#include <pwd.h>
#include <grp.h>
#include "test_amxrt_caps.h"

Go to the source code of this file.

Functions

int __wrap_capng_get_caps_process (void)
 
int __real_capng_get_caps_process (void)
 
void __wrap_capng_clear (capng_select_t set)
 
int __wrap_capng_update (capng_act_t action, capng_type_t type, unsigned int capability)
 
int __wrap_capng_apply (capng_select_t set)
 
int __wrap_capng_change_id (int uid, int gid, capng_flags_t flag)
 
struct passwd * __wrap_getpwnam (const char *__name)
 
struct group * __wrap_getgrnam (const char *__name)
 
void __wrap_capng_clear (UNUSED capng_select_t set)
 
int __wrap_capng_update (UNUSED capng_act_t action, UNUSED capng_type_t type, UNUSED unsigned int capability)
 
int __wrap_capng_apply (UNUSED capng_select_t set)
 
int __wrap_capng_change_id (UNUSED int uid, UNUSED int gid, UNUSED capng_flags_t flag)
 
int test_caps_setup (UNUSED void **state)
 
int test_caps_teardown (UNUSED void **state)
 
void test_caps_switch_user_group (UNUSED void **state)
 
void test_caps_use_null_user_group (UNUSED void **state)
 
void test_caps_use_non_existing_user_group (UNUSED void **state)
 
void test_caps_use_user_and_group_id (UNUSED void **state)
 
void test_caps_can_keep_capabilities (UNUSED void **state)
 
void test_caps_unknown_capabilities_are_ignored (UNUSED void **state)
 
void test_caps_can_use_capability_ids (UNUSED void **state)
 
void test_caps_invalid_capability_ids_are_ignored (UNUSED void **state)
 
void test_caps_update_capability_can_fail (UNUSED void **state)
 
void test_caps_apply_can_fail (UNUSED void **state)
 
void test_caps_can_dump_capabilities (UNUSED void **state)
 

Function Documentation

◆ __real_capng_get_caps_process()

int __real_capng_get_caps_process ( void  )

◆ __wrap_capng_apply() [1/2]

int __wrap_capng_apply ( capng_select_t  set)

◆ __wrap_capng_apply() [2/2]

int __wrap_capng_apply ( UNUSED capng_select_t  set)

Definition at line 87 of file test_amxrt_caps.c.

87  {
88  return mock();
89 }

◆ __wrap_capng_change_id() [1/2]

int __wrap_capng_change_id ( int  uid,
int  gid,
capng_flags_t  flag 
)

◆ __wrap_capng_change_id() [2/2]

int __wrap_capng_change_id ( UNUSED int  uid,
UNUSED int  gid,
UNUSED capng_flags_t  flag 
)

Definition at line 91 of file test_amxrt_caps.c.

91  {
92  return 0;
93 }

◆ __wrap_capng_clear() [1/2]

void __wrap_capng_clear ( capng_select_t  set)

◆ __wrap_capng_clear() [2/2]

void __wrap_capng_clear ( UNUSED capng_select_t  set)

Definition at line 79 of file test_amxrt_caps.c.

79  {
80 
81 }

◆ __wrap_capng_get_caps_process()

int __wrap_capng_get_caps_process ( void  )

Definition at line 75 of file test_amxrt_caps.c.

75  {
76  return 0;
77 }

◆ __wrap_capng_update() [1/2]

int __wrap_capng_update ( capng_act_t  action,
capng_type_t  type,
unsigned int  capability 
)

◆ __wrap_capng_update() [2/2]

int __wrap_capng_update ( UNUSED capng_act_t  action,
UNUSED capng_type_t  type,
UNUSED unsigned int  capability 
)

Definition at line 83 of file test_amxrt_caps.c.

83  {
84  return mock();
85 }

◆ __wrap_getgrnam()

struct group * __wrap_getgrnam ( const char *  __name)

Definition at line 108 of file test_amxrt_caps.c.

108  {
109  static struct group grp;
110  grp.gr_gid = 100;
111 
112  check_expected(name);
113 
114  if(strcmp(name, "webui") == 0) {
115  return &grp;
116  } else {
117  return NULL;
118  }
119 }

◆ __wrap_getpwnam()

struct passwd * __wrap_getpwnam ( const char *  __name)

Definition at line 95 of file test_amxrt_caps.c.

95  {
96  static struct passwd pwd;
97  pwd.pw_uid = 1000;
98 
99  check_expected(name);
100 
101  if(strcmp(name, "webadmin") == 0) {
102  return &pwd;
103  } else {
104  return NULL;
105  }
106 }

◆ test_caps_apply_can_fail()

void test_caps_apply_can_fail ( UNUSED void **  state)

Definition at line 277 of file test_amxrt_caps.c.

277  {
278  amxc_var_t* config = amxrt_get_config();
279  amxc_var_t* privileges = amxc_var_add_key(amxc_htable_t, config, "privileges", NULL);
280  amxc_var_t* capabilities = amxc_var_add_key(amxc_llist_t, privileges, "capabilities", NULL);
281 
282  amxc_var_add(cstring_t, capabilities, "CAP_CHOWN");
283  amxc_var_add(cstring_t, capabilities, "CAP_KILL");
284 
285  will_return_always(__wrap_capng_update, 0);
286  will_return_always(__wrap_capng_apply, -1);
287 
288  assert_int_not_equal(amxrt_caps_apply(), 0);
289 
290  amxc_var_delete(&privileges);
291 }
amxrt_caps_apply
int amxrt_caps_apply(void)
Apply the user, group and capabilities as defined in the configuration.
Definition: amxrt_cap.c:101
amxrt_get_config
amxc_var_t * amxrt_get_config(void)
Gets the htable variant containing the configuration options.
Definition: amxrt.c:301
__wrap_capng_update
int __wrap_capng_update(capng_act_t action, capng_type_t type, unsigned int capability)
__wrap_capng_apply
int __wrap_capng_apply(capng_select_t set)
config
config
Definition: test.odl:54

◆ test_caps_can_dump_capabilities()

void test_caps_can_dump_capabilities ( UNUSED void **  state)

Definition at line 293 of file test_amxrt_caps.c.

293  {
294  assert_int_equal(__real_capng_get_caps_process(), 0);
295 
296  amxrt_caps_dump();
297 }
amxrt_caps_dump
void amxrt_caps_dump(void)
Dumps the capabilities of the process.
Definition: amxrt_cap.c:180
__real_capng_get_caps_process
int __real_capng_get_caps_process(void)

◆ test_caps_can_keep_capabilities()

void test_caps_can_keep_capabilities ( UNUSED void **  state)

Definition at line 190 of file test_amxrt_caps.c.

190  {
191  amxc_var_t* config = amxrt_get_config();
192  amxc_var_t* privileges = amxc_var_add_key(amxc_htable_t, config, "privileges", NULL);
193  amxc_var_t* capabilities = amxc_var_add_key(amxc_llist_t, privileges, "capabilities", NULL);
194 
195  amxc_var_add(cstring_t, capabilities, "CAP_CHOWN");
196  amxc_var_add(cstring_t, capabilities, "CAP_KILL");
197 
198  will_return_always(__wrap_capng_update, 0);
199  will_return_always(__wrap_capng_apply, 0);
200 
201  assert_int_equal(amxrt_caps_apply(), 0);
202 
203  amxc_var_set_type(capabilities, AMXC_VAR_ID_LIST);
204  amxc_var_add(cstring_t, capabilities, "chown");
205  amxc_var_add(cstring_t, capabilities, "KILL");
206 
207  assert_int_equal(amxrt_caps_apply(), 0);
208 
209  amxc_var_delete(&privileges);
210 }

◆ test_caps_can_use_capability_ids()

void test_caps_can_use_capability_ids ( UNUSED void **  state)

Definition at line 229 of file test_amxrt_caps.c.

229  {
230  amxc_var_t* config = amxrt_get_config();
231  amxc_var_t* privileges = amxc_var_add_key(amxc_htable_t, config, "privileges", NULL);
232  amxc_var_t* capabilities = amxc_var_add_key(amxc_llist_t, privileges, "capabilities", NULL);
233 
234  amxc_var_add(uint32_t, capabilities, 0);
235  amxc_var_add(uint32_t, capabilities, 10);
236 
237  will_return_always(__wrap_capng_apply, 0);
238 
239  will_return_always(__wrap_capng_update, 0);
240 
241  assert_int_equal(amxrt_caps_apply(), 0);
242 
243  amxc_var_delete(&privileges);
244 }

◆ test_caps_invalid_capability_ids_are_ignored()

void test_caps_invalid_capability_ids_are_ignored ( UNUSED void **  state)

Definition at line 246 of file test_amxrt_caps.c.

246  {
247  amxc_var_t* config = amxrt_get_config();
248  amxc_var_t* privileges = amxc_var_add_key(amxc_htable_t, config, "privileges", NULL);
249  amxc_var_t* capabilities = amxc_var_add_key(amxc_llist_t, privileges, "capabilities", NULL);
250 
251  amxc_var_add(int32_t, capabilities, -1);
252  amxc_var_add(int32_t, capabilities, 25000);
253 
254  will_return_always(__wrap_capng_apply, 0);
255 
256  assert_int_equal(amxrt_caps_apply(), 0);
257 
258  amxc_var_delete(&privileges);
259 }

◆ test_caps_setup()

int test_caps_setup ( UNUSED void **  state)

Definition at line 121 of file test_amxrt_caps.c.

121  {
122  amxrt_new();
123  return 0;
124 }
amxrt_new
void amxrt_new(void)
Create the ambiorix runtime.
Definition: amxrt.c:313

◆ test_caps_switch_user_group()

void test_caps_switch_user_group ( UNUSED void **  state)

Definition at line 131 of file test_amxrt_caps.c.

131  {
132  amxc_var_t* config = amxrt_get_config();
133  amxc_var_t* privileges = amxc_var_add_key(amxc_htable_t, config, "privileges", NULL);
134 
135  amxc_var_add_key(cstring_t, privileges, "user", "webadmin");
136  amxc_var_add_key(cstring_t, privileges, "group", "webui");
137 
138  expect_string(__wrap_getpwnam, name, "webadmin");
139  expect_string(__wrap_getgrnam, name, "webui");
140 
141  assert_int_equal(amxrt_caps_apply(), 0);
142 
143  amxc_var_delete(&privileges);
144 }
__wrap_getpwnam
struct passwd * __wrap_getpwnam(const char *__name)
Definition: test_amxrt_caps.c:95
__wrap_getgrnam
struct group * __wrap_getgrnam(const char *__name)
Definition: test_amxrt_caps.c:108

◆ test_caps_teardown()

int test_caps_teardown ( UNUSED void **  state)

Definition at line 126 of file test_amxrt_caps.c.

126  {
127  amxrt_delete();
128  return 0;
129 }
amxrt_delete
void amxrt_delete(void)
Clean-up ambiorix runtime.
Definition: amxrt.c:378

◆ test_caps_unknown_capabilities_are_ignored()

void test_caps_unknown_capabilities_are_ignored ( UNUSED void **  state)

Definition at line 212 of file test_amxrt_caps.c.

212  {
213  amxc_var_t* config = amxrt_get_config();
214  amxc_var_t* privileges = amxc_var_add_key(amxc_htable_t, config, "privileges", NULL);
215  amxc_var_t* capabilities = amxc_var_add_key(amxc_llist_t, privileges, "capabilities", NULL);
216 
217  amxc_var_add(cstring_t, capabilities, "CAP_DUMMY");
218 
219  amxc_var_set_type(capabilities, AMXC_VAR_ID_LIST);
220  amxc_var_add(cstring_t, capabilities, "dummy");
221 
222  will_return_always(__wrap_capng_apply, 0);
223 
224  assert_int_equal(amxrt_caps_apply(), 0);
225 
226  amxc_var_delete(&privileges);
227 }

◆ test_caps_update_capability_can_fail()

void test_caps_update_capability_can_fail ( UNUSED void **  state)

Definition at line 261 of file test_amxrt_caps.c.

261  {
262  amxc_var_t* config = amxrt_get_config();
263  amxc_var_t* privileges = amxc_var_add_key(amxc_htable_t, config, "privileges", NULL);
264  amxc_var_t* capabilities = amxc_var_add_key(amxc_llist_t, privileges, "capabilities", NULL);
265 
266  amxc_var_add(cstring_t, capabilities, "CAP_KILL");
267 
268  will_return_always(__wrap_capng_update, -1);
269 
270  will_return_always(__wrap_capng_apply, 0);
271 
272  assert_int_equal(amxrt_caps_apply(), 0);
273 
274  amxc_var_delete(&privileges);
275 }

◆ test_caps_use_non_existing_user_group()

void test_caps_use_non_existing_user_group ( UNUSED void **  state)

Definition at line 163 of file test_amxrt_caps.c.

163  {
164  amxc_var_t* config = amxrt_get_config();
165  amxc_var_t* privileges = amxc_var_add_key(amxc_htable_t, config, "privileges", NULL);
166 
167  amxc_var_add_key(cstring_t, privileges, "user", "non-existing");
168  amxc_var_add_key(cstring_t, privileges, "group", "fake-group");
169 
170  expect_string(__wrap_getpwnam, name, "non-existing");
171  expect_string(__wrap_getgrnam, name, "fake-group");
172 
173  assert_int_equal(amxrt_caps_apply(), 0);
174 
175  amxc_var_delete(&privileges);
176 }

◆ test_caps_use_null_user_group()

void test_caps_use_null_user_group ( UNUSED void **  state)

Definition at line 146 of file test_amxrt_caps.c.

146  {
147  amxc_var_t* config = amxrt_get_config();
148  amxc_var_t* privileges = amxc_var_add_key(amxc_htable_t, config, "privileges", NULL);
149  amxc_var_t* group = amxc_var_add_new_key(privileges, "group");
150 
151  amxc_var_add_new_key(privileges, "user");
152 
153  assert_int_equal(amxrt_caps_apply(), 0);
154 
155  amxc_var_set(cstring_t, group, "webui");
156  expect_string(__wrap_getgrnam, name, "webui");
157 
158  assert_int_equal(amxrt_caps_apply(), 0);
159 
160  amxc_var_delete(&privileges);
161 }

◆ test_caps_use_user_and_group_id()

void test_caps_use_user_and_group_id ( UNUSED void **  state)

Definition at line 178 of file test_amxrt_caps.c.

178  {
179  amxc_var_t* config = amxrt_get_config();
180  amxc_var_t* privileges = amxc_var_add_key(amxc_htable_t, config, "privileges", NULL);
181 
182  amxc_var_add_key(uint32_t, privileges, "user", 100);
183  amxc_var_add_key(uint32_t, privileges, "group", 100);
184 
185  assert_int_equal(amxrt_caps_apply(), 0);
186 
187  amxc_var_delete(&privileges);
188 }