configure.ac: Release 4.15.3

Signed-off-by: Alejandro Colomar <alx@kernel.org>
tests/run_some: make sure unshared root user can descend build dir
2024-06-28 23:42:56 +02:00 · 2024-06-28 23:41:23 +02:00 · 2024-06-28 23:40:18 +02:00 · 2024-06-28 23:39:37 +02:00 · 2024-06-28 23:37:55 +02:00 · 2024-06-28 23:35:50 +02:00
9 changed files with 142 additions and 74 deletions
--- a/Makefile.am
+++ b/Makefile.am
@@ -15,4 +15,15 @@ SUBDIRS += man
 endif

 CLEANFILES = man/8.out man/po/remove-potcdate.* man/*/login.defs.d man/*/*.mo
+
 EXTRA_DIST = tests/
+
+dist-hook:
+	chmod -R u+w $(distdir)/tests
+	chmod u+w $(distdir)
+	mv $(distdir)/tests/unit $(distdir)/realunittest
+	mv $(distdir)/tests/tests $(distdir)/realtests
+	rm -rf $(distdir)/tests
+	mv $(distdir)/realtests $(distdir)/tests
+	rm -rf $(distdir)/tests/unit $(distdir)/tests/Makefile*
+	mv $(distdir)/realunittest $(distdir)/tests/unit
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.15.2], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.15.3], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz subdir-objects tar-pax])
 AC_CONFIG_MACRO_DIRS([m4])
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -274,40 +274,8 @@ static const struct subordinate_range *find_range(struct commonio_db *db,
 	return NULL;
 }

-/*
- * have_range: check whether @owner is authorized to use the range
- *             (@start .. @start+@count-1).
- * @db: database to check
- * @owner: owning uid being queried
- * @start: start of range
- * @count: number of uids in range
- *
- * Returns true if @owner is authorized to use the range, false otherwise.
- */
 static bool have_range(struct commonio_db *db,
-		       const char *owner, unsigned long start, unsigned long count)
-{
-	const struct subordinate_range *range;
-	unsigned long end;
-
-	if (count == 0)
-		return false;
-
-	end = start + count - 1;
-	range = find_range (db, owner, start);
-	while (range) {
-		unsigned long last;
-
-		last = range->start + range->count - 1;
-		if (last >= (start + count - 1))
-			return true;
-
-		count = end - last;
-		start = last + 1;
-		range = find_range(db, owner, start);
-	}
-	return false;
-}
+		       const char *owner, unsigned long start, unsigned long count);

 static bool append_range(struct subid_range **ranges, const struct subordinate_range *new, int n)
 {
@@ -574,6 +542,64 @@ static struct commonio_db subordinate_uid_db = {
 	false			/* setname */
 };

+/*
+ * have_range: check whether @owner is authorized to use the range
+ *             (@start .. @start+@count-1).
+ * @db: database to check
+ * @owner: owning uid being queried
+ * @start: start of range
+ * @count: number of uids in range
+ *
+ * Returns true if @owner is authorized to use the range, false otherwise.
+ */
+static bool have_range(struct commonio_db *db,
+		       const char *owner, unsigned long start, unsigned long count)
+{
+	const struct subordinate_range *range;
+	unsigned long end;
+	bool doclose = false;
+	bool ret = false;
+	int rc;
+
+	if (count == 0)
+		return false;
+
+	if (!db->isopen) {
+		doclose = true;
+		if (db == &subordinate_uid_db)
+			rc = sub_uid_open(O_RDONLY);
+		else
+			rc = sub_gid_open(O_RDONLY);
+		if (rc < 0)
+			return false;
+	}
+
+	end = start + count - 1;
+	range = find_range (db, owner, start);
+	while (range) {
+		unsigned long last;
+
+		last = range->start + range->count - 1;
+		if (last >= (start + count - 1)) {
+			ret = true;
+			break;
+		}
+
+		count = end - last;
+		start = last + 1;
+		range = find_range(db, owner, start);
+	}
+
+	if (doclose) {
+		if (db == &subordinate_uid_db)
+			sub_uid_close();
+		else
+			sub_gid_close();
+	}
+
+	return ret;
+}
+
 int sub_uid_setdbname (const char *filename)
 {
 	return commonio_setname (&subordinate_uid_db, filename);
--- a/tests/common/config.sh
+++ b/tests/common/config.sh
@@ -2,14 +2,16 @@

 set -e

-build_path=$(pwd)
-while [ "${build_path}" != "/" -a ! -e "${build_path}/.git" ]; do
-	build_path=$(dirname ${build_path})
-done
-if [ ! -e "${build_path}/.git" ]; then
-	echo "Not inside git directory" 1>&2
-	exit 1
+if [ -n "${BUILD_BASE_DIR}" ]; then
+    build_path="${BUILD_BASE_DIR}"
+else
+    build_path=$(git rev-parse --show-toplevel)
 fi
+if [ -z "${build_path}" ]; then
+    echo "Failed to find build base path"
+    exit 1
+fi
+export build_path

 # Save the configuration files in tmp.
 save_config ()
--- a/tests/libsubid/04_nss/Makefile
+++ b/tests/libsubid/04_nss/Makefile
@@ -1,12 +1,15 @@
 all: test_nss libsubid_zzz.so

-test_nss: test_nss.c ../../../lib/nss.c
-	gcc -c -I../../../lib/ -I../../.. -o test_nss.o test_nss.c
-	gcc -o test_nss test_nss.o ../../../lib/.libs/libshadow.a -ldl
+BASE_TEST_DIR ?= $(shell git rev-parse --show-toplevel)
+basedir := $(BASE_TEST_DIR)
+
+test_nss: test_nss.c $(basedir)/lib/nss.c
+	gcc -c -I$(basedir)/lib/ -I$(basedir) -o test_nss.o test_nss.c
+	gcc -o test_nss test_nss.o $(basedir)/lib/.libs/libshadow.a -ldl

 libsubid_zzz.so: libsubid_zzz.c
-	gcc -c -I../../../lib/ -I../../.. -I../../../libsubid libsubid_zzz.c
-	gcc -L../../../libsubid -shared -o libsubid_zzz.so libsubid_zzz.o ../../../lib/.libs/libshadow.a -ldl
+	gcc -c -I$(basedir)/lib/ -I$(basedir) -I$(basedir)/libsubid libsubid_zzz.c
+	gcc -L$(basedir)/libsubid -shared -o libsubid_zzz.so libsubid_zzz.o $(basedir)/lib/.libs/libshadow.a -ldl

 clean:
 	rm -f *.o *.so test_nss
--- a/tests/libsubid/04_nss/subidnss.test
+++ b/tests/libsubid/04_nss/subidnss.test
@@ -9,7 +9,7 @@ cd $(dirname $0)

 make

-export LD_LIBRARY_PATH=.:../../../lib/.libs:$LD_LIBRARY_PATH
+export LD_LIBRARY_PATH=.:${build_path}/lib/.libs:$LD_LIBRARY_PATH

 ./test_nss 1
 ./test_nss 2
--- a/tests/libsubid/04_nss/test_range
+++ b/tests/libsubid/04_nss/test_range
@@ -11,23 +11,23 @@ cleanup1() {
    umount /etc/nsswitch.conf
 }
 trap cleanup1 EXIT HUP INT TERM
-../../../src/check_subid_range user1 u 100000 65535
+${build_path}/src/check_subid_range user1 u 100000 65535
 if [ $? -ne 0 ]; then
    exit 1
 fi
-../../../src/check_subid_range user2 u 100000 65535
+${build_path}/src/check_subid_range user2 u 100000 65535
 if [ $? -eq 0 ]; then
    exit 1
 fi
-../../../src/check_subid_range unknown u 100000 65535
+${build_path}/src/check_subid_range unknown u 100000 65535
 if [ $? -eq 0 ]; then
    exit 1
 fi
-../../../src/check_subid_range error u 100000 65535
+${build_path}/src/check_subid_range error u 100000 65535
 if [ $? -eq 0 ]; then
    exit 1
 fi
-../../../src/check_subid_range user1 u 1000 65535
+${build_path}/src/check_subid_range user1 u 1000 65535
 if [ $? -eq 0 ]; then
    exit 1
 fi
@@ -43,7 +43,7 @@ cleanup2() {
    umount /etc/nsswitch.conf
 }
 trap cleanup2 EXIT HUP INT TERM
-../../../src/check_subid_range user1 u 100000 65535
+${build_path}/src/check_subid_range user1 u 100000 65535
 if [ $? -eq 0 ]; then
    exit 1
 fi
--- a/tests/run_some
+++ b/tests/run_some
@@ -7,6 +7,22 @@ unset LANG
 unset LANGUAGE
 . common/config.sh

+# When we unshare -Ur, we must be able to descend the build path.
+# But $HOME might not be world x.  Fix that.
+fixup_home_perms() {
+       p="${build_path}"
+       d=""
+       echo "$p" | tr '/' '\n' | while read f; do
+               if [ -z "$f" ]; then
+                       continue
+               fi
+               d="$d/$f"
+               chmod ugo+x "$d"
+       done
+}
+
+fixup_home_perms
+
 USE_PAM="yes"
 FAILURE_TESTS="yes"

--- a/tests/unit/test_xasprintf.c
+++ b/tests/unit/test_xasprintf.c
@@ -5,6 +5,7 @@


 #include <setjmp.h>
+#include <stdarg.h>
 #include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
@@ -28,13 +29,29 @@
 static jmp_buf  jmpb;


-/**********************
- * WRAPPERS
- **********************/
 int __real_vasprintf(char **restrict p, const char *restrict fmt, va_list ap);
 int __wrap_vasprintf(char **restrict p, const char *restrict fmt, va_list ap);
 void __wrap_exit(int status);

+[[gnu::noipa]]
+static int xasprintf_volatile(char *volatile *restrict s,
+    const char *restrict fmt, ...);
+
+static void test_xasprintf_exit(void **state);
+static void test_xasprintf_ok(void **state);
+
+
+int
+main(void)
+{
+	const struct CMUnitTest  tests[] = {
+		cmocka_unit_test(test_xasprintf_exit),
+		cmocka_unit_test(test_xasprintf_ok),
+	};
+
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
+

 int
 __wrap_vasprintf(char **restrict p, const char *restrict fmt, va_list ap)
@@ -50,11 +67,16 @@ __wrap_exit(int status)
 }


-/**********************
- * TEST
- **********************/
-static void test_xasprintf_exit(void **state);
-static void test_xasprintf_ok(void **state);
+static int
+xasprintf_volatile(char *volatile *restrict s, const char *restrict fmt, ...)
+{
+	int      len;
+	va_list  ap;
+
+	va_start(ap, fmt);
+	len = xvasprintf((char **) s, fmt, ap);
+	va_end(ap);
+}


 static void
@@ -70,7 +92,7 @@ test_xasprintf_exit(void **state)
 	switch (setjmp(jmpb)) {
 	case 0:
 		len = XASPRINTF_CALLED;
-		len = xasprintf(&p, "foo%s", "bar");
+		len = xasprintf_volatile(&p, "foo%s", "bar");
 		assert_unreachable();
 		break;
 	case EXIT_CALLED:
@@ -100,15 +122,3 @@ test_xasprintf_ok(void **state)
 	assert_string_equal(p, "foo1bar");
 	free(p);
 }
-
-
-int
-main(void)
-{
-    const struct CMUnitTest  tests[] = {
-        cmocka_unit_test(test_xasprintf_exit),
-        cmocka_unit_test(test_xasprintf_ok),
-    };
-
-    return cmocka_run_group_tests(tests, NULL, NULL);
-}
Author	SHA1	Message	Date
Alejandro Colomar	d63956d640	configure.ac: Release 4.15.3 Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-06-28 23:42:56 +02:00
Serge Hallyn	d5ecf56f23	tests/run_some: make sure unshared root user can descend build dir This was causing errors in my local testing in vms. Signed-off-by: Serge Hallyn <serge@hallyn.com> Cherry-picked-from: `2457fc7c6b` ("tests/run_some: make sure unshared root user can descend build dir") Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-06-28 23:41:23 +02:00
Alejandro Colomar	514beca807	Makefile.am: Use 'dist-hook' to clean up <tests/unit/Makefile> Closes: <https://github.com/shadow-maint/shadow/issues/1027> Reported-by: Chris Hofstaedtler <zeha@debian.org> Cc: Iker Pedrosa <ipedrosa@redhat.com> Co-developed-by: Serge Hallyn <shallyn@cisco.com> Signed-off-by: Serge Hallyn <shallyn@cisco.com> Co-developed-by: Alejandro Colomar <alx@kernel.org> Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: `488bf4a519` ("Makefile.am: Use 'dist-hook' to clean up <tests/unit/Makefile>") Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-06-28 23:40:18 +02:00
Serge Hallyn	610b079510	have_range: open the subid db if needed When we run for instance check_subid_range ubuntu u 100000 65536 when ubuntu user is defined and has that range, it returns no entries because the subid db is not opened. Open it in have_range if needed. I haven't figured out why this ever worked. Signed-off-by: Serge Hallyn <serge@hallyn.com> Cherry-picked-from: `75ea679799` ("have_range: open the subid db if needed") Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-06-28 23:39:37 +02:00
Serge Hallyn	118f9b53e3	libsubid test makefile: fix a typo Fix a missing space after the -I path Signed-off-by: Serge Hallyn <serge@hallyn.com> Cherry-picked-from: `81b5b26925` ("libsubid test makefile: fix a typo") Fixes: 6b9391b581fd ("tests/: Support run_some from exported tarball") Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-06-28 23:37:55 +02:00
Alejandro Colomar	babbfd2ffb	tests/unit/test_xasprintf.c: Fix use of volatile pointer volatile needs to be casted away behind a [[gnu::noipa]] function, to make that invisible to the compiler. Otherwise, the compiler can see that it is being discarded, and is free to abuse Undefined Behavior. Closes: <https://github.com/shadow-maint/shadow/issues/1028> Reported-by: Chris Hofstaedtler <zeha@debian.org> Tested-by: Chris Hofstaedtler <zeha@debian.org> Reviewed-by: Chris Hofstaedtler <zeha@debian.org> Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: `6e57238bf9` ("tests/unit/test_xasprintf.c: Fix use of volatile pointer") Cc: Serge Hallyn <serge@hallyn.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-06-28 23:35:50 +02:00
Alejandro Colomar	d5616f4c4e	tests/unit/test_xasprintf.c: Cosmetic This is in preparation for the following commit. Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: `3307a8f4f0` ("tests/unit/test_xasprintf.c: Cosmetic") Cc: Serge Hallyn <serge@hallyn.com> Cc: Chris Hofstaedtler <zeha@debian.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-06-28 23:35:12 +02:00
Serge Hallyn	79ce7adda3	tests/: Support run_some from exported tarball common/config.sh currently tries to find the top directory by looking for .git. There are also many places under tests/ where we use hard-coded ../../.. to find things like ${TOP_DIR}/lib. We don't actually ship the tests with 'make dist'. So we will be exporting tests/ as a separate tarball. In particular, I want to then import this in the debian package. However, there it will be under shadow.git/debian/tests, not shadow.git/tests. To support this, accept the environment variable BUILD_BASE_DIR, which should point to shadow.git. An alternative would be to move the tests to their own git tree. However, keeping tests in separate git tree tends to lead to repos getting out of sync. And we'd still need to accept something like BUILD_BASE_DIR. Note there are a lot of tests under run-all, which I'm not converting as they currently are not being run in CI, so I'm more likely to break something. Changelog: 2024 05 26: Incorporate feedback from alejandro-colomar Link: <https://salsa.debian.org/debian/shadow/-/merge_requests/21> Link: <https://salsa.debian.org/debian/shadow/-/merge_requests/22> Cc: Chris Hofstaedtler <zeha@debian.org> Signed-off-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: `d55367bb16` ("tests/: Support run_some from exported tarball") Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-06-27 00:09:27 +02:00