TakeV
/
guix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
guix/tests/accounts.scm

325 lines
14 KiB
Scheme
Raw Permalink Normal View History

Add (gnu build accounts). * gnu/build/accounts.scm, tests/accounts.scm: New files. * Makefile.am (SCM_TESTS): Add tests/accounts.scm. * gnu/local.mk (GNU_SYSTEM_MODULES): Add build/accounts.scm.
2019-03-03 17:42:37 +00:00
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (test-accounts)
#:use-module (gnu build accounts)
#:use-module (gnu system accounts)
#:use-module (srfi srfi-19)
#:use-module (srfi srfi-64)
#:use-module (ice-9 vlist)
#:use-module (ice-9 match))
(define %passwd-sample
"\
root:x:0:0:Admin:/root:/bin/sh
charlie:x:1000:998:Charlie:/home/charlie:/bin/sh\n")
(define %group-sample
"\
root:x:0:
wheel:x:999:alice,bob
hackers:x:65000:alice,charlie\n")
(define %shadow-sample
(string-append "\
root:" (crypt "secret" "$6$abc") ":17169::::::
charlie:" (crypt "hey!" "$6$abc") ":17169::::::
nobody:!:0::::::\n"))
(test-begin "accounts")
(test-equal "write-passwd"
%passwd-sample
(call-with-output-string
(lambda (port)
(write-passwd (list (password-entry
(name "root")
(uid 0) (gid 0)
(real-name "Admin")
(directory "/root")
(shell "/bin/sh"))
(password-entry
(name "charlie")
(uid 1000) (gid 998)
(real-name "Charlie")
(directory "/home/charlie")
(shell "/bin/sh")))
port))))
accounts: Delete duplicate entries. When adding multiple instances of a service requiring some user account/group, we could end up with multiple entries for that account or group in /etc/passwd or /etc/group. * gnu/build/accounts.scm (database-writer)[write-entries]: Add call to 'delete-duplicates'. * tests/accounts.scm ("write-passwd with duplicate entry"): New test.
2019-08-27 20:38:04 +00:00
(test-equal "write-passwd with duplicate entry"
%passwd-sample
(call-with-output-string
(lambda (port)
(let ((charlie (password-entry
(name "charlie")
(uid 1000) (gid 998)
(real-name "Charlie")
(directory "/home/charlie")
(shell "/bin/sh"))))
(write-passwd (list (password-entry
(name "root")
(uid 0) (gid 0)
(real-name "Admin")
(directory "/root")
(shell "/bin/sh"))
charlie charlie)
port)))))
Add (gnu build accounts). * gnu/build/accounts.scm, tests/accounts.scm: New files. * Makefile.am (SCM_TESTS): Add tests/accounts.scm. * gnu/local.mk (GNU_SYSTEM_MODULES): Add build/accounts.scm.
2019-03-03 17:42:37 +00:00
(test-equal "read-passwd + write-passwd"
%passwd-sample
(call-with-output-string
(lambda (port)
(write-passwd (call-with-input-string %passwd-sample
read-passwd)
port))))
(test-equal "write-group"
%group-sample
(call-with-output-string
(lambda (port)
(write-group (list (group-entry
(name "root") (gid 0))
(group-entry
(name "wheel") (gid 999)
(members '("alice" "bob")))
(group-entry
(name "hackers") (gid 65000)
(members '("alice" "charlie"))))
port))))
(test-equal "read-group + write-group"
%group-sample
(call-with-output-string
(lambda (port)
(write-group (call-with-input-string %group-sample
read-group)
port))))
(test-equal "write-shadow"
%shadow-sample
(call-with-output-string
(lambda (port)
(write-shadow (list (shadow-entry
(name "root")
(password (crypt "secret" "$6$abc"))
(last-change 17169))
(shadow-entry
(name "charlie")
(password (crypt "hey!" "$6$abc"))
(last-change 17169))
(shadow-entry
(name "nobody")))
port))))
(test-equal "read-shadow + write-shadow"
%shadow-sample
(call-with-output-string
(lambda (port)
(write-shadow (call-with-input-string %shadow-sample
read-shadow)
port))))
(define allocate-groups (@@ (gnu build accounts) allocate-groups))
(define allocate-passwd (@@ (gnu build accounts) allocate-passwd))
(test-equal "allocate-groups"
;; Allocate GIDs in a stateless fashion.
(list (group-entry (name "s") (gid %system-id-max))
(group-entry (name "x") (gid 900))
(group-entry (name "t") (gid 899))
(group-entry (name "a") (gid %id-min) (password "foo")
(members '("alice" "bob")))
(group-entry (name "b") (gid (+ %id-min 1))
(members '("charlie"))))
(allocate-groups (list (user-group (name "s") (system? #t))
(user-group (name "x") (id 900))
(user-group (name "t") (system? #t))
(user-group (name "a") (password "foo"))
(user-group (name "b")))
(alist->vhash `(("a" . "bob")
("a" . "alice")
("b" . "charlie")))))
(test-equal "allocate-groups with requested GIDs"
;; Make sure the requested GID for "b" is honored.
(list (group-entry (name "a") (gid (+ 1 %id-min)))
(group-entry (name "b") (gid %id-min))
(group-entry (name "c") (gid (+ 2 %id-min))))
(allocate-groups (list (user-group (name "a"))
(user-group (name "b") (id %id-min))
(user-group (name "c")))
vlist-null))
(test-equal "allocate-groups with previous state"
;; Make sure bits of state are preserved: password, GID, no reuse of
;; previously-used GIDs.
(list (group-entry (name "s") (gid (- %system-id-max 1)))
(group-entry (name "t") (gid (- %system-id-max 2)))
(group-entry (name "a") (gid 30000) (password #f)
(members '("alice" "bob")))
(group-entry (name "b") (gid 30001) (password "bar")
(members '("charlie"))))
(allocate-groups (list (user-group (name "s") (system? #t))
(user-group (name "t") (system? #t))
(user-group (name "a") (password "foo"))
(user-group (name "b")))
(alist->vhash `(("a" . "bob")
("a" . "alice")
("b" . "charlie")))
(list (group-entry (name "a") (gid 30000))
(group-entry (name "b") (gid 30001)
(password "bar"))
(group-entry (name "removed")
(gid %system-id-max)))))
(test-equal "allocate-groups with previous state, looping"
;; Check that allocation starts after the highest previously-used GID, and
;; loops back to the lowest GID.
(list (group-entry (name "a") (gid (- %id-max 1)))
(group-entry (name "b") (gid %id-min))
(group-entry (name "c") (gid (+ 1 %id-min))))
(allocate-groups (list (user-group (name "a"))
(user-group (name "b"))
(user-group (name "c")))
vlist-null
(list (group-entry (name "d")
(gid (- %id-max 2))))))
(test-equal "allocate-passwd"
;; Allocate UIDs in a stateless fashion.
(list (password-entry (name "alice") (uid %id-min) (gid 1000)
(real-name "Alice") (shell "/bin/sh")
(directory "/home/alice"))
(password-entry (name "bob") (uid (+ 1 %id-min)) (gid 1001)
(real-name "Bob") (shell "/bin/gash")
(directory "/home/bob"))
(password-entry (name "sshd") (uid %system-id-max) (gid 500)
(real-name "sshd") (shell "/nologin")
(directory "/var/empty"))
(password-entry (name "guix") (uid 30000) (gid 499)
(real-name "Guix") (shell "/nologin")
(directory "/var/empty")))
(allocate-passwd (list (user-account (name "alice")
(comment "Alice")
(shell "/bin/sh")
(group "users"))
(user-account (name "bob")
(comment "Bob")
(shell "/bin/gash")
(group "wheel"))
(user-account (name "sshd") (system? #t)
(comment "sshd")
(home-directory "/var/empty")
(shell "/nologin")
(group "sshd"))
(user-account (name "guix") (system? #t)
(comment "Guix")
(home-directory "/var/empty")
(shell "/nologin")
(group "guix")
(uid 30000)))
(list (group-entry (name "users") (gid 1000))
(group-entry (name "wheel") (gid 1001))
(group-entry (name "sshd") (gid 500))
(group-entry (name "guix") (gid 499)))))
(test-equal "allocate-passwd with previous state"
;; Make sure bits of state are preserved: UID, no reuse of previously-used
;; UIDs, and shell.
(list (password-entry (name "alice") (uid 1234) (gid 1000)
tests: Adjust accounts test to shell-as-config change. This is a followup to 504a0fc636ec591e65b4a229a37e522e425d8a0c. * tests/accounts.scm ("allocate-passwd with previous state"): Change expected 'shell' for "alice" to "/bin/sh".
2019-04-27 14:28:59 +00:00
(real-name "Alice Smith") (shell "/bin/sh")
Add (gnu build accounts). * gnu/build/accounts.scm, tests/accounts.scm: New files. * Makefile.am (SCM_TESTS): Add tests/accounts.scm. * gnu/local.mk (GNU_SYSTEM_MODULES): Add build/accounts.scm.
2019-03-03 17:42:37 +00:00
(directory "/home/alice"))
(password-entry (name "charlie") (uid 1236) (gid 1000)
(real-name "Charlie") (shell "/bin/sh")
(directory "/home/charlie")))
(allocate-passwd (list (user-account (name "alice")
(comment "Alice")
tests: Adjust accounts test to shell-as-config change. This is a followup to 504a0fc636ec591e65b4a229a37e522e425d8a0c. * tests/accounts.scm ("allocate-passwd with previous state"): Change expected 'shell' for "alice" to "/bin/sh".
2019-04-27 14:28:59 +00:00
(shell "/bin/sh") ;honored
Add (gnu build accounts). * gnu/build/accounts.scm, tests/accounts.scm: New files. * Makefile.am (SCM_TESTS): Add tests/accounts.scm. * gnu/local.mk (GNU_SYSTEM_MODULES): Add build/accounts.scm.
2019-03-03 17:42:37 +00:00
(group "users"))
(user-account (name "charlie")
(comment "Charlie")
(shell "/bin/sh")
(group "users")))
(list (group-entry (name "users") (gid 1000)))
(list (password-entry (name "alice") (uid 1234) (gid 9999)
(real-name "Alice Smith")
tests: Adjust accounts test to shell-as-config change. This is a followup to 504a0fc636ec591e65b4a229a37e522e425d8a0c. * tests/accounts.scm ("allocate-passwd with previous state"): Change expected 'shell' for "alice" to "/bin/sh".
2019-04-27 14:28:59 +00:00
(shell "/gnu/.../bin/gash") ;ignored
Add (gnu build accounts). * gnu/build/accounts.scm, tests/accounts.scm: New files. * Makefile.am (SCM_TESTS): Add tests/accounts.scm. * gnu/local.mk (GNU_SYSTEM_MODULES): Add build/accounts.scm.
2019-03-03 17:42:37 +00:00
(directory "/home/alice"))
(password-entry (name "bob") (uid 1235) (gid 1001)
(real-name "Bob") (shell "/bin/sh")
(directory "/home/bob")))))
(test-equal "user+group-databases"
;; The whole shebang.
(list (list (group-entry (name "a") (gid %id-min)
(members '("bob")))
(group-entry (name "b") (gid (+ 1 %id-min))
(members '("alice")))
(group-entry (name "s") (gid %system-id-max)))
(list (password-entry (name "alice") (real-name "Alice")
(uid %id-min) (gid %id-min)
(directory "/a"))
(password-entry (name "bob") (real-name "Bob")
(uid (+ 1 %id-min)) (gid (+ 1 %id-min))
(directory "/b"))
(password-entry (name "nobody")
(uid 65534) (gid %system-id-max)
(directory "/var/empty")))
(list (shadow-entry (name "alice") (last-change 100)
(password (crypt "initial pass" "$6$")))
(shadow-entry (name "bob") (last-change 50)
(password (crypt "foo" "$6$")))
(shadow-entry (name "nobody") (last-change 100))))
(call-with-values
(lambda ()
(user+group-databases (list (user-account
(name "alice")
(comment "Alice")
(home-directory "/a")
(group "a")
(supplementary-groups '("b"))
(password (crypt "initial pass" "$6$")))
(user-account
(name "bob")
(comment "Bob")
(home-directory "/b")
(group "b")
(supplementary-groups '("a")))
(user-account
(name "nobody")
(group "s")
(uid 65534)
(home-directory "/var/empty")))
(list (user-group (name "a"))
(user-group (name "b"))
(user-group (name "s") (system? #t)))
#:current-passwd '()
#:current-shadow
(list (shadow-entry (name "bob")
(password (crypt "foo" "$6$"))
(last-change 50)))
#:current-groups '()
#:current-time
(lambda (type)
(make-time type 0 (* 24 3600 100)))))
list))
(test-end "accounts")