Bug#1067845: adduser: Reserving uid/gid from the uid/gid pools

Mon, 01 Apr 2024 07:03:24 -0700 

Hi,

Attached is a patch to uidgidpool.t that tests several cases of the
reserved uids.
I'm not really proficient in these test tools, so I hope it works
properly...

BR,

On Thu, 28 Mar 2024 at 22:58, Marc Haber <mh+debian-packa...@zugschlus.de>
wrote:

> On Wed, Mar 27, 2024 at 04:55:35PM +0200, Yair Yarom wrote:
> > The UID_POOL (and GID_POOL) files contains UIDs that should be used for
> given
> > name. It would be helpful to reserve the UIDs for the future, so that
> the order
> > of adding users to the system won't affect the usability of the
> UIDs/names.
> >
> > I.e. if a UID is in the pool, it won't be used unless for the specific
> name in
> > the pool.
>
> That sounds sensible.
>
> Would you mind to contribute test cases as well? The canoncal place for
> those test cases would probably be debian/tests/f/uidgidpool.t
>
> Greetings
> Marc
>
>
> --
>
> -----------------------------------------------------------------------------
> Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
> Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
>


-- 

  /|       |
  \/       | Yair Yarom | System Group (DevOps)
  []       | The Rachel and Selim Benin School
  [] /\    | of Computer Science and Engineering
  []//\\/  | The Hebrew University of Jerusalem
  [//  \\  | T +972-2-5494522 | F +972-2-5494522
  //    \  | ir...@cs.huji.ac.il
 //        |

--- a/debian/tests/f/uidgidpool.t
+++ b/debian/tests/f/uidgidpool.t
@@ -40,6 +40,18 @@
     'shell' => '/bin/sh',
    }
 );
+my $firstuid = (sort map {$_->{id}} @uidlist)[0];
+
+my @uidreserved = (
+   {
+    'name' => 'uidreserved1',
+    'id' => $firstuid,
+    'comment' => 'uidreserved1 pool account',
+    'home' => '/home/uidreserved1',
+    'ahome' => '/home/auidreserved1',
+    'shell' => '/bin/sh',
+   }
+);
 
 my @gidlist = (
     {
@@ -50,6 +62,13 @@
      id => 32202,
     }
 );
+my $firstgid = (sort map {$_->{id}} @gidlist)[0];
+my @gidreserved = (
+   {
+    name => 'gidreserved1',
+    id => $firstgid,
+   }
+);
 
 # test creating user/group without uidpool set
 
@@ -68,11 +87,11 @@
 }
 
 sub cleanup {
-    foreach my $user( @uidlist ) {
+    foreach my $user( @uidlist, @uidreserved ) {
         system("/usr/sbin/deluser $quiet --remove-home $user->{name} 2>/dev/null");
         assert_user_does_not_exist($user->{name});
     }
-    foreach my $group( @gidlist ) {
+    foreach my $group( @gidlist, @gidreserved ) {
         system("/usr/sbin/delgroup $quiet $group->{name} 2>/dev/null");
         assert_group_does_not_exist($group->{name});
     }
@@ -160,6 +179,78 @@
     cleanup();
 }
 
+%confhash=();
+$confhash{"UID_POOL"}="$uidpoolfile";
+$confhash{"GID_POOL"}="$gidpoolfile";
+$confhash{"FIRST_UID"}="$firstuid";
+$confhash{"FIRST_GID"}="$firstgid";
+$confhash{"RESERVE_UID_POOL"}="0";
+$confhash{"RESERVE_GID_POOL"}="0";
+apply_config_hash(\%confhash);
+
+# test not reserved uid in pool
+
+foreach my $group( @gidreserved ) {
+    assert_command_success('/usr/sbin/addgroup', $quiet,
+      $group->{name});
+    assert_group_exists($group->{name});
+    assert_group_has_gid($group->{name}, $group->{id});
+    cleanup();
+
+    assert_command_success('/usr/sbin/addgroup', $quiet,
+      '--gid', $agid, $group->{name});
+    assert_group_exists($group->{name});
+    assert_group_has_gid($group->{name}, $agid);
+    cleanup();
+}
+
+foreach my $user( @uidreserved ) {
+    assert_command_success('/usr/sbin/adduser', $quiet,
+      '--comment', '""', '--disabled-password', $user->{name});
+    assert_user_exists($user->{name});
+    assert_user_has_uid($user->{name}, $user->{id});
+    cleanup();
+}
+
+%confhash=();
+$confhash{"UID_POOL"}="$uidpoolfile";
+$confhash{"GID_POOL"}="$gidpoolfile";
+$confhash{"FIRST_UID"}="$firstuid";
+$confhash{"FIRST_GID"}="$firstgid";
+$confhash{"RESERVE_UID_POOL"}="1";
+$confhash{"RESERVE_GID_POOL"}="1";
+apply_config_hash(\%confhash);
+
+# test reserved uid in pool
+
+foreach my $group( @gidreserved ) {
+    assert_command_success('/usr/sbin/addgroup', $quiet,
+      $group->{name});
+    assert_group_exists($group->{name});
+    assert_gid_does_not_exist($group->{id});
+    cleanup();
+
+    assert_command_success('/usr/sbin/addgroup', $quiet,
+      '--gid', $group->{id}, $group->{name});
+    assert_group_exists($group->{name});
+    assert_group_has_gid($group->{name}, $group->{id});
+    cleanup();
+}
+
+foreach my $user( @uidreserved ) {
+    assert_command_success('/usr/sbin/adduser', $quiet,
+      '--comment', '""', '--disabled-password', $user->{name});
+    assert_user_exists($user->{name});
+    assert_uid_does_not_exist($user->{id});
+    cleanup();
+
+    assert_command_success('/usr/sbin/adduser', $quiet,
+      '--uid', $user->{id}, '--comment', '""', '--disabled-password', $user->{name});
+    assert_user_exists($user->{name});
+    assert_user_has_uid($user->{name}, $user->{id});
+    cleanup();
+}
+
 # remove test pool files
 assert_command_success('rm', '-f', $uidpoolfile, $gidpoolfile);

Reply via email to