// Copyright (C) 2021 Simon Ruderich // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program. If not, see . package config import ( "fmt" "io/fs" "os" "runtime" "syscall" "testing" "ruderich.org/simon/safcm" "ruderich.org/simon/safcm/testutil" ) func chmod(name string, perm int) { err := os.Chmod(name, FullPermToFileMode(perm)) if err != nil { panic(err) } } func TestLoadFiles(t *testing.T) { cwd, err := os.Getwd() if err != nil { t.Fatal(err) } defer os.Chdir(cwd) err = os.Chdir("../testdata/project") if err != nil { t.Fatal(err) } // Regular users cannot create sticky files skipInvalidSticky := runtime.GOOS == "freebsd" || runtime.GOOS == "openbsd" chmod("files-invalid-perm-dir/files", 0500) defer chmod("files-invalid-perm-dir/files", 0700) chmod("files-invalid-perm-dir/files/etc/", 0755) chmod("files-invalid-perm-dir/files/etc/resolv.conf", 0644) chmod("files-invalid-perm-dir-setgid/files", 0755) chmod("files-invalid-perm-dir-setgid/files/etc/", 02755) chmod("files-invalid-perm-dir-setgid/files/etc/resolv.conf", 0644) chmod("files-invalid-perm-file/files", 0755) chmod("files-invalid-perm-file/files/etc/", 0755) chmod("files-invalid-perm-file/files/etc/resolv.conf", 0600) chmod("files-invalid-perm-file-executable/files", 0755) chmod("files-invalid-perm-file-executable/files/etc", 0755) chmod("files-invalid-perm-file-executable/files/etc/rc.local", 0750) if !skipInvalidSticky { chmod("files-invalid-perm-file-sticky/files", 0755) chmod("files-invalid-perm-file-sticky/files/etc", 0755) chmod("files-invalid-perm-file-sticky/files/etc/resolv.conf", 01644) } err = syscall.Mkfifo("files-invalid-type/files/invalid", 0644) if err != nil { t.Fatal(err) } defer os.Remove("files-invalid-type/files/invalid") const errMsg = ` The actual permissions and user/group of files and directories are not used (except for +x on files). 0644/0755 and current remote user/group is used per default. Apply different file permissions via permissions.yaml. To prevent confusion files must be manually chmodded 0644/0755 and directories 0755 or via "safcm fixperms". ` tests := []struct { group string skip bool exp map[string]*safcm.File expErr error }{ { "empty", false, nil, nil, }, { "group", false, map[string]*safcm.File{ "/": { Path: "/", Mode: fs.ModeDir | 0755, Uid: -1, Gid: -1, }, "/etc": { Path: "/etc", Mode: fs.ModeDir | 0755, Uid: -1, Gid: -1, }, "/etc/.hidden": { Path: "/etc/.hidden", Mode: 0644, Uid: -1, Gid: -1, Data: []byte("..."), }, "/etc/motd": { Path: "/etc/motd", Mode: 0644, Uid: -1, Gid: -1, Data: []byte(`Welcome to {{- if .IsHost "host1.example.org"}} Host ONE {{- else if "host2"}} Host TWO {{- end}} {{if .InGroup "detected_linux"}} This is GNU/Linux host {{end}} {{if .InGroup "detected_freebsd"}} This is FreeBSD host {{end}} {{if .InGroup "all"}} all {{end}} {{if .InGroup "host1.example.org"}} host1.example.org {{end}} {{if .InGroup "host2"}} host2 {{end}} {{if .InGroup "host3.example.net"}} host3.example.net {{end}} `), }, "/etc/rc.local": { Path: "/etc/rc.local", Mode: 0755, Uid: -1, Gid: -1, Data: []byte("#!/bin/sh\n"), }, "/etc/resolv.conf": { Path: "/etc/resolv.conf", Mode: 0644, Uid: -1, Gid: -1, Data: []byte("nameserver ::1\n"), }, "/etc/test": { Path: "/etc/test", Mode: fs.ModeSymlink | 0777, Uid: -1, Gid: -1, Data: []byte("doesnt-exist"), }, }, nil, }, { "files-invalid-type", false, nil, fmt.Errorf("files-invalid-type: \"files-invalid-type/files/invalid\": file type not supported"), }, { "files-invalid-perm-dir", false, nil, fmt.Errorf("files-invalid-perm-dir: \"files-invalid-perm-dir/files\": invalid permissions 0500" + errMsg), }, { "files-invalid-perm-dir-setgid", false, nil, fmt.Errorf("files-invalid-perm-dir-setgid: \"files-invalid-perm-dir-setgid/files/etc\": invalid permissions 02755" + errMsg), }, { "files-invalid-perm-file", false, nil, fmt.Errorf("files-invalid-perm-file: \"files-invalid-perm-file/files/etc/resolv.conf\": invalid permissions 0600" + errMsg), }, { "files-invalid-perm-file-executable", false, nil, fmt.Errorf("files-invalid-perm-file-executable: \"files-invalid-perm-file-executable/files/etc/rc.local\": invalid permissions 0750" + errMsg), }, { "files-invalid-perm-file-sticky", skipInvalidSticky, nil, fmt.Errorf("files-invalid-perm-file-sticky: \"files-invalid-perm-file-sticky/files/etc/resolv.conf\": invalid permissions 01644" + errMsg), }, } for _, tc := range tests { t.Run(tc.group, func(t *testing.T) { if tc.skip { t.SkipNow() } res, err := LoadFiles(tc.group) testutil.AssertEqual(t, "res", res, tc.exp) testutil.AssertErrorEqual(t, "err", err, tc.expErr) }) } }