xref: /xnu-11215.41.3/tools/tests/personas/persona_test_run_src.sh (revision 33de042d024d46de5ff4e89f2471de6608e37fa4) 
1#!/bin/bash
2# persona_test_run.sh
3#
4# This file aims to be a comprehensive test suite for the persona subsystem.
5# It uses two tools:
6#   1. persona_mgr - create, destroy, lookup personas
7#   2. persona_spawn - spawn processes into personas with a variety of options
8# The script relies heavily on the particular output of these tools, so if you
9# are modifying / extending those tools, this file also need to be updated to
10# properly capture the new output. Specifically, the get_persona_info function
11# needs to be maintained / updated.
12#
13# NOTE: the function get_persona_info() also needs to be kept up to date with
14# the types of personas found in bsd/sys/persona.h
15
16PERSONA_MGR="${PWD}/persona_mgr"
17PERSONA_SPAWN="${PWD}/persona_spawn"
18PERSONA_SPAWN_UNENTITLED="${PWD}/persona_spawn_unentitled"
19
20TEST_DEFAULT_PERSONA=0
21
22if [ ! -d "$TMPDIR" ]; then
23	echo "Couldn't find temp directory '$TMPDIR': check permissions/environment?"
24	exit 255
25fi
26
27if [ ! -e "${PERSONA_MGR}" ] ||  [ ! -x "${PERSONA_MGR}" ]; then
28	echo "Can't find '${PERSONA_MGR}': skipping test"
29	exit 0
30fi
31if [ ! -e "${PERSONA_SPAWN}" ] || [ ! -x "${PERSONA_SPAWN}" ]; then
32	echo "Can't find '${PERSONA_SPAWN}': skipping test"
33	exit 0
34fi
35
36function check_for_persona_support() {
37	local errno=0
38	${PERSONA_MGR} support || errno=$?
39	if [ $errno -eq 78 ]; then
40		echo "Persona subsystem is not supported - skipping tests"
41		exit 0
42	fi
43	return 0
44}
45check_for_persona_support
46
47
48## bail [failure_msg]
49#
50# exit the script with an error code that corresponds to the line number
51# from which this function was invoked. Because we want to exit with a
52# non-zero exit code, we use: 1 + (254 % line).
53#
54function bail() {
55	local msg="$1"
56	local line=$2
57	if [ -z "$line" ]; then
58		line=${BASH_LINENO[0]}
59	fi
60	echo "[$line] ERROR: $msg" 1>&2
61	exit $((1 + $line % 254))
62}
63
64## check_return [message_on_failure]
65#
66# Check the return value of the previous command or script line. If the
67# value of '$?' is not 0, then call bail() with an appropriate message.
68#
69function check_return() {
70	local err=$?
71	local msg=$1
72	local line=$2
73	if [ -z "$line" ]; then
74		line=${BASH_LINENO[0]}
75	fi
76	echo "CHECK: $msg"
77	if [ $err -ne 0 ]; then
78		bail "e=$err: $msg" $line
79	fi
80
81	return 0
82}
83
84## expect_failure [message_on_success]
85#
86# Check the return value of the previous command or script line. If the
87# value of '$?' is 0 (success), then call bail() with a message saying
88# that we expected this previous command/line to fail.
89#
90function expect_failure() {
91	local err=$?
92	local msg=$1
93	local line=$2
94	if [ -z "$line" ]; then
95		line=${BASH_LINENO[0]}
96	fi
97	if [ $err -eq 0 ]; then
98		bail "found success, expected failure: $msg" $line
99	fi
100
101	echo "EXPECT: failure: $msg"
102	return 0
103}
104
105## test_num [debug_info] [number]
106#
107# Check that a variable value is a number, bail() on error.
108#
109function test_num() {
110	local type=$1
111	local num=$2
112	local line=$3
113	if [ -z "$line" ]; then
114		line=${BASH_LINENO[0]}
115	fi
116	if [ -z "$num" ]; then
117		bail "invalid (NULL) $type" $line
118	fi
119	[ "$num" -eq "$num" ] 2>/dev/null
120	if [ $? -ne 0 ]; then
121		bail "invalid $type: $num" $line
122	fi
123
124	return 0
125}
126
127## global variables used to return values to callers
128_ID=-1
129_TYPE="invalid"
130_LOGIN=""
131_UID=-1
132
133## get_persona_info {persona_id} {persona_login}
134#
135# Lookup persona info for the given ID/login. At least one of the ID/login
136# parameters must be valid
137function get_persona_info() {
138	local pna_id=${1:-1}
139	local pna_login=${2:- }
140	local line=$3
141	if [ -z "$line" ]; then
142		line=${BASH_LINENO[0]}
143	fi
144
145	local largs="-u ${pna_id}"
146	if [ "${pna_login}" != " " ]; then
147		largs+=" -l ${pna_login}"
148	fi
149
150	_ID=-1
151	_TYPE=-1
152	_LOGIN=""
153	_UID=-1
154
155	local file="${TMPDIR}/plookup"
156
157	${PERSONA_MGR} lookup ${largs} > "${file}"
158	check_return "persona lookup of: ${largs}" $line
159
160	_ID=$(cat "${file}" | grep "+id: " | head -1 | sed 's/.*+id:[ ]*\([0-9][0-9]*\).*/\1/')
161	test_num "Persona ID lookup:${largs}" "$_ID"
162
163	local type=$(cat "${file}" | grep "+type: " | head -1 | sed 's/.*+type:[ ]*\([0-9][0-9]*\).*/\1/')
164	test_num "+type lookup:${largs}" "$type"
165	##
166	## NOTE: keep in sync with bsd/sys/persona.h types!
167	##
168	if [ $type -eq 1 ]; then
169		_TYPE=guest
170	elif [ $type -eq 2 ]; then
171		_TYPE=managed
172	elif [ $type -eq 3 ]; then
173		_TYPE=priv
174	elif [ $type -eq 4 ]; then
175		_TYPE=system
176	else
177		_TYPE=invalid
178	fi
179
180	_LOGIN=$(cat "${file}" | grep "+login: " | head -1 | sed 's/.*+login:[ ]*"\([^"]*\)".*/\1/')
181	if [ -z "$_LOGIN" ]; then
182		bail "invalid login for pna_id:$_ID: '$_LOGIN'" $line
183	fi
184
185	# these are always the same
186	_UID=$_ID
187}
188
189## validate_child_info [output_file] [persona_id] {uid} {gid} {groups}
190#
191# Parse the output of the 'persona_spawn' command and validate that
192# the new child process is in the correct persona with the correct
193# process attributes.
194#
195function validate_child_info() {
196	local file=$1
197	local pna_id=$2
198	local uid=${3:--1}
199	local gid=${4:--1}
200	local groups=${5:- }
201	local line=$6
202	if [ -z "$line" ]; then
203		line=${BASH_LINENO[0]}
204	fi
205	local l=( )
206
207	# get the child's PID
208	local cpid="$(cat "$file" | grep "Child: PID:" | sed 's/.*Child: PID:\([0-9][0-9]*\).*/\1/')"
209	test_num "Child PID" "$cpid" $line
210
211	# validate the child's persona
212	l=( $(cat "$file" | grep "Child: Persona:" | sed 's/.*Child: Persona: \([0-9][0-9]*\) (err:\([0-9][0-9]*\))/\1 \2/') )
213	if [ ${#l[@]} -ne 2 ]; then
214		bail "Invalid Child[$cpid] Persona line" $line
215	fi
216	test_num "Child Persona ID" "${l[0]}" $line
217	test_num "kpersona_info retval" "${l[1]}" $line
218
219	if [ ${l[0]} -ne $pna_id ]; then
220		bail "Child[$cpid] persona:${l[0]} != specified persona:$pna_id" $line
221	fi
222
223	# Validate the UID/GID
224	l=( $(cat "$file" | grep "Child: UID:" | sed 's/.*UID:\([0-9][0-9]*\), GID:\([0-9][0-9]*\).*/\1 \2/') )
225	if [ ${#l[@]} -ne 2 ]; then
226		bail "Invalid Child[$cpid] UID/GID output" $line
227	fi
228	if [ $uid -ge 0 ]; then
229		if [ $uid -ne ${l[0]} ]; then
230			bail "Child[$cpid] UID:${l[0]} != specified UID:$uid" $line
231		fi
232	fi
233	if [ $gid -ge 0 ]; then
234		if [ $gid -ne ${l[1]} ]; then
235			bail "Child[$cpid] GID:${l[1]} != specified GID:$gid" $line
236		fi
237	fi
238
239	# TODO: validate / verify groups?
240
241	return 0
242}
243
244
245## spawn_child [persona_id] [uid] {gid} {group_spec}
246#
247# Create a child process that is spawn'd into the persona given by
248# the first argument (pna_id). The new process can have its UID, GID,
249# and group membership properties overridden.
250#
251function spawn_child() {
252	local pna_id=$1
253	local uid=$2
254	local gid=${3:--1}
255	local groups=${4:- }
256	local line=$5
257	if [ -z "$line" ]; then
258		line=${BASH_LINENO[0]}
259	fi
260
261	local file="child.${pna_id}.u$uid"
262	local spawn_args="-I $pna_id -u $uid"
263	if [ $gid -ge 0 ]; then
264		spawn_args+=" -g $gid"
265		file+=".g$gid"
266	fi
267	if [ "$groups" != " " ]; then
268		spawn_args+=" -G $groups"
269		file+="._groups"
270	fi
271
272	echo "SPAWN: $file"
273	${PERSONA_SPAWN} -v $spawn_args ${PERSONA_SPAWN} child -v -E > "${TMPDIR}/$file"
274	check_return "child info: $file" $line
275
276	# Grab the specified persona's info so we can
277	# verify the child's info against it.
278	# get_persona_info puts data into global variables, e.g. _UID, _LOGIN, etc.
279	get_persona_info ${pna_id} " " $line
280	if [ $uid -lt 0 ]; then
281		uid=$_UID
282	fi
283
284	validate_child_info "${TMPDIR}/$file" "$pna_id" "$uid" "$gid" "$groups" $line
285
286	## validate that the first child spawned into a persona *cannot* spawn
287	## into a different persona...
288	if [ $uid -eq 0 ]; then
289		${PERSONA_SPAWN} -v $spawn_args ${PERSONA_SPAWN_UNENTITLED} child -v -E -R spawn -v $spawn_args -I ${TEST_DEFAULT_PERSONA} /bin/echo "This is running in the system persona"
290		expect_failure "Spawned child that re-execs into non-default persona" $line
291	fi
292	return 0
293}
294
295## get_created_id [output_file]
296#
297# Parse the output of the 'persona_mgr' command to determine the ID
298# of the newly created persona.
299#
300function get_created_id() {
301	local file=$1
302	local o=$(cat "$file" | grep "Created persona" | sed 's/.*Created persona \([0-9][0-9]*\):/\1/')
303	echo $o
304	return 0
305}
306
307## create_persona [login_name] [persona_type] {persona_id}
308#
309# Create a new persona with given parameters.
310#
311# Returns: the newly created persona ID via the global variable, $_ID
312#
313function create_persona() {
314	local name=${1}
315	local type=${2}
316	local pna_id=${3:--1}
317	local line=$6
318	if [ -z "$line" ]; then
319		line=${BASH_LINENO[0]}
320	fi
321
322	if [ -z "$name" -o -z "$type" ]; then
323		bail "Invalid arguments to create_persona '$name' '$type'" $line
324	fi
325
326	local file="persona.at${line}"
327	# persona ID of '-1' is auto-assigned
328	local spawn_args="-v -l $name -i $pna_id"
329	if [ $pna_id -eq -1 ]; then
330		file+=".auto"
331	else
332		file+=".${pna_id}"
333	fi
334
335	spawn_args+=" -t $type"
336	file+=".$type"
337
338	echo "CREATE: $file"
339	${PERSONA_MGR} create ${spawn_args} > "${TMPDIR}/${file}"
340	check_return "persona creation: ${file}" $line
341	# test output should include persona creation output for later debugging
342	cat "${TMPDIR}/${file}"
343
344	# validate the output of the persona_mgr tool (what we think we created)
345	_ID=`get_created_id "${TMPDIR}/${file}"`
346	test_num "persona_id for $file" "$_ID" $line
347	if [ ${pna_id} -gt 0 ]; then
348		if [ $_ID -ne ${pna_id} ]; then
349			bail "Created persona doesn't have expected ID $_ID != ${pna_id}" $line
350		fi
351	fi
352
353	# validate the entire persona information (what a kpersona_lookup says we created)
354	# This function puts data into global variables, e.g. _ID, _LOGIN, etc.
355	echo "VALIDATE: ${file}"
356	get_persona_info ${pna_id} "$name" $line
357	if [ "$name" != "$_LOGIN" ]; then
358		bail "${file}: unexpected login '$_LOGIN' != '$name'" $line
359	fi
360	if [ "$type" != "$_TYPE" ]; then
361		bail "${file}: unexpected type '$_TYPE' != '$type'" $line
362	fi
363	if [ ${pna_id} -gt 0 ]; then
364		if [ ${pna_id} -ne $_ID ]; then
365			bail "${file}: unexpected ID '$_ID' != '${pna_id}'" $line
366		fi
367	fi
368
369	return 0
370}
371
372## destroy_persona [persona_id]
373#
374# Destroy the given persona.
375#
376function destroy_persona() {
377	local pna_id=$1
378	local line=$2
379	if [ -z "$line" ]; then
380		line=${BASH_LINENO[0]}
381	fi
382
383	echo "DESTROY: ${pna_id}"
384	${PERSONA_MGR} destroy -v -i ${pna_id}
385	check_return "destruction of ${pna_id}" $line
386}
387
388#
389#
390# Begin Tests!
391#
392#
393echo "Running persona tests [$LINENO] ($TMPDIR)"
394
395##
396## Test Group 0: basic creation + spawn tests
397##
398
399create_persona "test_default_persona" "guest" 99999
400TEST_DEFAULT_PERSONA=$_ID
401
402# default group, specific ID
403create_persona "test0_1" "guest" 10001
404P0ID=$_ID
405
406spawn_child $P0ID 1100
407spawn_child $P0ID 0
408spawn_child $P0ID 1100 1101
409spawn_child $P0ID 1100 1101 1000,2000,3000
410spawn_child $P0ID 1100 -1 1000,2000,3000
411destroy_persona $P0ID
412
413##
414## Test Group 1: persona creation / re-creation
415##
416
417# Create 3 personas with auto-assigned IDs
418create_persona "test1_1" "guest"
419P1ID=$_ID
420create_persona "test1_2" "managed"
421P2ID=$_ID
422create_persona "test1_3" "priv"
423P3ID=$_ID
424create_persona "test1_4" "guest"
425P4ID=$_ID
426
427D1=$(($P2ID - $P1ID))
428D2=$(($P3ID - $P2ID))
429D3=$(($P4ID - $P3ID))
430if [ $D1 -ne $D2 -o $D1 -ne $D3 -o $D2 -ne $D3 ]; then
431	bail "inconsistent automatic Persona ID increment: $D1,$D2,$D3 ($P1ID,$P2ID,$P3ID,$P4ID)"
432fi
433
434# make sure we can't re-allocate the same name / ID
435${PERSONA_MGR} create -v -l test1_1 -t guest -i -1 && expect_failure "re-create same name:test1_1 type:guest"
436${PERSONA_MGR} create -v -l test1_1 -t managed -i -1 && expect_failure "re-create same name:test1_1 type:managed"
437${PERSONA_MGR} create -v -l test1_1_new -t managed -i $P1ID && expect_failure "re-create $P1ID with new name:test1_1_new type:managed"
438
439##
440## Test Group 2: auto-assigned ID tricks
441##
442
443# Notice the difference in IDs, then try to create a persona by
444# specifying an ID that will match the next auto-assigned ID
445# (should succeed)
446P5ID_REQ=$(($P4ID + $D2))
447create_persona "test2_1" "guest" ${P5ID_REQ}
448P5ID=$_ID
449if [ ! $P5ID -eq ${P5ID_REQ} ]; then
450	bail "test2_1: ${P5ID_REQ} != $P5ID"
451fi
452
453# try to create a persona with auto-assigned ID
454# (resulting persona should have ID != P5ID)
455create_persona "test2_2" "guest"
456P6ID=$_ID
457if [ $P6ID -eq $P5ID ]; then
458	bail "created duplicate persona IDs: $P6ID == $P5ID"
459fi
460
461##
462## Test Group 3: persona destruction
463##
464
465destroy_persona $P1ID
466destroy_persona $P2ID
467destroy_persona $P3ID
468destroy_persona $P4ID
469destroy_persona $P5ID
470destroy_persona $P6ID
471
472# try to re-destroy the personas
473# (should fail)
474${PERSONA_MGR} destroy -v -i $P1ID && expect_failure "re-destroy (1/2) $P1ID"
475${PERSONA_MGR} destroy -v -i $P1ID && expect_failure "re-destroy (2/2) $P1ID"
476${PERSONA_MGR} destroy -v -i $P2ID && expect_failure "re-destroy $P2ID"
477${PERSONA_MGR} destroy -v -i $P3ID && expect_failure "re-destroy $P3ID"
478${PERSONA_MGR} destroy -v -i $P4ID && expect_failure "re-destroy $P4ID"
479${PERSONA_MGR} destroy -v -i $P5ID && expect_failure "re-destroy $P5ID"
480${PERSONA_MGR} destroy -v -i $P6ID && expect_failure "re-destroy $P6ID"
481
482destroy_persona ${TEST_DEFAULT_PERSONA}
483
484# cleanup
485rm -rf "${TMPDIR}"
486
487echo ""
488echo "${0##/}: SUCCESS"
489exit 0
490