From 60cabaf0b8591b8e2bf6644114d8846adaf3239b Mon Sep 17 00:00:00 2001
From: Mrunal Patel <mrunalp@gmail.com>
Date: Fri, 9 Oct 2015 17:48:51 -0400
Subject: [PATCH] Pick latest changes to libcontainer/user package
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
---
.../opencontainers/runc/libcontainer/user/user.go | 39 +-
.../runc/libcontainer/user/user_test.go | 472 +++++++++++++++++++++
2 files changed, 494 insertions(+), 17 deletions(-)
create mode 100644 vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go
diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go
index 964e31b..e6375ea 100644
--- a/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go
+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go
@@ -349,21 +349,26 @@ func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) (
return user, nil
}
-// GetAdditionalGroups looks up a list of groups by name or group id against
-// against the given /etc/group formatted data. If a group name cannot be found,
-// an error will be returned. If a group id cannot be found, it will be returned
-// as-is.
+// GetAdditionalGroups looks up a list of groups by name or group id
+// against the given /etc/group formatted data. If a group name cannot
+// be found, an error will be returned. If a group id cannot be found,
+// or the given group data is nil, the id will be returned as-is
+// provided it is in the legal range.
func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, error) {
- groups, err := ParseGroupFilter(group, func(g Group) bool {
- for _, ag := range additionalGroups {
- if g.Name == ag || strconv.Itoa(g.Gid) == ag {
- return true
+ var groups = []Group{}
+ if group != nil {
+ var err error
+ groups, err = ParseGroupFilter(group, func(g Group) bool {
+ for _, ag := range additionalGroups {
+ if g.Name == ag || strconv.Itoa(g.Gid) == ag {
+ return true
+ }
}
+ return false
+ })
+ if err != nil {
+ return nil, fmt.Errorf("Unable to find additional groups %v: %v", additionalGroups, err)
}
- return false
- })
- if err != nil {
- return nil, fmt.Errorf("Unable to find additional groups %v: %v", additionalGroups, err)
}
gidMap := make(map[int]struct{})
@@ -401,13 +406,13 @@ func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, err
return gids, nil
}
-// Wrapper around GetAdditionalGroups that opens the groupPath given and gives
-// it as an argument to GetAdditionalGroups.
+// GetAdditionalGroupsPath is a wrapper around GetAdditionalGroups
+// that opens the groupPath given and gives it as an argument to
+// GetAdditionalGroups.
func GetAdditionalGroupsPath(additionalGroups []string, groupPath string) ([]int, error) {
group, err := os.Open(groupPath)
- if err != nil {
- return nil, fmt.Errorf("Failed to open group file: %v", err)
+ if err == nil {
+ defer group.Close()
}
- defer group.Close()
return GetAdditionalGroups(additionalGroups, group)
}
diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go
new file mode 100644
index 0000000..53b2289
--- /dev/null
+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go
@@ -0,0 +1,472 @@
+package user
+
+import (
+ "io"
+ "reflect"
+ "sort"
+ "strconv"
+ "strings"
+ "testing"
+)
+
+func TestUserParseLine(t *testing.T) {
+ var (
+ a, b string
+ c []string
+ d int
+ )
+
+ parseLine("", &a, &b)
+ if a != "" || b != "" {
+ t.Fatalf("a and b should be empty ('%v', '%v')", a, b)
+ }
+
+ parseLine("a", &a, &b)
+ if a != "a" || b != "" {
+ t.Fatalf("a should be 'a' and b should be empty ('%v', '%v')", a, b)
+ }
+
+ parseLine("bad boys:corny cows", &a, &b)
+ if a != "bad boys" || b != "corny cows" {
+ t.Fatalf("a should be 'bad boys' and b should be 'corny cows' ('%v', '%v')", a, b)
+ }
+
+ parseLine("", &c)
+ if len(c) != 0 {
+ t.Fatalf("c should be empty (%#v)", c)
+ }
+
+ parseLine("d,e,f:g:h:i,j,k", &c, &a, &b, &c)
+ if a != "g" || b != "h" || len(c) != 3 || c[0] != "i" || c[1] != "j" || c[2] != "k" {
+ t.Fatalf("a should be 'g', b should be 'h', and c should be ['i','j','k'] ('%v', '%v', '%#v')", a, b, c)
+ }
+
+ parseLine("::::::::::", &a, &b, &c)
+ if a != "" || b != "" || len(c) != 0 {
+ t.Fatalf("a, b, and c should all be empty ('%v', '%v', '%#v')", a, b, c)
+ }
+
+ parseLine("not a number", &d)
+ if d != 0 {
+ t.Fatalf("d should be 0 (%v)", d)
+ }
+
+ parseLine("b:12:c", &a, &d, &b)
+ if a != "b" || b != "c" || d != 12 {
+ t.Fatalf("a should be 'b' and b should be 'c', and d should be 12 ('%v', '%v', %v)", a, b, d)
+ }
+}
+
+func TestUserParsePasswd(t *testing.T) {
+ users, err := ParsePasswdFilter(strings.NewReader(`
+root:x:0:0:root:/root:/bin/bash
+adm:x:3:4:adm:/var/adm:/bin/false
+this is just some garbage data
+`), nil)
+ if err != nil {
+ t.Fatalf("Unexpected error: %v", err)
+ }
+ if len(users) != 3 {
+ t.Fatalf("Expected 3 users, got %v", len(users))
+ }
+ if users[0].Uid != 0 || users[0].Name != "root" {
+ t.Fatalf("Expected users[0] to be 0 - root, got %v - %v", users[0].Uid, users[0].Name)
+ }
+ if users[1].Uid != 3 || users[1].Name != "adm" {
+ t.Fatalf("Expected users[1] to be 3 - adm, got %v - %v", users[1].Uid, users[1].Name)
+ }
+}
+
+func TestUserParseGroup(t *testing.T) {
+ groups, err := ParseGroupFilter(strings.NewReader(`
+root:x:0:root
+adm:x:4:root,adm,daemon
+this is just some garbage data
+`), nil)
+ if err != nil {
+ t.Fatalf("Unexpected error: %v", err)
+ }
+ if len(groups) != 3 {
+ t.Fatalf("Expected 3 groups, got %v", len(groups))
+ }
+ if groups[0].Gid != 0 || groups[0].Name != "root" || len(groups[0].List) != 1 {
+ t.Fatalf("Expected groups[0] to be 0 - root - 1 member, got %v - %v - %v", groups[0].Gid, groups[0].Name, len(groups[0].List))
+ }
+ if groups[1].Gid != 4 || groups[1].Name != "adm" || len(groups[1].List) != 3 {
+ t.Fatalf("Expected groups[1] to be 4 - adm - 3 members, got %v - %v - %v", groups[1].Gid, groups[1].Name, len(groups[1].List))
+ }
+}
+
+func TestValidGetExecUser(t *testing.T) {
+ const passwdContent = `
+root:x:0:0:root user:/root:/bin/bash
+adm:x:42:43:adm:/var/adm:/bin/false
+this is just some garbage data
+`
+ const groupContent = `
+root:x:0:root
+adm:x:43:
+grp:x:1234:root,adm
+this is just some garbage data
+`
+ defaultExecUser := ExecUser{
+ Uid: 8888,
+ Gid: 8888,
+ Sgids: []int{8888},
+ Home: "/8888",
+ }
+
+ tests := []struct {
+ ref string
+ expected ExecUser
+ }{
+ {
+ ref: "root",
+ expected: ExecUser{
+ Uid: 0,
+ Gid: 0,
+ Sgids: []int{0, 1234},
+ Home: "/root",
+ },
+ },
+ {
+ ref: "adm",
+ expected: ExecUser{
+ Uid: 42,
+ Gid: 43,
+ Sgids: []int{1234},
+ Home: "/var/adm",
+ },
+ },
+ {
+ ref: "root:adm",
+ expected: ExecUser{
+ Uid: 0,
+ Gid: 43,
+ Sgids: defaultExecUser.Sgids,
+ Home: "/root",
+ },
+ },
+ {
+ ref: "adm:1234",
+ expected: ExecUser{
+ Uid: 42,
+ Gid: 1234,
+ Sgids: defaultExecUser.Sgids,
+ Home: "/var/adm",
+ },
+ },
+ {
+ ref: "42:1234",
+ expected: ExecUser{
+ Uid: 42,
+ Gid: 1234,
+ Sgids: defaultExecUser.Sgids,
+ Home: "/var/adm",
+ },
+ },
+ {
+ ref: "1337:1234",
+ expected: ExecUser{
+ Uid: 1337,
+ Gid: 1234,
+ Sgids: defaultExecUser.Sgids,
+ Home: defaultExecUser.Home,
+ },
+ },
+ {
+ ref: "1337",
+ expected: ExecUser{
+ Uid: 1337,
+ Gid: defaultExecUser.Gid,
+ Sgids: defaultExecUser.Sgids,
+ Home: defaultExecUser.Home,
+ },
+ },
+ {
+ ref: "",
+ expected: ExecUser{
+ Uid: defaultExecUser.Uid,
+ Gid: defaultExecUser.Gid,
+ Sgids: defaultExecUser.Sgids,
+ Home: defaultExecUser.Home,
+ },
+ },
+ }
+
+ for _, test := range tests {
+ passwd := strings.NewReader(passwdContent)
+ group := strings.NewReader(groupContent)
+
+ execUser, err := GetExecUser(test.ref, &defaultExecUser, passwd, group)
+ if err != nil {
+ t.Logf("got unexpected error when parsing '%s': %s", test.ref, err.Error())
+ t.Fail()
+ continue
+ }
+
+ if !reflect.DeepEqual(test.expected, *execUser) {
+ t.Logf("got: %#v", execUser)
+ t.Logf("expected: %#v", test.expected)
+ t.Fail()
+ continue
+ }
+ }
+}
+
+func TestInvalidGetExecUser(t *testing.T) {
+ const passwdContent = `
+root:x:0:0:root user:/root:/bin/bash
+adm:x:42:43:adm:/var/adm:/bin/false
+this is just some garbage data
+`
+ const groupContent = `
+root:x:0:root
+adm:x:43:
+grp:x:1234:root,adm
+this is just some garbage data
+`
+
+ tests := []string{
+ // No such user/group.
+ "notuser",
+ "notuser:notgroup",
+ "root:notgroup",
+ "notuser:adm",
+ "8888:notgroup",
+ "notuser:8888",
+
+ // Invalid user/group values.
+ "-1:0",
+ "0:-3",
+ "-5:-2",
+ }
+
+ for _, test := range tests {
+ passwd := strings.NewReader(passwdContent)
+ group := strings.NewReader(groupContent)
+
+ execUser, err := GetExecUser(test, nil, passwd, group)
+ if err == nil {
+ t.Logf("got unexpected success when parsing '%s': %#v", test, execUser)
+ t.Fail()
+ continue
+ }
+ }
+}
+
+func TestGetExecUserNilSources(t *testing.T) {
+ const passwdContent = `
+root:x:0:0:root user:/root:/bin/bash
+adm:x:42:43:adm:/var/adm:/bin/false
+this is just some garbage data
+`
+ const groupContent = `
+root:x:0:root
+adm:x:43:
+grp:x:1234:root,adm
+this is just some garbage data
+`
+
+ defaultExecUser := ExecUser{
+ Uid: 8888,
+ Gid: 8888,
+ Sgids: []int{8888},
+ Home: "/8888",
+ }
+
+ tests := []struct {
+ ref string
+ passwd, group bool
+ expected ExecUser
+ }{
+ {
+ ref: "",
+ passwd: false,
+ group: false,
+ expected: ExecUser{
+ Uid: 8888,
+ Gid: 8888,
+ Sgids: []int{8888},
+ Home: "/8888",
+ },
+ },
+ {
+ ref: "root",
+ passwd: true,
+ group: false,
+ expected: ExecUser{
+ Uid: 0,
+ Gid: 0,
+ Sgids: []int{8888},
+ Home: "/root",
+ },
+ },
+ {
+ ref: "0",
+ passwd: false,
+ group: false,
+ expected: ExecUser{
+ Uid: 0,
+ Gid: 8888,
+ Sgids: []int{8888},
+ Home: "/8888",
+ },
+ },
+ {
+ ref: "0:0",
+ passwd: false,
+ group: false,
+ expected: ExecUser{
+ Uid: 0,
+ Gid: 0,
+ Sgids: []int{8888},
+ Home: "/8888",
+ },
+ },
+ }
+
+ for _, test := range tests {
+ var passwd, group io.Reader
+
+ if test.passwd {
+ passwd = strings.NewReader(passwdContent)
+ }
+
+ if test.group {
+ group = strings.NewReader(groupContent)
+ }
+
+ execUser, err := GetExecUser(test.ref, &defaultExecUser, passwd, group)
+ if err != nil {
+ t.Logf("got unexpected error when parsing '%s': %s", test.ref, err.Error())
+ t.Fail()
+ continue
+ }
+
+ if !reflect.DeepEqual(test.expected, *execUser) {
+ t.Logf("got: %#v", execUser)
+ t.Logf("expected: %#v", test.expected)
+ t.Fail()
+ continue
+ }
+ }
+}
+
+func TestGetAdditionalGroups(t *testing.T) {
+ const groupContent = `
+root:x:0:root
+adm:x:43:
+grp:x:1234:root,adm
+adm:x:4343:root,adm-duplicate
+this is just some garbage data
+`
+ tests := []struct {
+ groups []string
+ expected []int
+ hasError bool
+ }{
+ {
+ // empty group
+ groups: []string{},
+ expected: []int{},
+ },
+ {
+ // single group
+ groups: []string{"adm"},
+ expected: []int{43},
+ },
+ {
+ // multiple groups
+ groups: []string{"adm", "grp"},
+ expected: []int{43, 1234},
+ },
+ {
+ // invalid group
+ groups: []string{"adm", "grp", "not-exist"},
+ expected: nil,
+ hasError: true,
+ },
+ {
+ // group with numeric id
+ groups: []string{"43"},
+ expected: []int{43},
+ },
+ {
+ // group with unknown numeric id
+ groups: []string{"adm", "10001"},
+ expected: []int{43, 10001},
+ },
+ {
+ // groups specified twice with numeric and name
+ groups: []string{"adm", "43"},
+ expected: []int{43},
+ },
+ {
+ // groups with too small id
+ groups: []string{"-1"},
+ expected: nil,
+ hasError: true,
+ },
+ {
+ // groups with too large id
+ groups: []string{strconv.Itoa(1 << 31)},
+ expected: nil,
+ hasError: true,
+ },
+ }
+
+ for _, test := range tests {
+ group := strings.NewReader(groupContent)
+
+ gids, err := GetAdditionalGroups(test.groups, group)
+ if test.hasError && err == nil {
+ t.Errorf("Parse(%#v) expects error but has none", test)
+ continue
+ }
+ if !test.hasError && err != nil {
+ t.Errorf("Parse(%#v) has error %v", test, err)
+ continue
+ }
+ sort.Sort(sort.IntSlice(gids))
+ if !reflect.DeepEqual(gids, test.expected) {
+ t.Errorf("Gids(%v), expect %v from groups %v", gids, test.expected, test.groups)
+ }
+ }
+}
+
+func TestGetAdditionalGroupsNumeric(t *testing.T) {
+ tests := []struct {
+ groups []string
+ expected []int
+ hasError bool
+ }{
+ {
+ // numeric groups only
+ groups: []string{"1234", "5678"},
+ expected: []int{1234, 5678},
+ },
+ {
+ // numeric and alphabetic
+ groups: []string{"1234", "fake"},
+ expected: nil,
+ hasError: true,
+ },
+ }
+
+ for _, test := range tests {
+ gids, err := GetAdditionalGroups(test.groups, nil)
+ if test.hasError && err == nil {
+ t.Errorf("Parse(%#v) expects error but has none", test)
+ continue
+ }
+ if !test.hasError && err != nil {
+ t.Errorf("Parse(%#v) has error %v", test, err)
+ continue
+ }
+ sort.Sort(sort.IntSlice(gids))
+ if !reflect.DeepEqual(gids, test.expected) {
+ t.Errorf("Gids(%v), expect %v from groups %v", gids, test.expected, test.groups)
+ }
+ }
+}