2020-03-04 12:35:06 +03:00
#!/usr/bin/env bash
2021-10-17 19:13:06 +03:00
# SPDX-License-Identifier: LGPL-2.1-or-later
2021-04-09 20:39:41 +03:00
set -eux
2019-07-07 18:30:15 +03:00
set -o pipefail
# Check if homectl is installed, and if it isn't bail out early instead of failing
if ! test -x /usr/bin/homectl ; then
2021-12-16 21:32:01 +03:00
echo "no homed" >/skipped
2019-07-07 18:30:15 +03:00
exit 0
fi
inspect( ) {
2021-04-08 11:34:53 +03:00
# As updating disk-size-related attributes can take some time on some
# filesystems, let's drop these fields before comparing the outputs to
# avoid unexpected fails. To see the full outputs of both homectl &
# userdbctl (for debugging purposes) drop the fields just before the
# comparison.
2022-05-04 09:24:06 +03:00
local USERNAME = " ${ 1 : ? } "
2021-04-09 20:49:32 +03:00
homectl inspect " $USERNAME " | tee /tmp/a
userdbctl user " $USERNAME " | tee /tmp/b
2021-04-08 11:34:53 +03:00
2021-11-18 19:19:03 +03:00
# diff uses the grep BREs for pattern matching
diff -I '^\s*Disk \(Size\|Free\|Floor\|Ceiling\):' /tmp/{ a,b}
2021-04-08 11:34:53 +03:00
rm /tmp/{ a,b}
2021-11-25 12:48:52 +03:00
homectl inspect --json= pretty " $USERNAME "
2019-07-07 18:30:15 +03:00
}
2021-12-22 09:43:05 +03:00
wait_for_state( ) {
2023-04-07 11:17:15 +03:00
for i in { 1..10} ; do
( ( i > 1 ) ) && sleep 0.5
2021-12-22 09:43:05 +03:00
homectl inspect " $1 " | grep -qF " State: $2 " && break
done
}
2019-07-07 18:30:15 +03:00
systemd-analyze log-level debug
2021-11-25 16:32:19 +03:00
systemctl service-log-level systemd-homed debug
2019-07-07 18:30:15 +03:00
2021-11-17 12:22:20 +03:00
# Create a tmpfs to use as backing store for the home dir. That way we can enforce a size limit nicely.
2021-11-25 12:48:52 +03:00
mkdir -p /home
mount -t tmpfs tmpfs /home -o size = 290M
2021-11-17 12:22:20 +03:00
2021-11-15 18:21:37 +03:00
# we enable --luks-discard= since we run our tests in a tight VM, hence don't
2021-11-17 12:22:20 +03:00
# needlessly pressure for storage. We also set the cheapest KDF, since we don't
# want to waste CI CPU cycles on it.
NEWPASSWORD = xEhErW0ndafV4s homectl create test-user \
2021-11-19 11:58:50 +03:00
--disk-size= min \
2021-11-17 12:22:20 +03:00
--luks-discard= yes \
2021-11-25 12:48:52 +03:00
--image-path= /home/test-user.home \
2021-11-17 12:22:20 +03:00
--luks-pbkdf-type= pbkdf2 \
--luks-pbkdf-time-cost= 1ms
2019-07-07 18:30:15 +03:00
inspect test-user
PASSWORD = xEhErW0ndafV4s homectl authenticate test-user
PASSWORD = xEhErW0ndafV4s homectl activate test-user
inspect test-user
PASSWORD = xEhErW0ndafV4s homectl update test-user --real-name= "Inline test"
inspect test-user
homectl deactivate test-user
inspect test-user
PASSWORD = xEhErW0ndafV4s NEWPASSWORD = yPN4N0fYNKUkOq homectl passwd test-user
inspect test-user
PASSWORD = yPN4N0fYNKUkOq homectl activate test-user
inspect test-user
SYSTEMD_LOG_LEVEL = debug PASSWORD = yPN4N0fYNKUkOq NEWPASSWORD = xEhErW0ndafV4s homectl passwd test-user
inspect test-user
homectl deactivate test-user
inspect test-user
PASSWORD = xEhErW0ndafV4s homectl activate test-user
inspect test-user
2021-11-25 12:58:50 +03:00
homectl deactivate test-user
2019-07-07 18:30:15 +03:00
inspect test-user
PASSWORD = xEhErW0ndafV4s homectl update test-user --real-name= "Offline test"
inspect test-user
PASSWORD = xEhErW0ndafV4s homectl activate test-user
inspect test-user
2021-11-25 12:58:50 +03:00
homectl deactivate test-user
2019-07-07 18:30:15 +03:00
inspect test-user
2021-11-16 12:51:35 +03:00
# Do some resize tests, but only if we run on real kernels, as quota inside of containers will fail
if ! systemd-detect-virt -cq ; then
# grow while inactive
PASSWORD = xEhErW0ndafV4s homectl resize test-user 300M
inspect test-user
# minimize while inactive
2021-10-29 15:34:24 +03:00
PASSWORD = xEhErW0ndafV4s homectl resize test-user min
2021-11-16 12:51:35 +03:00
inspect test-user
PASSWORD = xEhErW0ndafV4s homectl activate test-user
inspect test-user
# grow while active
2021-10-29 15:34:24 +03:00
PASSWORD = xEhErW0ndafV4s homectl resize test-user max
2021-11-16 12:51:35 +03:00
inspect test-user
# minimize while active
PASSWORD = xEhErW0ndafV4s homectl resize test-user 0
inspect test-user
# grow while active
PASSWORD = xEhErW0ndafV4s homectl resize test-user 300M
inspect test-user
# shrink to original size while active
PASSWORD = xEhErW0ndafV4s homectl resize test-user 256M
inspect test-user
2021-11-25 12:48:52 +03:00
# minimize again
PASSWORD = xEhErW0ndafV4s homectl resize test-user min
inspect test-user
# Increase space, so that we can reasonably rebalance free space between to home dirs
mount /home -o remount,size= 800M
# create second user
NEWPASSWORD = uuXoo8ei homectl create test-user2 \
--disk-size= min \
--luks-discard= yes \
--image-path= /home/test-user2.home \
--luks-pbkdf-type= pbkdf2 \
--luks-pbkdf-time-cost= 1ms
inspect test-user2
# activate second user
PASSWORD = uuXoo8ei homectl activate test-user2
inspect test-user2
# set second user's rebalance weight to 100
PASSWORD = uuXoo8ei homectl update test-user2 --rebalance-weight= 100
inspect test-user2
# set first user's rebalance weight to quarter of that of the second
PASSWORD = xEhErW0ndafV4s homectl update test-user --rebalance-weight= 25
inspect test-user
# synchronously rebalance
homectl rebalance
2021-11-16 12:51:35 +03:00
inspect test-user
2021-11-25 12:48:52 +03:00
inspect test-user2
2021-11-16 12:51:35 +03:00
fi
2021-04-08 11:34:28 +03:00
PASSWORD = xEhErW0ndafV4s homectl with test-user -- test ! -f /home/test-user/xyz
2023-04-05 16:50:42 +03:00
( ! PASSWORD = xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz)
2019-07-07 18:30:15 +03:00
PASSWORD = xEhErW0ndafV4s homectl with test-user -- touch /home/test-user/xyz
PASSWORD = xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz
PASSWORD = xEhErW0ndafV4s homectl with test-user -- rm /home/test-user/xyz
2021-04-08 11:34:28 +03:00
PASSWORD = xEhErW0ndafV4s homectl with test-user -- test ! -f /home/test-user/xyz
2023-04-05 16:50:42 +03:00
( ! PASSWORD = xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz)
2019-07-07 18:30:15 +03:00
2021-12-22 09:43:05 +03:00
wait_for_state test-user inactive
2019-07-07 18:30:15 +03:00
homectl remove test-user
2021-12-22 09:43:05 +03:00
if ! systemd-detect-virt -cq ; then
wait_for_state test-user2 active
homectl deactivate test-user2
wait_for_state test-user2 inactive
homectl remove test-user2
fi
2023-03-24 19:26:48 +03:00
# userdbctl tests
export PAGER =
# Create a couple of user/group records to test io.systemd.DropIn
# See docs/USER_RECORD.md and docs/GROUP_RECORD.md
mkdir -p /run/userdb/
cat >"/run/userdb/dropingroup.group" <<\E OF
{
"groupName" : "dropingroup" ,
"gid" : 1000000
}
EOF
cat >"/run/userdb/dropinuser.user" <<\E OF
{
"userName" : "dropinuser" ,
"uid" : 2000000,
"realName" : "🐱" ,
"memberOf" : [
"dropingroup"
]
}
EOF
cat >"/run/userdb/dropinuser.user-privileged" <<\E OF
{
"privileged" : {
"hashedPassword" : [
" $6 $WHBKvAFFT9jKPA4k $OPY4D4TczKN /jOnJzy54DDuOOagCcvxxybrwMbe1SVdm.Bbr.zOmBdATp.QrwZmvqyr8/SafbbQu.QZ2rRvDs/ "
] ,
"sshAuthorizedKeys" : [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA//dxI2xLg4MgxIKKZv1nqwTEIlE/fdakii2Fb75pG+ foo@bar.tld" ,
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMlaqG2rTMje5CQnfjXJKmoSpEVJ2gWtx4jBvsQbmee2XbU/Qdq5+SRisssR9zVuxgg5NA5fv08MgjwJQMm+csc= hello@world.tld"
]
}
}
EOF
# Set permissions and create necessary symlinks as described in nss-systemd(8)
chmod 0600 "/run/userdb/dropinuser.user-privileged"
ln -svrf "/run/userdb/dropingroup.group" "/run/userdb/1000000.group"
ln -svrf "/run/userdb/dropinuser.user" "/run/userdb/2000000.user"
ln -svrf "/run/userdb/dropinuser.user-privileged" "/run/userdb/2000000.user-privileged"
userdbctl
userdbctl --version
userdbctl --help --no-pager
userdbctl --no-legend
userdbctl --output= classic
userdbctl --output= friendly
userdbctl --output= table
userdbctl --output= json | jq
userdbctl -j --json= pretty | jq
userdbctl -j --json= short | jq
userdbctl --with-varlink= no
userdbctl user
userdbctl user testuser
userdbctl user root
userdbctl user testuser root
userdbctl user -j testuser root | jq
# Check only UID for the nobody user, since the name is build-configurable
userdbctl user --with-nss= no --synthesize= yes
userdbctl user --with-nss= no --synthesize= yes 0 root 65534
userdbctl user dropinuser
userdbctl user 2000000
userdbctl user --with-nss= no --with-varlink= no --synthesize= no --multiplexer= no dropinuser
userdbctl user --with-nss= no 2000000
( ! userdbctl user '' )
( ! userdbctl user 🐱)
( ! userdbctl user 🐱 '' bar)
( ! userdbctl user i-do-not-exist)
( ! userdbctl user root i-do-not-exist testuser)
( ! userdbctl user --with-nss= no --synthesize= no 0 root 65534)
( ! userdbctl user -N root nobody)
( ! userdbctl user --with-dropin= no dropinuser)
( ! userdbctl user --with-dropin= no 2000000)
userdbctl group
userdbctl group testuser
userdbctl group root
userdbctl group testuser root
userdbctl group -j testuser root | jq
# Check only GID for the nobody group, since the name is build-configurable
userdbctl group --with-nss= no --synthesize= yes
userdbctl group --with-nss= no --synthesize= yes 0 root 65534
userdbctl group dropingroup
userdbctl group 1000000
userdbctl group --with-nss= no --with-varlink= no --synthesize= no --multiplexer= no dropingroup
userdbctl group --with-nss= no 1000000
( ! userdbctl group '' )
( ! userdbctl group 🐱)
( ! userdbctl group 🐱 '' bar)
( ! userdbctl group i-do-not-exist)
( ! userdbctl group root i-do-not-exist testuser)
( ! userdbctl group --with-nss= no --synthesize= no 0 root 65534)
( ! userdbctl group --with-dropin= no dropingroup)
( ! userdbctl group --with-dropin= no 1000000)
userdbctl users-in-group
userdbctl users-in-group testuser
userdbctl users-in-group testuser root
userdbctl users-in-group -j testuser root | jq
userdbctl users-in-group 🐱
( ! userdbctl users-in-group '' )
( ! userdbctl users-in-group foo '' bar)
userdbctl groups-of-user
userdbctl groups-of-user testuser
userdbctl groups-of-user testuser root
userdbctl groups-of-user -j testuser root | jq
userdbctl groups-of-user 🐱
( ! userdbctl groups-of-user '' )
( ! userdbctl groups-of-user foo '' bar)
userdbctl services
userdbctl services -j | jq
userdbctl ssh-authorized-keys dropinuser | tee /tmp/authorized-keys
grep "ssh-ed25519" /tmp/authorized-keys
grep "ecdsa-sha2-nistp256" /tmp/authorized-keys
echo "my-top-secret-key 🐱" >/tmp/my-top-secret-key
userdbctl ssh-authorized-keys dropinuser --chain /bin/cat /tmp/my-top-secret-key | tee /tmp/authorized-keys
grep "ssh-ed25519" /tmp/authorized-keys
grep "ecdsa-sha2-nistp256" /tmp/authorized-keys
grep "my-top-secret-key 🐱" /tmp/authorized-keys
( ! userdbctl ssh-authorized-keys 🐱)
( ! userdbctl ssh-authorized-keys dropin-user --chain)
( ! userdbctl ssh-authorized-keys dropin-user --chain '' )
( ! SYSTEMD_LOG_LEVEL = debug userdbctl ssh-authorized-keys dropin-user --chain /bin/false)
( ! userdbctl '' )
for opt in json multiplexer output synthesize with-dropin with-nss with-varlink; do
( ! userdbctl " -- $opt ='' " )
( ! userdbctl " -- $opt ='🐱' " )
( ! userdbctl " -- $opt =foo " )
( ! userdbctl " -- $opt =foo " " -- $opt ='' " " -- $opt =🐱 " )
done
2019-07-07 18:30:15 +03:00
systemd-analyze log-level info
2023-07-12 16:49:55 +03:00
touch /testok