mirror of
https://github.com/systemd/systemd.git
synced 2024-10-27 18:55:40 +03:00
test: add integration test for per-user creds
This commit is contained in:
parent
19f16c9935
commit
6ab41e38e9
@ -324,6 +324,34 @@ varlinkctl call /run/systemd/io.systemd.Credentials io.systemd.Credentials.Encry
|
||||
cmp /tmp/vlcredsdata /tmp/vlcredsdata2
|
||||
rm /tmp/vlcredsdata /tmp/vlcredsdata2
|
||||
|
||||
clean_usertest() {
|
||||
rm -f /tmp/usertest.data /tmp/usertest.data
|
||||
}
|
||||
|
||||
trap clean_usertest EXIT
|
||||
dd if=/dev/urandom of=/tmp/usertest.data bs=4096 count=1
|
||||
|
||||
systemd-creds encrypt --user /tmp/usertest.data /tmp/usertest.cred
|
||||
|
||||
systemd-creds decrypt --user /tmp/usertest.cred - | cmp /tmp/usertest.data
|
||||
|
||||
# Decryption must fail if it's not done in user context
|
||||
(! systemd-creds decrypt /tmp/usertest.cred - )
|
||||
|
||||
# Decryption must also fail if a different user is used
|
||||
(! systemd-creds decrypt --user --uid=65534 /tmp/usertest.cred - )
|
||||
|
||||
# Try the reverse
|
||||
systemd-creds encrypt --user --uid=65534 /tmp/usertest.data /tmp/usertest.cred
|
||||
(! systemd-creds decrypt --user /tmp/usertest.cred - )
|
||||
systemd-creds decrypt --user --uid=65534 /tmp/usertest.cred - | cmp /tmp/usertest.data
|
||||
|
||||
systemd-creds encrypt --user /tmp/usertest.data /tmp/usertest.creds --name=mytest
|
||||
|
||||
# Make sure we actually can decode this in user context
|
||||
systemctl start user@0.service
|
||||
XDG_RUNTIME_DIR=/run/user/0 systemd-run --pipe --user --unit=waldi.service -p LoadCredentialEncrypted=mytest:/tmp/usertest.creds cat /run/user/0/credentials/waldi.service/mytest | cmp /tmp/usertest.data
|
||||
|
||||
systemd-analyze log-level info
|
||||
|
||||
touch /testok
|
||||
|
Loading…
Reference in New Issue
Block a user