diff options
author | Daniel Shahaf <danielsh@apache.org> | 2020-03-07 21:36:46 +0000 |
---|---|---|
committer | Daniel Shahaf <danielsh@apache.org> | 2020-03-07 21:36:46 +0000 |
commit | 6fc8e8628f9c3da6e4b83c3de67e44376708cbcb (patch) | |
tree | c711b1d53564bcca757799e1d734e24859c5f32e /Test | |
parent | 0d3d07c56f75064310271bf4469c5c9c13145d58 (diff) | |
parent | dd50f125b5eb65896642d2ff664adefd33f1004c (diff) | |
download | zsh-6fc8e8628f9c3da6e4b83c3de67e44376708cbcb.tar.gz zsh-6fc8e8628f9c3da6e4b83c3de67e44376708cbcb.tar.xz zsh-6fc8e8628f9c3da6e4b83c3de67e44376708cbcb.zip |
Merge remote-tracking branch 'origin/master' into 5.9
* Test/D02glob.ztst: On the "unreadable directories can be globbed (users/24619, users/24626)" test, resolve conflicts by removing the Cygwin-only skip that has been added in master, since the test is passing on this branch. This effectively reverts workers/45492. See discussion starting in workers/45504. * origin/master: unposted: Remove 'sgi', as that OpenBSD port has been discontinued. 45509: fix typos in B01cd.ztst 45490 (+45495 and a test): refactor rlimits.c github #49: Fix typo: longson should be loongson users/24710: Fix job control problem with sudo. 45492: skip test added by users/24633 on Cygwin 45488: COMP_WORDS for bash need "$@"-style quoting 45487: Missing mod_export declarations for AIX 45447: Complete vcs_info_hookadd and vcs_info_hookdel. Expose _vcs_info_hooks as a top-level helper function. 45463: test: kill: Document why we use SIGURG 45453: builtins: kill: Do not signal current process group when pid is empty 45452: builtins: kill: Add `kill ''` regression test with explicit sigspec 45451: builtins: kill: Add basic test suite github #48/0002: vcs_info git: properly detect bare repositories github #48/0001: vcs_info git: avoid warnings in bare repositories unposted: Post-release version bump unposted: Release 5.8 CVE-2019-20044: Update change log for preceding commits Update NEWS/README Add unsetopt/PRIVILEGED tests Clean up error-message white space Improve PRIVILEGED fixes (again) Improve PRIVILEGED fixes Drop privileges securely unposted: V01zmodload: Fix failing test from workers/45385 45423: _su: Improve arg handling, shell look-ups unposted: _zip: Recognise '--' 45385: Add a test for 'zmodload -Fa' preemptively disabling ("blacklisting"?) features. unposted: Test release: 5.7.1-test-3 zsh/system: Fix infinite loop in sysread _diff_options: Restore -w completion lost in workers/43351 unposted: Fix ChangeLog typo. 45368: Add tests for workers/45367's issue about double slashes in 'cd -P' and /home/daniel/in/zsh. 45373: Fix ERR_EXIT bug in else branch of if. 45372: Record a symlink loop bug involving :P 45365: _git: Fix __git_recent_branches for the case when a commit has an empty message 45343: Queue signals around arithmetic evaluations 45344: Document where third-party completion functions should be installed. 45345: internal: ztst.vim: Fix highlighting of zsh comments in test payload unposted: internal: Add some comments and fix indentation. No functional change. 45340: internal: Document the difference between paramtab and realparamtab. 45332: _git: add completion for git-version _brace_parameter: add missing \ Conflicts: ChangeLog Test/D02glob.ztst Test/V01zmodload.ztst
Diffstat (limited to 'Test')
-rw-r--r-- | Test/B01cd.ztst | 10 | ||||
-rw-r--r-- | Test/B11kill.ztst | 86 | ||||
-rw-r--r-- | Test/B12limit.ztst | 10 | ||||
-rw-r--r-- | Test/C03traps.ztst | 9 | ||||
-rw-r--r-- | Test/D02glob.ztst | 4 | ||||
-rw-r--r-- | Test/E01options.ztst | 25 | ||||
-rw-r--r-- | Test/P01privileged.ztst | 197 | ||||
-rw-r--r-- | Test/README | 1 | ||||
-rw-r--r-- | Test/V01zmodload.ztst | 16 |
9 files changed, 354 insertions, 4 deletions
diff --git a/Test/B01cd.ztst b/Test/B01cd.ztst index 3312f8707..21e751dcb 100644 --- a/Test/B01cd.ztst +++ b/Test/B01cd.ztst @@ -70,7 +70,7 @@ # the expected status returned by the code when run, or - if it is # irrelevant. An optional set of single-letter flags follows the status # or -. The following are understood: -# . d Don't diff stdout against the expected stdout. +# d Don't diff stdout against the expected stdout. # D Don't diff stderr against the expected stderr. # q All redirection lines given in the test script (not the lines # actually produced by the test) are subject to ordinary quoted shell @@ -96,8 +96,8 @@ # itself. (The example below isn't particularly useful as errors with # `cd' are unusual.) # -# A couple of features aren't used in this file, but are usefuil in cases -# where features may not be available so should not be tested. They boh +# A couple of features aren't used in this file, but are useful in cases +# where features may not be available so should not be tested. They both # take the form of variables. Note that to keep the test framework simple # there is no magic in setting the variables: the chunk of code being # executed needs to avoid executing any test code by appropriate structure @@ -145,6 +145,10 @@ F:something is broken. But you already knew that. 1:Implicit cd with unset HOME. ?zsh:cd:1: HOME not set + $ZTST_testdir/../Src/zsh -fc 'cd -P ////dev && pwd' +-f:(workers/45367) cd -P squashes multiple leading slashes +>/dev + %clean # This optional section cleans up after the test, if necessary, # e.g. killing processes etc. This is in addition to the removal of *.tmp diff --git a/Test/B11kill.ztst b/Test/B11kill.ztst new file mode 100644 index 000000000..dc6bf9b89 --- /dev/null +++ b/Test/B11kill.ztst @@ -0,0 +1,86 @@ +# Tests for the kill builtin. +# +# The exit codes 11 and 19 in this file don't mean anything special; they're +# just exit codes which are specific enough that the failure of `kill` itself +# can be differentiated from exiting due to executing a trap. + +%test + +# Correct invocation + + if zmodload zsh/system &>/dev/null; then + ( + trap 'exit 19' TERM + kill $sysparams[pid] + ) + else + ZTST_skip='Cannot zmodload zsh/system, skipping kill with no sigspec' + fi +19:kill with no sigspec + + + if zmodload zsh/system &>/dev/null; then + ( + trap 'exit 11' USR1 + kill -USR1 $sysparams[pid] + ) + else + ZTST_skip='Cannot zmodload zsh/system, skipping kill with sigspec' + fi +11:kill with sigspec + +# Incorrect invocation + + ( + kill a b c + ) +3:kill with multiple wrong inputs should increment status +?(eval):kill:2: illegal pid: a +?(eval):kill:2: illegal pid: b +?(eval):kill:2: illegal pid: c + + ( + kill -INT a b c + ) +3:kill with sigspec and wrong inputs should increment status +?(eval):kill:2: illegal pid: a +?(eval):kill:2: illegal pid: b +?(eval):kill:2: illegal pid: c + + ( + kill + ) +1:kill with no arguments +?(eval):kill:2: not enough arguments + + ( + kill -INT + ) +1:kill with sigspec only +?(eval):kill:2: not enough arguments + +# Regression tests: `kill ''` should not result in `kill 0`. +# +# We use SIGURG where an explicit sigspec can be provided as: +# +# 1. By default it's non-terminal, so even if we regress, we won't kill the +# test runner and other processes in the process group since we'll stop +# running this test before we get to the plain kill (and thus SIGTERM) +# cases; +# 2. It's also unlikely to be sent for any other reason during the process +# lifetime, so the test shouldn't be flaky. + + ( + trap 'exit 11' URG + kill -URG '' + ) +1:kill with empty pid and sigspec should not send signal to current process group +?(eval):kill:3: illegal pid: + + ( + trap 'exit 19' TERM + kill '' + ) +1:Plain kill with empty pid should not send signal to current process group +?(eval):kill:3: illegal pid: + diff --git a/Test/B12limit.ztst b/Test/B12limit.ztst new file mode 100644 index 000000000..5dd7afdbe --- /dev/null +++ b/Test/B12limit.ztst @@ -0,0 +1,10 @@ +# check if there is unknown resouce(s) + +%test + + limit | grep UNKNOWN || print OK +0:Check if there is unknown resouce(s) in the system +>OK +F:A failure here does not indicate any error in zsh. It just means there +F:is a resource in your system that is unknown to zsh developers. Please +F:report this to zsh-workers mailing list. diff --git a/Test/C03traps.ztst b/Test/C03traps.ztst index e661aabd5..6f84e5db2 100644 --- a/Test/C03traps.ztst +++ b/Test/C03traps.ztst @@ -500,6 +500,15 @@ >Succeed 2 >Succeed 3 + (set -e + if false; then + else + a=$(false) + print This should not appear + fi + ) +1:ERREXIT is triggered in an else block after a cmd subst returning false + fn() { emulate -L zsh setopt errreturn diff --git a/Test/D02glob.ztst b/Test/D02glob.ztst index 7fd22d795..4e6dc2a7a 100644 --- a/Test/D02glob.ztst +++ b/Test/D02glob.ztst @@ -753,6 +753,10 @@ 0:non-directories not globbed as directories >glob.tmp/not-a-directory , + () { echo $1:P } ////dev +-f:(workers/45367) modifier ':P' squashes multiple slashes +>/dev + %clean # Fix unreadable-directory permissions so ztst can clean up properly diff --git a/Test/E01options.ztst b/Test/E01options.ztst index c4b101bdb..cfe2c75cc 100644 --- a/Test/E01options.ztst +++ b/Test/E01options.ztst @@ -74,7 +74,6 @@ # HASH_LIST_ALL ) # PRINT_EXIT_STATUS haven't worked out what this does yet, although # Bart suggested a fix. -# PRIVILEGED (similar to GLOBAL_RCS) # RCS ( " " " " ) # SH_OPTION_LETTERS even I found this too dull to set up a test for # SINGLE_COMMAND kills shell @@ -95,6 +94,15 @@ %test + # setopt should move on to the next operation in the face of an error, but + # preserve the >0 return code + unsetopt aliases + setopt not_a_real_option aliases && return 2 + print -r - $options[aliases] +0:setopt error handling +?(eval):setopt:4: no such option: not_a_real_option +>on + alias echo='print foo' unsetopt aliases # use eval else aliases are all parsed at start @@ -1391,3 +1399,18 @@ F:Regression test for workers/41811 ?(anon):4: `break' active at end of function scope ?(anon):4: `break' active at end of function scope ?(anon):4: `break' active at end of function scope + +# There are further tests for PRIVILEGED in P01privileged.ztst. + if [[ -o privileged ]]; then + unsetopt privileged + fi + unsetopt privileged +0:PRIVILEGED sanity check: unsetting is idempotent +F:If this test fails at the first unsetopt, refer to P01privileged.ztst. + + if [[ -o privileged ]]; then + (( UID != EUID )) + else + (( UID == EUID )) + fi +0:PRIVILEGED sanity check: default value is correct diff --git a/Test/P01privileged.ztst b/Test/P01privileged.ztst new file mode 100644 index 000000000..c54112bb6 --- /dev/null +++ b/Test/P01privileged.ztst @@ -0,0 +1,197 @@ +# This file contains tests related to the PRIVILEGED option. In order to run, +# it requires that the test process itself have super-user privileges (or that +# one of the environment variables described below be set). This can be achieved +# via, e.g., `sudo make check TESTNUM=P`. +# +# Optionally, the environment variables ZSH_TEST_UNPRIVILEGED_UID and/or +# ZSH_TEST_UNPRIVILEGED_GID may be set to UID:EUID or GID:EGID pairs, where the +# two IDs in each pair are different, non-0 IDs valid on the system being used +# to run the tests. (The UIDs must both be non-0 to effectively test downgrading +# of privileges, and they must be non-matching to test auto-enabling of +# PRIVILEGED and to ensure that disabling PRIVILEGED correctly resets the saved +# UID. Technically GID 0 is not special, but for simplicity's sake we apply the +# same requirements here.) +# +# If either of the aforementioned environment variables is not set, the test +# script will try to pick the first two >0 IDs from the passwd/group databases +# on the current system. +# +# If either variable is set, the tests will run, but they will likely fail +# without super-user privileges. + +%prep + + # Mind your empty lines here. The logic in this %prep section is somewhat + # complex compared to most others; to avoid lots of nested/duplicated + # conditions we need to make sure that this all gets executed as a single + # function from which we can return early + [[ $EUID == 0 || -n $ZSH_TEST_UNPRIVILEGED_UID$ZSH_TEST_UNPRIVILEGED_GID ]] || { + ZTST_unimplemented='PRIVILEGED tests require super-user privileges (or env var)' + return 1 + } + (( $+commands[perl] )) || { # @todo Eliminate this dependency with a C wrapper? + ZTST_unimplemented='PRIVILEGED tests require Perl' + return 1 + } + grep -qE '#define HAVE_SETRES?UID' $ZTST_testdir/../config.h || { + ZTST_unimplemented='PRIVILEGED tests require setreuid()/setresuid()' + return 1 + } + # + ruid= euid= rgid= egid= + # + if [[ -n $ZSH_TEST_UNPRIVILEGED_UID ]]; then + ruid=${ZSH_TEST_UNPRIVILEGED_UID%%:*} + euid=${ZSH_TEST_UNPRIVILEGED_UID##*:} + else + print -ru$ZTST_fd 'Selecting unprivileged UID:EUID pair automatically' + local tmp=$( getent passwd 2> /dev/null || < /etc/passwd ) + # Note: Some awks require -v and its argument to be separate + ruid=$( awk -F: '$3 > 0 { print $3; exit; }' <<< $tmp ) + euid=$( awk -F: -v u=$ruid '$3 > u { print $3; exit; }' <<< $tmp ) + fi + # + if [[ -n $ZSH_TEST_UNPRIVILEGED_GID ]]; then + rgid=${ZSH_TEST_UNPRIVILEGED_GID%%:*} + egid=${ZSH_TEST_UNPRIVILEGED_GID##*:} + else + print -ru$ZTST_fd 'Selecting unprivileged GID:EGID pair automatically' + local tmp=$( getent group 2> /dev/null || < /etc/group ) + # Note: Some awks require -v and its argument to be separate + rgid=$( awk -F: '$3 > 0 { print $3; exit; }' <<< $tmp ) + egid=$( awk -F: -v g=$rgid '$3 > g { print $3; exit; }' <<< $tmp ) + fi + # + [[ $ruid/$euid == <1->/<1-> && $ruid != $euid ]] || ruid= euid= + [[ $rgid/$egid == <1->/<1-> && $rgid != $egid ]] || rgid= egid= + # + [[ -n $ruid && -n $euid ]] || { + ZTST_unimplemented='PRIVILEGED tests require unprivileged UID:EUID' + return 1 + } + [[ -n $rgid || -n $egid ]] || { + ZTST_unimplemented='PRIVILEGED tests require unprivileged GID:EGID' + return 1 + } + # + print -ru$ZTST_fd \ + "Using unprivileged UID $ruid, EUID $euid, GID $rgid, EGID $egid" + # + # Execute process with specified UID and EUID + # $1 => Real UID + # $2 => Effective UID + # $3 => Real GID + # $4 => Effective GID + # $5 ... => Command + args to execute (must NOT be a shell command string) + re_exec() { + perl -e ' + die("re_exec: not enough arguments") unless (@ARGV >= 5); + my ($ruid, $euid, $rgid, $egid, @cmd) = @ARGV; + foreach my $id ($ruid, $euid, $rgid, $egid) { + die("re_exec: invalid ID: $id") unless ($id =~ /^(-1|\d+)$/a); + } + $< = 0 + $ruid if ($ruid >= 0); + $> = 0 + $euid if ($euid >= 0); + $( = 0 + $rgid if ($rgid >= 0); + $) = 0 + $egid if ($egid >= 0); + exec(@cmd); + die("re_exec: exec failed: $!"); + ' -- "$@" + } + # + # Convenience wrapper for re_exec to call `zsh -c` + # -* ... => (optional) Command-line options to zsh + # $1 => Real UID + # $2 => Effective UID + # $3 => Real GID + # $4 => Effective GID + # $5 ... => zsh command string; multiple strings are joined by \n + re_zsh() { + local -a opts + while [[ $1 == -[A-Za-z-]* ]]; do + opts+=( $1 ) + shift + done + re_exec "$1" "$2" "$3" "$4" $ZTST_exe $opts -fc \ + "MODULE_PATH=${(q)MODULE_PATH}; ${(F)@[5,-1]}" + } + # + # Return one or more random unused UIDs + # $1 ... => Names of parameters to store UIDs in + get_unused_uid() { + while (( $# )); do + local i_=0 uid_= + until [[ -n $uid_ ]]; do + (( ++i_ > 99 )) && return 1 + uid_=$RANDOM + id $uid_ &> /dev/null || break + uid_= + done + : ${(P)1::=$uid_} + shift + done + } + +%test + + re_zsh $ruid $ruid -1 -1 'echo $UID/$EUID $options[privileged]' + re_zsh $euid $euid -1 -1 'echo $UID/$EUID $options[privileged]' + re_zsh $ruid $euid -1 -1 'echo $UID/$EUID $options[privileged]' +0q:PRIVILEGED automatically enabled when RUID != EUID +>$ruid/$ruid off +>$euid/$euid off +>$ruid/$euid on + + re_zsh -1 -1 $rgid $rgid 'echo $GID/$EGID $options[privileged]' + re_zsh -1 -1 $egid $egid 'echo $GID/$EGID $options[privileged]' + re_zsh -1 -1 $rgid $egid 'echo $GID/$EGID $options[privileged]' +0q:PRIVILEGED automatically enabled when RGID != EGID +>$rgid/$rgid off +>$egid/$egid off +>$rgid/$egid on + + re_zsh $ruid $euid -1 -1 'unsetopt privileged; echo $UID/$EUID' +0q:EUID set to RUID after disabling PRIVILEGED +*?zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed * +*?zsh:unsetopt:1: can't change option: privileged +>$ruid/$ruid + + re_zsh 0 $euid -1 -1 'unsetopt privileged && echo $UID/$EUID' +0:RUID/EUID set to 0/0 when privileged after disabling PRIVILEGED +>0/0 + + re_zsh $ruid $euid -1 -1 "unsetopt privileged; UID=$euid" || + re_zsh $ruid $euid -1 -1 "unsetopt privileged; EUID=$euid" +1:not possible to regain EUID when unprivileged after disabling PRIVILEGED +*?zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed * +*?zsh:unsetopt:1: can't change option: privileged +*?zsh:1: failed to change user ID: * +*?zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed * +*?zsh:unsetopt:1: can't change option: privileged +*?zsh:1: failed to change effective user ID: * + + re_zsh -1 -1 $rgid $egid 'unsetopt privileged && echo $GID/$EGID' +0q:EGID set to RGID after disabling PRIVILEGED +>$rgid/$rgid + +# This test also confirms that we can't revert to the original EUID's primary +# GID, which initgroups() may reset the EGID to on some systems + re_zsh $ruid 0 $rgid 0 'unsetopt privileged; GID=0' || + re_zsh $ruid 0 $rgid 0 'unsetopt privileged; EGID=0' +1:not possible to regain EGID when unprivileged after disabling PRIVILEGED +*?zsh:1: failed to change group ID: * +*?zsh:1: failed to change effective group ID: * + + local rruid + grep -qF '#define HAVE_INITGROUPS' $ZTST_testdir/../config.h || { + ZTST_skip='initgroups() not available' + return 1 + } + get_unused_uid rruid || { + ZTST_skip="Can't get unused UID" + return 1 + } + re_zsh $rruid 0 -1 -1 'unsetopt privileged' +1:getpwuid() fails with non-existent RUID and 0 EUID +*?zsh:unsetopt:1: can't drop privileges; failed to get user information * +*?zsh:unsetopt:1: can't change option: privileged diff --git a/Test/README b/Test/README index d012277ce..726d68e72 100644 --- a/Test/README +++ b/Test/README @@ -6,6 +6,7 @@ scripts names: C: shell commands with special syntax D: substititution E: options + P: privileged (needs super-user privileges) V: modules W: builtin interactive commands and constructs X: line editing diff --git a/Test/V01zmodload.ztst b/Test/V01zmodload.ztst index 339df7436..c3c64a79d 100644 --- a/Test/V01zmodload.ztst +++ b/Test/V01zmodload.ztst @@ -389,6 +389,22 @@ 0:unloading a module doesn't implicitly unset autoloadable parameters *>(on|off) * + $ZTST_testdir/../Src/zsh -fc " + MODULE_PATH=${(q)MODULE_PATH} + # + zmodload zsh/zutil + zmodload -Fal zsh/zutil | grep parse + zmodload -u zsh/zutil + # + zmodload -Fa zsh/zutil -b:zregexparse + zmodload zsh/zutil + zmodload -Fal zsh/zutil | grep parse >&2 + " +0:zmodload -Fa can disable features from being loaded +>b:zparseopts +>b:zregexparse +?b:zparseopts + %clean eval "$deps" |