From 404524c4ef9d027163032cc5c834e7fafd5389a8 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 26 Oct 2018 06:52:46 -0600
Subject: [PATCH] Add regress test for sudo_getgrouplist2(). This test assumes
 all the groups in root's group list can be resolved by group ID.

---
 lib/util/Makefile.in                          | 20 +++-
 .../regress/getgrouplist/getgrouplist_test.c  | 98 +++++++++++++++++++
 lib/util/regress/parse_gids/parse_gids_test.c |  2 +-
 3 files changed, 118 insertions(+), 2 deletions(-)
 create mode 100644 lib/util/regress/getgrouplist/getgrouplist_test.c

diff --git a/lib/util/Makefile.in b/lib/util/Makefile.in
index ff573c901..0d09f71cb 100644
--- a/lib/util/Makefile.in
+++ b/lib/util/Makefile.in
@@ -98,7 +98,7 @@ PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE)
 
 # Regression tests
 TEST_PROGS = atofoo_test conf_test hltq_test parseln_test progname_test \
-	     strsplit_test parse_gids_test @COMPAT_TEST_PROGS@
+	     strsplit_test parse_gids_test getgrouplist_test @COMPAT_TEST_PROGS@
 TEST_LIBS = @LIBS@
 TEST_LDFLAGS = @LDFLAGS@
 
@@ -143,6 +143,8 @@ STRSPLIT_TEST_OBJS = strsplit_test.lo
 
 PARSE_GIDS_TEST_OBJS = parse_gids_test.lo
 
+GETGROUPLIST_TEST_OBJS = getgrouplist_test.lo
+
 VSYSLOG_TEST_OBJS = vsyslog_test.lo vsyslog.lo
 
 all: libsudo_util.la
@@ -229,6 +231,9 @@ progname_test: $(PROGNAME_TEST_OBJS)
 parse_gids_test: $(PARSE_GIDS_TEST_OBJS) libsudo_util.la
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(PARSE_GIDS_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
 
+getgrouplist_test: $(GETGROUPLIST_TEST_OBJS) libsudo_util.la
+	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(GETGROUPLIST_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
+
 strsplit_test: $(STRSPLIT_TEST_OBJS) libsudo_util.la
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(STRSPLIT_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
 
@@ -294,6 +299,7 @@ check: $(TEST_PROGS)
 	    if test -f mktemp_test; then \
 		./mktemp_test || rval=`expr $$rval + $$?`; \
 	    fi; \
+	    ./getgrouplist_test || rval=`expr $$rval + $$?`; \
 	    ./atofoo_test || rval=`expr $$rval + $$?`; \
 	    ./hltq_test || rval=`expr $$rval + $$?`; \
 	    ./progname_test || rval=`expr $$rval + $$?`; \
@@ -573,6 +579,18 @@ getgrouplist.i: $(srcdir)/getgrouplist.c $(incdir)/compat/nss_dbdefs.h \
 	$(CC) -E -o $@ $(CPPFLAGS) $<
 getgrouplist.plog: getgrouplist.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/getgrouplist.c --i-file $< --output-file $@
+getgrouplist_test.lo: $(srcdir)/regress/getgrouplist/getgrouplist_test.c \
+                      $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+                      $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
+                      $(top_builddir)/config.h
+	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/getgrouplist/getgrouplist_test.c
+getgrouplist_test.i: $(srcdir)/regress/getgrouplist/getgrouplist_test.c \
+                      $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+                      $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
+                      $(top_builddir)/config.h
+	$(CC) -E -o $@ $(CPPFLAGS) $<
+getgrouplist_test.plog: getgrouplist_test.i
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/getgrouplist/getgrouplist_test.c --i-file $< --output-file $@
 gethostname.lo: $(srcdir)/gethostname.c $(incdir)/compat/stdbool.h \
                 $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \
                 $(top_builddir)/config.h
diff --git a/lib/util/regress/getgrouplist/getgrouplist_test.c b/lib/util/regress/getgrouplist/getgrouplist_test.c
new file mode 100644
index 000000000..1a749dfcb
--- /dev/null
+++ b/lib/util/regress/getgrouplist/getgrouplist_test.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+// This is an open source non-commercial project. Dear PVS-Studio, please check it.
+// PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif
+#include <pwd.h>
+#include <grp.h>
+
+#include "sudo_compat.h"
+#include "sudo_fatal.h"
+#include "sudo_util.h"
+
+__dso_public int main(int argc, char *argv[]);
+
+/*
+ * Test that sudo_getgrouplist2() works as expected.
+ */
+
+int
+main(int argc, char *argv[])
+{
+    GETGROUPS_T *groups = NULL;
+    struct passwd *pw;
+    struct group *grp;
+    char *username;
+    int i, j, errors = 0, ntests = 0;
+    int ngroups;
+    initprogname(argc > 0 ? argv[0] : "getgrouplist_test");
+
+    if ((pw = getpwuid(0)) == NULL)
+	sudo_fatal_nodebug("getpwuid(0)");
+    if ((username = strdup(pw->pw_name)) == NULL)
+	sudo_fatal_nodebug(NULL);
+
+    if (sudo_getgrouplist2(pw->pw_name, pw->pw_gid, &groups, &ngroups) == -1)
+	sudo_fatal_nodebug("sudo_getgroulist2");
+
+    for (i = 0; i < ngroups; i++) {
+	ntests++;
+
+	/* Verify group ID exists. */
+	if ((grp = getgrgid(groups[i])) == NULL) {
+	    sudo_warnx_nodebug("unable to look up group ID %u",
+		(unsigned int)groups[i]);
+	    errors++;
+	    continue;
+	}
+
+	/* Verify group membership. */
+	for (j = 0; grp->gr_mem[j] != NULL; j++) {
+	    if (strcmp(username, grp->gr_mem[j]) == 0) {
+		/* match */
+		break;
+	    }
+	}
+	if (grp->gr_mem[j] == NULL) {
+	    sudo_warnx_nodebug("unable to find %s in group %s",
+		username, grp->gr_name);
+	    errors++;
+	    continue;
+	}
+    }
+    if (errors != 0) {
+	printf("%s: %d tests run, %d errors, %d%% success rate\n",
+	    getprogname(), ntests, errors, (ntests - errors) * 100 / ntests);
+    }
+    exit(errors);
+}
diff --git a/lib/util/regress/parse_gids/parse_gids_test.c b/lib/util/regress/parse_gids/parse_gids_test.c
index 1394753b7..561845157 100644
--- a/lib/util/regress/parse_gids/parse_gids_test.c
+++ b/lib/util/regress/parse_gids/parse_gids_test.c
@@ -82,7 +82,7 @@ main(int argc, char *argv[])
     GETGROUPS_T *gidlist = NULL;
     int i, j, errors = 0, ntests = 0;
     int ngids;
-    initprogname(argc > 0 ? argv[0] : "strsplit_test");
+    initprogname(argc > 0 ? argv[0] : "parse_gids_test");
 
     for (i = 0; test_data[i].gids != NULL; i++) {
 	free(gidlist);
-- 
2.40.0