xref: /freebsd/tests/sys/mac/do/invalid_configs.sh (revision cba191e291c17b32247e12d6f94dcde56994bfe6) 
1#!/usr/bin/env atf-sh
2#
3# Copyright (c) 2026, The FreeBSD Foundation
4#
5# This software was developed by Olivier Certner <olce@FreeBSD.org> at
6# Kumacom SARL under sponsorship from the FreeBSD Foundation.
7
8atf_test_case rule_no_target_part
9rule_no_target_part_head()
10{
11    atf_set descr "Missing target part in a rule"
12}
13rule_no_target_part_body()
14{
15    sysctl_set_and_check_fails_rules "uid=0>"
16    sysctl_set_and_check_fails_rules "gid=0>"
17    sysctl_set_and_check_fails_rules "uid=0"
18    sysctl_set_and_check_fails_rules "gid=0"
19}
20
21atf_test_case rule_no_match_part
22rule_no_match_part_head()
23{
24    atf_set descr "Missing match part in a rule"
25}
26rule_no_match_part_body()
27{
28    sysctl_set_and_check_fails_rules ">uid=0"
29    sysctl_set_and_check_fails_rules ">gid=0"
30}
31
32atf_test_case rule_space_between_flag_and_gid_fail
33rule_space_between_flag_and_gid_fail_head()
34{
35    atf_set descr "No space allowed between flag and GID"
36}
37rule_space_between_flag_and_gid_fail_body()
38{
39    sysctl_set_and_check_fails_rules "uid=1001>uid=0,gid=0,+ gid=0"
40}
41
42atf_test_case rule_user_names_fail
43rule_user_names_fail_head()
44{
45    atf_set descr "Reject user names (only numerical IDs supported)"
46}
47rule_user_names_fail_body()
48{
49    sysctl_set_and_check_fails_rules "uid=user>uid=0"
50    sysctl_set_and_check_fails_rules "uid=1001>uid=root"
51}
52
53atf_test_case rule_group_names_fail
54rule_group_names_fail_head()
55{
56    atf_set descr "Reject group names (only numerical IDs supported)"
57}
58rule_group_names_fail_body()
59{
60    sysctl_set_and_check_fails_rules "gid=group>gid=0"
61    sysctl_set_and_check_fails_rules "gid=1001>gid=root"
62    sysctl_set_and_check_fails_rules "gid=1001>gid=0,+gid=operator"
63}
64
65atf_test_case rules_wrong_separator
66rules_wrong_separator_head()
67{
68    atf_set descr "Wrong rules separator"
69}
70rules_wrong_separator_body()
71{
72    sysctl_set_and_check_fails_rules "uid=1001>gid=0:gid=1001>gid=5"
73}
74
75
76atf_init_test_cases()
77{
78    . $(atf_get_srcdir)/common.sh
79
80    atf_add_test_case rule_no_target_part
81    atf_add_test_case rule_no_match_part
82    atf_add_test_case rule_space_between_flag_and_gid_fail
83    atf_add_test_case rule_user_names_fail
84    atf_add_test_case rule_group_names_fail
85    atf_add_test_case rules_wrong_separator
86}
87