diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2013-06-22 15:45:09 +0100 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2013-06-22 15:45:09 +0100 |
commit | 1630874880c9bf9c67a4be1b3783a5bf5778e06b (patch) | |
tree | 8114d415a0a043822cdec7b44b8d5bfd6e057f6a | |
parent | b3b452ced0628134762b2214c2e7f324294dfef7 (diff) | |
download | gitano-1630874880c9bf9c67a4be1b3783a5bf5778e06b.tar.gz |
Support testing of 'as'
-rw-r--r-- | testing/02-commands-as.yarn | 37 | ||||
-rw-r--r-- | testing/gitano-test-tool.in | 14 | ||||
-rw-r--r-- | testing/library.yarn | 14 |
3 files changed, 54 insertions, 11 deletions
diff --git a/testing/02-commands-as.yarn b/testing/02-commands-as.yarn index f282cb0..1a96617 100644 --- a/testing/02-commands-as.yarn +++ b/testing/02-commands-as.yarn @@ -1 +1,38 @@ <!-- -*- markdown -*- --> +as --A- Become someone else +=========================== + +The `as` command can be used to run commands as different users. It should not +leak the existence/absence of a user, nor should it leak permissions from the +calling user into the effective user. + +Verification of `as` in the simple case +--------------------------------------- + +In the simple case, `as` is being called by someone who has permission to do +so, on behalf of a user which exists and can be used. + + SCENARIO Default case for as + + GIVEN a standard instance + AND testinstance has keys called other + WHEN testinstance, using adminkey, adds user other, using testinstance other + AND testinstance adminkey runs as other whoami + THEN stdout contains other + AND stdout does not contain gitano-admin + +The other trivial case is that a user without permission tries to run `as`. + + WHEN testinstance other, expecting failure, runs as other whoami + THEN stdout is empty + AND stderr contains Ruleset denied action + AND stderr contains exit:1 + +The final trivial case is that a user which can run `as` cannot use it to run +`as`. + + WHEN testinstance adminkey, expecting failure, runs as other as other whoami + THEN stdout is empty + AND stderr contains Cannot use 'as' to run 'as' + AND stderr contains Validation of command line failed + AND stderr contains exit:1 diff --git a/testing/gitano-test-tool.in b/testing/gitano-test-tool.in index ff386fd..c931b6d 100644 --- a/testing/gitano-test-tool.in +++ b/testing/gitano-test-tool.in @@ -46,17 +46,9 @@ local function run_program(t) if how == -1 then unix_assert(how, why) end - if how ~= "exit" then - for i = 1, #t do - print(t[i]) - end - error("BLEH: " .. how .. ":" .. tostring(why)) - end - if why ~= 0 then - for i = 1, #t do - print(t[i]) - end - error("BLEH: " .. how .. ":" .. tostring(why)) + if not (how == "exit" and why == 0) then + io.stderr:write(how .. ":" .. tostring(why).."\n") + os.exit(1) end end diff --git a/testing/library.yarn b/testing/library.yarn index 2f4c4e1..c49021e 100644 --- a/testing/library.yarn +++ b/testing/library.yarn @@ -76,15 +76,29 @@ Generic utility methods IMPLEMENTS WHEN ([a-z][a-z0-9]*) ([a-z][a-z0-9]*) runs (.+) $GTT runcommand $MATCH_1 $MATCH_2 $MATCH_3 > $DATADIR/stdout 2> $DATADIR/stderr + IMPLEMENTS WHEN ([a-z][a-z0-9]*) ([a-z][a-z0-9]*),? expecting failure,? runs (.+) + if $GTT runcommand $MATCH_1 $MATCH_2 $MATCH_3 > $DATADIR/stdout 2> $DATADIR/stderr; then + false + fi + IMPLEMENTS THEN ([^ ]+) contains (.+) grep -q "$MATCH_2" $DATADIR/"$MATCH_1" IMPLEMENTS THEN ([^ ]+) does not contain (.+) if grep -q "$MATCH_2" $DATADIR/"$MATCH_1"; then false; else true; fi + IMPLEMENTS THEN ([^ ]+) is empty + if grep -q . $DATADIR/"$MATCH_1"; then false; fi + IMPLEMENTS THEN failure ensues cd $DATADIR + echo "FIND:" find . + echo "KEYS:" cat user-home-testinstance/.ssh/authorized_keys + echo "OUT": + cat stdout + echo "ERR": + cat stderr /bin/false |