diff options
Diffstat (limited to 'keyutils-1.5.6/tests/keyctl/permitting')
3 files changed, 178 insertions, 0 deletions
diff --git a/keyutils-1.5.6/tests/keyctl/permitting/bad-args/runtest.sh b/keyutils-1.5.6/tests/keyctl/permitting/bad-args/runtest.sh new file mode 100644 index 0000000..3c2c324 --- /dev/null +++ b/keyutils-1.5.6/tests/keyctl/permitting/bad-args/runtest.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +chown_key --fail 0 0 +expect_error EINVAL +chgrp_key --fail 0 0 +expect_error EINVAL +set_key_perm --fail 0 0 +expect_error EINVAL + +# create a non-keyring +marker "CREATE KEY" +create_key user lizard gizzard @s +expect_keyid keyid + +# check that unsupported permissions aren't permitted +marker "CHECK PERMS" +set_key_perm --fail $keyid 0xffffffff +expect_error EINVAL +set_key_perm --fail $keyid 0x7f7f7f7f +expect_error EINVAL + +# dispose of the key we just made +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK CLEAR NON-EXISTENT KEY ID" +chown_key --fail $keyid 0 +expect_error ENOKEY +chgrp_key --fail $keyid 0 +expect_error ENOKEY +set_key_perm --fail $keyid 0 +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/keyutils-1.5.6/tests/keyctl/permitting/noargs/runtest.sh b/keyutils-1.5.6/tests/keyctl/permitting/noargs/runtest.sh new file mode 100644 index 0000000..89971e1 --- /dev/null +++ b/keyutils-1.5.6/tests/keyctl/permitting/noargs/runtest.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +marker "NO ARGS" +expect_args_error keyctl read +expect_args_error keyctl pipe +expect_args_error keyctl print + +marker "ONE ARG" +expect_args_error keyctl chown 0 +expect_args_error keyctl chgrp 0 +expect_args_error keyctl setperm 0 + +marker "THREE ARGS" +expect_args_error keyctl chown 0 0 0 +expect_args_error keyctl chgrp 0 0 0 +expect_args_error keyctl setperm 0 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/keyutils-1.5.6/tests/keyctl/permitting/valid/runtest.sh b/keyutils-1.5.6/tests/keyctl/permitting/valid/runtest.sh new file mode 100644 index 0000000..30f8633 --- /dev/null +++ b/keyutils-1.5.6/tests/keyctl/permitting/valid/runtest.sh @@ -0,0 +1,99 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# stick a key in the keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# changing the key's ownership is not supported before 2.6.18-rc1 +if version_less_than `uname -r` 2.6.18 +then + marker "CHOWN" + chown_key --fail $keyid 1 + expect_error EOPNOTSUPP +elif [ `id -u` != 0 ] +then + # must be running as root for this to work + marker "CHOWN" + chown_key --fail $keyid 1 + expect_error EACCES +else + marker "CHOWN" + chown_key $keyid 1 + + marker "CHOWN BACK" + chown_key $keyid 0 +fi + +# changing the key's group ownership is supported (change to "bin" group) +if [ `id -u` != 0 ] +then + marker "CHGRP" + chgrp_key --fail $keyid 1 + expect_error EACCES +else + marker "CHGRP" + chgrp_key $keyid 1 + describe_key $keyid + expect_key_rdesc rdesc "user@.*@1@[0-9a-f]*@lizard" +fi + +# check that each permission can be granted to the key +marker "ITERATE PERMISSIONS" +for i in \ + 00210002 00210004 00210008 00210010 \ + 00210200 00210400 00210800 00211000 \ + 00230000 00250000 00290000 00310000 \ + 02210000 04210000 08210000 10210000 + do + set_key_perm $keyid 0x$i + describe_key $keyid + expect_key_rdesc rdesc "user@.*@.*@$i@lizard" +done + +# check that we can't use group perms instead of user perms to view the key +# (our UID matches that of the key) +marker "VIEW GROUP PERMISSIONS" +set_key_perm $keyid 0x00201f00 +describe_key --fail $keyid +expect_error EACCES + +# check that we can't use other perms instead of user perms to view the key +# (our UID matches that of the key) +marker "VIEW OTHER PERMISSIONS" +set_key_perm $keyid 0x0020001f +describe_key --fail $keyid +expect_error EACCES + +# check that taking away setattr permission renders the key immune to setperm +marker "REMOVE SETATTR" +set_key_perm $keyid 0x1f1f1f1f +describe_key $keyid +expect_key_rdesc rdesc "user@.*@.*@.*@lizard" + +marker "REINSTATE SETATTR" +set_key_perm --fail $keyid 0x3f3f1f1f +expect_error EACCES + +# remove the keyring we added +marker "UNLINK KEYRING" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result |