diff options
| author | Ben Boeckel <mathstuf@gmail.com> | 2019-09-04 10:30:01 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2019-09-04 13:30:10 +0100 |
| commit | eadebfe47e8b93cd7e6fcc6bfaff66317f50d1d8 (patch) | |
| tree | ba5c708bb76992b97b10f05b94f373b14b716665 | |
| parent | 7e34f5795b8fb35e95356a12dceeb714c1aa7f93 (diff) | |
| download | keyutils-eadebfe47e8b93cd7e6fcc6bfaff66317f50d1d8.tar.gz | |
tests/search: test a found key without search permissions
These stanzas were essentially duplicates of the previous blocks.
Fix them to test first disabling Search on the first keyring and then the
second keyring. Also add disabling of Search on the target key and
checking searches from the session keyring.
[DH: Modified to fix the searches and add Ben's change as a separate test
in its own right]
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
| -rw-r--r-- | tests/keyctl/search/valid/runtest.sh | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/tests/keyctl/search/valid/runtest.sh b/tests/keyctl/search/valid/runtest.sh index a9912ee..162edf9 100644 --- a/tests/keyctl/search/valid/runtest.sh +++ b/tests/keyctl/search/valid/runtest.sh @@ -123,28 +123,52 @@ unlink_key $keyring2id @s marker "SEARCH FIRST KEYRING AGAIN 4" search_for_key --expect=$keyid2 $keyringid user lizard -# removing search permission on the second keyring should hide the key +# Removing search permission on the first keyring should hide the key +# - This fails with EACCES as we don't have permission to initiate a search. marker "SEARCH WITH NO-SEARCH KEYRING" -set_key_perm $keyring2id 0x370000 +set_key_perm $keyringid 0x370000 search_for_key --fail $keyringid user lizard +expect_error EACCES + +# But if we start at the session keyring, we just can't find the key +search_for_key --fail @s user lizard expect_error ENOKEY -# putting search permission on the second keyring back again should make it +# putting search permission on the first keyring back again should make it # available again -set_key_perm $keyring2id 0x3f0000 +set_key_perm $keyringid 0x3f0000 search_for_key --expect=$keyid2 $keyringid user lizard -# removing search permission on the second key should hide the key +# Removing search permission on the second key should hide the key +# - This fails with ENOKEY because we're allowed to start the search, but then +# don't find the key because there's an unsearchable keyring in the path. marker "SEARCH WITH NO-SEARCH KEYRING2" set_key_perm $keyring2id 0x370000 search_for_key --fail $keyringid user lizard expect_error ENOKEY +search_for_key --fail @s user lizard +expect_error ENOKEY # putting search permission on the second key back again should make it # available again set_key_perm $keyring2id 0x3f0000 search_for_key --expect=$keyid2 $keyringid user lizard +# Removing search permission on the second key should hide the key +# - This fails with EACCES because we found the key, but we're not allowed to +# find it. +marker "SEARCH WITH NO-SEARCH KEY2" +set_key_perm $keyid2 0x370000 +search_for_key --fail $keyringid user lizard +expect_error EACCES +search_for_key --fail @s user lizard +expect_error EACCES + +# putting search permission on the second key back again should make it +# available again +set_key_perm $keyid2 0x3f0000 +search_for_key --expect=$keyid2 $keyringid user lizard + # revoking the key should make the key unavailable revoke_key $keyid2 search_for_key --fail $keyringid user lizard |