diff options
62 files changed, 4331 insertions, 0 deletions
@@ -189,10 +189,19 @@ endif ############################################################################### # +# Run tests +# +############################################################################### +test: + $(MAKE) -C tests run + +############################################################################### +# # Clean up # ############################################################################### clean: + $(MAKE) -C tests clean $(RM) libkeyutils* $(RM) keyctl request-key key.dns_resolver $(RM) *.o *.os *~ diff --git a/tests/Makefile b/tests/Makefile new file mode 100644 index 0000000..fe5b4df --- /dev/null +++ b/tests/Makefile @@ -0,0 +1,75 @@ +# Copyright (c) 2006 Red Hat, Inc. All rights reserved. This copyrighted material +# is made available to anyone wishing to use, modify, copy, or +# redistribute it subject to the terms and conditions of the GNU General +# Public License v.2. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# Author: David Howells <dhowells@redhat.com> +# Updated to new Make model by Bill Peck <bpeck@redhat.com> + +# The toplevel namespace within which the test lives. +TOPLEVEL_NAMESPACE=/kernel + +# The name of the package under test: +PACKAGE_NAME=keyutils + +# The path of the test below the package: +RELATIVE_PATH=testsuite + +# Version of the Test. Used with make tag. +export TESTVERSION=1.3 + +# The combined namespace of the test. +export TEST=$(TOPLEVEL_NAMESPACE)/$(PACKAGE_NAME)/$(RELATIVE_PATH) + +.PHONY: all install download clean + +TESTS = $(shell /usr/bin/find . -name runtest.sh | \ + /bin/sed -e 's/runtest.sh//g;s/^\.\///;s/\/$$//') + +BUILT_FILES= +FILES=$(METADATA) runtest.sh Makefile PURPOSE toolbox.inc.sh keyctl \ + prepare.inc.sh + +run: $(FILES) build + sh runtest.sh $(TESTS) + +build: $(BUILT_FILES) + +clean: + rm -f *~ *.rpm $(BUILT_FILES) + find keyctl -name test.out -delete + +# You may need to add other targets e.g. to build executables from source code +# Add them here: + + +# Include Common Makefile +ifneq ($(wild /usr/share/rhts/lib/rhts-make.include),) +include /usr/share/rhts/lib/rhts-make.include + +# Generate the testinfo.desc here: +$(METADATA): Makefile + @touch $(METADATA) + @echo "Owner: David Howells <dhowells@redhat.com>" > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "License: Unknown" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Description: testsuite to verify keyutils ">> $(METADATA) + @echo "TestTime: 30m" >> $(METADATA) + @echo "RunFor: $(PACKAGE_NAME)" >> $(METADATA) + @echo "Requires: $(PACKAGE_NAME)" >> $(METADATA) + @echo "Releases: -RHEL2.1 -RHEL3" >> $(METADATA) + @echo "Type: Tier1" >> $(METADATA) + @echo "Type: KernelTier1" >> $(METADATA) + rhts-lint $(METADATA) + +endif diff --git a/tests/PURPOSE b/tests/PURPOSE new file mode 100644 index 0000000..064e775 --- /dev/null +++ b/tests/PURPOSE @@ -0,0 +1,82 @@ +The purpose of this testsuite is to do negative and positive testing against +the keyutils package. +Sub Test Description +------------------ ----------------------------------------------------- +/listing/noargs Check list/rlist subcommands fail with the wrong + number of arguments +/listing/bad-args Check list/rlist subcommands fail with bad arguments +/listing/valid Check list/rlist subcommands work +/show/noargs Check show subcommand works with no arguments +/reading/noargs Check read/pipe/print subcommands fail with the wrong + number of arguments +/reading/bad-args Check read/pipe/print subcommands fail with bad + arguments +/reading/valid Check read/pipe/print subcommands work +/pupdate/noargs Check pupdate subcommand fails with the wrong number + of arguments +/pupdate/bad-args Check pupdate subcommand fails with bad arguments +/pupdate/userupdate Check pupdate subcommand works for user defined keys +/newring/noargs Check newring subcommand fails with the wrong number + of arguments +/newring/bad-args Check newring subcommand fails with a bad arguments +/newring/valid Check newring subcommand works +/session/bad-args Check session subcommand fails with bad arguments +/session/valid Check session subcommand works +/clear/noargs Check clear subcommand fails with the wrong number of + arguments +/clear/bad-args Check clear subcommand fails with a bad arguments +/clear/valid Check clear subcommand works +/instantiating/noargs Check instantiate/negate subcommands fail with the + wrong number of arguments +/instantiating/bad-args Check instantiate/negate subcommands fail with bad + arguments +/permitting/noargs Check chown/chgrp/setperm subcommands fail with the + wrong number of arguments +/permitting/bad-args Check chown/chgrp/setperm subcommands fail with bad + arguments +/permitting/valid Check chown/chgrp/setperm subcommands work +/describing/noargs Check describe/rdescribe subcommands fail with the + wrong number of arguments +/describing/bad-args Check describe/rdescribe subcommands fail with bad + arguments +/describing/valid Check describe/rdescribe subcommands work +/noargs Check keyutils with no args gives format list +/revoke/noargs Check revoke subcommand fails with the wrong number of + arguments +/revoke/bad-args Check revoke subcommand fails with a bad arguments +/revoke/valid Check revoke subcommand works +/padd/noargs Check padd subcommand fails with the wrong number of + arguments +/padd/bad-args Check padd subcommand fails with bad arguments +/padd/useradd Check padd subcommand works +/timeout/noargs Check timeout subcommand fails with the wrong number + of arguments +/timeout/bad-args Check timeout subcommand fails with a bad arguments +/timeout/valid Check timeout subcommand works +/update/noargs Check update subcommand fails with the wrong number of + arguments +/update/bad-args Check update subcommand fails with bad arguments +/update/userupdate Check update subcommand works for user defined keys +/search/noargs Check search subcommand fails with the wrong number of + arguments +/search/bad-args Check search subcommand fails with a bad arguments +/search/valid Check search subcommand works +/link/recursion Check link subcommand handles recursive links correctly +/link/noargs Check link subcommand fails with the wrong number of + arguments +/link/bad-args Check link subcommand fails with bad arguments +/link/valid Check link subcommand works +/add/noargs Check add subcommand fails with the wrong number of + arguments +/add/bad-args Check add subcommand fails with a bad arguments +/add/useradd Check add subcommand works +/requesting/piped Check request/prequest2 subcommands work +/requesting/noargs Check request/request2 subcommands fail with the + wrong number of arguments +/requesting/bad-args Check request/request2 subcommands fail with bad + arguments +/requesting/valid Check request/request2 subcommands work +/unlink/noargs Check unlink subcommand fails with the wrong number of + arguments +/unlink/bad-args Check unlink subcommand fails with a bad arguments +/unlink/valid Check unlink subcommand works diff --git a/tests/keyctl/add/bad-args/runtest.sh b/tests/keyctl/add/bad-args/runtest.sh new file mode 100644 index 0000000..8419fbc --- /dev/null +++ b/tests/keyctl/add/bad-args/runtest.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that an empty key type fails correctly +marker "CHECK EMPTY KEY TYPE" +create_key --fail "" wibble stuff @p +expect_error EINVAL + +# check that an unsupported key type fails correctly +marker "CHECK UNSUPPORTED KEY TYPE" +create_key --fail lizardsgizzards wibble stuff @p +expect_error ENODEV + +# check that an invalid key type fails correctly +marker "CHECK INVALID KEY TYPE" +create_key --fail .user wibble stuff @p +expect_error EPERM + +# check that an maximum length invalid key type fails correctly +marker "CHECK MAXLEN KEY TYPE" +create_key --fail $maxtype wibble stuff @p +expect_error ENODEV + +# check that an overlong key type fails correctly +marker "CHECK OVERLONG KEY TYPE" +create_key --fail a$maxtype wibble stuff @p +expect_error EINVAL + +# check that creation of a keyring with non-empty payload fails correctly +marker "CHECK ADD KEYRING WITH PAYLOAD" +create_key --fail keyring wibble a @p +expect_error EINVAL + +# check that an max length key description works correctly (PAGE_SIZE inc NUL) +if [ $PAGE_SIZE -lt $maxsquota ] +then + marker "CHECK MAXLEN DESC" + create_key user $maxdesc stuff @p + expect_keyid keyid +else + marker "CHECK MAXLEN DESC FAILS WITH EDQUOT" + create_key --fail user $maxdesc stuff @p + expect_error EDQUOT +fi + +# check that an overlong key description fails correctly (>4095 inc NUL) +marker "CHECK OVERLONG DESC" +create_key --fail user a$maxdesc stuff @p + +expect_error EINVAL + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +create_key --fail user wibble stuff 0 +expect_error EINVAL + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/add/noargs/runtest.sh b/tests/keyctl/add/noargs/runtest.sh new file mode 100644 index 0000000..bdd8348 --- /dev/null +++ b/tests/keyctl/add/noargs/runtest.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "ADD NO ARGS" +expect_args_error keyctl add + +# check that one argument fails correctly +marker "ADD ONE ARG" +expect_args_error keyctl add user + +# check that two arguments fail correctly +marker "ADD TWO ARGS" +expect_args_error keyctl add user wibble + +# check that three arguments fail correctly +marker "ADD THREE ARGS" +expect_args_error keyctl add user wibble stuff + +# check that five arguments fail correctly +marker "ADD FIVE ARGS" +expect_args_error keyctl add user wibble stuff @s x + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/add/useradd/runtest.sh b/tests/keyctl/add/useradd/runtest.sh new file mode 100644 index 0000000..33e633c --- /dev/null +++ b/tests/keyctl/add/useradd/runtest.sh @@ -0,0 +1,53 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that we can add a user key to the session keyring +marker "ADD USER KEY" +create_key user wibble stuff @s +expect_keyid keyid + +# read back what we put in it +marker "PRINT PAYLOAD" +print_key $keyid +expect_payload payload "stuff" + +# check that we can update a user key +marker "UPDATE USER KEY" +create_key user wibble lizard @s + +# check we get the same key ID back +expect_keyid keyid2 + +if [ "x$keyid" != "x$keyid2" ] +then + failed +fi + +# read back what we changed it to +marker "PRINT UPDATED PAYLOAD" +print_key $keyid +expect_payload payload "lizard" + +# attempt to add a key to that non-keyring key +marker "ADD KEY TO NON-KEYRING" +create_key --fail user lizard gizzards $keyid +expect_error ENOTDIR + +# remove the key we added +marker "UNLINK KEY" +unlink_key $keyid @s + +keyctl show + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/clear/bad-args/runtest.sh b/tests/keyctl/clear/bad-args/runtest.sh new file mode 100644 index 0000000..b3e9d4c --- /dev/null +++ b/tests/keyctl/clear/bad-args/runtest.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK CLEAR BAD KEY ID" +clear_keyring --fail 0 +expect_error EINVAL + +# create a non-keyring +marker "CREATE KEY" +create_key user lizard gizzard @s +expect_keyid keyid + +# check that a non-keyring ID fails correctly +marker "CHECK CLEAR NON-KEYRING KEY" +clear_keyring --fail $keyid +expect_error ENOTDIR + +# dispose of the key we were using +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK CLEAR NON-EXISTENT KEY ID" +clear_keyring --fail $keyid +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/clear/noargs/runtest.sh b/tests/keyctl/clear/noargs/runtest.sh new file mode 100644 index 0000000..48c672f --- /dev/null +++ b/tests/keyctl/clear/noargs/runtest.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "NO ARGS" +expect_args_error keyctl clear + +# check that one argument fails correctly +marker "TWO ARGS" +expect_args_error keyctl clear 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/clear/valid/runtest.sh b/tests/keyctl/clear/valid/runtest.sh new file mode 100644 index 0000000..7669016 --- /dev/null +++ b/tests/keyctl/clear/valid/runtest.sh @@ -0,0 +1,97 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# validate the new keyring's name and type +marker "VALIDATE KEYRING" +describe_key $keyringid +expect_key_rdesc rdesc 'keyring@.*@wibble' + +# check that we have an empty keyring +marker "LIST KEYRING" +list_keyring $keyringid +expect_keyring_rlist rlist empty + +# clear the empty keyring +marker "CLEAR EMPTY KEYRING" +clear_keyring $keyringid + +# check that it's empty again +marker "LIST KEYRING 2" +list_keyring $keyringid +expect_keyring_rlist rlist empty + +# stick a key in the keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# check that we can list it +marker "LIST KEYRING WITH ONE" +list_keyring $keyringid +expect_keyring_rlist rlist $keyid + +# clear the keyring +marker "CLEAR KEYRING WITH ONE" +clear_keyring $keyringid + +# check that it's now empty again +marker "LIST KEYRING 3" +list_keyring $keyringid +expect_keyring_rlist rlist empty + +# stick forty keys in the keyring +marker "ADD FORTY KEYS" +keys="" +for ((i=0; i<40; i++)) + do + create_key user lizard$i gizzard$i $keyringid + expect_keyid x + keys="$keys $x" + list_keyring $keyringid + expect_keyring_rlist rlist $x +done + +marker "CHECK KEYRING ORDERING" +list_keyring $keyringid +expect_keyring_rlist rlist +if [ "x$keys" != "x $rlist" ] +then + failed +fi + +marker "SHOW KEYRING" +if ! keyctl show >>$OUTPUTFILE 2>&1 +then + failed +fi + +# clear the keyring +marker "CLEAR KEYRING WITH ONE" +clear_keyring $keyringid + +# check that it's now empty yet again +marker "LIST KEYRING 4" +list_keyring $keyringid +expect_keyring_rlist rlist empty + +# remove the keyring we added +marker "UNLINK KEY" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/describing/bad-args/runtest.sh b/tests/keyctl/describing/bad-args/runtest.sh new file mode 100644 index 0000000..5a6bc22 --- /dev/null +++ b/tests/keyctl/describing/bad-args/runtest.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +describe_key --fail 0 +expect_error EINVAL +pretty_describe_key --fail 0 +expect_error EINVAL + +# create a key +marker "CREATE KEY" +create_key user lizard gizzard @s +expect_keyid keyid + +# dispose of the key +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK NON-EXISTENT KEY ID" +describe_key --fail $keyid +expect_error ENOKEY +pretty_describe_key --fail $keyid +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/describing/noargs/runtest.sh b/tests/keyctl/describing/noargs/runtest.sh new file mode 100644 index 0000000..e96d022 --- /dev/null +++ b/tests/keyctl/describing/noargs/runtest.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +marker "NO ARGS" +expect_args_error keyctl describe +expect_args_error keyctl rdescribe + +marker "TWO ARGS" +expect_args_error keyctl describe 0 0 + +marker "THREE ARGS" +expect_args_error keyctl rdescribe 0 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/describing/valid/runtest.sh b/tests/keyctl/describing/valid/runtest.sh new file mode 100644 index 0000000..40a6cfd --- /dev/null +++ b/tests/keyctl/describing/valid/runtest.sh @@ -0,0 +1,71 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# validate the new keyring's name and type +marker "VALIDATE KEYRING" +describe_key $keyringid +expect_key_rdesc rdesc 'keyring@.*@wibble' + +# validate a pretty description of the keyring +marker "VALIDATE PRETTY KEYRING" +pretty_describe_key $keyringid +expect_key_rdesc pdesc " *$keyringid: [-avrwsl]* *[-0-9]* *[-0-9]* keyring: wibble" + +# check that we have an empty keyring +marker "LIST KEYRING" +list_keyring $keyringid +expect_keyring_rlist rlist empty + +# stick a key in the keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# validate the new key's name and type +marker "VALIDATE KEY" +describe_key $keyid +expect_key_rdesc rdesc 'user@.*@lizard' + +# validate a pretty description of the key +marker "VALIDATE PRETTY KEY" +pretty_describe_key $keyid +expect_key_rdesc pdesc " *$keyid: [-avrwsl]* *[0-9]* *[-0-9]* user: lizard" + +# turn off view permission on the key +marker "DISABLE VIEW PERM" +set_key_perm $keyid 0x3e0000 +describe_key --fail $keyid +expect_error EACCES + +# turn on view permission on the key +marker "REINSTATE VIEW PERM" +set_key_perm $keyid 0x3f0000 +describe_key $keyid + +# revoke the key +marker "REVOKE KEY" +revoke_key $keyid +describe_key --fail $keyid +expect_error EKEYREVOKED + +# remove the keyring we added +marker "UNLINK KEY" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/instantiating/bad-args/runtest.sh b/tests/keyctl/instantiating/bad-args/runtest.sh new file mode 100644 index 0000000..7aa2792 --- /dev/null +++ b/tests/keyctl/instantiating/bad-args/runtest.sh @@ -0,0 +1,55 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +instantiate_key --fail 0 a @p +expect_error EPERM +pinstantiate_key --fail a 0 @p +expect_error EPERM +negate_key --fail 0 10 @p +expect_error EPERM + +# create a non-keyring +marker "CREATE KEY" +create_key user lizard gizzard @s +expect_keyid keyid + +# check that instantiation of an instantiated key fails +marker "CHECK ALREADY INSTANTIATED KEY" +instantiate_key --fail $keyid a @p +expect_error EPERM +pinstantiate_key --fail a $keyid @p +expect_error EPERM +negate_key --fail $keyid 10 @p +expect_error EPERM + +# check negative key timeout must be a number +marker "CHECK NEGATE TIMEOUT" +expect_args_error keyctl negate $keyid aa @p + +# dispose of the key we were using +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK NON-EXISTENT KEY ID" +instantiate_key --fail 0 a @p +expect_error EPERM +pinstantiate_key --fail a 0 @p +expect_error EPERM +negate_key --fail 0 10 @p +expect_error EPERM + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/instantiating/noargs/runtest.sh b/tests/keyctl/instantiating/noargs/runtest.sh new file mode 100644 index 0000000..8603818 --- /dev/null +++ b/tests/keyctl/instantiating/noargs/runtest.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +marker "NO ARGS" +expect_args_error keyctl instantiate +expect_args_error keyctl pinstantiate +expect_args_error keyctl negate + +marker "ONE ARG" +expect_args_error keyctl instantiate 0 +expect_args_error keyctl pinstantiate 0 +expect_args_error keyctl negate 0 + +marker "TWO ARGS" +expect_args_error keyctl instantiate 0 0 +expect_args_error keyctl negate 0 0 + +marker "THREE ARGS" +expect_args_error keyctl pinstantiate 0 0 0 + +marker "FOUR ARGS" +expect_args_error keyctl instantiate 0 0 0 0 +expect_args_error keyctl negate 0 0 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/link/bad-args/runtest.sh b/tests/keyctl/link/bad-args/runtest.sh new file mode 100644 index 0000000..37fe20c --- /dev/null +++ b/tests/keyctl/link/bad-args/runtest.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK LINK FROM BAD KEY ID" +link_key --fail 0 @s +expect_error EINVAL + +marker "CHECK LINK TO BAD KEY ID" +link_key --fail @s 0 +expect_error EINVAL + +# create a non-keyring +marker "CREATE KEY" +create_key user lizard gizzard @s +expect_keyid keyid + +# check that linking to a non-keyring ID fails correctly +marker "CHECK LINK TO NON-KEYRING KEY" +link_key --fail @s $keyid +expect_error ENOTDIR + +# dispose of the key we were using +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK LINK TO NON-EXISTENT KEY ID" +link_key --fail @s $keyid +expect_error ENOKEY + +marker "CHECK LINK FROM NON-EXISTENT KEY ID" +link_key --fail $keyid @s +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/link/noargs/runtest.sh b/tests/keyctl/link/noargs/runtest.sh new file mode 100644 index 0000000..f11426c --- /dev/null +++ b/tests/keyctl/link/noargs/runtest.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "NO ARGS" +expect_args_error keyctl link + +# check that one argument fails correctly +marker "ONE ARGS" +expect_args_error keyctl link 0 + +# check that three arguments fails correctly +marker "THREE ARGS" +expect_args_error keyctl link 0 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/link/recursion/runtest.sh b/tests/keyctl/link/recursion/runtest.sh new file mode 100644 index 0000000..eaa40f2 --- /dev/null +++ b/tests/keyctl/link/recursion/runtest.sh @@ -0,0 +1,172 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "CREATE KEYRING 1" +create_keyring "first" @s +expect_keyid keyringid + +# attempt to link a keyring to itself +marker "RECURSE 1" +link_key --fail $keyringid $keyringid +expect_error EDEADLK + +# create a second keyring in the first +marker "CREATE KEYRING 2" +create_keyring "second" $keyringid +expect_keyid keyring2id + +# attempt to link a keyring to its child keyring +marker "RECURSE 2" +link_key --fail $keyringid $keyring2id +expect_error EDEADLK + +# create a third keyring in the second +marker "CREATE KEYRING 3" +create_keyring "third" $keyring2id +expect_keyid keyring3id + +# attempt to link a keyring to its grandchild keyring +marker "RECURSE 3" +link_key --fail $keyringid $keyring3id +expect_error EDEADLK + +# create a fourth keyring in the third +marker "CREATE KEYRING 4" +create_keyring "fourth" $keyring3id +expect_keyid keyring4id + +# attempt to link a keyring to its great grandchild keyring +marker "RECURSE 4" +link_key --fail $keyringid $keyring4id +expect_error EDEADLK + +# create a fifth keyring in the fourth +marker "CREATE KEYRING 5" +create_keyring "fifth" $keyring4id +expect_keyid keyring5id + +# attempt to link a keyring to its great great grandchild keyring +marker "RECURSE 5" +link_key --fail $keyringid $keyring5id +expect_error EDEADLK + +# create a sixth keyring in the fifth +marker "CREATE KEYRING 6" +create_keyring "sixth" $keyring5id +expect_keyid keyring6id + +# attempt to link a keyring to its great great great grandchild keyring +marker "RECURSE 6" +link_key --fail $keyringid $keyring6id +expect_error EDEADLK + +# create a seventh keyring in the sixth +marker "CREATE KEYRING 7" +create_keyring "seventh" $keyring6id +expect_keyid keyring7id + +# attempt to link a keyring to its great great great great grandchild keyring +marker "RECURSE 7" +link_key --fail $keyringid $keyring7id +expect_error EDEADLK + +# create an eigth keyring in the seventh +marker "CREATE KEYRING 8" +create_keyring "eighth" $keyring7id +expect_keyid keyring8id + +# attempt to link a keyring to its great great great great great grandchild keyring +marker "RECURSE 8" +link_key --fail $keyringid $keyring8id +expect_error EDEADLK + +# create a ninth keyring in the eighth +marker "CREATE KEYRING 9" +create_keyring "ninth" $keyring8id +expect_keyid keyring9id + +# attempt to link a keyring to its great great great great great great grandchild keyring +marker "RECURSE 9" +link_key --fail $keyringid $keyring9id +expect_error ELOOP + +# remove the first keyring we added +marker "UNLINK KEYRING" +unlink_key $keyringid @s + +# create two stacks of keyrings +marker "CREATE KEYRING STACKS" +create_keyring "A1" @s +expect_keyid aroot +create_keyring "B1" @s +expect_keyid broot +a=$aroot +b=$broot + +for ((i=2; i<=4; i++)) + do + create_keyring "A$i" $a + expect_keyid a + create_keyring "B$i" $b + expect_keyid b +done + +# make sure we can't create a cycle by linking the two stacks together +marker "LINK A TO B" +link_key $aroot $b + +marker "LINK B TO A" +link_key --fail $broot $a +expect_error EDEADLK + +marker "UNLINK A FROM B" +unlink_key $aroot $b + +marker "LINK B TO A" +link_key $broot $a + +marker "LINK A TO B" +link_key --fail $aroot $b +expect_error EDEADLK + +marker "UNLINK B FROM A" +unlink_key $broot $a + +# extend the stacks +marker "EXTEND STACKS" +create_keyring "A5" $a +expect_keyid a +create_keyring "B5" $b +expect_keyid b + +# make sure we can't hide a cycle by linking the two bigger stacks together +marker "CHECK MAXDEPTH A TO B" +link_key $aroot $b +link_key --fail $broot $a +expect_error ELOOP +unlink_key $aroot $b + +marker "CHECK MAXDEPTH B TO A" +link_key $broot $a +link_key --fail $aroot $b +expect_error ELOOP +unlink_key $broot $a + +# remove the two stacks +marker "UNLINK STACKS" +unlink_key $aroot @s +unlink_key $broot @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/link/valid/runtest.sh b/tests/keyctl/link/valid/runtest.sh new file mode 100644 index 0000000..242a495 --- /dev/null +++ b/tests/keyctl/link/valid/runtest.sh @@ -0,0 +1,139 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# validate the new keyring's name and type +marker "VALIDATE KEYRING" +describe_key $keyringid +expect_key_rdesc rdesc 'keyring@.*@wibble' + +# check that we can list it +marker "LIST KEYRING" +list_keyring $keyringid +expect_keyring_rlist rlist empty + +# stick a key in the keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# check that we can list it +marker "LIST KEYRING WITH ONE" +list_keyring $keyringid +expect_keyring_rlist rlist $keyid + +# link the key across to the session keyring +marker "LINK KEY 1" +link_key $keyid @s + +marker "CHECK KEY LINKAGE" +list_keyring @s +expect_keyring_rlist srlist $keyid + +# link the key across to the session keyring again and again +marker "LINK KEY 2" +link_key $keyid @s + +marker "LINK KEY 3" +link_key $keyid @s + +# subsequent links should displace earlier links, giving us a maximum of 1 link +marker "COUNT LINKS" +list_keyring @s +expect_keyring_rlist srlist + +nlinks=0 +for i in $srlist + do + if [ "x$i" = "x$keyid" ] + then + nlinks=$(($nlinks + 1)) + fi +done + +if [ $nlinks != 1 ] +then + failed +fi + +# remove the links +marker "UNLINK KEY FROM SESSION" +unlink_key $keyid @s + +# removing again should fail +unlink_key --fail $keyid @s +expect_error ENOENT + +# remove that key from the keyring (the key should be destroyed) +marker "UNLINK KEY FROM KEYRING" +unlink_key --wait $keyid $keyringid + +# and a second time should fail, but now the key doesn't exist +unlink_key --fail $keyid $keyringid +expect_error ENOKEY + +# create a second keyring in the first +create_keyring "zebra" $keyringid +expect_keyid keyring2id + +# link thrice across to the session keyring +marker "LINK 2ND KEYRING TO SESSION" +link_key $keyring2id @s +link_key $keyring2id @s +link_key $keyring2id @s + +# subsequent links should displace earlier links, giving us a maximum of 1 link +marker "COUNT KEYRING LINKS" +list_keyring @s +expect_keyring_rlist srlist + +nlinks=0 +for i in $srlist + do + if [ "x$i" = "x$keyring2id" ] + then + nlinks=$(($nlinks + 1)) + fi +done + +if [ $nlinks != 1 ] +then + failed +fi + +# remove the keyring links +marker "UNLINK 2ND KEYRING FROM SESSION" +unlink_key $keyring2id @s + +# removing again should fail +unlink_key --fail $keyring2id @s +expect_error ENOENT + +# make another keyring link +marker "LINK 2ND KEYRING TO SESSION" +link_key $keyring2id @s + +# remove the first keyring we added +marker "UNLINK KEYRING" +unlink_key --wait $keyringid @s + +# remove the second keyring we added +marker "UNLINK 2ND KEYRING" +unlink_key --wait $keyring2id @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/listing/bad-args/runtest.sh b/tests/keyctl/listing/bad-args/runtest.sh new file mode 100644 index 0000000..339ab0f --- /dev/null +++ b/tests/keyctl/listing/bad-args/runtest.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +list_keyring --fail 0 +expect_error ENOKEY +pretty_list_keyring --fail 0 +expect_error ENOKEY + +# create a non-keyring +marker "CREATE KEY" +create_key user lizard gizzard @s +expect_keyid keyid + +# dispose of the key we were using +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK NON-EXISTENT KEY ID" +list_keyring --fail $keyid +expect_error ENOKEY +pretty_list_keyring --fail $keyid +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/listing/noargs/runtest.sh b/tests/keyctl/listing/noargs/runtest.sh new file mode 100644 index 0000000..59c97c1 --- /dev/null +++ b/tests/keyctl/listing/noargs/runtest.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +marker "NO ARGS" +expect_args_error keyctl list +expect_args_error keyctl rlist + +marker "TWO ARGS" +expect_args_error keyctl list 0 0 +expect_args_error keyctl rlist 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/listing/valid/runtest.sh b/tests/keyctl/listing/valid/runtest.sh new file mode 100644 index 0000000..0f64d0b --- /dev/null +++ b/tests/keyctl/listing/valid/runtest.sh @@ -0,0 +1,109 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# validate the new keyring's name and type +marker "VALIDATE KEYRING" +describe_key $keyringid +expect_key_rdesc rdesc 'keyring@.*@wibble' + +# check that we have an empty keyring +marker "LIST KEYRING" +list_keyring $keyringid +expect_keyring_rlist rlist empty + +marker "PRETTY LIST KEYRING" +pretty_list_keyring $keyringid +expect_payload payload "keyring is empty" + +# stick a key in the keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# check that we can list it +marker "LIST KEYRING WITH ONE" +list_keyring $keyringid +expect_keyring_rlist rlist $keyid + +# check that we can pretty list it +marker "PRETTY LIST KEYRING WITH ONE" +pretty_list_keyring $keyringid +expect_payload payload + +if ! expr "$payload" : " *$keyid:.*user: lizard" >&/dev/null +then + failed +fi + +# stick a second key in the keyring +marker "ADD KEY 2" +create_key user snake skin $keyringid +expect_keyid keyid2 + +# check that we can see both keys +marker "LIST KEYRING WITH TWO" +list_keyring $keyringid +expect_keyring_rlist rlist + +if [ "x$rlist" != "x$keyid $keyid2" ] +then + failed +fi + +# check that we can see both keys prettily +marker "PRETTY LIST KEYRING WITH TWO" +pretty_list_keyring $keyringid +prlist="" +for i in `tail -2 $OUTPUTFILE | cut -d: -f1 | sed -e 's@ +@@g'` + do + prlist="$prlist $i" +done + +if [ "x$prlist" != "x $keyid $keyid2" ] +then + failed +fi + +# turn off read permission on the keyring +marker "DISABLE READ PERM" +set_key_perm $keyringid 0x3d0000 +list_keyring $keyringid + +# turn off read and search permission on the keyring +marker "DISABLE SEARCH PERM" +set_key_perm $keyringid 0x350000 +list_keyring --fail $keyringid +expect_error EACCES + +# turn on read permission on the keyring +marker "REINSTATE READ PERM" +set_key_perm $keyringid 0x370000 +list_keyring $keyringid + +# revoke the keyring +marker "REVOKE KEYRING" +revoke_key $keyringid +list_keyring --fail $keyringid +expect_error EKEYREVOKED + +# remove the keyring we added +marker "UNLINK KEY" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/newring/bad-args/runtest.sh b/tests/keyctl/newring/bad-args/runtest.sh new file mode 100644 index 0000000..54655c3 --- /dev/null +++ b/tests/keyctl/newring/bad-args/runtest.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that an max length key description works correctly (4096 inc NUL) +if [ $PAGE_SIZE -lt $maxsquota ] +then + marker "CHECK MAXLEN DESC" + create_keyring $maxdesc @p + expect_keyid keyid +else + marker "CHECK MAXLEN DESC FAILS WITH EDQUOT" + create_keyring --fail $maxdesc @p + expect_error EDQUOT +fi + +# check that an overlong key description fails correctly (>4095 inc NUL) +marker "CHECK OVERLONG DESC" +create_keyring --fail a$maxdesc @p +expect_error EINVAL + +# check that an empty keyring name fails +marker "CHECK EMPTY KEYRING NAME" +create_keyring --fail "" @p +expect_error EINVAL + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +create_keyring --fail wibble 0 +expect_error EINVAL + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/newring/noargs/runtest.sh b/tests/keyctl/newring/noargs/runtest.sh new file mode 100644 index 0000000..4ed315a --- /dev/null +++ b/tests/keyctl/newring/noargs/runtest.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "ADD NO ARGS" +expect_args_error keyctl newring + +# check that one argument fails correctly +marker "ADD ONE ARG" +expect_args_error keyctl newring user + +# check that three arguments fail correctly +marker "ADD THREE ARGS" +expect_args_error keyctl newring user wibble stuff + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/newring/valid/runtest.sh b/tests/keyctl/newring/valid/runtest.sh new file mode 100644 index 0000000..0d9fd33 --- /dev/null +++ b/tests/keyctl/newring/valid/runtest.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# check that we now have an empty keyring +marker "LIST KEYRING" +list_keyring $keyringid +expect_keyring_rlist rlist empty + +# check that creating a second keyring of the same name displaces the first +marker "ADD KEYRING AGAIN" +create_keyring wibble @s +expect_keyid keyringid2 + +# should be different keyrings +if [ "x$keyringid" == "x$keyringid2" ] +then + failed +fi + +# the first should no longer exist in the session keyring +marker "LIST SESSION KEYRING" +list_keyring @s +expect_keyring_rlist sessionrlist $keyringid + +# and should no longer be accessible +marker "VALIDATE NEW KEYRING" +pause_till_key_destroyed $keyringid +describe_key --fail $keyringid +expect_error ENOKEY + +# list the session keyring +marker "LIST SESSION KEYRING2" +list_keyring @s +expect_keyring_rlist sessionrlist $keyringid2 + +# validate the new keyring's name and type +marker "VALIDATE NEW KEYRING2" +describe_key $keyringid2 +expect_key_rdesc rdesc 'keyring@.*@wibble' + +# remove the keyring we added +marker "UNLINK KEY" +unlink_key $keyringid2 @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/noargs/runtest.sh b/tests/keyctl/noargs/runtest.sh new file mode 100644 index 0000000..dccc4e0 --- /dev/null +++ b/tests/keyctl/noargs/runtest.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +. ../../prepare.inc.sh +. ../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +marker "CHECK NO ARGS" +expect_args_error keyctl + +if [ "`sed -n -e 3p $OUTPUTFILE | cut -d: -f1`" != "Format" ] +then + failed +fi + + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/padd/bad-args/runtest.sh b/tests/keyctl/padd/bad-args/runtest.sh new file mode 100644 index 0000000..a13e8db --- /dev/null +++ b/tests/keyctl/padd/bad-args/runtest.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that an empty key type fails correctly +marker "CHECK EMPTY KEY TYPE" +pcreate_key --fail stuff "" wibble @p +expect_error EINVAL + +# check that an unsupported key type fails correctly +marker "CHECK UNSUPPORTED KEY TYPE" +pcreate_key --fail stuff lizardsgizzards wibble @p +expect_error ENODEV + +# check that an invalid key type fails correctly +marker "CHECK INVALID KEY TYPE" +pcreate_key --fail stuff .user wibble @p +expect_error EPERM + +# check that an maximum length invalid key type fails correctly +marker "CHECK MAXLEN KEY TYPE" +pcreate_key --fail stuff $maxtype wibble @p +expect_error ENODEV + +# check that an overlong key type fails correctly +marker "CHECK OVERLONG KEY TYPE" +pcreate_key --fail stuff a$maxtype wibble @p +expect_error EINVAL + +# check that creation of a keyring with non-empty payload fails correctly +marker "CHECK ADD KEYRING WITH PAYLOAD" +pcreate_key --fail stuff keyring wibble @p +expect_error EINVAL + +# check that an max length key description works correctly +if [ $PAGE_SIZE -lt $maxsquota ] +then + marker "CHECK MAXLEN DESC" + pcreate_key stuff user $maxdesc @p + expect_keyid keyid +else + marker "CHECK MAXLEN DESC FAILS WITH EDQUOT" + pcreate_key --fail stuff user $maxdesc @p + expect_error EDQUOT +fi + +# check that an overlong key description fails correctly (>4095 inc NUL) +marker "CHECK OVERLONG DESC" +pcreate_key --fail stuff user a$maxdesc @p +expect_error EINVAL + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +pcreate_key --fail stuff user wibble 0 +expect_error EINVAL + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/padd/noargs/runtest.sh b/tests/keyctl/padd/noargs/runtest.sh new file mode 100644 index 0000000..97547f3 --- /dev/null +++ b/tests/keyctl/padd/noargs/runtest.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "ADD NO ARGS" +expect_args_error keyctl padd + +# check that one argument fails correctly +marker "ADD ONE ARG" +expect_args_error keyctl padd user + +# check that two arguments fail correctly +marker "ADD TWO ARGS" +expect_args_error keyctl padd user wibble + +# check that four arguments fail correctly +marker "ADD FOUR ARGS" +expect_args_error keyctl padd user wibble @s x + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/padd/useradd/runtest.sh b/tests/keyctl/padd/useradd/runtest.sh new file mode 100644 index 0000000..8eb0973 --- /dev/null +++ b/tests/keyctl/padd/useradd/runtest.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that we can add a user key to the session keyring +marker "ADD USER KEY" +pcreate_key stuff user wibble @s +expect_keyid keyid + +# read back what we put in it +marker "PRINT PAYLOAD" +print_key $keyid +expect_payload payload "stuff" + +# check that we can update a user key +marker "UPDATE USER KEY" +pcreate_key lizard user wibble @s + +# check we get the same key ID back +expect_keyid keyid2 + +if [ "x$keyid" != "x$keyid2" ] +then + failed +fi + +# read back what we changed it to +marker "PRINT UPDATED PAYLOAD" +print_key $keyid +expect_payload payload "lizard" + +# remove the key we added +marker "UNLINK KEY" +unlink_key $keyid @s + +keyctl show + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/permitting/bad-args/runtest.sh b/tests/keyctl/permitting/bad-args/runtest.sh new file mode 100644 index 0000000..3c2c324 --- /dev/null +++ b/tests/keyctl/permitting/bad-args/runtest.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +chown_key --fail 0 0 +expect_error EINVAL +chgrp_key --fail 0 0 +expect_error EINVAL +set_key_perm --fail 0 0 +expect_error EINVAL + +# create a non-keyring +marker "CREATE KEY" +create_key user lizard gizzard @s +expect_keyid keyid + +# check that unsupported permissions aren't permitted +marker "CHECK PERMS" +set_key_perm --fail $keyid 0xffffffff +expect_error EINVAL +set_key_perm --fail $keyid 0x7f7f7f7f +expect_error EINVAL + +# dispose of the key we just made +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK CLEAR NON-EXISTENT KEY ID" +chown_key --fail $keyid 0 +expect_error ENOKEY +chgrp_key --fail $keyid 0 +expect_error ENOKEY +set_key_perm --fail $keyid 0 +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/permitting/noargs/runtest.sh b/tests/keyctl/permitting/noargs/runtest.sh new file mode 100644 index 0000000..89971e1 --- /dev/null +++ b/tests/keyctl/permitting/noargs/runtest.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +marker "NO ARGS" +expect_args_error keyctl read +expect_args_error keyctl pipe +expect_args_error keyctl print + +marker "ONE ARG" +expect_args_error keyctl chown 0 +expect_args_error keyctl chgrp 0 +expect_args_error keyctl setperm 0 + +marker "THREE ARGS" +expect_args_error keyctl chown 0 0 0 +expect_args_error keyctl chgrp 0 0 0 +expect_args_error keyctl setperm 0 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/permitting/valid/runtest.sh b/tests/keyctl/permitting/valid/runtest.sh new file mode 100644 index 0000000..e90e398 --- /dev/null +++ b/tests/keyctl/permitting/valid/runtest.sh @@ -0,0 +1,86 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# stick a key in the keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# changing the key's ownership is not supported before 2.6.18-rc1 +if version_less_than `uname -r` 2.6.18 +then + marker "CHOWN" + chown_key --fail $keyid 1 + expect_error EOPNOTSUPP +else + marker "CHOWN" + chown_key $keyid 1 + + marker "CHOWN BACK" + chown_key $keyid 0 +fi + +# changing the key's group ownership is supported (change to "bin" group) +marker "CHGRP" +chgrp_key $keyid 1 +describe_key $keyid +expect_key_rdesc rdesc "user@.*@1@[0-9a-f]*@lizard" + +# check that each permission can be granted to the key +marker "ITERATE PERMISSIONS" +for i in \ + 00210002 00210004 00210008 00210010 \ + 00210200 00210400 00210800 00211000 \ + 00230000 00250000 00290000 00310000 \ + 02210000 04210000 08210000 10210000 + do + set_key_perm $keyid 0x$i + describe_key $keyid + expect_key_rdesc rdesc "user@.*@.*@$i@lizard" +done + +# check that we can't use group perms instead of user perms to view the key +# (our UID matches that of the key) +marker "VIEW GROUP PERMISSIONS" +set_key_perm $keyid 0x00201f00 +describe_key --fail $keyid +expect_error EACCES + +# check that we can't use other perms instead of user perms to view the key +# (our UID matches that of the key) +marker "VIEW OTHER PERMISSIONS" +set_key_perm $keyid 0x0020001f +describe_key --fail $keyid +expect_error EACCES + +# check that taking away setattr permission renders the key immune to setperm +marker "REMOVE SETATTR" +set_key_perm $keyid 0x1f1f1f1f +describe_key $keyid +expect_key_rdesc rdesc "user@.*@.*@.*@lizard" + +marker "REINSTATE SETATTR" +set_key_perm --fail $keyid 0x3f3f1f1f +expect_error EACCES + +# remove the keyring we added +marker "UNLINK KEYRING" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/pupdate/bad-args/runtest.sh b/tests/keyctl/pupdate/bad-args/runtest.sh new file mode 100644 index 0000000..cde245c --- /dev/null +++ b/tests/keyctl/pupdate/bad-args/runtest.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# attempt to update the session keyring +marker "CHECK UPDATE SESSION KEYRING" +pupdate_key --fail @s a +expect_error EOPNOTSUPP + +# attempt to update an invalid key +marker "CHECK UPDATE INVALID KEY" +pupdate_key --fail 0 a +expect_error EINVAL + +# add a user key to the session keyring for us to play with +marker "ADD USER KEY" +create_key user wibble stuff @s +expect_keyid keyid + +# remove the key we just added +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# it should fail when we attempt to update it +marker "UPDATE UNLINKED KEY" +pupdate_key --fail $keyid @s +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/pupdate/noargs/runtest.sh b/tests/keyctl/pupdate/noargs/runtest.sh new file mode 100644 index 0000000..fb8341f --- /dev/null +++ b/tests/keyctl/pupdate/noargs/runtest.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "PUPDATE NO ARGS" +expect_args_error keyctl pupdate + +# check that two arguments fail correctly +marker "PUPDATE TWO ARGS" +expect_args_error keyctl pupdate yyy xxxx + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/pupdate/userupdate/runtest.sh b/tests/keyctl/pupdate/userupdate/runtest.sh new file mode 100644 index 0000000..fa59bc8 --- /dev/null +++ b/tests/keyctl/pupdate/userupdate/runtest.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that we can add a user key to the session keyring +marker "ADD USER KEY" +create_key user wibble stuff @s +expect_keyid keyid + +# read back what we put in it +marker "PRINT PAYLOAD" +print_key $keyid +expect_payload payload "stuff" + +# check that we can update a user key +marker "PUPDATE USER KEY" +pupdate_key $keyid "lizard" + +# read back what we changed it to +marker "PRINT UPDATED PAYLOAD" +print_key $keyid +expect_payload payload "lizard" + +# remove the key we added +marker "UNLINK KEY" +unlink_key $keyid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/reading/bad-args/runtest.sh b/tests/keyctl/reading/bad-args/runtest.sh new file mode 100644 index 0000000..a6e360b --- /dev/null +++ b/tests/keyctl/reading/bad-args/runtest.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +read_key --fail 0 +expect_error ENOKEY +print_key --fail 0 +expect_error ENOKEY +pipe_key --fail 0 +expect_error ENOKEY + +# create a non-keyring +marker "CREATE KEY" +create_key user lizard gizzard @s +expect_keyid keyid + +# dispose of the key we just made +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK CLEAR NON-EXISTENT KEY ID" +read_key --fail $keyid +expect_error ENOKEY +print_key --fail $keyid +expect_error ENOKEY +pipe_key --fail $keyid +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/reading/noargs/runtest.sh b/tests/keyctl/reading/noargs/runtest.sh new file mode 100644 index 0000000..1d37154 --- /dev/null +++ b/tests/keyctl/reading/noargs/runtest.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +marker "NO ARGS" +expect_args_error keyctl read +expect_args_error keyctl pipe +expect_args_error keyctl print + +marker "TWO ARGS" +expect_args_error keyctl read 0 0 +expect_args_error keyctl pipe 0 0 +expect_args_error keyctl print 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/reading/valid/runtest.sh b/tests/keyctl/reading/valid/runtest.sh new file mode 100644 index 0000000..462d7ec --- /dev/null +++ b/tests/keyctl/reading/valid/runtest.sh @@ -0,0 +1,96 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# stick a key in the keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# check that the key is in the keyring +marker "LIST KEYRING" +list_keyring $keyringid +expect_keyring_rlist rlist $keyid + +# read the contents of the key +marker "PRINT KEY" +print_key $keyid +expect_payload payload "gizzard" + +# pipe the contents of the key and add a LF as the key doesn't have one +marker "PIPE KEY" +pipe_key $keyid +echo >>$OUTPUTFILE +expect_payload payload "gizzard" + +# read the key as hex +marker "READ KEY" +read_key $keyid +expect_payload payload "67697a7a 617264" + +# read the contents of the keyring as hex and match it to the key ID +marker "READ KEYRING" +read_key $keyringid +tmp=`printf %08x $keyid` +if [ "$endian" = "LE" ] +then + tmp=`echo $tmp | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/'` +fi +expect_payload payload $tmp + +# remove read permission from the key and try reading it again +# - we should still have read permission because it's searchable in our +# keyrings +marker "REMOVE READ PERM" +set_key_perm $keyid 0x3d0000 +print_key $keyid +expect_payload payload "gizzard" + +# remove search permission from the key as well +# - we should still have read permission because it's searchable in our +# keyrings +marker "REMOVE SEARCH PERM" +set_key_perm $keyid 0x350000 +print_key --fail $keyid +expect_error EACCES + +# check that we can read it if we have to rely on possessor perms +# - we should still have read permission because it's searchable in our +# keyrings +marker "CHECK POSSESSOR READ" +set_key_perm $keyid 0x3d000000 +print_key $keyid +expect_payload payload "gizzard" + +# put read permission back again +marker "REINSTATE READ PERM" +set_key_perm $keyid 0x370000 +print_key $keyid +expect_payload payload "gizzard" + +# revoke the key +marker "REVOKE KEY" +revoke_key $keyid +print_key --fail $keyid +expect_error EKEYREVOKED + +# remove the keyring we added +marker "UNLINK KEYRING" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/requesting/bad-args/runtest.sh b/tests/keyctl/requesting/bad-args/runtest.sh new file mode 100644 index 0000000..feb2231 --- /dev/null +++ b/tests/keyctl/requesting/bad-args/runtest.sh @@ -0,0 +1,113 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that an empty key type fails correctly +marker "CHECK EMPTY KEY TYPE" +request_key --fail "" debug:wibble +expect_error EINVAL +request_key --fail "" debug:wibble @p +expect_error EINVAL +request_key_callout --fail "" debug:wibble stuff +expect_error EINVAL +request_key_callout --fail "" debug:wibble stuff @p +expect_error EINVAL +prequest_key_callout --fail stuff "" debug:wibble +expect_error EINVAL +prequest_key_callout --fail stuff "" debug:wibble @p +expect_error EINVAL + +# check that an unsupported key type fails correctly +marker "CHECK UNSUPPORTED KEY TYPE" +request_key --fail "lizardsgizzards" debug:wibble +expect_error ENOKEY +request_key --fail "lizardsgizzards" debug:wibble @p +expect_error ENOKEY +request_key_callout --fail "lizardsgizzards" debug:wibble stuff +expect_error ENOKEY +request_key_callout --fail "lizardsgizzards" debug:wibble stuff @p +expect_error ENOKEY +prequest_key_callout --fail stuff "lizardsgizzards" debug:wibble +expect_error ENOKEY +prequest_key_callout --fail stuff "lizardsgizzards" debug:wibble @p +expect_error ENOKEY + +# check that an invalid key type fails correctly +# - key types beginning with a dot are internal use only +marker "CHECK INVALID KEY TYPE" +request_key --fail ".user" debug:wibble +expect_error EPERM +request_key --fail ".user" debug:wibble @p +expect_error EPERM +request_key_callout --fail ".user" debug:wibble stuff +expect_error EPERM +request_key_callout --fail ".user" debug:wibble stuff @p +expect_error EPERM +prequest_key_callout --fail stuff ".user" debug:wibble +expect_error EPERM +prequest_key_callout --fail stuff ".user" debug:wibble @p +expect_error EPERM + +# check that an maximum length invalid key type fails correctly +marker "CHECK MAXLEN INVALID KEY TYPE" +request_key --fail $maxtype debug:wibble +expect_error ENOKEY +request_key --fail $maxtype debug:wibble @p +expect_error ENOKEY +request_key_callout --fail $maxtype debug:wibble stuff +expect_error ENOKEY +request_key_callout --fail $maxtype debug:wibble stuff @p +expect_error ENOKEY + +# check that an overlong key type fails correctly +marker "CHECK OVERLONG KEY TYPE" +request_key --fail a$maxtype debug:wibble +expect_error EINVAL +request_key --fail a$maxtype debug:wibble @p +expect_error EINVAL +request_key_callout --fail a$maxtype debug:wibble stuff +expect_error EINVAL +request_key_callout --fail a$maxtype debug:wibble stuff @p +expect_error EINVAL + +# check that an max length key description works correctly +marker "CHECK MAXLEN DESC" +request_key --fail user $maxdesc +expect_error ENOKEY + +# check that an overlong key description fails correctly +marker "CHECK OVERLONG DESC" +request_key --fail user a$maxdesc +expect_error EINVAL + +# check that a max length callout info works correctly +marker "CHECK MAXLEN CALLOUT" +request_key_callout --fail user wibble $maxdesc @p +expect_error ENOKEY + +# check that an overlong callout info fails correctly +marker "CHECK OVERLONG CALLOUT" +request_key_callout --fail user wibble a$maxcall +expect_error EINVAL + +# check that a max length callout info works correctly +marker "CHECK MAXLEN PIPED CALLOUT" +prequest_key_callout --fail $maxcall user wibble @p +expect_error ENOKEY + +# check that an overlong callout info fails correctly +marker "CHECK OVERLONG PIPED CALLOUT" +prequest_key_callout --fail a$maxcall user wibble +expect_error EINVAL + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/requesting/noargs/runtest.sh b/tests/keyctl/requesting/noargs/runtest.sh new file mode 100644 index 0000000..0070708 --- /dev/null +++ b/tests/keyctl/requesting/noargs/runtest.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +marker "NO ARGS" +expect_args_error keyctl request +expect_args_error keyctl request2 +expect_args_error keyctl prequest2 + +marker "ONE ARG" +expect_args_error keyctl request 0 +expect_args_error keyctl request2 0 +expect_args_error keyctl prequest2 0 + +marker "TWO ARGS" +expect_args_error keyctl request2 0 0 + +marker "FOUR ARGS" +expect_args_error keyctl request 0 0 0 0 +expect_args_error keyctl prequest2 0 0 0 0 + +marker "FIVE ARGS" +expect_args_error keyctl request2 0 0 0 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/requesting/piped/runtest.sh b/tests/keyctl/requesting/piped/runtest.sh new file mode 100644 index 0000000..4750c87 --- /dev/null +++ b/tests/keyctl/requesting/piped/runtest.sh @@ -0,0 +1,94 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a pair of keyrings to play in +marker "CREATE KEYRINGS" +create_keyring "sandbox" @s +expect_keyid keyringid + +# check that we can't yet request a non-existent key +marker "CHECK REQUEST FAILS" +request_key --fail user lizard $keyringid +expect_error ENOKEY + +# add a user key to the first keyring +marker "ADD USER KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# request the key +marker "REQUEST KEY" +request_key user lizard +expect_keyid keyid2 $keyid + +# remove the key from the keyring +marker "DETACH KEY FROM KEYRING" +unlink_key $keyid $keyringid + +# request a key from /sbin/request-key to the session keyring +marker "PIPED CALL OUT REQUEST KEY TO SESSION" +prequest_key_callout gizzard user debug:lizard +expect_keyid keyid + +# should have appeared in the session keyring +marker "CHECK ATTACHMENT TO SESSION KEYRING" +list_keyring @s +expect_keyring_rlist rlist $keyid + +# rerequesting should pick up that key again +marker "REDO PIPED CALL OUT REQUEST KEY TO SESSION" +prequest_key_callout gizzard user debug:lizard +expect_keyid keyid2 $keyid + +# remove the key from the session +# - it was installed twice +# - once by request_key's keyring arg +# - once from the instantiation call +# but it will only have one link +marker "DETACH KEY FROM SESSION" +unlink_key --wait $keyid @s +unlink_key --fail $keyid @s +expect_error ENOKEY + +# request a key from /sbin/request-key to the keyring we made +marker "PIPED CALL OUT REQUEST KEY TO KEYRING" +prequest_key_callout gizzard user debug:lizard $keyringid +expect_keyid keyid + +# should have appeared once each in the sandbox and session keyrings +marker "CHECK ATTACHMENT TO KEYRING" +list_keyring $keyringid +expect_keyring_rlist rlist $keyid + +marker "CHECK ATTACHMENT TO SESSION" +list_keyring @s +expect_keyring_rlist rlist $keyid + +# rerequesting should pick up that key again +marker "REDO PIPED CALL OUT REQUEST KEY TO KEYRING" +prequest_key_callout gizzard user debug:lizard $keyringid +expect_keyid keyid2 $keyid + +# remove the key from the session +marker "DETACH KEY" +unlink_key $keyid $keyringid +unlink_key --wait $keyid @s +unlink_key --fail $keyid @s +expect_error ENOKEY + +# remove the keyrings we added +marker "UNLINK KEYRINGS" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/requesting/valid/runtest.sh b/tests/keyctl/requesting/valid/runtest.sh new file mode 100644 index 0000000..7a7bbb8 --- /dev/null +++ b/tests/keyctl/requesting/valid/runtest.sh @@ -0,0 +1,94 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a pair of keyrings to play in +marker "CREATE KEYRINGS" +create_keyring "sandbox" @s +expect_keyid keyringid + +# check that we can't yet request a non-existent key +marker "CHECK REQUEST FAILS" +request_key --fail user lizard $keyringid +expect_error ENOKEY + +# add a user key to the first keyring +marker "ADD USER KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# request the key +marker "REQUEST KEY" +request_key user lizard +expect_keyid keyid2 $keyid + +# remove the key from the keyring +marker "DETACH KEY FROM KEYRING" +unlink_key $keyid $keyringid + +# request a key from /sbin/request-key to the session keyring +marker "CALL OUT REQUEST KEY TO SESSION" +request_key_callout user debug:lizard gizzard +expect_keyid keyid + +# should have appeared in the session keyring +marker "CHECK ATTACHMENT TO SESSION KEYRING" +list_keyring @s +expect_keyring_rlist rlist $keyid + +# rerequesting should pick up that key again +marker "REDO CALL OUT REQUEST KEY TO SESSION" +request_key_callout user debug:lizard gizzard +expect_keyid keyid2 $keyid + +# remove the key from the session +# - it was installed twice +# - once by request_key's keyring arg +# - once from the instantiation call +# but it will only have one link +marker "DETACH KEY FROM SESSION" +unlink_key --wait $keyid @s +unlink_key --fail $keyid @s +expect_error ENOKEY + +# request a key from /sbin/request-key to the keyring we made +marker "CALL OUT REQUEST KEY TO KEYRING" +request_key_callout user debug:lizard gizzard $keyringid +expect_keyid keyid + +# should have appeared once each in the sandbox and session keyrings +marker "CHECK ATTACHMENT TO KEYRING" +list_keyring $keyringid +expect_keyring_rlist rlist $keyid + +marker "CHECK ATTACHMENT TO SESSION" +list_keyring @s +expect_keyring_rlist rlist $keyid + +# rerequesting should pick up that key again +marker "REDO CALL OUT REQUEST KEY TO KEYRING" +request_key_callout user debug:lizard gizzard $keyringid +expect_keyid keyid2 $keyid + +# remove the key from the session +marker "DETACH KEY" +unlink_key $keyid $keyringid +unlink_key --wait $keyid @s +unlink_key --fail $keyid @s +expect_error ENOKEY + +# remove the keyrings we added +marker "UNLINK KEYRINGS" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/revoke/bad-args/runtest.sh b/tests/keyctl/revoke/bad-args/runtest.sh new file mode 100644 index 0000000..a3c9b44 --- /dev/null +++ b/tests/keyctl/revoke/bad-args/runtest.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +revoke_key --fail 0 +expect_error EINVAL + +# check that a non-existent key ID fails correctly +marker "CHECK NON-EXISTENT KEY ID" +revoke_key --fail @t +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/revoke/noargs/runtest.sh b/tests/keyctl/revoke/noargs/runtest.sh new file mode 100644 index 0000000..417e3b6 --- /dev/null +++ b/tests/keyctl/revoke/noargs/runtest.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "ADD NO ARGS" +expect_args_error keyctl revoke + +# check that two arguments fail correctly +marker "ADD TWO ARGS" +expect_args_error keyctl revoke 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/revoke/valid/runtest.sh b/tests/keyctl/revoke/valid/runtest.sh new file mode 100644 index 0000000..e379476 --- /dev/null +++ b/tests/keyctl/revoke/valid/runtest.sh @@ -0,0 +1,75 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# create a key and attach it to the new keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# check that we can list the keyring +marker "LIST KEYRING" +list_keyring $keyringid +expect_keyring_rlist ringlist $keyid + +# check we can read the key description +marker "CHECK VALIDATE KEY" +describe_key $keyid +expect_key_rdesc kdesc 'user@.*@lizard' + +# check we can read the key's payload +marker "CHECK READ PAYLOAD" +print_key $keyid +expect_payload kpayload "gizzard" + +# revoke the key +marker "REVOKE KEY" +revoke_key $keyid + +# check we can no longer read the key description +marker "CHECK NO VALIDATE KEY" +describe_key --fail $keyid +expect_error EKEYREVOKED + +# check we can no longer read the key's payload +marker "CHECK NO READ PAYLOAD" +print_key --fail $keyid +expect_error EKEYREVOKED + +# remove the key we added +marker "UNLINK KEY" +unlink_key $keyid $keyringid + +# revoke the keyring +marker "REVOKE KEYRING" +revoke_key $keyringid + +# listing the session keyring should fail +marker "CHECK NO LIST SESSION KEYRING" +list_keyring --fail $keyringid +expect_error EKEYREVOKED + +# validating the new keyring's name and type should also fail +marker "CHECK NO VALIDATE KEYRING" +describe_key --fail $keyringid +expect_error EKEYREVOKED + +# remove the keyring we added +marker "UNLINK KEYRING" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/search/bad-args/runtest.sh b/tests/keyctl/search/bad-args/runtest.sh new file mode 100644 index 0000000..23bbc8b --- /dev/null +++ b/tests/keyctl/search/bad-args/runtest.sh @@ -0,0 +1,80 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that an empty key type fails correctly +marker "CHECK EMPTY KEY TYPE" +search_for_key --fail @s "" wibble +expect_error EINVAL +search_for_key --fail @s "" wibble @p +expect_error EINVAL + +# check that an unsupported key type fails correctly +marker "CHECK UNSUPPORTED KEY TYPE" +search_for_key --fail @s lizardsgizzards wibble +expect_error ENOKEY +search_for_key --fail @s lizardsgizzards wibble @p +expect_error ENOKEY + +# check that an invalid key type fails correctly +marker "CHECK INVALID KEY TYPE" +search_for_key --fail @s .user wibble +expect_error EPERM +search_for_key --fail @s .user wibble @p +expect_error EPERM + +# check that an overlong key type fails correctly +marker "CHECK OVERLONG KEY TYPE" +search_for_key --fail @s $maxtype wibble +expect_error ENOKEY +search_for_key --fail @s a$maxtype wibble @p +expect_error EINVAL + +# check that an max length key description works correctly (4095 inc NUL) +marker "CHECK MAXLEN DESC" +search_for_key --fail @s user $maxdesc +expect_error ENOKEY + +search_for_key --fail @s user $maxdesc @p +expect_error ENOKEY + +# check that an overlong key description fails correctly (>4095 inc NUL) +marker "CHECK OVERLONG DESC" +search_for_key --fail @s user a$maxdesc +expect_error EINVAL + +search_for_key --fail @s user a$maxdesc @p +expect_error EINVAL + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +search_for_key --fail @s user wibble -2000 +expect_error EINVAL + +# create a non-keyring key +marker "CREATE KEY" +create_key user a a @s +expect_keyid keyid + +# search the non-keyring key +marker "SEARCH KEY" +search_for_key --fail $keyid user a +expect_error ENOTDIR +search_for_key --fail $keyid user a @p +expect_error ENOTDIR + +# dispose of the key +marker "UNLINK KEY" +unlink_key $keyid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/search/noargs/runtest.sh b/tests/keyctl/search/noargs/runtest.sh new file mode 100644 index 0000000..5059eec --- /dev/null +++ b/tests/keyctl/search/noargs/runtest.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "NO ARGS" +expect_args_error keyctl search + +# check that one argument fails correctly +marker "ONE ARGS" +expect_args_error keyctl search 0 + +# check that two arguments fails correctly +marker "TWO ARGS" +expect_args_error keyctl search 0 0 + +# check that five arguments fails correctly +marker "FIVE ARGS" +expect_args_error keyctl search 0 0 0 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/search/valid/runtest.sh b/tests/keyctl/search/valid/runtest.sh new file mode 100644 index 0000000..92c177a --- /dev/null +++ b/tests/keyctl/search/valid/runtest.sh @@ -0,0 +1,173 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a pair of keyrings and attach them to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +create_keyring wibble2 @s +expect_keyid keyring2id + +# stick a key in the keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# check that we can list it +marker "LIST KEYRING WITH ONE" +list_keyring $keyringid +expect_keyring_rlist rlist $keyid + +# search the session keyring for a non-existent key +marker "SEARCH SESSION FOR NON-EXISTENT KEY" +search_for_key --fail @s user snake +expect_error ENOKEY + +# search the session keyring for the key +marker "SEARCH SESSION" +search_for_key @s user lizard +expect_keyid found $keyid + +# search the session keyring for the key and attach to second keyring +marker "SEARCH SESSION AND ATTACH" +search_for_key @s user lizard $keyring2id +expect_keyid found $keyid + +# check it's attached to the second keyring +marker "CHECK ATTACHED" +list_keyring $keyring2id +expect_keyring_rlist rlist $keyid + +# check the key contains what we expect +marker "CHECK PAYLOAD" +print_key $keyid +expect_payload payload "gizzard" + +# detach the attachment just made +marker "DETACH KEY" +unlink_key $found $keyring2id + +# create an overlapping key in the second keyring +create_key user lizard skin $keyring2id +expect_keyid keyid2 + +# check the two keys contain what we expect +marker "CHECK PAYLOADS" +print_key $keyid +expect_payload payload "gizzard" +print_key $keyid2 +expect_payload payload "skin" + +# a search from the session keyring should find the first key +marker "SEARCH SESSION AGAIN" +search_for_key @s user lizard +expect_keyid found $keyid + +# a search from the first keyring should find the first key +marker "SEARCH FIRST KEYRING" +search_for_key $keyringid user lizard +expect_keyid found $keyid + +# a search from the second keyring should find the second key +marker "SEARCH SECOND KEYRING" +search_for_key $keyring2id user lizard +expect_keyid found $keyid2 + +# link the second keyring to the first +marker "LINK FIRST KEYRING TO SECOND" +link_key $keyring2id $keyringid + +# a search from the first keyring should again find the first key +marker "SEARCH FIRST KEYRING AGAIN" +search_for_key $keyringid user lizard +expect_keyid found $keyid + +# revoking the first key should cause the second key to be available +revoke_key $keyid +search_for_key $keyringid user lizard +expect_keyid found $keyid2 + +# get rid of the dead key +marker "UNLINK FIRST KEY" +unlink_key $keyid $keyringid + +# a search from the first keyring should now find the second key +marker "SEARCH FIRST KEYRING AGAIN 2" +search_for_key $keyringid user lizard +expect_keyid found $keyid2 + +# a search from the session keyring should now find the second key +marker "SEARCH SESSION KEYRING AGAIN 2" +search_for_key @s user lizard +expect_keyid found $keyid2 + +# unlink the second keyring from the first +marker "UNLINK SECOND KEYRING FROM FIRST" +unlink_key $keyring2id $keyringid + +# a search from the first keyring should now fail +marker "SEARCH FIRST KEYRING FOR FAIL" +search_for_key --fail $keyringid user lizard +expect_error ENOKEY + +# a search from the session keyring should still find the second key +marker "SEARCH SESSION KEYRING AGAIN 3" +search_for_key @s user lizard +expect_keyid found $keyid2 + +# move the second keyring into the first +marker "MOVE SECOND KEYRING INTO FIRST" +link_key $keyring2id $keyringid +unlink_key $keyring2id @s + +# a search from the first keyring should now find the second key once again +marker "SEARCH FIRST KEYRING AGAIN 4" +search_for_key $keyringid user lizard +expect_keyid found $keyid2 + +# removing search permission on the second keyring should hide the key +marker "SEARCH WITH NO-SEARCH KEYRING" +set_key_perm $keyring2id 0x370000 +search_for_key --fail $keyringid user lizard +expect_error ENOKEY + +# putting search permission on the second keyring back again should make it +# available again +set_key_perm $keyring2id 0x3f0000 +search_for_key $keyringid user lizard +expect_keyid found $keyid2 + +# removing search permission on the second key should hide the key +marker "SEARCH WITH NO-SEARCH KEYRING2" +set_key_perm $keyring2id 0x370000 +search_for_key --fail $keyringid user lizard +expect_error ENOKEY + +# putting search permission on the second key back again should make it +# available again +set_key_perm $keyring2id 0x3f0000 +search_for_key $keyringid user lizard +expect_keyid found $keyid2 + +# revoking the key should make the key unavailable +revoke_key $keyid2 +search_for_key --fail $keyringid user lizard +expect_error ENOKEY + +# remove the keyrings we added +marker "UNLINK KEYRING" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/session/bad-args/runtest.sh b/tests/keyctl/session/bad-args/runtest.sh new file mode 100644 index 0000000..e3b6f71 --- /dev/null +++ b/tests/keyctl/session/bad-args/runtest.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that an empty keyring name fails correctly +marker "SESSION WITH EMPTY KEYRING NAME" +new_session --fail "" +expect_error EINVAL + +# check that an overlong keyring name fails correctly +marker "SESSION WITH OVERLONG KEYRING NAME" +new_session --fail a$maxdesc +expect_error EINVAL + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/session/valid/runtest.sh b/tests/keyctl/session/valid/runtest.sh new file mode 100644 index 0000000..42ae9fa --- /dev/null +++ b/tests/keyctl/session/valid/runtest.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# describe the keyring created for an anonymous session +if [ $OSDIST = RHEL -a $OSRELEASE -le 5 ] +then + marker "ANON SESSION" + new_session - keyctl rdescribe @s "@" + expect_key_rdesc rdesc "keyring@.*@.*@.*@_ses.*" + + # check the session keyring ID is shown + seskeyring="`tail -2 $OUTPUTFILE | head -1`" + if ! expr "$seskeyring" : "Joined session keyring: [0-9]*" >&/dev/null + then + failed + fi +fi + +# describe the keyring created for a named session +marker "NAMED SESSION" +new_session qwerty keyctl rdescribe @s "@" +expect_key_rdesc rdesc "keyring@.*@.*@.*@qwerty" + +# check the session keyring ID is shown +seskeyring="`tail -2 $OUTPUTFILE | head -1`" +if ! expr "$seskeyring" : "Joined session keyring: [0-9]*" >&/dev/null +then + failed +fi + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/show/noargs/runtest.sh b/tests/keyctl/show/noargs/runtest.sh new file mode 100644 index 0000000..ed06739 --- /dev/null +++ b/tests/keyctl/show/noargs/runtest.sh @@ -0,0 +1,51 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that show shows us our session keyring +marker "SHOW SESSION KEYRING" +keyctl show >>$OUTPUTFILE 2>&1 +if [ $? != 0 ] +then + failed +fi + +# must be at least two lines in the output (plus the test banner lines) +nlines=`wc -l $OUTPUTFILE | cut -d\ -f1` +if [ "$nlines" -lt 4 ] +then + failed +fi + +# there must be a session keyring section on the third line +if [ "`sed -n -e 3p $OUTPUTFILE`" != "Session Keyring" ] +then + failed +fi + +# the first key listed (line 2) should be a keying (the session keyring) ... +keyring1="`grep -n keyring $OUTPUTFILE | cut -d: -f1 | head -1`" +if [ "$keyring1" != "4" ] +then + failed +fi + +# ... and it should be the session keyring (alias -3) +keyring1id="`sed -n -e 4p $OUTPUTFILE | awk '{print $1}'`" +if [ "$keyring1id" != "-3" ] +then + failed +fi + + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/timeout/bad-args/runtest.sh b/tests/keyctl/timeout/bad-args/runtest.sh new file mode 100644 index 0000000..4ad216b --- /dev/null +++ b/tests/keyctl/timeout/bad-args/runtest.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +timeout_key --fail 0 10 +expect_error EINVAL + +# get a key +marker "CREATE KEY" +create_key user a a @s +expect_keyid keyid + +# dispose of the key so we can use its ID +marker "DESTROY KEY ID" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK NON-EXISTENT KEY ID" +timeout_key --fail $keyid 10 +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/timeout/noargs/runtest.sh b/tests/keyctl/timeout/noargs/runtest.sh new file mode 100644 index 0000000..3ff2675 --- /dev/null +++ b/tests/keyctl/timeout/noargs/runtest.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "ADD NO ARGS" +expect_args_error keyctl timeout + +# check that one argument fails correctly +marker "ADD ONE ARG" +expect_args_error keyctl timeout 0 + +# check that three arguments fail correctly +marker "ADD THREE ARGS" +expect_args_error keyctl timeout 0 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/timeout/valid/runtest.sh b/tests/keyctl/timeout/valid/runtest.sh new file mode 100644 index 0000000..1102536 --- /dev/null +++ b/tests/keyctl/timeout/valid/runtest.sh @@ -0,0 +1,118 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# create a key and attach it to the new keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# check that we can list the keyring +marker "LIST KEYRING" +list_keyring $keyringid +expect_keyring_rlist ringlist $keyid + +# check we can read the key description +marker "CHECK VALIDATE KEY" +describe_key $keyid +expect_key_rdesc kdesc 'user@.*@lizard' + +# check we can read the key's payload +marker "CHECK READ PAYLOAD" +print_key $keyid +expect_payload kpayload "gizzard" + +# set a silly timeout on the key +marker "SET BIG TIMEOUT" +timeout_key $keyid 10000000 + +# check we can still read the key's payload +marker "CHECK READ PAYLOAD 2" +print_key $keyid +expect_payload kpayload "gizzard" + +# set a small timeout on the key +marker "SET SMALL TIMEOUT" +timeout_key $keyid 2 + +marker "WAIT FOR TIMEOUT" +sleep 2 + +# check the key has expired +marker "CHECK NO READ PAYLOAD" +print_key --fail $keyid +expect_error EKEYEXPIRED + +# check revocation doesn't work +marker "CHECK NO REVOKE KEY" +revoke_key --fail $keyid +expect_error EKEYEXPIRED + +# check timeout setting doesn't work +marker "CHECK NO TIMEOUT KEY" +timeout_key --fail $keyid 20 +expect_error EKEYEXPIRED + +# remove the key we added +marker "UNLINK KEY" +unlink_key $keyid $keyringid + +############################################################################### +# create a key and attach it to the new keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# set a silly timeout on the key +marker "SET BIG TIMEOUT" +timeout_key $keyid 10000000 + +# revoke the key +marker "REVOKE KEY" +revoke_key $keyid + +# check we can no longer set the key's timeout +marker "CHECK NO SET KEY TIMEOUT" +timeout_key --fail $keyid 20 +expect_error EKEYREVOKED + +# remove the key we added +marker "UNLINK KEY" +unlink_key $keyid $keyringid + +# revoke the keyring +marker "TIMEOUT KEYRING" +timeout_key $keyringid 1 + +marker "WAIT FOR KEYRING TIMEOUT" +sleep 1 + +# listing the session keyring should fail +marker "CHECK NO LIST SESSION KEYRING" +list_keyring --fail $keyringid +expect_error EKEYEXPIRED + +# validating the new keyring's name and type should also fail +marker "CHECK NO VALIDATE KEYRING" +describe_key --fail $keyringid +expect_error EKEYEXPIRED + +# remove the keyring we added +marker "UNLINK KEYRING" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/unlink/bad-args/runtest.sh b/tests/keyctl/unlink/bad-args/runtest.sh new file mode 100644 index 0000000..82f4371 --- /dev/null +++ b/tests/keyctl/unlink/bad-args/runtest.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK UNLINK BAD KEY ID" +unlink_key --fail 0 @s +expect_error EINVAL + +marker "CHECK UNLINK FROM BAD KEY ID" +unlink_key --fail @s 0 +expect_error EINVAL + +# create a non-keyring +marker "CREATE KEY" +create_key user lizard gizzard @s +expect_keyid keyid + +# check that unlinking from a non-keyring ID fails correctly +marker "CHECK UNLINK FROM NON-KEYRING KEY" +unlink_key --fail @s $keyid +expect_error ENOTDIR + +# dispose of the key we were using +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK UNLINK FROM NON-EXISTENT KEY ID" +unlink_key --fail @s $keyid +expect_error ENOKEY + +marker "CHECK UNLINK NON-EXISTENT KEY ID" +unlink_key --fail $keyid @s +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/unlink/noargs/runtest.sh b/tests/keyctl/unlink/noargs/runtest.sh new file mode 100644 index 0000000..a33ff3c --- /dev/null +++ b/tests/keyctl/unlink/noargs/runtest.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "NO ARGS" +expect_args_error keyctl unlink + +# check that one argument fails correctly +marker "ONE ARGS" +expect_args_error keyctl unlink 0 + +# check that three arguments fails correctly +marker "THREE ARGS" +expect_args_error keyctl unlink 0 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/unlink/valid/runtest.sh b/tests/keyctl/unlink/valid/runtest.sh new file mode 100644 index 0000000..1cfe35b --- /dev/null +++ b/tests/keyctl/unlink/valid/runtest.sh @@ -0,0 +1,100 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# create a keyring and attach it to the session keyring +marker "ADD KEYRING" +create_keyring wibble @s +expect_keyid keyringid + +# stick a key in the keyring +marker "ADD KEY" +create_key user lizard gizzard $keyringid +expect_keyid keyid + +# check that we can list it +marker "LIST KEYRING WITH ONE" +list_keyring $keyringid +expect_keyring_rlist rlist $keyid + +# dispose of the key and make sure it gets destroyed +marker "UNLINK KEY FROM KEYRING" +unlink_key --wait $keyid $keyringid + +# trying again should fail +marker "CHECK NO UNLINK KEY FROM KEYRING" +unlink_key --fail $keyid $keyringid +expect_error ENOKEY + +# check that the keyring is now empty +marker "LIST KEYRING" +list_keyring $keyringid +expect_keyring_rlist rlist empty + +# stick twenty keys and twenty keyrings in the keyring +marker "ADD TWENTY KEYS" +keys="" +for ((i=0; i<20; i++)) + do + create_key user lizard$i gizzard$i $keyringid + expect_keyid x + keys="$keys $x" + list_keyring $keyringid + expect_keyring_rlist rlist $x +done + +marker "ADD TWENTY KEYRINGS" +for ((i=0; i<20; i++)) + do + create_keyring ring$i $keyringid + expect_keyid x + keys="$keys $x" + list_keyring $keyringid + expect_keyring_rlist rlist $x +done + +marker "CHECK KEYRING ORDERING" +list_keyring $keyringid +expect_keyring_rlist rlist +if [ "x$keys" != "x $rlist" ] +then + failed +fi + +marker "SHOW" +if ! keyctl show >>$OUTPUTFILE 2>&1 +then + failed +fi + +# delete all the keys from the keyring +marker "DELETE CONTENTS OF KEYRING" +for i in $keys + do + unlink_key --wait $i $keyringid + unlink_key --fail $i $keyringid + expect_error ENOKEY +done + +keyctl show + +# check that it's now empty +marker "LIST KEYRING" +list_keyring $keyringid +expect_keyring_rlist rlist empty + +# remove the keyring we added +marker "UNLINK KEY" +unlink_key $keyringid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/update/bad-args/runtest.sh b/tests/keyctl/update/bad-args/runtest.sh new file mode 100644 index 0000000..9d7971a --- /dev/null +++ b/tests/keyctl/update/bad-args/runtest.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# attempt to update the session keyring +marker "CHECK UPDATE SESSION KEYRING" +update_key --fail @s a +expect_error EOPNOTSUPP + +# attempt to update an invalid key +marker "CHECK UPDATE INVALID KEY" +update_key --fail 0 a +expect_error EINVAL + +# add a user key to the session keyring for us to play with +marker "ADD USER KEY" +create_key user wibble stuff @s +expect_keyid keyid + +# remove the key we just added +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# it should fail when we attempt to update it +marker "UPDATE UNLINKED KEY" +update_key --fail $keyid @s +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/update/noargs/runtest.sh b/tests/keyctl/update/noargs/runtest.sh new file mode 100644 index 0000000..3138e3b --- /dev/null +++ b/tests/keyctl/update/noargs/runtest.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "ADD NO ARGS" +expect_args_error keyctl update + +# check that one argument fails correctly +marker "ADD ONE ARG" +expect_args_error keyctl update user + +# check that three arguments fail correctly +marker "ADD THREE ARGS" +expect_args_error keyctl update user wibble stuff + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/update/userupdate/runtest.sh b/tests/keyctl/update/userupdate/runtest.sh new file mode 100644 index 0000000..27fccfd --- /dev/null +++ b/tests/keyctl/update/userupdate/runtest.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that we can add a user key to the session keyring +marker "ADD USER KEY" +create_key user wibble stuff @s +expect_keyid keyid + +# read back what we put in it +marker "PRINT PAYLOAD" +print_key $keyid +expect_payload payload "stuff" + +# check that we can update a user key +marker "UPDATE USER KEY" +update_key $keyid "lizard" + +# read back what we changed it to +marker "PRINT UPDATED PAYLOAD" +print_key $keyid +expect_payload payload "lizard" + +# remove the key we added +marker "UNLINK KEY" +unlink_key $keyid @s + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/prepare.inc.sh b/tests/prepare.inc.sh new file mode 100644 index 0000000..4200e92 --- /dev/null +++ b/tests/prepare.inc.sh @@ -0,0 +1,29 @@ +# preparation script for running keyring tests + +# --- need to run in own session keyring +if [ "x`keyctl rdescribe @s | sed 's/.*;//'`" != "xRHTS/keyctl/$$" ] +then + echo "Running with session keyring RHTS/keyctl/$$" + exec keyctl session "RHTS/keyctl/$$" sh $0 $@ || exit 8 +fi + +# Set up for the Red Hat Test System +RUNNING_UNDER_RHTS=0 +if [ -x /usr/bin/rhts_environment.sh ] +then + PACKAGE=$(rpm -q --qf "%{name}" --whatprovides /bin/keyctl) + . /usr/bin/rhts_environment.sh + RUNNING_UNDER_RHTS=1 +elif [ -z "$OUTPUTFILE" ] +then + OUTPUTFILE=$PWD/test.out + echo -n >$OUTPUTFILE +fi + +case `lsb_release -i | awk '{ print $3}'` in + Fedora*) OSDIST=Fedora;; + RedHatEnterprise*) OSDIST=RHEL;; + *) OSDIST=Unknown;; +esac + +OSVER=`lsb_release -r | awk '{ print $2}'` diff --git a/tests/runtest.sh b/tests/runtest.sh new file mode 100644 index 0000000..7fd6e5b --- /dev/null +++ b/tests/runtest.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +TESTS=$* + +PARENTTEST=${TEST} + +for i in ${TESTS}; do + export TEST=$i + pushd $i + sh ./runtest.sh || exit 1 + popd +done diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh new file mode 100644 index 0000000..1c5d792 --- /dev/null +++ b/tests/toolbox.inc.sh @@ -0,0 +1,985 @@ +############################################################################### +# +# Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. +# Written by David Howells (dhowells@redhat.com) +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version +# 2 of the License, or (at your option) any later version. +# +############################################################################### + +echo === $OUTPUTFILE === + +endian=`file -L /proc/$$/exe` +if expr "$endian" : '.* MSB executable.*' >&/dev/null +then + endian=BE +elif expr "$endian" : '.* LSB executable.*' >&/dev/null +then + endian=LE +else + echo -e "+++ \e[31;1mCan't Determine Endianness\e[0m" + echo "+++ Can't Determine Endianness" >>$OUTPUTFILE + exit 2 +fi + +maxtypelen=31 +maxtype=`for ((i=0; i<$((maxtypelen)); i++)); do echo -n a; done` + +PAGE_SIZE=`getconf PAGESIZE` +maxdesclen=$((PAGE_SIZE - 1)) +maxdesc=`for ((i=0; i<$((maxdesclen)); i++)); do echo -n a; done` +maxcall=$maxdesc + +maxsquota=`grep '^ *0': /proc/key-users | sed s@.*/@@` + +function marker () +{ + echo -e "+++ \e[33m$*\e[0m" + echo +++ $* >>$OUTPUTFILE +} + +function failed() +{ + echo -e "\e[31;1mFAILED\e[0m" + echo === FAILED === >>$OUTPUTFILE + keyctl show >>$OUTPUTFILE + echo ============== >>$OUTPUTFILE + result=FAIL +} + +function expect_args_error () +{ + "$@" >>$OUTPUTFILE 2>&1 + if [ $? != 2 ] + then + failed + fi + +} + +function toolbox_report_result() +{ + if [ $RUNNING_UNDER_RHTS = 1 ] + then + report_result $TEST $result + fi + if [ $result = FAIL ] + then + exit 1 + fi +} + +############################################################################### +# +# compare version numbers to see if the first is less (older) than the second +# +############################################################################### +function version_less_than () +{ + a=$1 + b=$2 + + if [ "$a" = "$b" ] + then + return 1 + fi + + # grab the leaders + x=${a%%-*} + y=${b%%-*} + + if [ "$x" = "$a" -o "$y" = "$b" ] + then + if [ "$x" = "$y" ] + then + [ "$x" = "$a" ] + else + __version_less_than_dot "$x" "$y" + fi + elif [ "$x" = "$y" ] + then + less_than "${a#*-}" "${b#*-}" + else + __version_less_than_dot "$x" "$y" + fi +} + +function __version_less_than_dot () +{ + a=$1 + b=$2 + + if [ "$a" = "$b" ] + then + return 1 + fi + + # grab the leaders + x=${a%%.*} + y=${b%%.*} + + if [ "$x" = "$a" -o "$y" = "$b" ] + then + if [ "$x" = "$y" ] + then + [ "$x" = "$a" ] + else + expr "$x" \< "$y" >/dev/null + fi + elif [ "$x" = "$y" ] + then + __version_less_than_dot "${a#*.}" "${b#*.}" + else + expr "$x" \< "$y" >/dev/null + fi +} + + +############################################################################### +# +# extract an error message from the log file and check it +# +############################################################################### +function expect_error () +{ + my_varname=$1 + + my_errmsg="`tail -1 $OUTPUTFILE`" + eval $my_varname="\"$my_errmsg\"" + + if [ $# != 1 ] + then + echo "Format: expect_error <symbol>" >>$OUTPUTFILE + failed + fi + + case $1 in + EPERM) my_err="Operation not permitted";; + EAGAIN) my_err="Resource temporarily unavailable";; + ENOENT) my_err="No such file or directory";; + EEXIST) my_err="File exists";; + ENOTDIR) my_err="Not a directory";; + EACCES) my_err="Permission denied";; + EINVAL) my_err="Invalid argument";; + ENODEV) my_err="No such device";; + ELOOP) my_err="Too many levels of symbolic links";; + EOPNOTSUPP) my_err="Operation not supported";; + EDEADLK) my_err="Resource deadlock avoided";; + EDQUOT) my_err="Disk quota exceeded";; + ENOKEY) + my_err="Required key not available" + old_err="Requested key not available" + alt_err="Unknown error 126" + ;; + EKEYEXPIRED) + my_err="Key has expired" + alt_err="Unknown error 127" + ;; + EKEYREVOKED) + my_err="Key has been revoked" + alt_err="Unknown error 128" + ;; + EKEYREJECTED) + my_err="Key has been rejected" + alt_err="Unknown error 129" + ;; + *) + echo "Unknown error message $1" >>$OUTPUTFILE + failed + ;; + esac + + if expr "$my_errmsg" : ".*: $my_err" >&/dev/null + then + : + elif [ "x$alt_err" != "x" ] && expr "$my_errmsg" : ".*: $alt_err" >&/dev/null + then + : + elif [ "x$old_err" != "x" ] && expr "$my_errmsg" : ".*: $old_err" >&/dev/null + then + : + else + failed + fi +} + +############################################################################### +# +# wait for a key to be destroyed (get removed from /proc/keys) +# +############################################################################### +function pause_till_key_destroyed () +{ + echo "+++ WAITING FOR KEY TO BE DESTROYED" >>$OUTPUTFILE + hexkeyid=`printf %08x $1` + + while grep $hexkeyid /proc/keys + do + sleep 1 + done +} + +############################################################################### +# +# wait for a key to be unlinked +# +############################################################################### +function pause_till_key_unlinked () +{ + echo "+++ WAITING FOR KEY TO BE UNLINKED" >>$OUTPUTFILE + + while true + do + echo keyctl unlink $1 $2 >>$OUTPUTFILE + keyctl unlink $1 $2 >>$OUTPUTFILE 2>&1 + if [ $? != 1 ] + then + failed + fi + + my_errmsg="`tail -1 $OUTPUTFILE`" + if ! expr "$my_errmsg" : ".*: No such file or directory" >&/dev/null + then + break + fi + done +} + +############################################################################### +# +# request a key and attach it to the new keyring +# +############################################################################### +function request_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl request "$@" >>$OUTPUTFILE + keyctl request "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# request a key and attach it to the new keyring, calling out if necessary +# +############################################################################### +function request_key_callout () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl request2 "$@" >>$OUTPUTFILE + keyctl request2 "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# request a key and attach it to the new keyring, calling out if necessary and +# passing the callout data in on stdin +# +############################################################################### +function prequest_key_callout () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + data="$1" + shift + + echo echo -n $data \| keyctl prequest2 "$@" >>$OUTPUTFILE + echo -n $data | keyctl prequest2 "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# create a key and attach it to the new keyring +# +############################################################################### +function create_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl add "$@" >>$OUTPUTFILE + keyctl add "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# create a key and attach it to the new keyring, piping in the data +# +############################################################################### +function pcreate_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + data="$1" + shift + + echo echo -n $data \| keyctl padd "$@" >>$OUTPUTFILE + echo -n $data | keyctl padd "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# create a key and attach it to the new keyring +# +############################################################################### +function create_keyring () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl newring "$@" >>$OUTPUTFILE + keyctl newring "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# extract a key ID from the log file +# +############################################################################### +function expect_keyid () +{ + my_varname=$1 + + my_keyid="`tail -1 $OUTPUTFILE`" + if expr "$my_keyid" : '[1-9][0-9]*' >&/dev/null + then + eval $my_varname=$my_keyid + + if [ $# = 2 -a "x$my_keyid" != "x$2" ] + then + failed + fi + else + eval $my_varname=no + result=FAIL + fi +} + +############################################################################### +# +# prettily list a keyring +# +############################################################################### +function pretty_list_keyring () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl list $1 >>$OUTPUTFILE + keyctl list $1 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# list a keyring +# +############################################################################### +function list_keyring () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl rlist $1 >>$OUTPUTFILE + keyctl rlist $1 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# extract a keyring listing from the log file and see if a key ID is contained +# therein +# +############################################################################### +function expect_keyring_rlist () +{ + my_varname=$1 + + my_rlist="`tail -1 $OUTPUTFILE`" + eval $my_varname="\"$my_rlist\"" + + if [ $# = 2 ] + then + if [ "$2" = "empty" ] + then + if [ "x$my_rlist" != "x" ] + then + failed + fi + else + my_found=0 + case "$my_rlist" in + $my_keyid|*\ $my_keyid|*\ $my_keyid\ *|$my_keyid\ *) + my_found=1 + ;; + esac + + if [ $my_found == 0 ] + then + failed + fi + fi + fi +} + +############################################################################### +# +# prettily describe a key +# +############################################################################### +function pretty_describe_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl describe $1 >>$OUTPUTFILE + keyctl describe $1 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# describe a key +# +############################################################################### +function describe_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl rdescribe $1 "@" >>$OUTPUTFILE + keyctl rdescribe $1 "@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# extract a raw key description from the log file and check it +# +############################################################################### +function expect_key_rdesc () +{ + my_varname=$1 + + my_rdesc="`tail -1 $OUTPUTFILE`" + eval $my_varname="\"$my_rdesc\"" + + if ! expr "$my_rdesc" : "$2" >&/dev/null + then + failed + fi +} + +############################################################################### +# +# read a key's payload as a hex dump +# +############################################################################### +function read_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl read $1 >>$OUTPUTFILE + keyctl read $1 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# read a key's payload as a printable string +# +############################################################################### +function print_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl print $1 >>$OUTPUTFILE + keyctl print $1 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# pipe a key's raw payload to stdout +# +############################################################################### +function pipe_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl pipe $1 >>$OUTPUTFILE + keyctl pipe $1 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# extract a printed payload from the log file +# +############################################################################### +function expect_payload () +{ + my_varname=$1 + + my_payload="`tail -1 $OUTPUTFILE`" + eval $my_varname="\"$my_payload\"" + + if [ $# == 2 -a "x$my_payload" != "x$2" ] + then + failed + fi +} + +############################################################################### +# +# revoke a key +# +############################################################################### +function revoke_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl revoke $1 >>$OUTPUTFILE + keyctl revoke $1 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# unlink a key from a keyring +# +############################################################################### +function unlink_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + my_wait=0 + if [ "x$1" = "x--wait" ] + then + my_wait=1 + shift + fi + + echo keyctl unlink $1 $2 >>$OUTPUTFILE + keyctl unlink $1 $2 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi + + # keys are destroyed lazily + if [ $my_wait = 1 ] + then + pause_till_key_unlinked $1 $2 + fi +} + +############################################################################### +# +# update a key from a keyring +# +############################################################################### +function update_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl update $1 $2 >>$OUTPUTFILE + keyctl update $1 $2 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# update a key from a keyring, piping the data in over stdin +# +############################################################################### +function pupdate_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo echo -n $2 \| keyctl pupdate $1 >>$OUTPUTFILE + echo -n $2 | keyctl pupdate $1 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# clear a keyring +# +############################################################################### +function clear_keyring () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl clear $1 >>$OUTPUTFILE + keyctl clear $1 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# link a key to a keyring +# +############################################################################### +function link_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl link $1 $2 >>$OUTPUTFILE + keyctl link $1 $2 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# search for a key in a keyring +# +############################################################################### +function search_for_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl search "$@" >>$OUTPUTFILE + keyctl search "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# set the permissions mask on a key +# +############################################################################### +function set_key_perm () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl setperm "$@" >>$OUTPUTFILE + keyctl setperm "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# set the ownership of a key +# +############################################################################### +function chown_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl chown "$@" >>$OUTPUTFILE + keyctl chown "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# set the group ownership of a key +# +############################################################################### +function chgrp_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl chgrp "$@" >>$OUTPUTFILE + keyctl chgrp "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# run as a new session +# +############################################################################### +function new_session () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl session "$@" >>$OUTPUTFILE + keyctl session "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# instantiate a key +# +############################################################################### +function instantiate_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl instantiate "$@" >>$OUTPUTFILE + keyctl instantiate "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# instantiate a key, piping the data in over stdin +# +############################################################################### +function pinstantiate_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + data="$1" + shift + + echo echo -n $data \| keyctl pinstantiate "$@" >>$OUTPUTFILE + echo -n $data | keyctl pinstantiate "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# negate a key +# +############################################################################### +function negate_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl negate "$@" >>$OUTPUTFILE + keyctl negate "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# +# set a key's expiry time +# +############################################################################### +function timeout_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + fi + + echo keyctl timeout $1 $2 >>$OUTPUTFILE + keyctl timeout $1 $2 >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} |