| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Fix mixed up version number checking. 3.5-rc1 is a kernel version number, not
a keyutils one.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Disable checks for AVCs by the test infrastructure in the bz1031154 testcase
because we intentionally generate AVCs as part of the test.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Place exclusions for a couple of tests that fail under RHEL-5.
https://bugzilla.redhat.com/show_bug.cgi?id=1075655
The problems are:
(1) keyctl/show/valid fails because "keyctl show" doesn't handle nested
keyrings with a depth of more than 2-3 correctly.
(2) keyctl/show/valid fails because the output of "keyctl show" doesn't allow
a big enough field for the key serial ID.
(3) keyctl/padd/useradd fails because the "keyctl padd" & co. are limited to
~64KB of data rather than 1MB-1.
(4) keyctl/padd/useradd fails because the "keyctl padd" & co. can't handle NUL
chars in their input.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The key invalidation test may fail because the check for a key having been
invalidated may occur too quickly after the call to invalidate the key.
The problem is that whilst the key is marked invalidated immediately, the
subsequent process of garbage collecting the invalidated key isn't synchronous
and may be delayed as the keyrings gc is merely scheduled to be run at some
later time.
Stick a small delay in there to give the gc a chance to run.
Bugzilla-entry: https://bugzilla.redhat.com/show_bug.cgi?id=1072798
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Make it possible to use OSRELEASE with the version comparison functions.
Currently it's set to a text string (eg. "6.5") but not set to a numeric type
(which it can't be since it's not a simple number). This means that the shell
numeric comparison operators (eg. "-lt") cannot be used.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Key invalidation only came in with 3.5-rc1. Don't use it if the running
kernel doesn't support it.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
keyctl padd tests can't use big_key type if it's not available because the
kernel is too old.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
keyctl show only takes an argument from 1.5.4 onwards, so it cannot be tested
for prior to that.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
Don't use "%..." key search commands generally in the testsuite so that more
of it can be run on platforms for which the keyutils package installed doesn't
support this feature.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Display the name of the test we're about to run to make it easier to work out
which test went wrong.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
Can't do the bz1031154 test before 3.13-rc1 so skip the test if the kernel is
too old. The big_key facility was backported to the 3.10 kernel used by
RHEL-7 so permit the test there.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Make toolbox_report_result use its parameters rather than going directly to
the TEST envvar. Possibly the first parameter should be dropped.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Add a function to the toolbox to record skipped tests.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Make sure the TEST envvar is set so that the scripts don't break if it isn't.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Provide function to check for the kernel version to use in feature checks.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Include version.inc.sh from prepare.inc.sh rather than toolbox.inc.sh so that
prepare.inc.sh can test for the presence of features.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Move all the version checking functions into version.inc.sh.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Test that keyrings of the same name can be linked together. This is a check
for:
https://bugzilla.redhat.com/show_bug.cgi?id=1071346
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
All files pertinent to the testsuite need to be declared in the FILES= macro
in the tests/Makefile so that the testing infrastructure knows what is
relevant.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When relying on external commands, such as getenforce, skip the test if
the required commands are unavailable.
This patch adds a function to the toolbox that allows tests to declare
their required commands at the top of the test script.
If which cannot locate the command, a message is written to the output
file, a marker is printed indicating which command is missing, and the
test script is terminated with a passing result.
Additionally, the patch adds require_command declarations for commands
required in the bz1031154 test.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 5.14 release of file outputs an extra space after [LM]SB:
$ ./src/file -m magic/magic.mgc -L /proc/$$/exe
/proc/12755/exe: ELF 64-bit LSB executable, ...
This was due to the elf magic file containing some trailing spaces in
the 5.14 release.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The test runner and test scripts make use of non-POSIX (Bash specific)
features that cause problems when Bash is not /bin/sh. All mentions of
/bin/sh should be changed to /bin/bash to work on systems that, for
example, use Dash for /bin/sh.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix some miscellaneous bits in the test suite:
(1) In makescript $(wild ...) isn't a make function, $(wildcard ...) should
be used instead.
(2) Emit more metadata.
(3) Remove a trailing blank line.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
| |
Add manual pages to section 7 describing various keyrings concepts.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Improve the keyctl_read[_alloc]() manpage.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Add a Developer's Certificate of Origin for the use of people submitting
patches.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Move manual pages to their own subdir to tidy the sources up.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
The KEY_OTH_SETATTR constant macro is defined incorrectly.
Signed-off-by: James Muir <james.muir@graphitesoftware.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This reverts commit ed72a1dfc56a4f5428affb1659d6812d54e392c5.
The problem is that the buffer argument might validly be NULL, leading to a
SEGV when we try to check for the NUL termination.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In the keyctl program, when searching the command table, don't trust that an
overlong argument name won't cause memcpy() to segfault. This is unlikely to
be a problem as any efficient memcpy() is going to start scanning from the
lowest address, given that it has to report on the lowest-addressed difference
if there is one.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1) Check the success of strtol() correctly when parsing the key ID - and
make sure the key ID isn't blank beforehand.
(2) buf and callout_info in main() are guaranteed to be NULL at the point
they're tested prior to calling keyctl_describe_alloc() and
keyctl_read_alloc() so the if-statements are redundant.
(3) In append_address_to_payload() remove an if-statement that can never
trigger, given the if-statement it's embedded within.
(4) usage() doesn't know of a key ID to negate, so don't do that.
(5) The 'key' argument to dns_query_*() is redundant given the global
variable of the same name holding the same value.
(6) dns_query_a_or_aaaa() declares a local variable masking the 'key'
argument and global variable in an inner scope.
(7) DNS_EXPIRY_PREFIX, DNS_EXPIRY_TIME_LEN and AFSDB_MAX_DATA_LEN are all
unused and LIST_MULTIPLE_ITEMS is only set, never read, so delete them
all.
(8) Make append_address_to_payload() copy the argument if it's not a
duplicate rather than copying it in the caller then discarding when we
find out it is a duplicate.
(9) Move vllist[] and vlsnum into afsdb_hosts_to_addrs() rather than passing
them in from the caller where they aren't otherwise used.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Wang Lei <wang840925@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Don't use realloc() in keyctl_{describe,read,get_security}_alloc() as it
doesn't free the argument buffer if it fails and it will copy the empty buffer
if it moves it.
Use malloc+free instead.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Use the correct path macros in the specfile.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Check the description string is NUL-terminated retrieved by keyctl_describe()
included a NUL-terminator in its length.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Don't trust sscanf()'s %n argument just in case the space immediately before
it didn't match anything as sscanf() doesn't tell you if it was set.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Only get the groups list if calc_perms() is called as there's no point
grabbing the list otherwise.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Fix a leak of the description string memory from each key visited in
dump_key_tree_aux() in the keyctl program.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
Exit rather than returning from act_xxx() functions so that the Coverity
checker doesn't think that memory is leaked from functions that allocate
memory.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Use the keyctl_describe_alloc() library function in dump_key_tree_aux() in the
keyctl program rather than open coding it.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Fix some memory leaks in error paths where a previously allocated buffer is
not freed if we get an error.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
The kernel changed its behaviour with regard to the error code it returns when
the first key a search found was revoked and no valid key was found. It used
to return ENOKEY and now returns EKEYREVOKED.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Check maximum size of payload to add_key() using the keyctl padd function.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Check depth of tree output by "keyctl show" to make sure it shows the full
depth and not an abbreviated tree.
Also, whilst we're at it, check that we can show the contents of a nominated
keyring.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Test the key invalidation functionality.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Test for the problem reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=1031154
whereby the kernel's attempts to access the shmem file used by a big_key type
to store large data can be denied by the SELinux policy.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Test for the problem reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=1033467
whereby 17 keyrings added into another, previously empty keyring cause a
number of bugs to appear (since the kernel patch to expand keyring capacity).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Add manual pages for keyctl_get_persistent() and keyctl get_persistent.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
Fix the shell function version_less_than and associates in the toolbox to
handle -rcN in version numbers correctly so that kernel versions can be
compared.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Fix the link recursion test to create the ninth keyring in the session keyring
and then link it into the eighth so that we can set the permissions mask upon
it (if we create it *in* the eighth keyring then we can't set the permissions
mask as we don't have possessee permission due to recursion limits preventing
possessee discovery).
Signed-off-by: David Howells <dhowells@redhat.com>
|