From 3153aa73f1a5eda24eec08901ed162e674c97543 Mon Sep 17 00:00:00 2001 From: David Howells Date: Wed, 28 Aug 2019 14:07:59 +0100 Subject: test: Grant permissions Test permission granting using the internal ACL. Signed-off-by: David Howells --- tests/keyctl/grant/bad-args/runtest.sh | 3 +-- tests/keyctl/grant/valid/runtest.sh | 12 ++++-------- tests/keyctl/grant/valid2/runtest.sh | 19 +++++++------------ tests/keyctl/grant/valid3/runtest.sh | 19 +++++++------------ tests/keyctl/grant/valid4/runtest.sh | 19 +++++++------------ tests/keyctl/grant/valid5/runtest.sh | 19 +++++++------------ tests/toolbox.inc.sh | 8 +++++++- 7 files changed, 40 insertions(+), 59 deletions(-) diff --git a/tests/keyctl/grant/bad-args/runtest.sh b/tests/keyctl/grant/bad-args/runtest.sh index 6e8e1a2..1b61097 100644 --- a/tests/keyctl/grant/bad-args/runtest.sh +++ b/tests/keyctl/grant/bad-args/runtest.sh @@ -22,8 +22,7 @@ expect_error EINVAL # create a non-keyring marker "CREATE KEY" -create_key user lizard gizzard @s -expect_keyid keyid +create_key --new=keyid user lizard gizzard @s # check that unsupported permissions aren't permitted marker "CHECK PERMS" diff --git a/tests/keyctl/grant/valid/runtest.sh b/tests/keyctl/grant/valid/runtest.sh index ddd7e2a..8d0c515 100644 --- a/tests/keyctl/grant/valid/runtest.sh +++ b/tests/keyctl/grant/valid/runtest.sh @@ -17,14 +17,12 @@ echo "++++ BEGINNING TEST" >$OUTPUTFILE # create a keyring and attach it to the session keyring marker "ADD KEYRING" -create_keyring wibble @s -expect_keyid keyringid +create_keyring --new=keyringid wibble @s # Create a key and remove most permissions from the key; just leave setsec for # the owner. marker "ADD KEY" -create_key user lizard gizzard $keyringid -expect_keyid keyid +create_key --new=keyid user lizard gizzard $keyringid marker "REMOVE PERMITS" grant_key_permit $keyid own S grant_key_permit $keyid pos 0 @@ -112,8 +110,7 @@ expect_error ENOKEY # Create a key and remove most permissions from the key; just leave setsec for # the owner. marker "ADD KEY 2" -create_key user lizard gizzard $keyringid -expect_keyid keyid +create_key --new=keyid user lizard gizzard $keyringid marker "REMOVE PERMITS 2" grant_key_permit $keyid own S grant_key_permit $keyid pos 0 @@ -134,8 +131,7 @@ expect_error EKEYREVOKED # Create a key and remove most permissions from the key; just leave setsec and # view for the owner. marker "ADD KEY 3" -create_key user lizard gizzard $keyringid -expect_keyid keyid +create_key --new=keyid user lizard gizzard $keyringid marker "REMOVE PERMITS 3" grant_key_permit $keyid own Sv grant_key_permit $keyid pos 0 diff --git a/tests/keyctl/grant/valid2/runtest.sh b/tests/keyctl/grant/valid2/runtest.sh index 51091be..1fc6bfa 100644 --- a/tests/keyctl/grant/valid2/runtest.sh +++ b/tests/keyctl/grant/valid2/runtest.sh @@ -17,14 +17,12 @@ echo "++++ BEGINNING TEST" >$OUTPUTFILE # create a keyring and attach it to the session keyring marker "ADD KEYRING" -create_keyring wibble @s -expect_keyid keyringid +create_keyring --new=keyringid wibble @s # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS" grant_key_permit $keyid own S grant_key_permit $keyid pos 0 @@ -56,8 +54,7 @@ marker "TEST WRITE" create_key --fail user lizard gizzard $keyid expect_error EACCES grant_key_permit $keyid all w -create_key user lizard gizzard $keyid -expect_keyid keyid2 +create_key --new=keyid2 user lizard gizzard $keyid grant_key_permit $keyid all 0 unlink_key --fail $keyid $keyid2 expect_error EACCES @@ -69,7 +66,7 @@ marker "TEST SEARCH" search_for_key --fail $keyid user lizard expect_error EACCES grant_key_permit $keyid pos s -search_for_key $keyid user lizard +search_for_key --expect=$keyid2 $keyid user lizard grant_key_permit $keyid pos 0 search_for_key --fail $keyid user lizard expect_error EACCES @@ -78,7 +75,7 @@ marker "TEST SEARCH 2" search_for_key --fail @s user lizard expect_error ENOKEY grant_key_permit $keyid pos s -search_for_key @s user lizard +search_for_key --expect=$keyid2 @s user lizard grant_key_permit $keyid pos 0 search_for_key --fail @s user lizard expect_error ENOKEY @@ -132,8 +129,7 @@ expect_error ENOKEY # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING 2" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS 2" grant_key_permit $keyid own S grant_key_permit $keyid pos 0 @@ -154,8 +150,7 @@ expect_error EKEYREVOKED # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING 3" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS 3" grant_key_permit $keyid all Sv grant_key_permit $keyid own 0 diff --git a/tests/keyctl/grant/valid3/runtest.sh b/tests/keyctl/grant/valid3/runtest.sh index e2003f2..3457e6b 100644 --- a/tests/keyctl/grant/valid3/runtest.sh +++ b/tests/keyctl/grant/valid3/runtest.sh @@ -17,14 +17,12 @@ echo "++++ BEGINNING TEST" >$OUTPUTFILE # create a keyring and attach it to the session keyring marker "ADD KEYRING" -create_keyring wibble @s -expect_keyid keyringid +create_keyring --new=keyringid wibble @s # Create a keyring and remove most permissions from it; leaving just # setsec for everyone. marker "ADD KEYRING" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS" grant_key_permit $keyid all S grant_key_permit $keyid own 0 @@ -56,8 +54,7 @@ marker "TEST WRITE" create_key --fail user lizard gizzard $keyid expect_error EACCES grant_key_permit $keyid own w -create_key user lizard gizzard $keyid -expect_keyid keyid2 +create_key --new=keyid2 user lizard gizzard $keyid grant_key_permit $keyid own 0 unlink_key --fail $keyid $keyid2 expect_error EACCES @@ -69,7 +66,7 @@ marker "TEST SEARCH" search_for_key --fail $keyid user lizard expect_error EACCES grant_key_permit $keyid pos s -search_for_key $keyid user lizard +search_for_key --expect=$keyid2 $keyid user lizard grant_key_permit $keyid pos 0 search_for_key --fail $keyid user lizard expect_error EACCES @@ -78,7 +75,7 @@ marker "TEST SEARCH 2" search_for_key --fail @s user lizard expect_error ENOKEY grant_key_permit $keyid pos s -search_for_key @s user lizard +search_for_key --expect=$keyid2 @s user lizard grant_key_permit $keyid pos 0 search_for_key --fail @s user lizard expect_error ENOKEY @@ -132,8 +129,7 @@ expect_error ENOKEY # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING 2" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS 2" grant_key_permit $keyid all S grant_key_permit $keyid own 0 @@ -154,8 +150,7 @@ expect_error EKEYREVOKED # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING 3" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS 3" grant_key_permit $keyid own Sv grant_key_permit $keyid pos 0 diff --git a/tests/keyctl/grant/valid4/runtest.sh b/tests/keyctl/grant/valid4/runtest.sh index aabcc3b..8605098 100644 --- a/tests/keyctl/grant/valid4/runtest.sh +++ b/tests/keyctl/grant/valid4/runtest.sh @@ -17,14 +17,12 @@ echo "++++ BEGINNING TEST" >$OUTPUTFILE # create a keyring and attach it to the session keyring marker "ADD KEYRING" -create_keyring wibble @s -expect_keyid keyringid +create_keyring --new=keyringid wibble @s # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS" grant_key_permit $keyid own S grant_key_permit $keyid pos 0 @@ -56,8 +54,7 @@ marker "TEST WRITE" create_key --fail user lizard gizzard $keyid expect_error EACCES grant_key_permit $keyid grp w -create_key user lizard gizzard $keyid -expect_keyid keyid2 +create_key --new=keyid2 user lizard gizzard $keyid grant_key_permit $keyid grp 0 unlink_key --fail $keyid $keyid2 expect_error EACCES @@ -69,7 +66,7 @@ marker "TEST SEARCH" search_for_key --fail $keyid user lizard expect_error EACCES grant_key_permit $keyid pos s -search_for_key $keyid user lizard +search_for_key --expect=$keyid2 $keyid user lizard grant_key_permit $keyid pos 0 search_for_key --fail $keyid user lizard expect_error EACCES @@ -78,7 +75,7 @@ marker "TEST SEARCH 2" search_for_key --fail @s user lizard expect_error ENOKEY grant_key_permit $keyid pos s -search_for_key @s user lizard +search_for_key --expect=$keyid2 @s user lizard grant_key_permit $keyid pos 0 search_for_key --fail @s user lizard expect_error ENOKEY @@ -132,8 +129,7 @@ expect_error ENOKEY # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING 2" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS 2" grant_key_permit $keyid own S grant_key_permit $keyid pos 0 @@ -154,8 +150,7 @@ expect_error EKEYREVOKED # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING 3" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS 3" grant_key_permit $keyid grp Sv grant_key_permit $keyid own 0 diff --git a/tests/keyctl/grant/valid5/runtest.sh b/tests/keyctl/grant/valid5/runtest.sh index 1d2b6b4..4c0329e 100644 --- a/tests/keyctl/grant/valid5/runtest.sh +++ b/tests/keyctl/grant/valid5/runtest.sh @@ -17,14 +17,12 @@ echo "++++ BEGINNING TEST" >$OUTPUTFILE # create a keyring and attach it to the session keyring marker "ADD KEYRING" -create_keyring wibble @s -expect_keyid keyringid +create_keyring --new=keyringid wibble @s # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS" grant_key_permit $keyid own S grant_key_permit $keyid pos 0 @@ -62,8 +60,7 @@ marker "TEST WRITE" create_key --fail user lizard gizzard $keyid expect_error EACCES grant_key_permit $keyid pos ws -create_key user lizard gizzard $keyid -expect_keyid keyid2 +create_key --new=keyid2 user lizard gizzard $keyid grant_key_permit $keyid pos 0 unlink_key --fail $keyid $keyid2 expect_error EACCES @@ -75,7 +72,7 @@ marker "TEST SEARCH" search_for_key --fail $keyid user lizard expect_error EACCES grant_key_permit $keyid pos s -search_for_key $keyid user lizard +search_for_key --expect=$keyid2 $keyid user lizard grant_key_permit $keyid pos 0 search_for_key --fail $keyid user lizard expect_error EACCES @@ -84,7 +81,7 @@ marker "TEST SEARCH 2" search_for_key --fail @s user lizard expect_error ENOKEY grant_key_permit $keyid pos s -search_for_key @s user lizard +search_for_key --expect=$keyid2 @s user lizard grant_key_permit $keyid pos 0 search_for_key --fail @s user lizard expect_error ENOKEY @@ -149,8 +146,7 @@ expect_error ENOKEY # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING 2" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS 2" grant_key_permit $keyid own S grant_key_permit $keyid pos 0 @@ -174,8 +170,7 @@ expect_error EKEYREVOKED # Create a keyring and remove most permissions from it; leaving just # setsec for the owner. marker "ADD KEYRING 3" -create_keyring lizard $keyringid -expect_keyid keyid +create_keyring --new=keyid lizard $keyringid marker "REMOVE PERMITS 3" grant_key_permit $keyid pos Ssv grant_key_permit $keyid own 0 diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh index 4af465f..c3c9f88 100644 --- a/tests/toolbox.inc.sh +++ b/tests/toolbox.inc.sh @@ -1422,8 +1422,14 @@ function grant_key_permit () echo keyctl grant "$@" >>$OUTPUTFILE keyctl grant "$@" >>$OUTPUTFILE 2>&1 - if [ $? != $my_exitval ] + e=$? + if [ $e = $my_exitval ] then + if [ $e = 0 ] + then + check_notify setattr $1 + fi + else failed fi } -- cgit v1.2.1