blob: ddd7e2a2b4b822a8269a8ef4d34c5cf3e196aaaf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
#!/bin/bash
. ../../../prepare.inc.sh
. ../../../toolbox.inc.sh
# ---- do the actual testing ----
if [ $have_grant = 0 ]
then
toolbox_skip_test $TEST "SKIPPING DUE TO LACK OF GRANT PERMIT"
exit 0
fi
result=PASS
echo "++++ BEGINNING TEST" >$OUTPUTFILE
# create a keyring and attach it to the session keyring
marker "ADD KEYRING"
create_keyring wibble @s
expect_keyid keyringid
# Create a key and remove most permissions from the key; just leave setsec for
# the owner.
marker "ADD KEY"
create_key user lizard gizzard $keyringid
expect_keyid keyid
marker "REMOVE PERMITS"
grant_key_permit $keyid own S
grant_key_permit $keyid pos 0
grant_key_permit $keyid grp 0
grant_key_permit $keyid all 0
# Test the View permit
marker "TEST VIEW"
describe_key --fail $keyid
expect_error EACCES
grant_key_permit $keyid all v
describe_key $keyid
grant_key_permit $keyid all 0
describe_key --fail $keyid
expect_error EACCES
# Test the Read permit
marker "TEST READ"
read_key --fail $keyid
expect_error EACCES
grant_key_permit $keyid all r
read_key $keyid
grant_key_permit $keyid all 0
read_key --fail $keyid
expect_error EACCES
# Test the Write permit
marker "TEST WRITE"
update_key --fail $keyid "lizard"
expect_error EACCES
grant_key_permit $keyid all w
update_key $keyid "lizard"
grant_key_permit $keyid all 0
update_key --fail $keyid "lizard"
expect_error EACCES
# Test the Search permit (we're allowed to read a key we can search out)
marker "TEST SEARCH"
read_key --fail $keyid
expect_error EACCES
grant_key_permit $keyid pos s
read_key $keyid
grant_key_permit $keyid pos 0
read_key --fail $keyid
expect_error EACCES
# Test the Link permit
marker "TEST LINK"
link_key --fail $keyid @s
expect_error EACCES
grant_key_permit $keyid all l
link_key $keyid @s
grant_key_permit $keyid all 0
link_key --fail $keyid @s
expect_error EACCES
unlink_key $keyid @s
# Test the Clear permit
marker "TEST CLEAR"
clear_keyring --fail $keyid
expect_error EACCES
grant_key_permit $keyid all c
clear_keyring --fail $keyid
expect_error ENOTDIR
grant_key_permit $keyid all 0
clear_keyring --fail $keyid
expect_error EACCES
# Test the Join permit
marker "TEST JOIN"
grant_key_permit $keyid all j
grant_key_permit $keyid all 0
# Test the Invalidate permit
marker "TEST INVAL"
invalidate_key --fail $keyid
expect_error EACCES
grant_key_permit $keyid all I
invalidate_key $keyid
grant_key_permit --fail $keyid all 0
expect_error ENOKEY
invalidate_key --fail $keyid
expect_error ENOKEY
# Create a key and remove most permissions from the key; just leave setsec for
# the owner.
marker "ADD KEY 2"
create_key user lizard gizzard $keyringid
expect_keyid keyid
marker "REMOVE PERMITS 2"
grant_key_permit $keyid own S
grant_key_permit $keyid pos 0
grant_key_permit $keyid grp 0
grant_key_permit $keyid all 0
# Test the Revoke permit
marker "TEST REVOKE"
revoke_key --fail $keyid
expect_error EACCES
grant_key_permit $keyid all R
revoke_key $keyid
grant_key_permit --fail $keyid all 0
expect_error EKEYREVOKED
revoke_key --fail $keyid
expect_error EKEYREVOKED
# Create a key and remove most permissions from the key; just leave setsec and
# view for the owner.
marker "ADD KEY 3"
create_key user lizard gizzard $keyringid
expect_keyid keyid
marker "REMOVE PERMITS 3"
grant_key_permit $keyid own Sv
grant_key_permit $keyid pos 0
grant_key_permit $keyid grp 0
grant_key_permit $keyid all 0
# Test the Set Security permit
marker "TEST SET SECURITY"
describe_key $keyid
grant_key_permit $keyid own v
describe_key $keyid
grant_key_permit --fail $keyid own Sv
expect_error EACCES
# remove the keyring we added
marker "UNLINK KEYRING"
unlink_key $keyringid @s
echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
# --- then report the results in the database ---
toolbox_report_result $TEST $result
|
