tests/keyctl/move/valid/runtest.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230

#!/bin/bash

. ../../../prepare.inc.sh
. ../../../toolbox.inc.sh


# ---- do the actual testing ----

result=PASS
echo "++++ BEGINNING TEST" >$OUTPUTFILE

# create a keyring and attach it to the session keyring
marker "ADD KEYRING"
create_keyring wibble @s
expect_keyid keyringid

# stick a key in the keyring
marker "ADD KEY"
create_key user lizard gizzard $keyringid
expect_keyid keyid

# check that we can list it
marker "LIST KEYRING WITH ONE"
list_keyring $keyringid
expect_keyring_rlist rlist $keyid

# move the key across to the session keyring
marker "MOVE KEY 1"
move_key $keyid $keyringid @s

marker "CHECK KEY LINKAGE"
list_keyring @s
expect_keyring_rlist srlist $keyid

marker "CHECK KEY REMOVED"
list_keyring $keyringid
expect_keyring_rlist rlist $keyid --absent

# Repeating the move should fail
marker "MOVE KEY 2"
move_key --fail $keyid $keyringid @s
expect_error ENOENT

marker "FORCE MOVE KEY 2"
move_key --fail -f $keyid $keyringid @s
expect_error ENOENT

# Move the key back again
marker "MOVE KEY 3"
move_key $keyid @s $keyringid

marker "MOVE KEY 4"
move_key --fail -f $keyid @s $keyringid
expect_error ENOENT

# Create a conflicting key and try to have an unforced move displace it
marker "ADD KEY 2"
create_key user lizard gizzard @s
expect_keyid keyid2

marker "MOVE KEY 5"
move_key --fail $keyid $keyringid @s
expect_error EEXIST

marker "CHECK KEY UNMOVED"
list_keyring $keyringid
expect_keyring_rlist rlist $keyid

marker "CHECK KEY UNDISPLACED"
list_keyring @s
expect_keyring_rlist srlist $keyid --absent
expect_keyring_rlist srlist $keyid2

# Now try a forced move
marker "FORCE MOVE KEY 6"
move_key -f $keyid $keyringid @s

marker "CHECK KEY REMOVED"
list_keyring $keyringid
expect_keyring_rlist rlist $keyid --absent
expect_keyring_rlist rlist $keyid2 --absent

marker "CHECK KEY DISPLACED"
list_keyring @s
expect_keyring_rlist srlist $keyid
expect_keyring_rlist srlist $keyid2 --absent

# Remove the link (the key should be destroyed)
marker "UNLINK KEY FROM SESSION"
unlink_key --wait $keyid @s

# Removing again should fail
unlink_key --fail $keyid @s
expect_error ENOKEY

# Remove that key from the keyring should also fail
marker "UNLINK KEY FROM KEYRING"
unlink_key --fail $keyid $keyringid
expect_error ENOKEY

###############################################################################
# Create a second keyring in the first
create_keyring "zebra" $keyringid
expect_keyid keyring2id

# Move thrice between the session keyring and back
marker "LINK 2ND KEYRING TO SESSION"
move_key $keyring2id $keyringid @s
move_key $keyring2id @s $keyringid
move_key $keyring2id $keyringid @s

# Subsequent links should displace earlier links, giving us a maximum of 1 link
marker "COUNT KEYRING LINKS"
list_keyring @s
expect_keyring_rlist srlist

nlinks=0
for i in $srlist
  do
  if [ "x$i" = "x$keyring2id" ]
  then
      nlinks=$(($nlinks + 1))
  fi
done

if [ $nlinks != 1 ]
then
    failed
fi

# Remove the keyring links, destroying it
marker "UNLINK 2ND KEYRING FROM SESSION"
unlink_key --wait $keyring2id @s

# Removing again should fail
marker "RE-UNLINK"
unlink_key --fail $keyring2id @s
expect_error ENOKEY
marker "RE-UNLINK 2"
unlink_key --fail $keyring2id $keyringid
expect_error ENOKEY

###############################################################################
# Create a second keyring in the session keyring
create_keyring "zebra" @s
expect_keyid keyring2id

# Add a key to the session keyring and link it into each keyring
marker "ADD KEY 3"
create_key user lizard gizzard @s
expect_keyid keyid

marker "LINK KEY"
link_key $keyid $keyringid
marker "LINK KEY 2"
link_key $keyid $keyring2id

# Try to move the links from the keyrings into the session keyring
marker "MOVE LINK"
move_key --fail $keyid $keyringid @s
expect_error EEXIST

marker "CHECK LINK"
list_keyring $keyringid
expect_keyring_rlist rlist $keyid

marker "MOVE LINK 2"
move_key --fail $keyid $keyring2id @s
expect_error EEXIST

marker "CHECK LINK 2"
list_keyring $keyring2id
expect_keyring_rlist rlist $keyid

marker "MOVE LINK 3"
move_key $keyid @s @s

marker "CHECK LINK 3"
list_keyring @s
expect_keyring_rlist srlist $keyid

# Try to force move the links from the keyrings into the session keyring
marker "FORCE MOVE LINK"
move_key -f $keyid $keyringid @s

marker "CHECK LINK 4"
list_keyring $keyringid
expect_keyring_rlist rlist $keyid --absent

marker "CHECK LINK 4s"
list_keyring @s
expect_keyring_rlist srlist $keyid

marker "FORCE MOVE LINK 2"
move_key -f $keyid $keyring2id @s

marker "CHECK LINK 5"
list_keyring $keyring2id
expect_keyring_rlist rlist $keyid --absent

marker "CHECK LINK 5s"
list_keyring @s
expect_keyring_rlist srlist $keyid

marker "FORCE MOVE LINK 3"
move_key -f $keyid @s @s

marker "CHECK LINK 6"
list_keyring @s
expect_keyring_rlist srlist $keyid

# Move the key between keyrings
marker "ROTATE"
move_key $keyid @s $keyringid
move_key $keyid $keyringid $keyring2id
move_key $keyid $keyring2id @s

marker "UNLINK KEY"
unlink_key $keyid @s

# remove the keyrings
marker "UNLINK KEYRING 1"
unlink_key --wait $keyringid @s
marker "UNLINK KEYRING 2"
unlink_key --wait $keyring2id @s

echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE

# --- then report the results in the database ---
toolbox_report_result $TEST $result