tests/keyctl/search/valid/runtest.sh - linux/kernel/git/dhowells/keyutils - Git at Google

 #!/bin/bash

 . ../../../prepare.inc.sh
 . ../../../toolbox.inc.sh


 # ---- do the actual testing ----

 result=PASS
 echo "++++ BEGINNING TEST" >$OUTPUTFILE

 # create a pair of keyrings and attach them to the session keyring
 marker "ADD KEYRING"
 create_keyring --new=keyringid wibble @s
 create_keyring --new=keyring2id wibble2 @s

 # stick a key in the keyring
 marker "ADD KEY"
 create_key --new=keyid user lizard gizzard $keyringid

 # check that we can list it
 marker "LIST KEYRING WITH ONE"
 list_keyring $keyringid
 expect_keyring_rlist rlist $keyid

 # search the session keyring for a non-existent key
 marker "SEARCH SESSION FOR NON-EXISTENT KEY"
 search_for_key --fail @s user snake
 expect_error ENOKEY

 # search the session keyring for the key
 marker "SEARCH SESSION"
 search_for_key --expect=$keyid @s user lizard

 # search the session keyring for the key and attach to second keyring
 marker "SEARCH SESSION AND ATTACH"
 search_for_key --expect=$keyid @s user lizard $keyring2id

 # check it's attached to the second keyring
 marker "CHECK ATTACHED"
 list_keyring $keyring2id
 expect_keyring_rlist rlist $keyid

 # check the key contains what we expect
 marker "CHECK PAYLOAD"
 print_key $keyid
 expect_payload payload "gizzard"

 # detach the attachment just made
 marker "DETACH KEY"
 unlink_key $keyid $keyring2id

 # create an overlapping key in the second keyring
 create_key --new=keyid2 user lizard skin $keyring2id

 # check the two keys contain what we expect
 marker "CHECK PAYLOADS"
 print_key $keyid
 expect_payload payload "gizzard"
 print_key $keyid2
 expect_payload payload "skin"

 # a search from the session keyring should find the first key
 marker "SEARCH SESSION AGAIN"
 search_for_key --expect=$keyid @s user lizard

 # a search from the first keyring should find the first key
 marker "SEARCH FIRST KEYRING"
 search_for_key --expect=$keyid $keyringid user lizard

 # a search from the second keyring should find the second key
 marker "SEARCH SECOND KEYRING"
 search_for_key --expect=$keyid2 $keyring2id user lizard

 # link the second keyring to the first
 marker "LINK FIRST KEYRING TO SECOND"
 link_key $keyring2id $keyringid

 # a search from the first keyring should again find the first key
 marker "SEARCH FIRST KEYRING AGAIN"
 search_for_key --expect=$keyid $keyringid user lizard

 # revoking the first key should cause the second key to be available
 revoke_key $keyid
 search_for_key --expect=$keyid2 $keyringid user lizard

 # get rid of the dead key
 marker "UNLINK FIRST KEY"
 unlink_key $keyid $keyringid

 # a search from the first keyring should now find the second key
 marker "SEARCH FIRST KEYRING AGAIN 2"
 search_for_key --expect=$keyid2 $keyringid user lizard

 # a search from the session keyring should now find the second key
 marker "SEARCH SESSION KEYRING AGAIN 2"
 search_for_key --expect=$keyid2 @s user lizard

 # unlink the second keyring from the first
 marker "UNLINK SECOND KEYRING FROM FIRST"
 unlink_key $keyring2id $keyringid

 # a search from the first keyring should now fail
 marker "SEARCH FIRST KEYRING FOR FAIL"
 search_for_key --fail $keyringid user lizard
 expect_error ENOKEY

 # a search from the session keyring should still find the second key
 marker "SEARCH SESSION KEYRING AGAIN 3"
 search_for_key --expect=$keyid2 @s user lizard

 # move the second keyring into the first
 marker "MOVE SECOND KEYRING INTO FIRST"
 link_key $keyring2id $keyringid
 unlink_key $keyring2id @s

 # a search from the first keyring should now find the second key once again
 marker "SEARCH FIRST KEYRING AGAIN 4"
 search_for_key --expect=$keyid2 $keyringid user lizard

 # removing search permission on the second keyring should hide the key
 marker "SEARCH WITH NO-SEARCH KEYRING"
 set_key_perm $keyring2id 0x370000
 search_for_key --fail $keyringid user lizard
 expect_error ENOKEY

 # putting search permission on the second keyring back again should make it
 # available again
 set_key_perm $keyring2id 0x3f0000
 search_for_key --expect=$keyid2 $keyringid user lizard

 # removing search permission on the second key should hide the key
 marker "SEARCH WITH NO-SEARCH KEYRING2"
 set_key_perm $keyring2id 0x370000
 search_for_key --fail $keyringid user lizard
 expect_error ENOKEY

 # putting search permission on the second key back again should make it
 # available again
 set_key_perm $keyring2id 0x3f0000
 search_for_key --expect=$keyid2 $keyringid user lizard

 # revoking the key should make the key unavailable
 revoke_key $keyid2
 search_for_key --fail $keyringid user lizard
 kver=`uname -r`
 case $kver in
     *.el7*)
 	expect_error EKEYREVOKED
 	;;
     *)
 	if kernel_older_than 3.13
 	then
 	    expect_error ENOKEY
 	else
 	    expect_error EKEYREVOKED
 	fi
 	;;
 esac

 # remove the keyrings we added
 marker "UNLINK KEYRING"
 unlink_key $keyringid @s

 echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE

 # --- then report the results in the database ---
 toolbox_report_result $TEST $result
	#!/bin/bash

	. ../../../prepare.inc.sh
	. ../../../toolbox.inc.sh


	# ---- do the actual testing ----

	result=PASS
	echo "++++ BEGINNING TEST" >$OUTPUTFILE

	# create a pair of keyrings and attach them to the session keyring
	marker "ADD KEYRING"
	create_keyring --new=keyringid wibble @s
	create_keyring --new=keyring2id wibble2 @s

	# stick a key in the keyring
	marker "ADD KEY"
	create_key --new=keyid user lizard gizzard $keyringid

	# check that we can list it
	marker "LIST KEYRING WITH ONE"
	list_keyring $keyringid
	expect_keyring_rlist rlist $keyid

	# search the session keyring for a non-existent key
	marker "SEARCH SESSION FOR NON-EXISTENT KEY"
	search_for_key --fail @s user snake
	expect_error ENOKEY

	# search the session keyring for the key
	marker "SEARCH SESSION"
	search_for_key --expect=$keyid @s user lizard

	# search the session keyring for the key and attach to second keyring
	marker "SEARCH SESSION AND ATTACH"
	search_for_key --expect=$keyid @s user lizard $keyring2id

	# check it's attached to the second keyring
	marker "CHECK ATTACHED"
	list_keyring $keyring2id
	expect_keyring_rlist rlist $keyid

	# check the key contains what we expect
	marker "CHECK PAYLOAD"
	print_key $keyid
	expect_payload payload "gizzard"

	# detach the attachment just made
	marker "DETACH KEY"
	unlink_key $keyid $keyring2id

	# create an overlapping key in the second keyring
	create_key --new=keyid2 user lizard skin $keyring2id

	# check the two keys contain what we expect
	marker "CHECK PAYLOADS"
	print_key $keyid
	expect_payload payload "gizzard"
	print_key $keyid2
	expect_payload payload "skin"

	# a search from the session keyring should find the first key
	marker "SEARCH SESSION AGAIN"
	search_for_key --expect=$keyid @s user lizard

	# a search from the first keyring should find the first key
	marker "SEARCH FIRST KEYRING"
	search_for_key --expect=$keyid $keyringid user lizard

	# a search from the second keyring should find the second key
	marker "SEARCH SECOND KEYRING"
	search_for_key --expect=$keyid2 $keyring2id user lizard

	# link the second keyring to the first
	marker "LINK FIRST KEYRING TO SECOND"
	link_key $keyring2id $keyringid

	# a search from the first keyring should again find the first key
	marker "SEARCH FIRST KEYRING AGAIN"
	search_for_key --expect=$keyid $keyringid user lizard

	# revoking the first key should cause the second key to be available
	revoke_key $keyid
	search_for_key --expect=$keyid2 $keyringid user lizard

	# get rid of the dead key
	marker "UNLINK FIRST KEY"
	unlink_key $keyid $keyringid

	# a search from the first keyring should now find the second key
	marker "SEARCH FIRST KEYRING AGAIN 2"
	search_for_key --expect=$keyid2 $keyringid user lizard

	# a search from the session keyring should now find the second key
	marker "SEARCH SESSION KEYRING AGAIN 2"
	search_for_key --expect=$keyid2 @s user lizard

	# unlink the second keyring from the first
	marker "UNLINK SECOND KEYRING FROM FIRST"
	unlink_key $keyring2id $keyringid

	# a search from the first keyring should now fail
	marker "SEARCH FIRST KEYRING FOR FAIL"
	search_for_key --fail $keyringid user lizard
	expect_error ENOKEY

	# a search from the session keyring should still find the second key
	marker "SEARCH SESSION KEYRING AGAIN 3"
	search_for_key --expect=$keyid2 @s user lizard

	# move the second keyring into the first
	marker "MOVE SECOND KEYRING INTO FIRST"
	link_key $keyring2id $keyringid
	unlink_key $keyring2id @s

	# a search from the first keyring should now find the second key once again
	marker "SEARCH FIRST KEYRING AGAIN 4"
	search_for_key --expect=$keyid2 $keyringid user lizard

	# removing search permission on the second keyring should hide the key
	marker "SEARCH WITH NO-SEARCH KEYRING"
	set_key_perm $keyring2id 0x370000
	search_for_key --fail $keyringid user lizard
	expect_error ENOKEY

	# putting search permission on the second keyring back again should make it
	# available again
	set_key_perm $keyring2id 0x3f0000
	search_for_key --expect=$keyid2 $keyringid user lizard

	# removing search permission on the second key should hide the key
	marker "SEARCH WITH NO-SEARCH KEYRING2"
	set_key_perm $keyring2id 0x370000
	search_for_key --fail $keyringid user lizard
	expect_error ENOKEY

	# putting search permission on the second key back again should make it
	# available again
	set_key_perm $keyring2id 0x3f0000
	search_for_key --expect=$keyid2 $keyringid user lizard

	# revoking the key should make the key unavailable
	revoke_key $keyid2
	search_for_key --fail $keyringid user lizard
	kver=`uname -r`
	case $kver in
	.el7)
	expect_error EKEYREVOKED
	;;
	*)
	if kernel_older_than 3.13
	then
	expect_error ENOKEY
	else
	expect_error EKEYREVOKED
	fi
	;;
	esac

	# remove the keyrings we added
	marker "UNLINK KEYRING"
	unlink_key $keyringid @s

	echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE

	# --- then report the results in the database ---
	toolbox_report_result $TEST $result