| #!/bin/bash |
| |
| . ../../../prepare.inc.sh |
| . ../../../toolbox.inc.sh |
| |
| |
| # ---- do the actual testing ---- |
| |
| if [ $have_grant = 0 ] |
| then |
| toolbox_skip_test $TEST "SKIPPING DUE TO LACK OF GRANT PERMIT" |
| exit 0 |
| fi |
| |
| result=PASS |
| echo "++++ BEGINNING TEST" >$OUTPUTFILE |
| |
| # create a keyring and attach it to the session keyring |
| marker "ADD KEYRING" |
| create_keyring --new=keyringid wibble @s |
| |
| # Create a key and remove most permissions from the key; just leave setsec for |
| # the owner. |
| marker "ADD KEY" |
| create_key --new=keyid user lizard gizzard $keyringid |
| marker "REMOVE PERMITS" |
| grant_key_permit $keyid own S |
| grant_key_permit $keyid pos 0 |
| grant_key_permit $keyid grp 0 |
| grant_key_permit $keyid all 0 |
| |
| # Test the View permit |
| marker "TEST VIEW" |
| describe_key --fail $keyid |
| expect_error EACCES |
| grant_key_permit $keyid all v |
| describe_key $keyid |
| grant_key_permit $keyid all 0 |
| describe_key --fail $keyid |
| expect_error EACCES |
| |
| # Test the Read permit |
| marker "TEST READ" |
| read_key --fail $keyid |
| expect_error EACCES |
| grant_key_permit $keyid all r |
| read_key $keyid |
| grant_key_permit $keyid all 0 |
| read_key --fail $keyid |
| expect_error EACCES |
| |
| # Test the Write permit |
| marker "TEST WRITE" |
| update_key --fail $keyid "lizard" |
| expect_error EACCES |
| grant_key_permit $keyid all w |
| update_key $keyid "lizard" |
| grant_key_permit $keyid all 0 |
| update_key --fail $keyid "lizard" |
| expect_error EACCES |
| |
| # Test the Search permit (we're allowed to read a key we can search out) |
| marker "TEST SEARCH" |
| read_key --fail $keyid |
| expect_error EACCES |
| grant_key_permit $keyid pos s |
| read_key $keyid |
| grant_key_permit $keyid pos 0 |
| read_key --fail $keyid |
| expect_error EACCES |
| |
| # Test the Link permit |
| marker "TEST LINK" |
| link_key --fail $keyid @s |
| expect_error EACCES |
| grant_key_permit $keyid all l |
| link_key $keyid @s |
| grant_key_permit $keyid all 0 |
| link_key --fail $keyid @s |
| expect_error EACCES |
| unlink_key $keyid @s |
| |
| # Test the Clear permit |
| marker "TEST CLEAR" |
| clear_keyring --fail $keyid |
| expect_error EACCES |
| grant_key_permit $keyid all c |
| clear_keyring --fail $keyid |
| expect_error ENOTDIR |
| grant_key_permit $keyid all 0 |
| clear_keyring --fail $keyid |
| expect_error EACCES |
| |
| # Test the Join permit |
| marker "TEST JOIN" |
| grant_key_permit $keyid all j |
| grant_key_permit $keyid all 0 |
| |
| # Test the Invalidate permit |
| marker "TEST INVAL" |
| invalidate_key --fail $keyid |
| expect_error EACCES |
| grant_key_permit $keyid all I |
| invalidate_key $keyid |
| grant_key_permit --fail $keyid all 0 |
| expect_error ENOKEY |
| invalidate_key --fail $keyid |
| expect_error ENOKEY |
| |
| # Create a key and remove most permissions from the key; just leave setsec for |
| # the owner. |
| marker "ADD KEY 2" |
| create_key --new=keyid user lizard gizzard $keyringid |
| marker "REMOVE PERMITS 2" |
| grant_key_permit $keyid own S |
| grant_key_permit $keyid pos 0 |
| grant_key_permit $keyid grp 0 |
| grant_key_permit $keyid all 0 |
| |
| # Test the Revoke permit |
| marker "TEST REVOKE" |
| revoke_key --fail $keyid |
| expect_error EACCES |
| grant_key_permit $keyid all R |
| revoke_key $keyid |
| grant_key_permit --fail $keyid all 0 |
| expect_error EKEYREVOKED |
| revoke_key --fail $keyid |
| expect_error EKEYREVOKED |
| |
| # Create a key and remove most permissions from the key; just leave setsec and |
| # view for the owner. |
| marker "ADD KEY 3" |
| create_key --new=keyid user lizard gizzard $keyringid |
| marker "REMOVE PERMITS 3" |
| grant_key_permit $keyid own Sv |
| grant_key_permit $keyid pos 0 |
| grant_key_permit $keyid grp 0 |
| grant_key_permit $keyid all 0 |
| |
| # Test the Set Security permit |
| marker "TEST SET SECURITY" |
| describe_key $keyid |
| grant_key_permit $keyid own v |
| describe_key $keyid |
| grant_key_permit --fail $keyid own Sv |
| expect_error EACCES |
| |
| # remove the keyring we added |
| marker "UNLINK KEYRING" |
| unlink_key $keyringid @s |
| |
| echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE |
| |
| # --- then report the results in the database --- |
| toolbox_report_result $TEST $result |