Fix EXPIRE status message.

[pwmd.git] / tests / acl.test

#!/bin/bash
source common.sh
source import-common.sh

do_import acl

cat > config << EOF
[global]
log_level=9
#enable_logging=true
invoking_user=nobody
[acl]
passphrase_file=`pwd`/passphrase.key
EOF

launch_pwmd acl

begin_test
test_header "Test 1. Invoking user '$USER' with _acl 'nobody'."
echo -ne 'LIST --recurse' | pwmc $PWMC_ARGS acl > result
cmp acl.result1 result
rm -f result

echo
test_header "Test 2. Retrieve content (fail)."
set +o errexit
echo -ne 'GET c' | pwmc $PWMC_ARGS acl > result
if [ ${PIPESTATUS[1]} == 0 ]; then
    echo "The previous command should have failed. Stopping."
    exit 1
fi

set -e
rm -f result

echo
test_header "Test 3. Create new path."
echo -ne 'acl\tpath\tacl path value' | pwmc $PWMC_ARGS --inquire STORE -S acl

echo
test_header "Test 4. Delete _acl attribute of child (owner)."
echo -ne 'ATTR DELETE _acl acl\tpath' | pwmc $PWMC_ARGS -S acl

echo
test_header "Test 5. Access child (_acl re-added)."
echo -ne 'ATTR LIST acl\tpath' | pwmc $PWMC_ARGS acl > result
test -s result
rm -f result

echo
test_header "Test 6. Change ownership of child element."
echo -ne "ATTR SET _acl acl\tpath nobody,$USER" | pwmc $PWMC_ARGS -S acl

echo
test_header "Test 7. Access child (not owner)."
echo -ne 'ATTR LIST acl\tpath' | pwmc $PWMC_ARGS acl > result
test -s result
rm -f result

echo
test_header "Test 8. Delete child element (fail)."
set +o errexit
echo -ne 'DELETE acl\tpath' | pwmc $PWMC_ARGS acl
if [ ${PIPESTATUS[1]} == 0 ]; then
    echo "The previous command should have failed. Stopping."
    exit 1
fi

set -e
echo
test_header "Test 9. Change ownership of child element (fail)."
set +o errexit
echo -ne "ATTR SET _acl acl\tpath $USER" | pwmc $PWMC_ARGS -S acl
if [ ${PIPESTATUS[1]} == 0 ]; then
    echo "The previous command should have failed. Stopping."
    exit 1
fi

set -e
echo
test_header "Test 10. Create child element content (fail)."
set +o errexit
echo -ne 'acl\tpath\tupdate' | pwmc $PWMC_ARGS --inquire STORE acl
if [ ${PIPESTATUS[1]} == 0 ]; then
    echo "The previous command should have failed. Stopping."
    exit 1
fi

set -e
echo
test_header "Test 11. Create parent element content."
echo -ne 'acl\tacl value' | pwmc $PWMC_ARGS --inquire STORE -S acl
echo -ne 'GET acl' | pwmc $PWMC_ARGS acl > result
cmp acl.result11 result
rm -f result

set -e
echo
test_header "Test 13. List attributes of un-owned root."
echo -ne 'ATTR LIST no-such-user' | pwmc $PWMC_ARGS acl > result
cmp acl.result13 result
rm -f result

echo
test_header "Test 14. List attributes of owned child of un-owned parent (fail)."
echo -ne 'attr\ta\tb\tvalue' | pwmc $PWMC_ARGS --inquire STORE -S acl
echo -ne 'ATTR SET _acl attr\ta nobody' | pwmc $PWMC_ARGS -S acl
set +o errexit
echo -ne "ATTR LIST attr\ta\tb" | pwmc $PWMC_ARGS acl
if [ ${PIPESTATUS[1]} == 0 ]; then
    echo "The previous command should have failed. Stopping."
    exit 1
fi

set -e
echo
test_header "Test 15. List attributes of un-owned child."
echo -ne 'ATTR LIST attr\ta' | pwmc $PWMC_ARGS acl > /dev/null

echo
test_header "Test 16. List attributes of un-owned root with target."
echo -ne 'ATTR LIST b' | pwmc $PWMC_ARGS acl > result
cmp acl.result16 result
rm -f result

echo
test_header "Test 17. List attributes of un-owned child with un-owned root target (fail)."
set +o errexit
echo -ne "ATTR LIST b\tb" | pwmc $PWMC_ARGS acl
if [ ${PIPESTATUS[1]} == 0 ]; then
    echo "The previous command should have failed. Stopping."
    exit 1
fi

set -e
echo
test_header "Test 18. List non-existant child of un-owned parent."
echo -ne 'new\ta\tb\tvalue' | pwmc $PWMC_ARGS --inquire STORE -S acl
echo -ne 'new2\ta\tb\tvalue' | pwmc $PWMC_ARGS --inquire STORE -S acl
echo -ne 'ATTR SET target new\ta new2\ta' | pwmc $PWMC_ARGS -S acl
echo -ne 'ATTR SET _acl new2\ta nobody' | pwmc $PWMC_ARGS -S acl
echo -ne 'LIST --recurse new\ta\tnon-existant' | pwmc $PWMC_ARGS acl > result
cmp acl.result18 result
rm -f result

echo
test_header "Test 19. List children of un-owned parent with target."
echo -ne 'LIST --recurse new' | pwmc $PWMC_ARGS acl > result
cmp acl.result19 result
rm -f result

echo
test_header "Test 20. Create target to visible restricted root."
echo -ne 'ATTR SET target zzz\ta a' | pwmc $PWMC_ARGS -S acl
echo -ne 'LIST --recurse' | pwmc $PWMC_ARGS acl > result
cmp acl.result20 result
rm -f result

echo
test_header "Test 21. Create target to visible restricted child."
echo -ne 'ATTR SET _acl zzz\ta non-existant' | pwmc $PWMC_ARGS -S acl
echo -ne 'ATTR SET target newzzz\tb zzz\ta' | pwmc $PWMC_ARGS -S acl
echo -ne 'LIST --recurse' | pwmc $PWMC_ARGS acl > result
cmp acl.result21 result
rm -f result

echo
test_header "Test 22. Get attribute of a bad permission element."
echo -ne 'ATTR GET _acl zzz\ta' | pwmc $PWMC_ARGS acl > result
cmp acl.result22 result
rm -f result

echo
test_header "Test 23. Get attribute of a bad permission elements child (fail)."
set +o errexit
echo -ne 'ATTR GET _acl zzz\ta\tblah' | pwmc $PWMC_ARGS acl
if [ ${PIPESTATUS[1]} == 0 ]; then
    echo "The previous command should have failed. Stopping."
    exit 1
fi

set -e

echo
test_header "Test 24. Delete attribute of non-owner (fail)."
set +o errexit
echo -ne 'ATTR DELETE _mtime c' | pwmc $PWMC_ARGS acl
if [ ${PIPESTATUS[1]} == 0 ]; then
    echo "The previous command should have failed. Stopping."
    exit 1
fi

set -e

echo
test_header "Test 25. Set non-existant attribute of non-owner (fail)."
set +o errexit
echo -ne 'ATTR SET blahblah c value' | pwmc $PWMC_ARGS acl
if [ ${PIPESTATUS[1]} == 0 ]; then
    echo "The previous command should have failed. Stopping."
    exit 1
fi

set -e

echo
test_header "Test 26. Overwrite existing attribute of non-owner (fail)."
set +o errexit
echo -ne 'ATTR SET _mtime c 1234' | pwmc $PWMC_ARGS acl
if [ ${PIPESTATUS[1]} == 0 ]; then
    echo "The previous command should have failed. Stopping."
    exit 1
fi

set -e

test_success