tests/acl.test

   1 #!/bin/sh
   2 #
   3 # Tests for per-element ACL's.
   4 #
   5 MAX_TESTS=25
   6
   7 . $AM_SRCDIR/common.sh
   8 . $AM_SRCDIR/import-common.sh
   9
  10 init_tests() {
  11     do_import acl
  12     cat >$OUTDIR/config <<EOF
  13 [global]
  14 log_level=9
  15 #enable_logging=true
  16 invoking_user=nobody
  17 [acl]
  18 passphrase_file=$WDIR/passphrase.key
  19 EOF
  20     launch_pwmd acl
  21 }
  22
  23 test_1() {
  24     list_recurse acl
  25     test_result $test_n $? acl \
  26         "LIST: Invoking user '$USER' with _acl 'nobody'."
  27 }
  28
  29 test_2() {
  30     run_pwmc "acl" >result $DEVNULL <<EOF
  31 GET c
  32 EOF
  33     test_failure $test_n $? 536903681 "GET: Element content permission error."
  34 }
  35
  36 test_3() {
  37     run_pwmc "--inquire STORE -S acl" $DEVNULL <<EOF
  38 acl     path    acl path value
  39 EOF
  40     test_result $test_n $? "STORE: Create new element path."
  41 }
  42
  43 test_4() {
  44     run_pwmc "-S acl" $DEVNULL <<EOF
  45 ATTR DELETE _acl acl    path
  46 EOF
  47     test_result $test_n $? "ATTR: Delete _acl attribute of child (owner)."
  48 }
  49
  50 test_5() {
  51     run_pwmc "acl" >result $DEVNULL <<EOF
  52 ATTR LIST acl   path
  53 EOF
  54     e=$?
  55     if [ $e -eq 0 ]; then
  56         test -s result
  57         e=$?
  58     fi
  59     test_result $test_n $e "ATTR: Access child (_acl re-added)."
  60 }
  61
  62 test_6() {
  63     run_pwmc "-S acl" $DEVNULL <<EOF
  64 ATTR SET _acl acl       path nobody,${USER}
  65 EOF
  66     test_result $test_n $? "ATTR: Change ownership of child element."
  67 }
  68
  69 test_7() {
  70     run_pwmc "acl" >result $DEVNULL <<EOF
  71 ATTR LIST acl   path
  72 EOF
  73     e=$?
  74     if [ $e -eq 0 ]; then
  75         test -s result
  76         e=$?
  77     fi
  78     test_result $test_n $e "ATTR: Access child (not owner)."
  79 }
  80
  81 test_8() {
  82     run_pwmc "acl" $DEVNULL <<EOF
  83 DELETE acl      path
  84 EOF
  85     test_failure $test_n $? 536903681 "DELETE: Element permission error."
  86 }
  87
  88 test_9() {
  89     run_pwmc "-S acl" $DEVNULL <<EOF
  90 ATTR SET _acl acl       path $USER
  91 EOF
  92     test_failure $test_n $? 536903681 "ATTR: Deny change of ownership by non-owner."
  93 }
  94
  95 test_10() {
  96     run_pwmc "--inquire STORE acl" $DEVNULL <<EOF
  97 acl     path    update
  98 EOF
  99     test_failure $test_n $? 536903681 "STORE: Deny create child element by non-owner."
 100 }
 101
 102 test_11() {
 103     run_pwmc "--inquire STORE --inquire-line 'acl       acl value' -S acl" $DEVNULL <<EOF
 104 EOF
 105     e=$?
 106     if [ $e -eq 0 ]; then
 107         run_pwmc "acl" >result $DEVNULL <<EOF
 108 GET acl
 109 EOF
 110         e=$?
 111     fi
 112     test_result $test_n $e acl "Create parent element content."
 113 }
 114
 115 test_12() {
 116     run_pwmc "acl" >result $DEVNULL <<EOF
 117 ATTR LIST no-such-user
 118 EOF
 119     test_result $test_n $? acl "List attributes of un-owned root."
 120 }
 121
 122 test_13() {
 123     run_pwmc "--inquire STORE -S acl" $DEVNULL <<EOF
 124 attr    a       b       value
 125 EOF
 126     e=$?
 127     if [ $e -eq 0 ]; then
 128         run_pwmc "-S acl" $DEVNULL <<EOF
 129 ATTR SET _acl attr      a nobody
 130 EOF
 131         e=$?
 132         if [ $e -eq 0 ]; then
 133             run_pwmc "acl" $DEVNULL <<EOF
 134 ATTR LIST attr  a       b
 135 EOF
 136             e=$?
 137         fi
 138     fi
 139     test_failure $test_n $e 536903681 "Deny attribute list of owned child of un-owned parent."
 140 }
 141
 142 test_14() {
 143     run_pwmc "acl >/dev/null" $DEVNULL <<EOF
 144 ATTR LIST attr  a
 145 EOF
 146     test_result $test_n $? "List attributes of un-owned child."
 147 }
 148
 149 test_15() {
 150     run_pwmc "acl" >result $DEVNULL <<EOF
 151 ATTR LIST b
 152 EOF
 153     test_result $test_n $? acl "List attributes of un-owned root with target."
 154 }
 155
 156 test_16() {
 157     run_pwmc "acl >/dev/null" $DEVNULL <<EOF
 158 ATTR LIST b     b
 159 EOF
 160     test_failure $test_n $? 536903681 "Deny list attributes of un-owned child with un-owned root target."
 161 }
 162
 163 test_17() {
 164     run_pwmc "--inquire STORE -S acl" $DEVNULL <<EOF
 165 new     a       b       value
 166 EOF
 167     e=$?
 168     if [ $e -eq 0 ]; then
 169         run_pwmc "--inquire STORE -S acl" $DEVNULL <<EOF
 170 new2    a       b       value
 171 EOF
 172        e=$?
 173        if [ $e -eq 0 ]; then
 174             run_pwmc "-S acl" $DEVNULL <<EOF
 175 ATTR SET _target new    a new2  a
 176 EOF
 177             e=$?
 178             if [ $e -eq 0 ]; then
 179                 run_pwmc "-S acl" $DEVNULL <<EOF
 180 ATTR SET _acl new2      a nobody
 181 EOF
 182                 e=$?
 183                 if [ $e -eq 0 ]; then
 184                     list_recurse acl "new       a       non-existant"
 185                     e=$?
 186                 fi
 187             fi
 188        fi
 189     fi
 190     test_result $test_n $e acl "LIST: Non-existent child of un-owned parent."
 191 }
 192
 193 test_18() {
 194     list_recurse acl "new"
 195     test_result $test_n $? acl "LIST: Children of un-owned parent with target."
 196 }
 197
 198 test_19() {
 199     run_pwmc "-S acl" $DEVNULL <<EOF
 200 ATTR SET _target zzz    a a
 201 EOF
 202     list_recurse acl
 203     test_result $test_n $? acl "ATTR: Create target to visible restricted root."
 204 }
 205
 206 test_20() {
 207     run_pwmc "-S acl" $DEVNULL <<EOF
 208 ATTR SET _acl zzz       a non-existant
 209 EOF
 210     e=$?
 211     if [ $e -eq 0 ]; then
 212         run_pwmc "-S acl" $DEVNULL <<EOF
 213 ATTR SET _target newzzz b zzz   a
 214 EOF
 215         list_recurse acl
 216         e=$?
 217     fi
 218     test_result $test_n $e acl "ATTR: Create target to visible restricted child."
 219 }
 220
 221 test_21() {
 222     run_pwmc "acl" >result $DEVNULL <<EOF
 223 ATTR GET _acl zzz       a
 224 EOF
 225     test_result $test_n $? acl "ATTR: Get attribute of element which denies permission."
 226 }
 227
 228 test_22() {
 229     run_pwmc "acl >/dev/null" $DEVNULL <<EOF
 230 ATTR GET _acl zzz       a       blah
 231 EOF
 232     test_failure $test_n $? 536903681 "ATTR: Get attribute of child element which denies permission."
 233 }
 234
 235 test_23() {
 236     run_pwmc "acl" $DEVNULL <<EOF
 237 ATTR DELETE _mtime c
 238 EOF
 239     test_failure $test_n $? 536903787 "ATTR: Deny delete attribute of non-owner."
 240 }
 241
 242 test_24() {
 243     run_pwmc "acl >/dev/null" $DEVNULL <<EOF
 244 ATTR SET blahblah c value
 245 EOF
 246     test_failure $test_n $? 536903681 "ATTR: Deny creation of new attribute for non-owner."
 247 }
 248
 249 test_25() {
 250     run_pwmc "acl >/dev/null" $DEVNULL <<EOF
 251 ATTR SET _mtime c 1234
 252 EOF
 253     test_failure $test_n $? 536903787 "ATTR: Deny overwrite of existing attribute for non-owner."
 254 }
 255
 256 run_tests $@