tests/acl.test

   1 #!/bin/bash
   2 source common.sh
   3 source import-common.sh
   4
   5 do_import acl
   6
   7 cat > config << EOF
   8 [global]
   9 log_level=9
  10 #enable_logging=true
  11 invoking_user=nobody
  12 [acl]
  13 passphrase_file=`pwd`/acl.key
  14 EOF
  15
  16 launch_pwmd acl
  17
  18 begin_test
  19 echo "Test 1. Invoking user '$USER' with _acl 'nobody'."
  20 echo -ne 'LIST --all --with-target' | pwmc $PWMC_ARGS acl > result
  21 cmp acl.result1 result
  22 rm -f result
  23
  24 echo
  25 echo "Test 2. Retrieve content (fail)."
  26 set +o errexit
  27 echo -ne 'GET c' | pwmc $PWMC_ARGS acl > result
  28 if [ ${PIPESTATUS[1]} == 0 ]; then
  29     echo "The previous command should have failed. Stopping."
  30     exit 1
  31 fi
  32
  33 set -e
  34 rm -f result
  35
  36 echo
  37 echo "Test 3. Create new path."
  38 echo -ne 'acl\tpath\tacl path value' | pwmc $PWMC_ARGS --inquire STORE -S acl
  39
  40 echo
  41 echo "Test 4. Delete _acl attribute of child (owner)."
  42 echo -ne 'ATTR DELETE _acl acl\tpath' | pwmc $PWMC_ARGS -S acl
  43
  44 echo
  45 echo "Test 5. Access child (_acl re-added)."
  46 echo -ne 'ATTR LIST acl\tpath' | pwmc $PWMC_ARGS acl > result
  47 test -s result
  48 rm -f result
  49
  50 echo
  51 echo "Test 6. Change ownership of child element."
  52 echo -ne "ATTR SET _acl acl\tpath nobody,$USER" | pwmc $PWMC_ARGS -S acl
  53
  54 echo
  55 echo "Test 7. Access child (not owner)."
  56 echo -ne 'ATTR LIST acl\tpath' | pwmc $PWMC_ARGS acl > result
  57 test -s result
  58 rm -f result
  59
  60 echo
  61 echo "Test 8. Delete child element (fail)."
  62 set +o errexit
  63 echo -ne 'DELETE acl\tpath' | pwmc $PWMC_ARGS acl
  64 if [ ${PIPESTATUS[1]} == 0 ]; then
  65     echo "The previous command should have failed. Stopping."
  66     exit 1
  67 fi
  68
  69 set -e
  70 echo
  71 echo "Test 9. Change ownership of child element (fail)."
  72 set +o errexit
  73 echo -ne "ATTR SET _acl acl\tpath $USER" | pwmc $PWMC_ARGS -S acl
  74 if [ ${PIPESTATUS[1]} == 0 ]; then
  75     echo "The previous command should have failed. Stopping."
  76     exit 1
  77 fi
  78
  79 set -e
  80 echo
  81 echo "Test 10. Create child element content (fail)."
  82 set +o errexit
  83 echo -ne 'acl\tpath\tupdate' | pwmc $PWMC_ARGS --inquire STORE acl
  84 if [ ${PIPESTATUS[1]} == 0 ]; then
  85     echo "The previous command should have failed. Stopping."
  86     exit 1
  87 fi
  88
  89 set -e
  90 echo
  91 echo "Test 11. Create parent element content."
  92 echo -ne 'acl\tacl value' | pwmc $PWMC_ARGS --inquire STORE -S acl
  93 echo -ne 'GET acl' | pwmc $PWMC_ARGS acl > result
  94 cmp acl.result11 result
  95 rm -f result
  96
  97 echo
  98 echo "Test 12. Change cipher during save (fail)."
  99 set +o errexit
 100 echo -ne 'NOP' | pwmc $PWMC_ARGS -S --cipher=serpent128 acl
 101 if [ ${PIPESTATUS[1]} == 0 ]; then
 102     echo "The previous command should have failed. Stopping."
 103     exit 1
 104 fi
 105
 106 set -e
 107 echo
 108 echo "Test 13. List attributes of un-owned root."
 109 echo -ne 'ATTR LIST nouser' | pwmc $PWMC_ARGS acl > result
 110 cmp acl.result13 result
 111 rm -f result
 112
 113 echo
 114 echo "Test 14. List attributes of owned child of un-owned parent (fail)."
 115 echo -ne 'attr\ta\tb\tvalue' | pwmc $PWMC_ARGS --inquire STORE -S acl
 116 echo -ne 'ATTR SET _acl attr\ta nobody' | pwmc $PWMC_ARGS -S acl
 117 set +o errexit
 118 echo -ne "ATTR LIST attr\ta\tb" | pwmc $PWMC_ARGS acl
 119 if [ ${PIPESTATUS[1]} == 0 ]; then
 120     echo "The previous command should have failed. Stopping."
 121     exit 1
 122 fi
 123
 124 set -e
 125 echo
 126 echo "Test 15. List attributes of un-owned child."
 127 echo -ne 'ATTR LIST attr\ta' | pwmc $PWMC_ARGS acl > /dev/null
 128
 129 echo
 130 echo "Test 16. List attributes of un-owned root with target."
 131 echo -ne 'ATTR LIST b' | pwmc $PWMC_ARGS acl > result
 132 cmp acl.result16 result
 133 rm -f result
 134
 135 echo
 136 echo "Test 17. List attributes of un-owned child with un-owned root target (fail)."
 137 set +o errexit
 138 echo -ne "ATTR LIST b\tb" | pwmc $PWMC_ARGS acl
 139 if [ ${PIPESTATUS[1]} == 0 ]; then
 140     echo "The previous command should have failed. Stopping."
 141     exit 1
 142 fi
 143
 144 set -e
 145 echo
 146 echo "Test 18. List non-existant child of un-owned parent."
 147 echo -ne 'new\ta\tb\tvalue' | pwmc $PWMC_ARGS --inquire STORE -S acl
 148 echo -ne 'new2\ta\tb\tvalue' | pwmc $PWMC_ARGS --inquire STORE -S acl
 149 echo -ne 'ATTR SET target new\ta new2\ta' | pwmc $PWMC_ARGS -S acl
 150 echo -ne 'ATTR SET _acl new2\ta nobody' | pwmc $PWMC_ARGS -S acl
 151 echo -ne 'LIST --all --with-target --verbose new\ta\tnon-existant' | pwmc $PWMC_ARGS acl > result
 152 cmp acl.result18 result
 153 rm -f result
 154
 155 echo
 156 echo "Test 19. List literal children of un-owned parent with target."
 157 echo -ne 'LIST --all --verbose --with-target new' | pwmc $PWMC_ARGS acl > result
 158 cmp acl.result19 result
 159 rm -f result
 160
 161 echo
 162 echo "Test 20. Create target to visible restricted root."
 163 echo -ne 'ATTR SET target zzz\ta a' | pwmc $PWMC_ARGS -S acl
 164 echo -ne 'LIST --all --verbose --with-target' | pwmc $PWMC_ARGS acl > result
 165 cmp acl.result20 result
 166 rm -f result
 167
 168 echo
 169 echo "Test 21. Create target to visible restricted child."
 170 echo -ne 'ATTR SET _acl zzz\t!a non-existant' | pwmc $PWMC_ARGS -S acl
 171 echo -ne 'ATTR SET target newzzz\tb zzz\t!a' | pwmc $PWMC_ARGS -S acl
 172 echo -ne 'LIST --all --verbose --with-target' | pwmc $PWMC_ARGS acl > result
 173 cmp acl.result21 result
 174 rm -f result
 175
 176 test_success