search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bump version for development.
[pwmd.git] / tests / acl.test
blobe81c934cbf388d2baf0be100ae605b5745c7d906
1 #!/bin/sh
2 #
3 # Tests for per-element ACL's.
4 #
5 MAX_TESTS=29
6
7 . $AM_SRCDIR/common.sh
8 . $AM_SRCDIR/import-common.sh
9
10 init_tests() {
11 do_import acl
12 cat >$OUTDIR/config <<EOF
13 [global]
14 log_level=9
15 #enable_logging=true
16 invoking_user=nobody
17 [acl]
18 passphrase_file=$WDIR/passphrase.key
19 EOF
20 launch_pwmd acl
21 }
22
23 test_1() {
24 list_recurse acl
25 test_result $test_n $? acl \
26 "LIST: Invoking user '$USER' with _acl 'nobody'."
27 }
28
29 test_2() {
30 run_pwmc "acl" >result $DEVNULL <<EOF
31 GET c
32 EOF
33 test_failure $test_n $? 536903681 "GET: Element content permission error."
34 }
35
36 test_3() {
37 run_pwmc "--inquire STORE -S acl" $DEVNULL <<EOF
38 acl path acl path value
39 EOF
40 test_result $test_n $? "STORE: Create new element path."
41 }
42
43 test_4() {
44 run_pwmc "-S acl" $DEVNULL <<EOF
45 ATTR DELETE _acl acl path
46 EOF
47 test_result $test_n $? "ATTR: Delete _acl attribute of child (owner)."
48 }
49
50 test_5() {
51 run_pwmc "acl" >result $DEVNULL <<EOF
52 ATTR LIST acl path
53 EOF
54 e=$?
55 if [ $e -eq 0 ]; then
56 test -s result
57 e=$?
58 fi
59 test_result $test_n $e "ATTR: Access child (_acl re-added)."
60 }
61
62 test_6() {
63 run_pwmc "-S acl" $DEVNULL <<EOF
64 ATTR SET _acl acl path nobody,${USER}
65 EOF
66 test_result $test_n $? "ATTR: Change ownership of child element."
67 }
68
69 test_7() {
70 run_pwmc "--inquire STORE -S acl" $DEVNULL <<EOF
71 acl path inherit element value
72 EOF
73 test_result $test_n $? "STORE: Create child."
74 }
75
76 test_8() {
77 run_pwmc "acl" >result $DEVNULL <<EOF
78 ATTR LIST acl path inherit
79 EOF
80 e=$?
81 if [ $e -eq 0 ]; then
82 l="`grep '^_acl ' result`"
83 e=$?
84 if [ $e != 0 -o "$l" != "_acl $USER,nobody,$USER" ]; then
85 e=1
86 fi
87 fi
88 test_result $test_n $e "List inherited attributes."
89 }
90
91 test_9() {
92 run_pwmc "acl" >result $DEVNULL <<EOF
93 ATTR LIST acl path
94 EOF
95 e=$?
96 if [ $e -eq 0 ]; then
97 test -s result
98 e=$?
99 fi
100 test_result $test_n $e "ATTR: Access child (not owner)."
101 }
102
103 test_10() {
104 run_pwmc "acl" $DEVNULL <<EOF
105 DELETE acl path
106 EOF
107 test_failure $test_n $? 536903681 "DELETE: Element permission error."
108 }
109
110 test_11() {
111 run_pwmc "-S acl" $DEVNULL <<EOF
112 ATTR SET _acl acl path $USER
113 EOF
114 test_failure $test_n $? 536903681 "ATTR: Deny change of ownership by non-owner."
115 }
116
117 test_12() {
118 run_pwmc "--inquire STORE acl" $DEVNULL <<EOF
119 acl path update
120 EOF
121 test_failure $test_n $? 536903681 "STORE: Deny create child element by non-owner."
122 }
123
124 test_13() {
125 run_pwmc "--inquire STORE --inquire-line 'acl acl value' -S acl" $DEVNULL <<EOF
126 EOF
127 e=$?
128 if [ $e -eq 0 ]; then
129 run_pwmc "acl" >result $DEVNULL <<EOF
130 GET acl
131 EOF
132 e=$?
133 fi
134 test_result $test_n $e acl "Create parent element content."
135 }
136
137 test_14() {
138 run_pwmc "acl" >result $DEVNULL <<EOF
139 ATTR LIST no-such-user
140 EOF
141 test_result $test_n $? acl "List attributes of un-owned root."
142 }
143
144 test_15() {
145 run_pwmc "--inquire STORE -S acl" $DEVNULL <<EOF
146 attr a b value
147 EOF
148 e=$?
149 if [ $e -eq 0 ]; then
150 run_pwmc "-S acl" $DEVNULL <<EOF
151 ATTR SET _acl attr a nobody
152 EOF
153 e=$?
154 if [ $e -eq 0 ]; then
155 run_pwmc "acl" $DEVNULL <<EOF
156 ATTR LIST attr a b
157 EOF
158 e=$?
159 fi
160 fi
161 test_failure $test_n $e 536903681 "Deny attribute list of owned child of un-owned parent."
162 }
163
164 test_16() {
165 run_pwmc "acl >/dev/null" $DEVNULL <<EOF
166 ATTR LIST attr a
167 EOF
168 test_result $test_n $? "List attributes of un-owned child."
169 }
170
171 test_17() {
172 run_pwmc "acl" >result $DEVNULL <<EOF
173 ATTR LIST b
174 EOF
175 test_result $test_n $? acl "List attributes of un-owned root with target."
176 }
177
178 test_18() {
179 run_pwmc "acl >/dev/null" $DEVNULL <<EOF
180 ATTR LIST b b
181 EOF
182 test_failure $test_n $? 536903681 "Deny list attributes of un-owned child with un-owned root target."
183 }
184
185 test_19() {
186 run_pwmc "--inquire STORE -S acl" $DEVNULL <<EOF
187 new a b value
188 EOF
189 e=$?
190 if [ $e -eq 0 ]; then
191 run_pwmc "--inquire STORE -S acl" $DEVNULL <<EOF
192 new2 a b value
193 EOF
194 e=$?
195 if [ $e -eq 0 ]; then
196 run_pwmc "-S acl" $DEVNULL <<EOF
197 ATTR SET _target new a new2 a
198 EOF
199 e=$?
200 if [ $e -eq 0 ]; then
201 run_pwmc "-S acl" $DEVNULL <<EOF
202 ATTR SET _acl new2 a nobody
203 EOF
204 e=$?
205 if [ $e -eq 0 ]; then
206 list_recurse acl "new a non-existant"
207 e=$?
208 fi
209 fi
210 fi
211 fi
212 test_result $test_n $e acl "LIST: Non-existent child of un-owned parent."
213 }
214
215 test_20() {
216 list_recurse acl "new"
217 test_result $test_n $? acl "LIST: Children of un-owned parent with target."
218 }
219
220 test_21() {
221 run_pwmc "-S acl" $DEVNULL <<EOF
222 ATTR SET _target zzz a a
223 EOF
224 list_recurse acl
225 test_result $test_n $? acl "ATTR: Create target to visible restricted root."
226 }
227
228 test_22() {
229 run_pwmc "-S acl" $DEVNULL <<EOF
230 ATTR SET _acl zzz a non-existant
231 EOF
232 e=$?
233 if [ $e -eq 0 ]; then
234 run_pwmc "-S acl" $DEVNULL <<EOF
235 ATTR SET _target newzzz b zzz a
236 EOF
237 list_recurse acl
238 e=$?
239 fi
240 test_result $test_n $e acl "ATTR: Create target to visible restricted child."
241 }
242
243 test_23() {
244 run_pwmc "acl" >result $DEVNULL <<EOF
245 ATTR GET _acl zzz a
246 EOF
247 test_result $test_n $? acl "ATTR: Get attribute of element which denies permission."
248 }
249
250 test_24() {
251 run_pwmc "acl >/dev/null" $DEVNULL <<EOF
252 ATTR GET _acl zzz a blah
253 EOF
254 test_failure $test_n $? 536903681 "ATTR: Get attribute of child element which denies permission."
255 }
256
257 test_25() {
258 run_pwmc "acl" $DEVNULL <<EOF
259 ATTR DELETE _mtime c
260 EOF
261 test_failure $test_n $? 536903787 "ATTR: Deny delete attribute of non-owner."
262 }
263
264 test_26() {
265 run_pwmc "acl >/dev/null" $DEVNULL <<EOF
266 ATTR SET blahblah c value
267 EOF
268 test_failure $test_n $? 536903681 "ATTR: Deny creation of new attribute for non-owner."
269 }
270
271 test_27() {
272 run_pwmc "acl >/dev/null" $DEVNULL <<EOF
273 ATTR SET _mtime c 1234
274 EOF
275 test_failure $test_n $? 536903787 "ATTR: Deny overwrite of existing attribute for non-owner."
276 }
277
278 test_28() {
279 run_pwmc "acl -S >/dev/null" $DEVNULL <<EOF
280 ATTR SET _acl acl $USER,`which pwmc`,/bin/non-existant
281 EOF
282 e=$?
283 if [ $e -eq 0 ]; then
284 run_pwmc "acl" >result $DEVNULL <<EOF
285 GET acl
286 EOF
287 e=$?
288 fi
289 test_result $test_n $e "GET: Allow element by client command."
290 }
291
292 test_29() {
293 run_pwmc "acl -S >/dev/null" $DEVNULL <<EOF
294 ATTR SET _acl acl root,$USER,!`which pwmc`,/bin/non-existant
295 EOF
296 e=$?
297 if [ $e -eq 0 ]; then
298 run_pwmc "acl" $DEVNULL <<EOF
299 GET acl
300 EOF
301 e=$?
302 fi
303 test_failure $test_n $e 536903681 "GET: Deny element by client command."
304 }
305
306 run_tests $@
A server for managing passphrases and anything else.