3 # Tests for per-element ACL's.
8 .
$AM_SRCDIR/import-common.sh
12 cat >$OUTDIR/config
<<EOF
18 passphrase_file=$WDIR/passphrase.key
25 test_result
$test_n $? acl \
26 "LIST: Invoking user '$USER' with _acl 'nobody'."
30 run_pwmc
"acl" >result
$DEVNULL <<EOF
33 test_failure
$test_n $?
536903681 "GET: Element content permission error."
37 run_pwmc
"--inquire STORE -S acl" $DEVNULL <<EOF
38 acl path acl path value
40 test_result
$test_n $?
"STORE: Create new element path."
44 run_pwmc
"-S acl" $DEVNULL <<EOF
45 ATTR DELETE _acl acl path
47 test_result
$test_n $?
"ATTR: Delete _acl attribute of child (owner)."
51 run_pwmc
"acl" >result
$DEVNULL <<EOF
59 test_result
$test_n $e "ATTR: Access child (_acl re-added)."
63 run_pwmc
"-S acl" $DEVNULL <<EOF
64 ATTR SET _acl acl path nobody,${USER}
66 test_result
$test_n $?
"ATTR: Change ownership of child element."
70 run_pwmc
"--inquire STORE -S acl" $DEVNULL <<EOF
71 acl path inherit element value
73 test_result
$test_n $?
"STORE: Create child."
77 run_pwmc
"acl" >result
$DEVNULL <<EOF
78 ATTR LIST acl path inherit
82 l
="`grep '^_acl ' result`"
84 if [ $e != 0 -o "$l" != "_acl $USER,nobody,$USER" ]; then
88 test_result
$test_n $e "List inherited attributes."
92 run_pwmc
"acl" >result
$DEVNULL <<EOF
100 test_result
$test_n $e "ATTR: Access child (not owner)."
104 run_pwmc
"acl" $DEVNULL <<EOF
107 test_failure
$test_n $?
536903681 "DELETE: Element permission error."
111 run_pwmc
"-S acl" $DEVNULL <<EOF
112 ATTR SET _acl acl path $USER
114 test_failure
$test_n $?
536903681 "ATTR: Deny change of ownership by non-owner."
118 run_pwmc
"--inquire STORE acl" $DEVNULL <<EOF
121 test_failure
$test_n $?
536903681 "STORE: Deny create child element by non-owner."
125 run_pwmc
"--inquire STORE --inquire-line 'acl acl value' -S acl" $DEVNULL <<EOF
128 if [ $e -eq 0 ]; then
129 run_pwmc
"acl" >result
$DEVNULL <<EOF
134 test_result
$test_n $e acl
"Create parent element content."
138 run_pwmc
"acl" >result
$DEVNULL <<EOF
139 ATTR LIST no-such-user
141 test_result
$test_n $? acl
"List attributes of un-owned root."
145 run_pwmc
"--inquire STORE -S acl" $DEVNULL <<EOF
149 if [ $e -eq 0 ]; then
150 run_pwmc
"-S acl" $DEVNULL <<EOF
151 ATTR SET _acl attr a nobody
154 if [ $e -eq 0 ]; then
155 run_pwmc
"acl" $DEVNULL <<EOF
161 test_failure
$test_n $e 536903681 "Deny attribute list of owned child of un-owned parent."
165 run_pwmc
"acl >/dev/null" $DEVNULL <<EOF
168 test_result
$test_n $?
"List attributes of un-owned child."
172 run_pwmc
"acl" >result
$DEVNULL <<EOF
175 test_result
$test_n $? acl
"List attributes of un-owned root with target."
179 run_pwmc
"acl >/dev/null" $DEVNULL <<EOF
182 test_failure
$test_n $?
536903681 "Deny list attributes of un-owned child with un-owned root target."
186 run_pwmc
"--inquire STORE -S acl" $DEVNULL <<EOF
190 if [ $e -eq 0 ]; then
191 run_pwmc
"--inquire STORE -S acl" $DEVNULL <<EOF
195 if [ $e -eq 0 ]; then
196 run_pwmc
"-S acl" $DEVNULL <<EOF
197 ATTR SET _target new a new2 a
200 if [ $e -eq 0 ]; then
201 run_pwmc
"-S acl" $DEVNULL <<EOF
202 ATTR SET _acl new2 a nobody
205 if [ $e -eq 0 ]; then
206 list_recurse acl
"new a non-existant"
212 test_result
$test_n $e acl
"LIST: Non-existent child of un-owned parent."
216 list_recurse acl
"new"
217 test_result
$test_n $? acl
"LIST: Children of un-owned parent with target."
221 run_pwmc
"-S acl" $DEVNULL <<EOF
222 ATTR SET _target zzz a a
225 test_result
$test_n $? acl
"ATTR: Create target to visible restricted root."
229 run_pwmc
"-S acl" $DEVNULL <<EOF
230 ATTR SET _acl zzz a non-existant
233 if [ $e -eq 0 ]; then
234 run_pwmc
"-S acl" $DEVNULL <<EOF
235 ATTR SET _target newzzz b zzz a
240 test_result
$test_n $e acl
"ATTR: Create target to visible restricted child."
244 run_pwmc
"acl" >result
$DEVNULL <<EOF
247 test_result
$test_n $? acl
"ATTR: Get attribute of element which denies permission."
251 run_pwmc
"acl >/dev/null" $DEVNULL <<EOF
252 ATTR GET _acl zzz a blah
254 test_failure
$test_n $?
536903681 "ATTR: Get attribute of child element which denies permission."
258 run_pwmc
"acl" $DEVNULL <<EOF
261 test_failure
$test_n $?
536903787 "ATTR: Deny delete attribute of non-owner."
265 run_pwmc
"acl >/dev/null" $DEVNULL <<EOF
266 ATTR SET blahblah c value
268 test_failure
$test_n $?
536903681 "ATTR: Deny creation of new attribute for non-owner."
272 run_pwmc
"acl >/dev/null" $DEVNULL <<EOF
273 ATTR SET _mtime c 1234
275 test_failure
$test_n $?
536903787 "ATTR: Deny overwrite of existing attribute for non-owner."
279 run_pwmc
"acl -S >/dev/null" $DEVNULL <<EOF
280 ATTR SET _acl acl $USER,`which pwmc`,/bin/non-existant
283 if [ $e -eq 0 ]; then
284 run_pwmc
"acl" >result
$DEVNULL <<EOF
289 test_result
$test_n $e "GET: Allow element by client command."
293 run_pwmc
"acl -S >/dev/null" $DEVNULL <<EOF
294 ATTR SET _acl acl root,$USER,!`which pwmc`,/bin/non-existant
297 if [ $e -eq 0 ]; then
298 run_pwmc
"acl" $DEVNULL <<EOF
303 test_failure
$test_n $e 536903681 "GET: Deny element by client command."