2 #include "uniconfroot.h"
4 #include "unitempgen.h"
5 #include "unipermgen.h"
6 #include "unisecuregen.h"
7 #include "uniunwrapgen.h"
9 #include "uniconfgen-sanitytest.h"
11 WVTEST_MAIN("UniPermGen Sanity Test")
13 UniPermGen
*gen
= new UniPermGen("temp:");
14 // No moniker for the PermGen, sigh.
15 UniConfGenSanityTester::sanity_test(gen
, WvString::null
);
19 // Same as the one in unicachegen.t.cc
25 void callback(const UniConf keyconf
, const UniConfKey key
)
32 WVTEST_MAIN("permgen basic")
35 IUniConfGen
*tempgen
= new UniTempGen();
36 UniPermGen
permgen("temp:");
37 WvStringList defgroups
;
39 permgen
.setexec(UniConfKey("/"), UniPermGen::WORLD
, true);
40 permgen
.setread(UniConfKey("/"), UniPermGen::WORLD
, true);
41 permgen
.setwrite(UniConfKey("/"), UniPermGen::WORLD
, true);
43 UniSecureGen
*sec
= new UniSecureGen(tempgen
, &permgen
);
44 fprintf(stderr
, "Mounting securegen\n");
45 WVPASS(root
.mountgen(sec
));
46 fprintf(stderr
, "Done\n");
48 sec
->setcredentials("notroot", defgroups
);
50 root
["/open/foo"].setmeint(1);
51 root
["/open/bar"].setmeint(1);
52 root
["/exec_only/read"].setmeint(1);
53 root
["/exec_only/noread"].setmeint(1);
54 root
["/exec_only/read_noexec"].setmeint(1); // should be read
55 root
["/exec_only/read_noexec/read"].setmeint(1); // should be unreadable
56 root
["/exec_only/read_noexec/read/exec"].setmeint(1); // should be unreadable
57 root
["/exec_only/read_noexec/exec/read"].setmeint(1); // should be unreadable
58 root
["/exec_only/noread_noexec/read"].setmeint(1); // should be unreadable
60 root
["/closed/foo"].setmeint(1);
61 root
["/closed/bar"].setmeint(1);
62 root
["/closed/exec/foo"].setmeint(1);
64 permgen
.setowner("/", "root");
65 permgen
.chmod(UniConfKey("/open"), 7, 7, 5);
66 permgen
.chmod(UniConfKey("/"), 7, 7, 1);
67 permgen
.chmod(UniConfKey("/exec_only"), 7, 7, 1);
68 // FIXME: chmodding one key seems to automatically chmod its
69 // children. Is this correct?
70 permgen
.chmod(UniConfKey("/exec_only/read"), 7, 7, 4);
71 permgen
.chmod(UniConfKey("/exec_only/noread"), 7, 7, 0);
72 permgen
.chmod(UniConfKey("/exec_only/noread_noexec"), 7, 7, 0);
73 permgen
.chmod(UniConfKey("/exec_only/read_noexec"), 7, 7, 4);
74 permgen
.chmod(UniConfKey("/exec_only/read_noexec/read"), 7, 7, 4);
75 permgen
.chmod(UniConfKey("/exec_only/read_noexec/exec"), 7, 7, 1);
76 permgen
.chmod(UniConfKey("/exec_only/read_noexec/exec/read"), 7, 7, 4);
77 permgen
.chmod(UniConfKey("/closed"), 7, 7, 0);
78 permgen
.chmod(UniConfKey("/closed/exec"), 7, 7, 1);
79 permgen
.chmod(UniConfKey("/closed/exec/foo"), 7, 7, 5);
82 WVPASS(root
["/open"].getme() == "");
83 WVPASS(root
["/open/foo"].getme() == "1");
84 WVPASS(root
["/open/bar"].getme() == "1");
86 WVPASS(root
["/exec_only"].getme() == WvString::null
);
87 WVPASS(root
["/exec_only/read"].getme() == "1");
88 WVPASS(root
["/exec_only/noread"].getme() == WvString::null
);
89 WVPASS(root
["/exec_only/read_noexec"].getme() == "1");
90 WVPASS(root
["/exec_only/read_noexec/read"].getme() == WvString::null
);
91 WVPASS(root
["/exec_only/read_noexec/exec"].getme() == WvString::null
);
92 WVPASS(root
["/exec_only/read_noexec/exec/read"].getme() == WvString::null
);
94 WVPASS(root
["/closed"].getme() == WvString::null
);
95 WVPASS(root
["/closed/foo"].getme() == WvString::null
);
96 WVPASS(root
["/closed/bar"].getme() == WvString::null
);
98 // testing "set" (obviously incomplete)
99 root
["/exec_only"].setmeint(1);
100 WVPASS(root
["/exec_only"].getme() == WvString::null
);
102 root
["/closed"].setmeint(1);
103 WVPASS(root
["/closed"].getme() == WvString::null
);
106 UniConf::Iter
i(root
);
108 for (int k
=0; k
<3; k
++)
111 if (i
.ptr()->key() == "closed")
113 WVPASS(i
.ptr()->getme() == WvString::null
);
114 WVPASS(i
._value() == WvString::null
);
116 else if (i
.ptr()->key() == "exec_only")
118 WVPASS(i
.ptr()->getme() == WvString::null
);
119 WVPASS(i
._value() == WvString::null
);
121 else if (i
.ptr()->key() == "open")
123 WVPASS(i
.ptr()->getme() == "");
124 WVPASS(i
._value() == "");
129 // testing recursive iteration
130 UniConf::RecursiveIter
j(root
);
132 for (int k
=0; k
<3; k
++)
135 if (j
.ptr()->key() == "closed")
137 WVPASS(j
.ptr()->getme() == WvString::null
);
138 WVPASS(j
._value() == WvString::null
);
140 else if (j
.ptr()->key() == "exec_only")
142 WVPASS(j
.ptr()->getme() == WvString::null
);
143 WVPASS(j
._value() == WvString::null
);
145 for (int l
=0; l
<4; l
++)
148 if (j
.ptr()->key() == "read")
150 WVPASS(j
.ptr()->getme() == "1");
151 WVPASS(j
._value() == "1");
153 else if (j
.ptr()->key() == "noread_noexec")
155 WVPASS(j
.ptr()->getme() == WvString::null
);
156 WVPASS(j
._value() == WvString::null
);
159 else if (j
.ptr()->key() == "read_noexec")
161 WVPASS(j
.ptr()->getme() == "1");
162 WVPASS(j
._value() == "1");
165 else if (j
.ptr()->key() == "noread")
167 WVPASS(j
.ptr()->getme() == WvString::null
);
168 WVPASS(j
._value() == WvString::null
);
173 else if (j
.ptr()->key() == "open")
175 WVPASS(j
.ptr()->getme() == "");
176 WVPASS(j
._value() == "");
178 for (int l
=0; l
<2; l
++)
181 if (j
.ptr()->key() == "bar")
183 WVPASS(j
.ptr()->getme() == "1");
184 WVPASS(j
._value() == "1");
186 else if (j
.ptr()->key() == "foo")
188 WVPASS(j
.ptr()->getme() == "1");
189 WVPASS(j
._value() == "1");
197 // Checking notifications.. (we will assume that we are getting the
198 // right keys for now)
199 CbCounter notifywatcher
;
201 UniWatch
watcher(root
["/"], wv::bind(&CbCounter::callback
, ¬ifywatcher
,
204 tempgen
->set("open/foo", "2");
205 WVPASS(notifywatcher
.cbs
== 1);
206 tempgen
->set("exec_only/read", "2");
207 WVPASS(notifywatcher
.cbs
== 2);
208 tempgen
->set("exec_only/noread", "2");
209 WVPASS(notifywatcher
.cbs
== 2);
210 tempgen
->set("exec_only/read_noexec", "2");
211 WVPASS(notifywatcher
.cbs
== 3);
212 tempgen
->set("exec_only/read_noexec/read", "2");
213 WVPASS(notifywatcher
.cbs
== 3);
214 tempgen
->set("exec_only/read_noexec/exec/read", "2");
215 WVPASS(notifywatcher
.cbs
== 3);
216 tempgen
->set("closed/foo", "2");
217 WVPASS(notifywatcher
.cbs
== 3);
219 // Test appropriate granting of permissions (recall the owner is root)
220 sec
->setcredentials("root", defgroups
);
221 WVPASS(root
["/closed/foo"].getme() == "2");
222 WVPASS(root
["/exec_only/noread_noexec/read"].getme() == "1");
223 UniConf::Iter
k(root
["/exec_only/noread_noexec"]);
226 WVPASS(k
.ptr()->key() == "read");
227 WVPASS(k
._value() == "1");
231 WVTEST_MAIN("permgen + defaultgen")
234 IUniConfGen
*tempgen
= new UniTempGen();
235 IUniConfGen
*innerperm
= new UniTempGen();
236 IUniConfGen
*innerdef
= new UniDefGen(innerperm
);
237 UniPermGen
permgen(innerdef
);
238 WvStringList nogroups
;
239 WvStringList rootgroup
; rootgroup
.append("root");
241 innerdef
->set("cfg/*/world-exec", "false");
243 UniSecureGen
*sec
= new UniSecureGen(tempgen
, &permgen
);
244 WVPASS(root
.mountgen(sec
));
246 permgen
.setowner("/", "root");
247 permgen
.setgroup("/", "root");
248 sec
->setcredentials("root", nogroups
);
249 permgen
.chmod(UniConfKey("/"), 7, 7, 7);
251 // test that readable/writable stuff works as expected (default does
252 // not override root)
253 root
["/cfg/users/foo"].setme("123");
254 WVPASS(root
["/cfg/users/foo"].getme() == "123");
256 // make sure that the same is true for groups
257 sec
->setcredentials("notroot", rootgroup
);
258 root
["/cfg/users/foo"].setme("456");
259 WVPASS(root
["/cfg/users/foo"].getme() == "456");
261 // test execute permission denial by default, and test override
262 root
["cfg/exec/read"].setmeint(1);
263 sec
->setcredentials("notroot", nogroups
);
264 WVPASS(root
["cfg/exec/read"].getme() == WvString::null
);
265 innerdef
->set("cfg/exec/world-exec", "true");
266 WVPASS(root
["cfg/exec/read"].getme() == "1");
268 // probably don't need to test read, write explicitly as those cases
269 // are mostly covered by the above tests