crypto/openssh/regress/sftp-perm.sh

   1 #       $OpenBSD: sftp-perm.sh,v 1.2 2013/10/17 22:00:18 djm Exp $
   2 #       Placed in the Public Domain.
   3
   4 tid="sftp permissions"
   5
   6 SERVER_LOG=${OBJ}/sftp-server.log
   7 CLIENT_LOG=${OBJ}/sftp.log
   8 TEST_SFTP_SERVER=${OBJ}/sftp-server.sh
   9
  10 prepare_server() {
  11         printf "#!/bin/sh\nexec $SFTPSERVER -el debug3 $* 2>$SERVER_LOG\n" \
  12         > $TEST_SFTP_SERVER
  13         chmod a+x $TEST_SFTP_SERVER
  14 }
  15
  16 run_client() {
  17         echo "$@" | ${SFTP} -D ${TEST_SFTP_SERVER} -vvvb - >$CLIENT_LOG 2>&1
  18 }
  19
  20 prepare_files() {
  21         _prep="$1"
  22         rm -f ${COPY} ${COPY}.1
  23         test -d ${COPY}.dd && { rmdir ${COPY}.dd || fatal "rmdir ${COPY}.dd"; }
  24         test -z "$_prep" && return
  25         sh -c "$_prep" || fail "preparation failed: \"$_prep\""
  26 }
  27
  28 postcondition() {
  29         _title="$1"
  30         _check="$2"
  31         test -z "$_check" && return
  32         ${TEST_SHELL} -c "$_check" || fail "postcondition check failed: $_title"
  33 }
  34
  35 ro_test() {
  36         _desc=$1
  37         _cmd="$2"
  38         _prep="$3"
  39         _expect_success_post="$4"
  40         _expect_fail_post="$5"
  41         verbose "$tid: read-only $_desc"
  42         # Plain (no options, mostly to test that _cmd is good)
  43         prepare_files "$_prep"
  44         prepare_server
  45         run_client "$_cmd" || fail "plain $_desc failed"
  46         postcondition "$_desc no-readonly" "$_expect_success_post"
  47         # Read-only enabled
  48         prepare_files "$_prep"
  49         prepare_server -R
  50         run_client "$_cmd" && fail "read-only $_desc succeeded"
  51         postcondition "$_desc readonly" "$_expect_fail_post"
  52 }
  53
  54 perm_test() {
  55         _op=$1
  56         _whitelist_ops=$2
  57         _cmd="$3"
  58         _prep="$4"
  59         _expect_success_post="$5"
  60         _expect_fail_post="$6"
  61         verbose "$tid: explicit $_op"
  62         # Plain (no options, mostly to test that _cmd is good)
  63         prepare_files "$_prep"
  64         prepare_server
  65         run_client "$_cmd" || fail "plain $_op failed"
  66         postcondition "$_op no white/blacklists" "$_expect_success_post"
  67         # Whitelist
  68         prepare_files "$_prep"
  69         prepare_server -p $_op,$_whitelist_ops
  70         run_client "$_cmd" || fail "whitelisted $_op failed"
  71         postcondition "$_op whitelisted" "$_expect_success_post"
  72         # Blacklist
  73         prepare_files "$_prep"
  74         prepare_server -P $_op
  75         run_client "$_cmd" && fail "blacklisted $_op succeeded"
  76         postcondition "$_op blacklisted" "$_expect_fail_post"
  77         # Whitelist with op missing.
  78         prepare_files "$_prep"
  79         prepare_server -p $_whitelist_ops
  80         run_client "$_cmd" && fail "no whitelist $_op succeeded"
  81         postcondition "$_op not in whitelist" "$_expect_fail_post"
  82 }
  83
  84 ro_test \
  85         "upload" \
  86         "put $DATA $COPY" \
  87         "" \
  88         "cmp $DATA $COPY" \
  89         "test ! -f $COPY"
  90
  91 ro_test \
  92         "setstat" \
  93         "chmod 0700 $COPY" \
  94         "touch $COPY; chmod 0400 $COPY" \
  95         "test -x $COPY" \
  96         "test ! -x $COPY"
  97
  98 ro_test \
  99         "rm" \
 100         "rm $COPY" \
 101         "touch $COPY" \
 102         "test ! -f $COPY" \
 103         "test -f $COPY"
 104
 105 ro_test \
 106         "mkdir" \
 107         "mkdir ${COPY}.dd" \
 108         "" \
 109         "test -d ${COPY}.dd" \
 110         "test ! -d ${COPY}.dd"
 111
 112 ro_test \
 113         "rmdir" \
 114         "rmdir ${COPY}.dd" \
 115         "mkdir ${COPY}.dd" \
 116         "test ! -d ${COPY}.dd" \
 117         "test -d ${COPY}.dd"
 118
 119 ro_test \
 120         "posix-rename" \
 121         "rename $COPY ${COPY}.1" \
 122         "touch $COPY" \
 123         "test -f ${COPY}.1 -a ! -f $COPY" \
 124         "test -f $COPY -a ! -f ${COPY}.1"
 125
 126 ro_test \
 127         "oldrename" \
 128         "rename -l $COPY ${COPY}.1" \
 129         "touch $COPY" \
 130         "test -f ${COPY}.1 -a ! -f $COPY" \
 131         "test -f $COPY -a ! -f ${COPY}.1"
 132
 133 ro_test \
 134         "symlink" \
 135         "ln -s $COPY ${COPY}.1" \
 136         "touch $COPY" \
 137         "test -h ${COPY}.1" \
 138         "test ! -h ${COPY}.1"
 139
 140 ro_test \
 141         "hardlink" \
 142         "ln $COPY ${COPY}.1" \
 143         "touch $COPY" \
 144         "test -f ${COPY}.1" \
 145         "test ! -f ${COPY}.1"
 146
 147 # Test explicit permissions
 148
 149 perm_test \
 150         "open" \
 151         "realpath,stat,lstat,read,close" \
 152         "get $DATA $COPY" \
 153         "" \
 154         "cmp $DATA $COPY" \
 155         "! cmp $DATA $COPY 2>/dev/null"
 156
 157 perm_test \
 158         "read" \
 159         "realpath,stat,lstat,open,close" \
 160         "get $DATA $COPY" \
 161         "" \
 162         "cmp $DATA $COPY" \
 163         "! cmp $DATA $COPY 2>/dev/null"
 164
 165 perm_test \
 166         "write" \
 167         "realpath,stat,lstat,open,close" \
 168         "put $DATA $COPY" \
 169         "" \
 170         "cmp $DATA $COPY" \
 171         "! cmp $DATA $COPY 2>/dev/null"
 172
 173 perm_test \
 174         "lstat" \
 175         "realpath,stat,open,read,close" \
 176         "get $DATA $COPY" \
 177         "" \
 178         "cmp $DATA $COPY" \
 179         "! cmp $DATA $COPY 2>/dev/null"
 180
 181 perm_test \
 182         "opendir" \
 183         "realpath,readdir,stat,lstat" \
 184         "ls -ln $OBJ"
 185
 186 perm_test \
 187         "readdir" \
 188         "realpath,opendir,stat,lstat" \
 189         "ls -ln $OBJ"
 190
 191 perm_test \
 192         "setstat" \
 193         "realpath,stat,lstat" \
 194         "chmod 0700 $COPY" \
 195         "touch $COPY; chmod 0400 $COPY" \
 196         "test -x $COPY" \
 197         "test ! -x $COPY"
 198
 199 perm_test \
 200         "remove" \
 201         "realpath,stat,lstat" \
 202         "rm $COPY" \
 203         "touch $COPY" \
 204         "test ! -f $COPY" \
 205         "test -f $COPY"
 206
 207 perm_test \
 208         "mkdir" \
 209         "realpath,stat,lstat" \
 210         "mkdir ${COPY}.dd" \
 211         "" \
 212         "test -d ${COPY}.dd" \
 213         "test ! -d ${COPY}.dd"
 214
 215 perm_test \
 216         "rmdir" \
 217         "realpath,stat,lstat" \
 218         "rmdir ${COPY}.dd" \
 219         "mkdir ${COPY}.dd" \
 220         "test ! -d ${COPY}.dd" \
 221         "test -d ${COPY}.dd"
 222
 223 perm_test \
 224         "posix-rename" \
 225         "realpath,stat,lstat" \
 226         "rename $COPY ${COPY}.1" \
 227         "touch $COPY" \
 228         "test -f ${COPY}.1 -a ! -f $COPY" \
 229         "test -f $COPY -a ! -f ${COPY}.1"
 230
 231 perm_test \
 232         "rename" \
 233         "realpath,stat,lstat" \
 234         "rename -l $COPY ${COPY}.1" \
 235         "touch $COPY" \
 236         "test -f ${COPY}.1 -a ! -f $COPY" \
 237         "test -f $COPY -a ! -f ${COPY}.1"
 238
 239 perm_test \
 240         "symlink" \
 241         "realpath,stat,lstat" \
 242         "ln -s $COPY ${COPY}.1" \
 243         "touch $COPY" \
 244         "test -h ${COPY}.1" \
 245         "test ! -h ${COPY}.1"
 246
 247 perm_test \
 248         "hardlink" \
 249         "realpath,stat,lstat" \
 250         "ln $COPY ${COPY}.1" \
 251         "touch $COPY" \
 252         "test -f ${COPY}.1" \
 253         "test ! -f ${COPY}.1"
 254
 255 perm_test \
 256         "statvfs" \
 257         "realpath,stat,lstat" \
 258         "df /"
 259
 260 # XXX need good tests for:
 261 # fstat
 262 # fsetstat
 263 # realpath
 264 # stat
 265 # readlink
 266 # fstatvfs
 267
 268 rm -rf ${COPY} ${COPY}.1 ${COPY}.dd
 269