blob: 462d7ec6bf7e2c5dd2a3a9f72b7a4035a55521e3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
#!/bin/sh
. ../../../prepare.inc.sh
. ../../../toolbox.inc.sh
# ---- do the actual testing ----
result=PASS
echo "++++ BEGINNING TEST" >$OUTPUTFILE
# create a keyring and attach it to the session keyring
marker "ADD KEYRING"
create_keyring wibble @s
expect_keyid keyringid
# stick a key in the keyring
marker "ADD KEY"
create_key user lizard gizzard $keyringid
expect_keyid keyid
# check that the key is in the keyring
marker "LIST KEYRING"
list_keyring $keyringid
expect_keyring_rlist rlist $keyid
# read the contents of the key
marker "PRINT KEY"
print_key $keyid
expect_payload payload "gizzard"
# pipe the contents of the key and add a LF as the key doesn't have one
marker "PIPE KEY"
pipe_key $keyid
echo >>$OUTPUTFILE
expect_payload payload "gizzard"
# read the key as hex
marker "READ KEY"
read_key $keyid
expect_payload payload "67697a7a 617264"
# read the contents of the keyring as hex and match it to the key ID
marker "READ KEYRING"
read_key $keyringid
tmp=`printf %08x $keyid`
if [ "$endian" = "LE" ]
then
tmp=`echo $tmp | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/'`
fi
expect_payload payload $tmp
# remove read permission from the key and try reading it again
# - we should still have read permission because it's searchable in our
# keyrings
marker "REMOVE READ PERM"
set_key_perm $keyid 0x3d0000
print_key $keyid
expect_payload payload "gizzard"
# remove search permission from the key as well
# - we should still have read permission because it's searchable in our
# keyrings
marker "REMOVE SEARCH PERM"
set_key_perm $keyid 0x350000
print_key --fail $keyid
expect_error EACCES
# check that we can read it if we have to rely on possessor perms
# - we should still have read permission because it's searchable in our
# keyrings
marker "CHECK POSSESSOR READ"
set_key_perm $keyid 0x3d000000
print_key $keyid
expect_payload payload "gizzard"
# put read permission back again
marker "REINSTATE READ PERM"
set_key_perm $keyid 0x370000
print_key $keyid
expect_payload payload "gizzard"
# revoke the key
marker "REVOKE KEY"
revoke_key $keyid
print_key --fail $keyid
expect_error EKEYREVOKED
# remove the keyring we added
marker "UNLINK KEYRING"
unlink_key $keyringid @s
echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
# --- then report the results in the database ---
toolbox_report_result $TEST $result
|
