tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2013/10/09 23:44:14 

[regress/Makefile regress/sftp-perm.sh]
     regression test for sftp request white/blacklisting and readonly mode.
This commit is contained in:
Damien Miller 2013-10-18 09:05:41 +11:00
parent e3ea09494d
commit a176e18230
3 changed files with 278 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
20131018
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2013/10/09 23:44:14
[regress/Makefile regress/sftp-perm.sh]
regression test for sftp request white/blacklisting and readonly mode.
20131017 20131017
- (djm) OpenBSD CVS Sync - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2013/10/15 14:10:25 - jmc@cvs.openbsd.org 2013/10/15 14:10:25

4
regress/Makefile
View File

@ -44,6 +44,7 @@ LTESTS= connect \
sftp-badcmds \ sftp-badcmds \
sftp-batch \ sftp-batch \
sftp-glob \ sftp-glob \
sftp-perm \
reconfigure \ reconfigure \
dynamic-forward \ dynamic-forward \
forwarding \ forwarding \
@ -86,7 +87,8 @@ CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
authorized_principals_${USER} expect actual ready \ authorized_principals_${USER} expect actual ready \
sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \ sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \
ssh.log failed-ssh.log sshd.log failed-sshd.log \ ssh.log failed-ssh.log sshd.log failed-sshd.log \
regress.log failed-regress.log ssh-log-wrapper.sh regress.log failed-regress.log ssh-log-wrapper.sh \
sftp-server.sh sftp-server.log sftp.log
SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER}

269
regress/sftp-perm.sh Normal file
View File

@ -0,0 +1,269 @@
# $OpenBSD: sftp-perm.sh,v 1.2 2013/10/17 22:00:18 djm Exp $
# Placed in the Public Domain.
tid="sftp permissions"
SERVER_LOG=${OBJ}/sftp-server.log
CLIENT_LOG=${OBJ}/sftp.log
TEST_SFTP_SERVER=${OBJ}/sftp-server.sh
prepare_server() {
printf "#!/bin/sh\nexec $SFTPSERVER -el debug3 $* 2>$SERVER_LOG\n" \
> $TEST_SFTP_SERVER
chmod a+x $TEST_SFTP_SERVER
}
run_client() {
echo "$@" | ${SFTP} -D ${TEST_SFTP_SERVER} -vvvb - >$CLIENT_LOG 2>&1
}
prepare_files() {
_prep="$1"
rm -f ${COPY} ${COPY}.1
test -d ${COPY}.dd && { rmdir ${COPY}.dd || fatal "rmdir ${COPY}.dd"; }
test -z "$_prep" && return
sh -c "$_prep" || fail "preparation failed: \"$_prep\""
}
postcondition() {
_title="$1"
_check="$2"
test -z "$_check" && return
sh -c "$_check" || fail "postcondition check failed: $_title"
}
ro_test() {
_desc=$1
_cmd="$2"
_prep="$3"
_expect_success_post="$4"
_expect_fail_post="$5"
verbose "$tid: read-only $_desc"
# Plain (no options, mostly to test that _cmd is good)
prepare_files "$_prep"
prepare_server
run_client "$_cmd" || fail "plain $_desc failed"
postcondition "$_desc no-readonly" "$_expect_success_post"
# Read-only enabled
prepare_files "$_prep"
prepare_server -R
run_client "$_cmd" && fail "read-only $_desc succeeded"
postcondition "$_desc readonly" "$_expect_fail_post"
}
perm_test() {
_op=$1
_whitelist_ops=$2
_cmd="$3"
_prep="$4"
_expect_success_post="$5"
_expect_fail_post="$6"
verbose "$tid: explicit $_op"
# Plain (no options, mostly to test that _cmd is good)
prepare_files "$_prep"
prepare_server
run_client "$_cmd" || fail "plain $_op failed"
postcondition "$_op no white/blacklists" "$_expect_success_post"
# Whitelist
prepare_files "$_prep"
prepare_server -p $_op,$_whitelist_ops
run_client "$_cmd" || fail "whitelisted $_op failed"
postcondition "$_op whitelisted" "$_expect_success_post"
# Blacklist
prepare_files "$_prep"
prepare_server -P $_op
run_client "$_cmd" && fail "blacklisted $_op succeeded"
postcondition "$_op blacklisted" "$_expect_fail_post"
# Whitelist with op missing.
prepare_files "$_prep"
prepare_server -p $_whitelist_ops
run_client "$_cmd" && fail "no whitelist $_op succeeded"
postcondition "$_op not in whitelist" "$_expect_fail_post"
}
ro_test \
"upload" \
"put $DATA $COPY" \
"" \
"cmp $DATA $COPY" \
"test ! -f $COPY"
ro_test \
"setstat" \
"chmod 0700 $COPY" \
"touch $COPY; chmod 0400 $COPY" \
"test -x $COPY" \
"test ! -x $COPY"
ro_test \
"rm" \
"rm $COPY" \
"touch $COPY" \
"test ! -f $COPY" \
"test -f $COPY"
ro_test \
"mkdir" \
"mkdir ${COPY}.dd" \
"" \
"test -d ${COPY}.dd" \
"test ! -d ${COPY}.dd"
ro_test \
"rmdir" \
"rmdir ${COPY}.dd" \
"mkdir ${COPY}.dd" \
"test ! -d ${COPY}.dd" \
"test -d ${COPY}.dd"
ro_test \
"posix-rename" \
"rename $COPY ${COPY}.1" \
"touch $COPY" \
"test -f ${COPY}.1 -a ! -f $COPY" \
"test -f $COPY -a ! -f ${COPY}.1"
ro_test \
"oldrename" \
"rename -l $COPY ${COPY}.1" \
"touch $COPY" \
"test -f ${COPY}.1 -a ! -f $COPY" \
"test -f $COPY -a ! -f ${COPY}.1"
ro_test \
"symlink" \
"ln -s $COPY ${COPY}.1" \
"touch $COPY" \
"test -h ${COPY}.1" \
"test ! -h ${COPY}.1"
ro_test \
"hardlink" \
"ln $COPY ${COPY}.1" \
"touch $COPY" \
"test -f ${COPY}.1" \
"test ! -f ${COPY}.1"
# Test explicit permissions
perm_test \
"open" \
"realpath,stat,lstat,read,close" \
"get $DATA $COPY" \
"" \
"cmp $DATA $COPY" \
"! cmp $DATA $COPY 2>/dev/null"
perm_test \
"read" \
"realpath,stat,lstat,open,close" \
"get $DATA $COPY" \
"" \
"cmp $DATA $COPY" \
"! cmp $DATA $COPY 2>/dev/null"
perm_test \
"write" \
"realpath,stat,lstat,open,close" \
"put $DATA $COPY" \
"" \
"cmp $DATA $COPY" \
"! cmp $DATA $COPY 2>/dev/null"
perm_test \
"lstat" \
"realpath,stat,open,read,close" \
"get $DATA $COPY" \
"" \
"cmp $DATA $COPY" \
"! cmp $DATA $COPY 2>/dev/null"
perm_test \
"opendir" \
"realpath,readdir,stat,lstat" \
"ls -ln $OBJ"
perm_test \
"readdir" \
"realpath,opendir,stat,lstat" \
"ls -ln $OBJ"
perm_test \
"setstat" \
"realpath,stat,lstat" \
"chmod 0700 $COPY" \
"touch $COPY; chmod 0400 $COPY" \
"test -x $COPY" \
"test ! -x $COPY"
perm_test \
"remove" \
"realpath,stat,lstat" \
"rm $COPY" \
"touch $COPY" \
"test ! -f $COPY" \
"test -f $COPY"
perm_test \
"mkdir" \
"realpath,stat,lstat" \
"mkdir ${COPY}.dd" \
"" \
"test -d ${COPY}.dd" \
"test ! -d ${COPY}.dd"
perm_test \
"rmdir" \
"realpath,stat,lstat" \
"rmdir ${COPY}.dd" \
"mkdir ${COPY}.dd" \
"test ! -d ${COPY}.dd" \
"test -d ${COPY}.dd"
perm_test \
"posix-rename" \
"realpath,stat,lstat" \
"rename $COPY ${COPY}.1" \
"touch $COPY" \
"test -f ${COPY}.1 -a ! -f $COPY" \
"test -f $COPY -a ! -f ${COPY}.1"
perm_test \
"rename" \
"realpath,stat,lstat" \
"rename -l $COPY ${COPY}.1" \
"touch $COPY" \
"test -f ${COPY}.1 -a ! -f $COPY" \
"test -f $COPY -a ! -f ${COPY}.1"
perm_test \
"symlink" \
"realpath,stat,lstat" \
"ln -s $COPY ${COPY}.1" \
"touch $COPY" \
"test -h ${COPY}.1" \
"test ! -h ${COPY}.1"
perm_test \
"hardlink" \
"realpath,stat,lstat" \
"ln $COPY ${COPY}.1" \
"touch $COPY" \
"test -f ${COPY}.1" \
"test ! -f ${COPY}.1"
perm_test \
"statvfs" \
"realpath,stat,lstat" \
"df /"
# XXX need good tests for:
# fstat
# fsetstat
# realpath
# stat
# readlink
# fstatvfs
rm -rf ${COPY} ${COPY}.1 ${COPY}.dd