1 #
   2 # Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
   3 #
   4 
   5 #
   6 # test script for Sun::Solaris::Privilege
   7 #
   8 
   9 $^W = 1;
  10 use strict;
  11 use Data::Dumper;
  12 $Data::Dumper::Terse = 1;
  13 $Data::Dumper::Indent = 0;
  14 
  15 #
  16 # Status reporting utils
  17 #
  18 
  19 use vars qw($test);
  20 $test = 1;
  21 
  22 sub pass
  23 {
  24         print("ok $test $@\n");
  25         $test++;
  26 }
  27 
  28 sub fail
  29 {
  30         print("not ok $test $@\n");
  31         $test++;
  32 }
  33 
  34 sub fatal
  35 {
  36         print("not ok $test $@\n");
  37         exit(1);
  38 }
  39 
  40 my $errs;
  41 
  42 sub report
  43 {
  44         if ($errs) {
  45                 fail();
  46         } else {
  47                 pass();
  48         }
  49         $errs = 0;
  50 }
  51 
  52 #
  53 # Main body of tests starts here
  54 #
  55 
  56 my ($loaded, $line) = (1, 0);
  57 my $fh = do { local *FH; *FH; };
  58 
  59 # 1. Check the module loads
  60 BEGIN { $| = 1; print "1..15\n"; }
  61 END   { print "not ok 1\n" unless $loaded; }
  62 use Sun::Solaris::Privilege qw(:ALL :PRIVATE);
  63 $loaded = 1;
  64 pass();
  65 
  66 #
  67 # 2. ppriv -l works
  68 #
  69 my $privs = `ppriv -l`;
  70 if ($privs eq "") {
  71         fail();
  72 } else {
  73         pass();
  74 }
  75 my @privs = split(/\s+/, $privs);
  76 
  77 #
  78 # 3. Are all privileges according ppriv -l defined in the privileges hash?
  79 #
  80 
  81 my %sprivs;
  82 foreach my $p (@privs)
  83 {
  84         my $cn = $p;
  85         $cn =~ s/.*/PRIV_\U$&/;
  86         $sprivs{$cn} = $p;
  87         $errs++ if (!defined $PRIVILEGES{$cn} || $PRIVILEGES{$cn} ne $p);
  88 }
  89 report();
  90 
  91 #
  92 # 4. And are those all the privileges.
  93 #
  94 foreach my $p (keys %PRIVILEGES)
  95 {
  96         $errs++ if (!defined $sprivs{$p});
  97 }
  98 report();
  99 
 100 #
 101 # 5. Verify that all privileges are part of the full set.
 102 #
 103 my $full = priv_fillset();
 104 
 105 foreach my $p (keys %PRIVILEGES)
 106 {
 107         $errs++ if (!priv_ismember($full, $p));
 108 }
 109 report();
 110 
 111 #
 112 # 6. Verify that no privilege is part of the empty set.
 113 #
 114 my $empty = priv_emptyset();
 115 
 116 foreach my $p (keys %PRIVILEGES)
 117 {
 118         $errs++ if (priv_ismember($empty, $p));
 119 }
 120 report();
 121 
 122 #
 123 # 7. Verify that priv_delset removes privileges.
 124 #
 125 foreach my $p (keys %PRIVILEGES)
 126 {
 127         my $testset = priv_fillset();
 128         $errs++ unless priv_delset($testset, $p);
 129         $errs++ if priv_ismember($testset, $p);
 130         
 131 }
 132 report();
 133 
 134 #
 135 # 8. Verify getpflags/setpflags.
 136 #
 137 my $pflags;
 138 $errs++ unless ($pflags = getpflags(PRIV_AWARE));
 139 
 140 $errs++ unless setpflags(PRIV_AWARE, 0);
 141 $errs++ unless setpflags(PRIV_DEBUG, 1);
 142 $errs++ unless (getpflags(PRIV_DEBUG) == 1);
 143 $errs++ unless setpflags(PRIV_DEBUG, 0);
 144 $errs++ unless (getpflags(PRIV_DEBUG) == 0);
 145 
 146 report();
 147 
 148 #
 149 # 9. Verify getppriv() works.
 150 #
 151 my %psets;
 152 foreach my $s (keys %PRIVSETS)
 153 {
 154         $errs++ unless ($psets{$s} = getppriv($s));
 155 }
 156 report();
 157 
 158 #
 159 # 10. Verify that we can reset those sets.
 160 #
 161 foreach my $s (keys %PRIVSETS)
 162 {
 163         $errs++ unless (setppriv(PRIV_SET, $s, $psets{$s}));
 164 }
 165 report();
 166 
 167 #
 168 # 11. E/P/I manipulations.
 169 #
 170 $errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, priv_emptyset());
 171 $errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, getppriv(PRIV_PERMITTED));
 172 $errs++ unless setppriv(PRIV_SET, PRIV_INHERITABLE, priv_emptyset());
 173 $errs++ unless setppriv(PRIV_SET, PRIV_INHERITABLE, getppriv(PRIV_PERMITTED));
 174 report();
 175 #
 176 # 12. Fork()/exec() tests.  See if the setting the privileges actually
 177 # has an effect.
 178 #
 179 my $p;
 180 priv_delset($p = getppriv(PRIV_PERMITTED), PRIV_PROC_FORK);
 181 $errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, $p);
 182 
 183 my $fr = fork();
 184 
 185 # Child of a sucessful fork().
 186 exit if (defined($fr) && $fr == 0);
 187 
 188 $errs++ unless !defined $fr;
 189 
 190 # Exec test
 191 priv_addset($p, PRIV_PROC_FORK);
 192 priv_delset($p, PRIV_PROC_EXEC);
 193 $errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, $p);
 194 my $out = `echo foo 2>/dev/null`;
 195 $errs++ unless (!defined $out || $out eq "");
 196 
 197 # Restore E.
 198 $errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, getppriv(PRIV_PERMITTED));
 199 
 200 report();
 201 
 202 #
 203 # 13. Verify priv_str_to_set, priv_set_to_str
 204 #
 205 my $newset = priv_str_to_set(join(",", keys %PRIVILEGES), ",");
 206 map { $errs++ if (!priv_ismember($newset, $_)); } keys %PRIVILEGES;
 207 
 208 $newset = priv_str_to_set("all", ",");
 209 map { $errs++ if (!priv_ismember($newset, $_)); } keys %PRIVILEGES;
 210 
 211 $newset = priv_str_to_set("none", ",");
 212 map { $errs++ if (priv_ismember($newset, $_)); } keys %PRIVILEGES;
 213 
 214 foreach my $p (keys %PRIVILEGES)
 215 {
 216         $newset = priv_str_to_set($PRIVILEGES{$p}, ",");
 217         $errs++ if (!priv_ismember($newset, $p));
 218         $errs++ if (priv_ismember(priv_inverse($newset), $p));
 219 }
 220 
 221 foreach my $p (keys %PRIVILEGES)
 222 {
 223         $newset = priv_str_to_set("all,!" . $PRIVILEGES{$p}, ",");
 224         $errs++ if (priv_ismember($newset, $p));
 225         foreach my $p2 (keys %PRIVILEGES)
 226         {
 227                 next if ($p eq $p2);
 228                 $errs++ if (!priv_ismember($newset, $p2));
 229                 $errs++ if (priv_ismember(priv_inverse($newset), $p2));
 230         }
 231 }
 232 report();
 233 
 234 #
 235 # 14. Check whether PRIV_SET, PRIV_ON, PRIV_OFF work.
 236 #
 237 my $perm;
 238 my @ours = split(/,/,
 239     priv_set_to_str($perm = getppriv(PRIV_PERMITTED), ",", PRIV_STR_LIT));
 240 my $set = priv_emptyset();
 241 
 242 
 243 $errs++ unless (setppriv(PRIV_SET, PRIV_EFFECTIVE, $perm));
 244 priv_addset($set, $ours[0]);
 245 $errs++ unless (setppriv(PRIV_OFF, PRIV_EFFECTIVE, $set));
 246 my $new = getppriv(PRIV_EFFECTIVE);
 247 
 248 # The new set should be equal to the $perm minus the priv set in $set.
 249 my $temp = priv_intersect($perm, priv_inverse($set));
 250 $errs++ unless (priv_isequalset($temp, $new));
 251 
 252 # Set the single bit back on.
 253 $errs++ unless (setppriv(PRIV_ON, PRIV_EFFECTIVE, $set));
 254 $new = getppriv(PRIV_EFFECTIVE);
 255 $errs++ unless (priv_isequalset($perm, $new));
 256 
 257 # Set the set
 258 $errs++ unless (setppriv(PRIV_SET, PRIV_EFFECTIVE, $set));
 259 $new = getppriv(PRIV_EFFECTIVE);
 260 $errs++ unless (priv_isequalset($set, $new));
 261 
 262 # Clear the set
 263 $errs++ unless (setppriv(PRIV_OFF, PRIV_EFFECTIVE, $set));
 264 $new = getppriv(PRIV_EFFECTIVE);
 265 $errs++ unless (priv_isemptyset( $new));
 266 
 267 # Set the single bit back on.
 268 $errs++ unless (setppriv(PRIV_ON, PRIV_EFFECTIVE, $set));
 269 $new = getppriv(PRIV_EFFECTIVE);
 270 $errs++ unless (priv_isequalset($set, $new));
 271 
 272 report();
 273 
 274 #
 275 # 15. We should be privilege aware by now.
 276 #
 277 $errs++ unless (getpflags(PRIV_AWARE) == 1);
 278 report();