1261287Sdes# $OpenBSD: sftp-perm.sh,v 1.2 2013/10/17 22:00:18 djm Exp $ 2261287Sdes# Placed in the Public Domain. 3261287Sdes 4261287Sdestid="sftp permissions" 5261287Sdes 6261287SdesSERVER_LOG=${OBJ}/sftp-server.log 7261287SdesCLIENT_LOG=${OBJ}/sftp.log 8261287SdesTEST_SFTP_SERVER=${OBJ}/sftp-server.sh 9261287Sdes 10261287Sdesprepare_server() { 11261287Sdes printf "#!/bin/sh\nexec $SFTPSERVER -el debug3 $* 2>$SERVER_LOG\n" \ 12261287Sdes > $TEST_SFTP_SERVER 13261287Sdes chmod a+x $TEST_SFTP_SERVER 14261287Sdes} 15261287Sdes 16261287Sdesrun_client() { 17261287Sdes echo "$@" | ${SFTP} -D ${TEST_SFTP_SERVER} -vvvb - >$CLIENT_LOG 2>&1 18261287Sdes} 19261287Sdes 20261287Sdesprepare_files() { 21261287Sdes _prep="$1" 22261287Sdes rm -f ${COPY} ${COPY}.1 23261287Sdes test -d ${COPY}.dd && { rmdir ${COPY}.dd || fatal "rmdir ${COPY}.dd"; } 24261287Sdes test -z "$_prep" && return 25261287Sdes sh -c "$_prep" || fail "preparation failed: \"$_prep\"" 26261287Sdes} 27261287Sdes 28261287Sdespostcondition() { 29261287Sdes _title="$1" 30261287Sdes _check="$2" 31261287Sdes test -z "$_check" && return 32261287Sdes ${TEST_SHELL} -c "$_check" || fail "postcondition check failed: $_title" 33261287Sdes} 34261287Sdes 35261287Sdesro_test() { 36261287Sdes _desc=$1 37261287Sdes _cmd="$2" 38261287Sdes _prep="$3" 39261287Sdes _expect_success_post="$4" 40261287Sdes _expect_fail_post="$5" 41261287Sdes verbose "$tid: read-only $_desc" 42261287Sdes # Plain (no options, mostly to test that _cmd is good) 43261287Sdes prepare_files "$_prep" 44261287Sdes prepare_server 45261287Sdes run_client "$_cmd" || fail "plain $_desc failed" 46261287Sdes postcondition "$_desc no-readonly" "$_expect_success_post" 47261287Sdes # Read-only enabled 48261287Sdes prepare_files "$_prep" 49261287Sdes prepare_server -R 50261287Sdes run_client "$_cmd" && fail "read-only $_desc succeeded" 51261287Sdes postcondition "$_desc readonly" "$_expect_fail_post" 52261287Sdes} 53261287Sdes 54261287Sdesperm_test() { 55261287Sdes _op=$1 56261287Sdes _whitelist_ops=$2 57261287Sdes _cmd="$3" 58261287Sdes _prep="$4" 59261287Sdes _expect_success_post="$5" 60261287Sdes _expect_fail_post="$6" 61261287Sdes verbose "$tid: explicit $_op" 62261287Sdes # Plain (no options, mostly to test that _cmd is good) 63261287Sdes prepare_files "$_prep" 64261287Sdes prepare_server 65261287Sdes run_client "$_cmd" || fail "plain $_op failed" 66261287Sdes postcondition "$_op no white/blacklists" "$_expect_success_post" 67261287Sdes # Whitelist 68261287Sdes prepare_files "$_prep" 69261287Sdes prepare_server -p $_op,$_whitelist_ops 70261287Sdes run_client "$_cmd" || fail "whitelisted $_op failed" 71261287Sdes postcondition "$_op whitelisted" "$_expect_success_post" 72261287Sdes # Blacklist 73261287Sdes prepare_files "$_prep" 74261287Sdes prepare_server -P $_op 75261287Sdes run_client "$_cmd" && fail "blacklisted $_op succeeded" 76261287Sdes postcondition "$_op blacklisted" "$_expect_fail_post" 77261287Sdes # Whitelist with op missing. 78261287Sdes prepare_files "$_prep" 79261287Sdes prepare_server -p $_whitelist_ops 80261287Sdes run_client "$_cmd" && fail "no whitelist $_op succeeded" 81261287Sdes postcondition "$_op not in whitelist" "$_expect_fail_post" 82261287Sdes} 83261287Sdes 84261287Sdesro_test \ 85261287Sdes "upload" \ 86261287Sdes "put $DATA $COPY" \ 87261287Sdes "" \ 88261287Sdes "cmp $DATA $COPY" \ 89261287Sdes "test ! -f $COPY" 90261287Sdes 91261287Sdesro_test \ 92261287Sdes "setstat" \ 93261287Sdes "chmod 0700 $COPY" \ 94261287Sdes "touch $COPY; chmod 0400 $COPY" \ 95261287Sdes "test -x $COPY" \ 96261287Sdes "test ! -x $COPY" 97261287Sdes 98261287Sdesro_test \ 99261287Sdes "rm" \ 100261287Sdes "rm $COPY" \ 101261287Sdes "touch $COPY" \ 102261287Sdes "test ! -f $COPY" \ 103261287Sdes "test -f $COPY" 104261287Sdes 105261287Sdesro_test \ 106261287Sdes "mkdir" \ 107261287Sdes "mkdir ${COPY}.dd" \ 108261287Sdes "" \ 109261287Sdes "test -d ${COPY}.dd" \ 110261287Sdes "test ! -d ${COPY}.dd" 111261287Sdes 112261287Sdesro_test \ 113261287Sdes "rmdir" \ 114261287Sdes "rmdir ${COPY}.dd" \ 115261287Sdes "mkdir ${COPY}.dd" \ 116261287Sdes "test ! -d ${COPY}.dd" \ 117261287Sdes "test -d ${COPY}.dd" 118261287Sdes 119261287Sdesro_test \ 120261287Sdes "posix-rename" \ 121261287Sdes "rename $COPY ${COPY}.1" \ 122261287Sdes "touch $COPY" \ 123261287Sdes "test -f ${COPY}.1 -a ! -f $COPY" \ 124261287Sdes "test -f $COPY -a ! -f ${COPY}.1" 125261287Sdes 126261287Sdesro_test \ 127261287Sdes "oldrename" \ 128261287Sdes "rename -l $COPY ${COPY}.1" \ 129261287Sdes "touch $COPY" \ 130261287Sdes "test -f ${COPY}.1 -a ! -f $COPY" \ 131261287Sdes "test -f $COPY -a ! -f ${COPY}.1" 132261287Sdes 133261287Sdesro_test \ 134261287Sdes "symlink" \ 135261287Sdes "ln -s $COPY ${COPY}.1" \ 136261287Sdes "touch $COPY" \ 137261287Sdes "test -h ${COPY}.1" \ 138261287Sdes "test ! -h ${COPY}.1" 139261287Sdes 140261287Sdesro_test \ 141261287Sdes "hardlink" \ 142261287Sdes "ln $COPY ${COPY}.1" \ 143261287Sdes "touch $COPY" \ 144261287Sdes "test -f ${COPY}.1" \ 145261287Sdes "test ! -f ${COPY}.1" 146261287Sdes 147261287Sdes# Test explicit permissions 148261287Sdes 149261287Sdesperm_test \ 150261287Sdes "open" \ 151261287Sdes "realpath,stat,lstat,read,close" \ 152261287Sdes "get $DATA $COPY" \ 153261287Sdes "" \ 154261287Sdes "cmp $DATA $COPY" \ 155261287Sdes "! cmp $DATA $COPY 2>/dev/null" 156261287Sdes 157261287Sdesperm_test \ 158261287Sdes "read" \ 159261287Sdes "realpath,stat,lstat,open,close" \ 160261287Sdes "get $DATA $COPY" \ 161261287Sdes "" \ 162261287Sdes "cmp $DATA $COPY" \ 163261287Sdes "! cmp $DATA $COPY 2>/dev/null" 164261287Sdes 165261287Sdesperm_test \ 166261287Sdes "write" \ 167261287Sdes "realpath,stat,lstat,open,close" \ 168261287Sdes "put $DATA $COPY" \ 169261287Sdes "" \ 170261287Sdes "cmp $DATA $COPY" \ 171261287Sdes "! cmp $DATA $COPY 2>/dev/null" 172261287Sdes 173261287Sdesperm_test \ 174261287Sdes "lstat" \ 175261287Sdes "realpath,stat,open,read,close" \ 176261287Sdes "get $DATA $COPY" \ 177261287Sdes "" \ 178261287Sdes "cmp $DATA $COPY" \ 179261287Sdes "! cmp $DATA $COPY 2>/dev/null" 180261287Sdes 181261287Sdesperm_test \ 182261287Sdes "opendir" \ 183261287Sdes "realpath,readdir,stat,lstat" \ 184261287Sdes "ls -ln $OBJ" 185261287Sdes 186261287Sdesperm_test \ 187261287Sdes "readdir" \ 188261287Sdes "realpath,opendir,stat,lstat" \ 189261287Sdes "ls -ln $OBJ" 190261287Sdes 191261287Sdesperm_test \ 192261287Sdes "setstat" \ 193261287Sdes "realpath,stat,lstat" \ 194261287Sdes "chmod 0700 $COPY" \ 195261287Sdes "touch $COPY; chmod 0400 $COPY" \ 196261287Sdes "test -x $COPY" \ 197261287Sdes "test ! -x $COPY" 198261287Sdes 199261287Sdesperm_test \ 200261287Sdes "remove" \ 201261287Sdes "realpath,stat,lstat" \ 202261287Sdes "rm $COPY" \ 203261287Sdes "touch $COPY" \ 204261287Sdes "test ! -f $COPY" \ 205261287Sdes "test -f $COPY" 206261287Sdes 207261287Sdesperm_test \ 208261287Sdes "mkdir" \ 209261287Sdes "realpath,stat,lstat" \ 210261287Sdes "mkdir ${COPY}.dd" \ 211261287Sdes "" \ 212261287Sdes "test -d ${COPY}.dd" \ 213261287Sdes "test ! -d ${COPY}.dd" 214261287Sdes 215261287Sdesperm_test \ 216261287Sdes "rmdir" \ 217261287Sdes "realpath,stat,lstat" \ 218261287Sdes "rmdir ${COPY}.dd" \ 219261287Sdes "mkdir ${COPY}.dd" \ 220261287Sdes "test ! -d ${COPY}.dd" \ 221261287Sdes "test -d ${COPY}.dd" 222261287Sdes 223261287Sdesperm_test \ 224261287Sdes "posix-rename" \ 225261287Sdes "realpath,stat,lstat" \ 226261287Sdes "rename $COPY ${COPY}.1" \ 227261287Sdes "touch $COPY" \ 228261287Sdes "test -f ${COPY}.1 -a ! -f $COPY" \ 229261287Sdes "test -f $COPY -a ! -f ${COPY}.1" 230261287Sdes 231261287Sdesperm_test \ 232261287Sdes "rename" \ 233261287Sdes "realpath,stat,lstat" \ 234261287Sdes "rename -l $COPY ${COPY}.1" \ 235261287Sdes "touch $COPY" \ 236261287Sdes "test -f ${COPY}.1 -a ! -f $COPY" \ 237261287Sdes "test -f $COPY -a ! -f ${COPY}.1" 238261287Sdes 239261287Sdesperm_test \ 240261287Sdes "symlink" \ 241261287Sdes "realpath,stat,lstat" \ 242261287Sdes "ln -s $COPY ${COPY}.1" \ 243261287Sdes "touch $COPY" \ 244261287Sdes "test -h ${COPY}.1" \ 245261287Sdes "test ! -h ${COPY}.1" 246261287Sdes 247261287Sdesperm_test \ 248261287Sdes "hardlink" \ 249261287Sdes "realpath,stat,lstat" \ 250261287Sdes "ln $COPY ${COPY}.1" \ 251261287Sdes "touch $COPY" \ 252261287Sdes "test -f ${COPY}.1" \ 253261287Sdes "test ! -f ${COPY}.1" 254261287Sdes 255261287Sdesperm_test \ 256261287Sdes "statvfs" \ 257261287Sdes "realpath,stat,lstat" \ 258261287Sdes "df /" 259261287Sdes 260261287Sdes# XXX need good tests for: 261261287Sdes# fstat 262261287Sdes# fsetstat 263261287Sdes# realpath 264261287Sdes# stat 265261287Sdes# readlink 266261287Sdes# fstatvfs 267261287Sdes 268261287Sdesrm -rf ${COPY} ${COPY}.1 ${COPY}.dd 269261287Sdes 270