1# 2# Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. 3# 4 5# 6# test script for Sun::Solaris::Privilege 7# 8 9$^W = 1; 10use strict; 11use Data::Dumper; 12$Data::Dumper::Terse = 1; 13$Data::Dumper::Indent = 0; 14 15# 16# Status reporting utils 17# 18 19use vars qw($test); 20$test = 1; 21 22sub pass 23{ 24 print("ok $test $@\n"); 25 $test++; 26} 27 28sub fail 29{ 30 print("not ok $test $@\n"); 31 $test++; 32} 33 34sub fatal 35{ 36 print("not ok $test $@\n"); 37 exit(1); 38} 39 40my $errs; 41 42sub report 43{ 44 if ($errs) { 45 fail(); 46 } else { 47 pass(); 48 } 49 $errs = 0; 50} 51 52# 53# Main body of tests starts here 54# 55 56my ($loaded, $line) = (1, 0); 57my $fh = do { local *FH; *FH; }; 58 59# 1. Check the module loads 60BEGIN { $| = 1; print "1..15\n"; } 61END { print "not ok 1\n" unless $loaded; } 62use Sun::Solaris::Privilege qw(:ALL :PRIVATE); 63$loaded = 1; 64pass(); 65 66# 67# 2. ppriv -l works 68# 69my $privs = `ppriv -l`; 70if ($privs eq "") { 71 fail(); 72} else { 73 pass(); 74} 75my @privs = split(/\s+/, $privs); 76 77# 78# 3. Are all privileges according ppriv -l defined in the privileges hash? 79# 80 81my %sprivs; 82foreach my $p (@privs) 83{ 84 my $cn = $p; 85 $cn =~ s/.*/PRIV_\U$&/; 86 $sprivs{$cn} = $p; 87 $errs++ if (!defined $PRIVILEGES{$cn} || $PRIVILEGES{$cn} ne $p); 88} 89report(); 90 91# 92# 4. And are those all the privileges. 93# 94foreach my $p (keys %PRIVILEGES) 95{ 96 $errs++ if (!defined $sprivs{$p}); 97} 98report(); 99 100# 101# 5. Verify that all privileges are part of the full set. 102# 103my $full = priv_fillset(); 104 105foreach my $p (keys %PRIVILEGES) 106{ 107 $errs++ if (!priv_ismember($full, $p)); 108} 109report(); 110 111# 112# 6. Verify that no privilege is part of the empty set. 113# 114my $empty = priv_emptyset(); 115 116foreach my $p (keys %PRIVILEGES) 117{ 118 $errs++ if (priv_ismember($empty, $p)); 119} 120report(); 121 122# 123# 7. Verify that priv_delset removes privileges. 124# 125foreach my $p (keys %PRIVILEGES) 126{ 127 my $testset = priv_fillset(); 128 $errs++ unless priv_delset($testset, $p); 129 $errs++ if priv_ismember($testset, $p); 130 131} 132report(); 133 134# 135# 8. Verify getpflags/setpflags. 136# 137my $pflags; 138$errs++ unless ($pflags = getpflags(PRIV_AWARE)); 139 140$errs++ unless setpflags(PRIV_AWARE, 0); 141$errs++ unless setpflags(PRIV_DEBUG, 1); 142$errs++ unless (getpflags(PRIV_DEBUG) == 1); 143$errs++ unless setpflags(PRIV_DEBUG, 0); 144$errs++ unless (getpflags(PRIV_DEBUG) == 0); 145 146report(); 147 148# 149# 9. Verify getppriv() works. 150# 151my %psets; 152foreach my $s (keys %PRIVSETS) 153{ 154 $errs++ unless ($psets{$s} = getppriv($s)); 155} 156report(); 157 158# 159# 10. Verify that we can reset those sets. 160# 161foreach my $s (keys %PRIVSETS) 162{ 163 $errs++ unless (setppriv(PRIV_SET, $s, $psets{$s})); 164} 165report(); 166 167# 168# 11. E/P/I manipulations. 169# 170$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, priv_emptyset()); 171$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, getppriv(PRIV_PERMITTED)); 172$errs++ unless setppriv(PRIV_SET, PRIV_INHERITABLE, priv_emptyset()); 173$errs++ unless setppriv(PRIV_SET, PRIV_INHERITABLE, getppriv(PRIV_PERMITTED)); 174report(); 175# 176# 12. Fork()/exec() tests. See if the setting the privileges actually 177# has an effect. 178# 179my $p; 180priv_delset($p = getppriv(PRIV_PERMITTED), PRIV_PROC_FORK); 181$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, $p); 182 183my $fr = fork(); 184 185# Child of a sucessful fork(). 186exit if (defined($fr) && $fr == 0); 187 188$errs++ unless !defined $fr; 189 190# Exec test 191priv_addset($p, PRIV_PROC_FORK); 192priv_delset($p, PRIV_PROC_EXEC); 193$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, $p); 194my $out = `echo foo 2>/dev/null`; 195$errs++ unless (!defined $out || $out eq ""); 196 197# Restore E. 198$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, getppriv(PRIV_PERMITTED)); 199 200report(); 201 202# 203# 13. Verify priv_str_to_set, priv_set_to_str 204# 205my $newset = priv_str_to_set(join(",", keys %PRIVILEGES), ","); 206map { $errs++ if (!priv_ismember($newset, $_)); } keys %PRIVILEGES; 207 208$newset = priv_str_to_set("all", ","); 209map { $errs++ if (!priv_ismember($newset, $_)); } keys %PRIVILEGES; 210 211$newset = priv_str_to_set("none", ","); 212map { $errs++ if (priv_ismember($newset, $_)); } keys %PRIVILEGES; 213 214foreach my $p (keys %PRIVILEGES) 215{ 216 $newset = priv_str_to_set($PRIVILEGES{$p}, ","); 217 $errs++ if (!priv_ismember($newset, $p)); 218 $errs++ if (priv_ismember(priv_inverse($newset), $p)); 219} 220 221foreach my $p (keys %PRIVILEGES) 222{ 223 $newset = priv_str_to_set("all,!" . $PRIVILEGES{$p}, ","); 224 $errs++ if (priv_ismember($newset, $p)); 225 foreach my $p2 (keys %PRIVILEGES) 226 { 227 next if ($p eq $p2); 228 $errs++ if (!priv_ismember($newset, $p2)); 229 $errs++ if (priv_ismember(priv_inverse($newset), $p2)); 230 } 231} 232report(); 233 234# 235# 14. Check whether PRIV_SET, PRIV_ON, PRIV_OFF work. 236# 237my $perm; 238my @ours = split(/,/, 239 priv_set_to_str($perm = getppriv(PRIV_PERMITTED), ",", PRIV_STR_LIT)); 240my $set = priv_emptyset(); 241 242 243$errs++ unless (setppriv(PRIV_SET, PRIV_EFFECTIVE, $perm)); 244priv_addset($set, $ours[0]); 245$errs++ unless (setppriv(PRIV_OFF, PRIV_EFFECTIVE, $set)); 246my $new = getppriv(PRIV_EFFECTIVE); 247 248# The new set should be equal to the $perm minus the priv set in $set. 249my $temp = priv_intersect($perm, priv_inverse($set)); 250$errs++ unless (priv_isequalset($temp, $new)); 251 252# Set the single bit back on. 253$errs++ unless (setppriv(PRIV_ON, PRIV_EFFECTIVE, $set)); 254$new = getppriv(PRIV_EFFECTIVE); 255$errs++ unless (priv_isequalset($perm, $new)); 256 257# Set the set 258$errs++ unless (setppriv(PRIV_SET, PRIV_EFFECTIVE, $set)); 259$new = getppriv(PRIV_EFFECTIVE); 260$errs++ unless (priv_isequalset($set, $new)); 261 262# Clear the set 263$errs++ unless (setppriv(PRIV_OFF, PRIV_EFFECTIVE, $set)); 264$new = getppriv(PRIV_EFFECTIVE); 265$errs++ unless (priv_isemptyset( $new)); 266 267# Set the single bit back on. 268$errs++ unless (setppriv(PRIV_ON, PRIV_EFFECTIVE, $set)); 269$new = getppriv(PRIV_EFFECTIVE); 270$errs++ unless (priv_isequalset($set, $new)); 271 272report(); 273 274# 275# 15. We should be privilege aware by now. 276# 277$errs++ unless (getpflags(PRIV_AWARE) == 1); 278report(); 279