1N/A# Copyright (c) 2004, Oracle
and/or its affiliates. All rights reserved.
1N/A# test script for Sun::Solaris::Privilege
1N/A$Data::Dumper::Terse = 1;
1N/A$Data::Dumper::Indent = 0;
1N/A# Status reporting utils
1N/A print("ok $test $@\n");
1N/A print("not ok $test $@\n");
1N/A print("not ok $test $@\n");
1N/A# Main body of tests starts here
1N/Amy ($loaded, $line) = (1, 0);
1N/Amy $fh = do { local *FH; *FH; };
1N/A# 1. Check the module loads
1N/ABEGIN { $| = 1; print "1..15\n"; }
1N/AEND { print "not ok 1\n" unless $loaded; }
1N/Ause Sun::Solaris::Privilege qw(:ALL :PRIVATE);
1N/Amy $privs = `ppriv -l`;
1N/Amy @privs = split(/\s+/, $privs);
1N/A# 3. Are all privileges according ppriv -l defined in the privileges hash?
1N/Aforeach my $p (@privs)
1N/A $cn =~ s/.*/PRIV_\U$&/;
1N/A $errs++ if (!defined $PRIVILEGES{$cn} || $PRIVILEGES{$cn} ne $p);
1N/A# 4. And are those all the privileges.
1N/Aforeach my $p (keys %PRIVILEGES)
1N/A $errs++ if (!defined $sprivs{$p});
1N/A# 5. Verify that all privileges are part of the full set.
1N/Amy $full = priv_fillset();
1N/Aforeach my $p (keys %PRIVILEGES)
1N/A $errs++ if (!priv_ismember($full, $p));
1N/A# 6. Verify that no privilege is part of the empty set.
1N/Amy $empty = priv_emptyset();
1N/Aforeach my $p (keys %PRIVILEGES)
1N/A $errs++ if (priv_ismember($empty, $p));
1N/A# 7. Verify that priv_delset removes privileges.
1N/Aforeach my $p (keys %PRIVILEGES)
1N/A my $testset = priv_fillset();
1N/A $errs++ unless priv_delset($testset, $p);
1N/A $errs++ if priv_ismember($testset, $p);
1N/A$errs++ unless ($pflags = getpflags(PRIV_AWARE));
1N/A$errs++ unless setpflags(PRIV_AWARE, 0);
1N/A$errs++ unless setpflags(PRIV_DEBUG, 1);
1N/A$errs++ unless (getpflags(PRIV_DEBUG) == 1);
1N/A$errs++ unless setpflags(PRIV_DEBUG, 0);
1N/A$errs++ unless (getpflags(PRIV_DEBUG) == 0);
1N/A# 9. Verify getppriv() works.
1N/Aforeach my $s (keys %PRIVSETS)
1N/A $errs++ unless ($psets{$s} = getppriv($s));
1N/A# 10. Verify that we can reset those sets.
1N/Aforeach my $s (keys %PRIVSETS)
1N/A $errs++ unless (setppriv(PRIV_SET, $s, $psets{$s}));
1N/A# 11. E/P/I manipulations.
1N/A$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, priv_emptyset());
1N/A$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, getppriv(PRIV_PERMITTED));
1N/A$errs++ unless setppriv(PRIV_SET, PRIV_INHERITABLE, priv_emptyset());
1N/A$errs++ unless setppriv(PRIV_SET, PRIV_INHERITABLE, getppriv(PRIV_PERMITTED));
1N/A# 12. Fork()/exec() tests. See if the setting the privileges actually
1N/Apriv_delset($p = getppriv(PRIV_PERMITTED), PRIV_PROC_FORK);
1N/A$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, $p);
1N/A# Child of a sucessful fork().
1N/Aexit if (defined($fr) && $fr == 0);
1N/A$errs++ unless !defined $fr;
1N/Apriv_addset($p, PRIV_PROC_FORK);
1N/Apriv_delset($p, PRIV_PROC_EXEC);
1N/A$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, $p);
1N/A$errs++ unless (!defined $out || $out eq "");
1N/A$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, getppriv(PRIV_PERMITTED));
1N/A# 13. Verify priv_str_to_set, priv_set_to_str
1N/Amy $newset = priv_str_to_set(join(",", keys %PRIVILEGES), ",");
1N/Amap { $errs++ if (!priv_ismember($newset, $_)); } keys %PRIVILEGES;
1N/A$newset = priv_str_to_set("all", ",");
1N/Amap { $errs++ if (!priv_ismember($newset, $_)); } keys %PRIVILEGES;
1N/A$newset = priv_str_to_set("none", ",");
1N/Amap { $errs++ if (priv_ismember($newset, $_)); } keys %PRIVILEGES;
1N/Aforeach my $p (keys %PRIVILEGES)
1N/A $newset = priv_str_to_set($PRIVILEGES{$p}, ",");
1N/A $errs++ if (!priv_ismember($newset, $p));
1N/A $errs++ if (priv_ismember(priv_inverse($newset), $p));
1N/Aforeach my $p (keys %PRIVILEGES)
1N/A $newset = priv_str_to_set("all,!" . $PRIVILEGES{$p}, ",");
1N/A $errs++ if (priv_ismember($newset, $p));
1N/A foreach my $p2 (keys %PRIVILEGES)
1N/A next if ($p eq $p2);
1N/A $errs++ if (!priv_ismember($newset, $p2));
1N/A $errs++ if (priv_ismember(priv_inverse($newset), $p2));
1N/A# 14. Check whether PRIV_SET, PRIV_ON, PRIV_OFF work.
1N/Amy @ours = split(/,/,
1N/A priv_set_to_str($perm = getppriv(PRIV_PERMITTED), ",", PRIV_STR_LIT));
1N/Amy $set = priv_emptyset();
1N/A$errs++ unless (setppriv(PRIV_SET, PRIV_EFFECTIVE, $perm));
1N/Apriv_addset($set, $ours[0]);
1N/A$errs++ unless (setppriv(PRIV_OFF, PRIV_EFFECTIVE, $set));
1N/Amy $new = getppriv(PRIV_EFFECTIVE);
1N/A# The new set should be equal to the $perm minus the priv set in $set.
1N/Amy $temp = priv_intersect($perm, priv_inverse($set));
1N/A$errs++ unless (priv_isequalset($temp, $new));
1N/A# Set the single bit back on.
1N/A$errs++ unless (setppriv(PRIV_ON, PRIV_EFFECTIVE, $set));
1N/A$new = getppriv(PRIV_EFFECTIVE);
1N/A$errs++ unless (priv_isequalset($perm, $new));
1N/A$errs++ unless (setppriv(PRIV_SET, PRIV_EFFECTIVE, $set));
1N/A$new = getppriv(PRIV_EFFECTIVE);
1N/A$errs++ unless (priv_isequalset($set, $new));
1N/A$errs++ unless (setppriv(PRIV_OFF, PRIV_EFFECTIVE, $set));
1N/A$new = getppriv(PRIV_EFFECTIVE);
1N/A$errs++ unless (priv_isemptyset( $new));
1N/A# Set the single bit back on.
1N/A$errs++ unless (setppriv(PRIV_ON, PRIV_EFFECTIVE, $set));
1N/A$new = getppriv(PRIV_EFFECTIVE);
1N/A$errs++ unless (priv_isequalset($set, $new));
1N/A# 15. We should be privilege aware by now.
1N/A$errs++ unless (getpflags(PRIV_AWARE) == 1);