2086N/A# Copyright (c) 2004, Oracle
and/or its affiliates. All rights reserved.
2086N/A# test script for Sun::Solaris::Privilege
2086N/A print("not ok $test $@\n");
2086N/A print("not ok $test $@\n");
2086N/A# Main body of tests starts here
2086N/Amy ($loaded, $line) = (1, 0);
2086N/Amy $fh = do { local *FH; *FH; };
2086N/ABEGIN { $| = 1; print "1..15\n"; }
2086N/AEND { print "not ok 1\n" unless $loaded; }
2086N/Ause Sun::Solaris::Privilege qw(:ALL :PRIVATE);
2086N/Amy @privs = split(/\s+/, $privs);
2086N/A# 3. Are all privileges according ppriv -l defined in the privileges hash?
2086N/A $errs++ if (!defined $PRIVILEGES{$cn} || $PRIVILEGES{$cn} ne $p);
2086N/A# 4. And are those all the privileges.
2086N/Aforeach my $p (keys %PRIVILEGES)
2086N/A $errs++ if (!defined $sprivs{$p});
2086N/A# 5. Verify that all privileges are part of the full set.
2086N/Aforeach my $p (keys %PRIVILEGES)
2086N/A $errs++ if (!priv_ismember($full, $p));
2086N/A# 6. Verify that no privilege is part of the empty set.
2086N/Amy $empty = priv_emptyset();
2086N/Aforeach my $p (keys %PRIVILEGES)
2086N/A $errs++ if (priv_ismember($empty, $p));
2086N/A# 7. Verify that priv_delset removes privileges.
2086N/Aforeach my $p (keys %PRIVILEGES)
2086N/A my $testset = priv_fillset();
2086N/A $errs++ unless priv_delset($testset, $p);
2086N/A $errs++ if priv_ismember($testset, $p);
2086N/A$errs++ unless ($pflags = getpflags(PRIV_AWARE));
2086N/A$errs++ unless setpflags(PRIV_AWARE, 0);
2086N/A$errs++ unless setpflags(PRIV_DEBUG, 1);
2086N/A$errs++ unless (getpflags(PRIV_DEBUG) == 1);
2086N/A$errs++ unless setpflags(PRIV_DEBUG, 0);
2086N/A$errs++ unless (getpflags(PRIV_DEBUG) == 0);
2086N/A# 9. Verify getppriv() works.
2086N/Aforeach my $s (keys %PRIVSETS)
2086N/A $errs++ unless ($psets{$s} = getppriv($s));
2086N/A# 10. Verify that we can reset those sets.
2086N/Aforeach my $s (keys %PRIVSETS)
2086N/A $errs++ unless (setppriv(PRIV_SET, $s, $psets{$s}));
2086N/A$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, priv_emptyset());
2086N/A$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, getppriv(PRIV_PERMITTED));
2086N/A$errs++ unless setppriv(PRIV_SET, PRIV_INHERITABLE, priv_emptyset());
2086N/A$errs++ unless setppriv(PRIV_SET, PRIV_INHERITABLE, getppriv(PRIV_PERMITTED));
2086N/A# 12. Fork()/exec() tests. See if the setting the privileges actually
2086N/Apriv_delset($p = getppriv(PRIV_PERMITTED), PRIV_PROC_FORK);
2086N/A$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, $p);
2086N/A# Child of a sucessful fork().
2086N/Aexit if (defined($fr) && $fr == 0);
2086N/A$errs++ unless !defined $fr;
2367N/Apriv_addset($p, PRIV_PROC_FORK);
2367N/Apriv_delset($p, PRIV_PROC_EXEC);
2367N/A$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, $p);
2367N/A$errs++ unless (!defined $out || $out eq "");
2367N/A$errs++ unless setppriv(PRIV_SET, PRIV_EFFECTIVE, getppriv(PRIV_PERMITTED));
2367N/A# 13. Verify priv_str_to_set, priv_set_to_str
2367N/Amy $newset = priv_str_to_set(join(",", keys %PRIVILEGES), ",");
2367N/Amap { $errs++ if (!priv_ismember($newset, $_)); } keys %PRIVILEGES;
2367N/A$newset = priv_str_to_set("all", ",");
2367N/Amap { $errs++ if (!priv_ismember($newset, $_)); } keys %PRIVILEGES;
2367N/A$newset = priv_str_to_set("none", ",");
2367N/Amap { $errs++ if (priv_ismember($newset, $_)); } keys %PRIVILEGES;
2367N/Aforeach my $p (keys %PRIVILEGES)
2367N/A $newset = priv_str_to_set($PRIVILEGES{$p}, ",");
2367N/A $errs++ if (!priv_ismember($newset, $p));
2367N/A $errs++ if (priv_ismember(priv_inverse($newset), $p));
2367N/Aforeach my $p (keys %PRIVILEGES)
2367N/A $newset = priv_str_to_set("all,!" . $PRIVILEGES{$p}, ",");
2367N/A $errs++ if (priv_ismember($newset, $p));
2367N/A foreach my $p2 (keys %PRIVILEGES)
2367N/A $errs++ if (!priv_ismember($newset, $p2));
2367N/A $errs++ if (priv_ismember(priv_inverse($newset), $p2));
2389N/A# 14. Check whether PRIV_SET, PRIV_ON, PRIV_OFF work.
2367N/A priv_set_to_str($perm = getppriv(PRIV_PERMITTED), ",", PRIV_STR_LIT));
2367N/A$errs++ unless (setppriv(PRIV_SET, PRIV_EFFECTIVE, $perm));
2367N/Apriv_addset($set, $ours[0]);
2367N/A$errs++ unless (setppriv(PRIV_OFF, PRIV_EFFECTIVE, $set));
2367N/Amy $new = getppriv(PRIV_EFFECTIVE);
2367N/A# The new set should be equal to the $perm minus the priv set in $set.
2367N/Amy $temp = priv_intersect($perm, priv_inverse($set));
2367N/A$errs++ unless (priv_isequalset($temp, $new));
2367N/A# Set the single bit back on.
2367N/A$errs++ unless (setppriv(PRIV_ON, PRIV_EFFECTIVE, $set));
2367N/A$new = getppriv(PRIV_EFFECTIVE);
2367N/A$errs++ unless (priv_isequalset($perm, $new));
2409N/A$errs++ unless (setppriv(PRIV_SET, PRIV_EFFECTIVE, $set));
2409N/A$new = getppriv(PRIV_EFFECTIVE);
2409N/A$errs++ unless (priv_isequalset($set, $new));
2463N/A$errs++ unless (setppriv(PRIV_OFF, PRIV_EFFECTIVE, $set));
2463N/A$new = getppriv(PRIV_EFFECTIVE);
2463N/A$errs++ unless (priv_isemptyset( $new));
2463N/A# Set the single bit back on.
2463N/A$errs++ unless (setppriv(PRIV_ON, PRIV_EFFECTIVE, $set));
2463N/A$new = getppriv(PRIV_EFFECTIVE);
2463N/A$errs++ unless (priv_isequalset($set, $new));
2463N/A# 15. We should be privilege aware by now.
2501N/A$errs++ unless (getpflags(PRIV_AWARE) == 1);