added filesystem permissions test
This commit is contained in:
Michael Rash
@@ -649,6 +649,20 @@ my @tests = (
|
||||
'fw_rule_removed' => $NEW_RULE_REMOVED,
|
||||
'fatal' => $NO
|
||||
},
|
||||
{
|
||||
'category' => 'Rijndael SPA',
|
||||
'subcategory' => 'client+server',
|
||||
'detail' => 'permissions check cycle (tcp/22)',
|
||||
'err_msg' => 'could not complete SPA cycle',
|
||||
'function' => \&permissions_check,
|
||||
'cmdline' => $default_client_args,
|
||||
'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
|
||||
"$fwknopdCmd $default_server_conf_args $intf_str",
|
||||
'server_positive_output_matches' => [qr/permissions\sshould\sonly\sbe\suser/],
|
||||
'fw_rule_created' => $NEW_RULE_REQUIRED,
|
||||
'fw_rule_removed' => $NEW_RULE_REMOVED,
|
||||
'fatal' => $NO
|
||||
},
|
||||
{
|
||||
'category' => 'Rijndael SPA',
|
||||
'subcategory' => 'client+server',
|
||||
@@ -2203,6 +2217,26 @@ sub client_send_spa_packet() {
|
||||
return 1;
|
||||
}
|
||||
|
||||
sub permissions_check() {
|
||||
my $test_hr = shift;
|
||||
|
||||
my $rv = 0;
|
||||
chmod 0777, $cf{'def'} or die $!;
|
||||
chmod 0777, $cf{'def_access'} or die $!;
|
||||
|
||||
$rv = &spa_cycle($test_hr);
|
||||
|
||||
chmod 0600, $cf{'def'} or die $!;
|
||||
chmod 0600, $cf{'def_access'} or die $!;
|
||||
|
||||
if ($test_hr->{'server_positive_output_matches'}) {
|
||||
$rv = 0 unless &file_find_regex(
|
||||
$test_hr->{'server_positive_output_matches'},
|
||||
$MATCH_ALL, $server_test_file);
|
||||
}
|
||||
return $rv;
|
||||
}
|
||||
|
||||
sub spa_cycle() {
|
||||
my $test_hr = shift;
|
||||
|
||||
@@ -3174,6 +3208,7 @@ sub init() {
|
||||
|
||||
for my $name (keys %cf) {
|
||||
die "[*] $cf{$name} does not exist" unless -e $cf{$name};
|
||||
chmod 0600, $cf{$name} or die "[*] Could not chmod 0600 $cf{$name}";
|
||||
}
|
||||
|
||||
if (-d $output_dir) {
|
||||
@@ -3198,9 +3233,11 @@ sub init() {
|
||||
} else {
|
||||
mkdir $output_dir or die "[*] Could not mkdir $output_dir: $!";
|
||||
}
|
||||
unless (-d $run_dir) {
|
||||
mkdir $run_dir or die "[*] Could not mkdir $run_dir: $!";
|
||||
|
||||
if (-d $run_dir) {
|
||||
rmtree $run_dir or die $!;
|
||||
}
|
||||
mkdir $run_dir or die "[*] Could not mkdir $run_dir: $!";
|
||||
|
||||
for my $file (glob("$output_dir/*.test")) {
|
||||
unlink $file or die "[*] Could not unlink($file)";
|
||||
|
||||
Reference in New Issue
Block a user