From owner-svn-src-head@freebsd.org Mon Dec 21 12:39:17 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 769E1A4D153; Mon, 21 Dec 2015 12:39:17 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 444C41390; Mon, 21 Dec 2015 12:39:17 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBLCdGKA044062; Mon, 21 Dec 2015 12:39:16 GMT (envelope-from ngie@FreeBSD.org) Received: (from ngie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBLCdGDK044061; Mon, 21 Dec 2015 12:39:16 GMT (envelope-from ngie@FreeBSD.org) Message-Id: <201512211239.tBLCdGDK044061@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ngie set sender to ngie@FreeBSD.org using -f From: Garrett Cooper Date: Mon, 21 Dec 2015 12:39:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r292545 - head/tools/regression/mac/mac_bsdextended X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2015 12:39:17 -0000 Author: ngie Date: Mon Dec 21 12:39:16 2015 New Revision: 292545 URL: https://svnweb.freebsd.org/changeset/base/292545 Log: Redo the TAP integration so it works with Kyua Kyua needs numbers in the TAP results :/, but prove doesn't MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division Modified: head/tools/regression/mac/mac_bsdextended/test_matches.sh Modified: head/tools/regression/mac/mac_bsdextended/test_matches.sh ============================================================================== --- head/tools/regression/mac/mac_bsdextended/test_matches.sh Mon Dec 21 12:20:02 2015 (r292544) +++ head/tools/regression/mac/mac_bsdextended/test_matches.sh Mon Dec 21 12:39:16 2015 (r292545) @@ -10,6 +10,19 @@ uidoutrange="daemon" gidinrange="nobody" # We expect $uidinrange in this group gidoutrange="daemon" # We expect $uidinrange in this group +test_num=1 +pass() +{ + echo "ok $test_num # $@" + : $(( test_num += 1 )) +} + +fail() +{ + echo "not ok $test_num # $@" + : $(( test_num += 1 )) +} + # # Setup # @@ -37,7 +50,7 @@ md_device=$(mount -p | grep "$playground trap "umount -f $playground; mdconfig -d -u $md_device; rmdir $playground" EXIT INT TERM if [ -z "$md_device" ]; then mount -p | grep $playground - echo "1..0 # md device not properly attached to the system" + echo "1..0 # SKIP md device not properly attached to the system" fi ugidfw remove 1 @@ -57,142 +70,284 @@ echo "1..30" command1="sh $playground/test-script.sh $file1" command2="sh $playground/test-script.sh $file2" -echo "# $uidinrange file:" -su -m $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" +desc="$uidinrange file" +if su -m $uidinrange -c "$command1"; then + pass $desc +else + fail $desc +fi + chown "$uidinrange":"$gidinrange" $file1 chmod a+w $file1 -echo "# $uidoutrange file:" -if $command2; then echo ok; else echo not ok; fi +desc="$uidoutrange file" +if $command2; then + pass $desc +else + fail $desc +fi + chown "$uidoutrange":"$gidoutrange" $file2 chmod a+w $file2 # # No rules # -echo "# no rules $uidinrange:" -su -fm $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" -echo "# no rules $uidoutrange:" -su -fm $uidoutrange -c "if $command1; then echo ok; else echo not ok; fi" +desc="no rules $uidinrange" +if su -fm $uidinrange -c "$command1"; then + pass $desc +else + fail $desc +fi + +desc="no rules $uidoutrange" +if su -fm $uidoutrange -c "$command1"; then + pass $desc +else + fail $desc +fi # # Subject Match on uid # ugidfw set 1 subject uid $uidrange object mode rasx -echo "# subject uid in range:" -su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" -echo "# subject uid out range:" -su -fm $uidoutrange -c "if $command1; then echo ok; else echo not ok; fi" +desc="subject uid in range" +if su -fm $uidinrange -c "$command1"; then + fail $desc +else + pass $desc +fi + +desc="subject uid out range" +if su -fm $uidoutrange -c "$command1"; then + pass $desc +else + fail $desc +fi # # Subject Match on gid # ugidfw set 1 subject gid $gidrange object mode rasx -echo "# subject gid in range:" -su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" -echo "# subject gid out range:" -su -fm $uidoutrange -c "if $command1; then echo ok; else echo not ok; fi" + +desc="subject gid in range" +if su -fm $uidinrange -c "$command1"; then + fail $desc +else + pass $desc +fi + +desc="subject gid out range" +if su -fm $uidoutrange -c "$command1"; then + pass $desc +else + fail $desc +fi # # Subject Match on jail # rm -f $playground/test-jail -echo "# subject matching jailid:" + +desc="subject matching jailid" jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"` ugidfw set 1 subject jailid $jailid object mode rasx sleep 10 -if [ -f $playground/test-jail ]; then echo "not ok # TODO this testcase is buggy (see bug # 205481)"; else echo ok; fi + +if [ -f $playground/test-jail ]; then + fail "TODO $desc: this testcase fails (see bug # 205481)" +else + pass $desc +fi rm -f $playground/test-jail -echo "# subject nonmatching jailid:" +desc="subject nonmatching jailid" jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"` sleep 10 -if [ -f $playground/test-jail ]; then echo ok; else echo not ok; fi +if [ -f $playground/test-jail ]; then + pass $desc +else + fail $desc +fi # # Object uid # ugidfw set 1 subject object uid $uidrange mode rasx -echo "# object uid in range:" -su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" -echo "# object uid out range:" -su -fm $uidinrange -c "if $command2; then echo ok; else echo not ok; fi" + +desc="object uid in range" +if su -fm $uidinrange -c "$command1"; then + fail $desc +else + pass $desc +fi + +desc="object uid out range" +if su -fm $uidinrange -c "$command2"; then + pass $desc +else + fail $desc +fi ugidfw set 1 subject object uid $uidrange mode rasx -echo "# object uid in range (differennt subject):" -su -fm $uidoutrange -c "if $command1; then echo not ok; else echo ok; fi" -echo "# object uid out range (differennt subject):" -su -fm $uidoutrange -c "if $command2; then echo ok; else echo not ok; fi" + +desc="object uid in range (different subject)" +if su -fm $uidoutrange -c "$command1"; then + fail $desc +else + pass $desc +fi + +desc="object uid out range (different subject)" +if su -fm $uidoutrange -c "$command2"; then + pass $desc +else + fail $desc +fi # # Object gid # ugidfw set 1 subject object gid $uidrange mode rasx -echo "# object gid in range:" -su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" -echo "# object gid out range:" -su -fm $uidinrange -c "if $command2; then echo ok; else echo not ok; fi" -echo "# object gid in range (different subject):" -su -fm $uidoutrange -c "if $command1; then echo not ok; else echo ok; fi" -echo "# object gid out range (different subject):" -su -fm $uidoutrange -c "if $command2; then echo ok; else echo not ok; fi" + +desc="object gid in range" +if su -fm $uidinrange -c "$command1"; then + fail $desc +else + pass $desc +fi + +desc="object gid out range" +if su -fm $uidinrange -c "$command2"; then + pass $desc +else + fail $desc +fi +desc="object gid in range (different subject)" +if su -fm $uidoutrange -c "$command1"; then + fail $desc +else + pass $desc +fi + +desc="object gid out range (different subject)" +if su -fm $uidoutrange -c "$command2"; then + pass $desc +else + fail $desc +fi # # Object filesys # ugidfw set 1 subject uid $uidrange object filesys / mode rasx -echo "# object out of filesys:" -su -fm $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" +desc="object out of filesys" +if su -fm $uidinrange -c "$command1"; then + pass $desc +else + fail $desc +fi + ugidfw set 1 subject uid $uidrange object filesys $playground mode rasx -echo "# object in filesys:" -su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" +desc="object in filesys" +if su -fm $uidinrange -c "$command1"; then + fail $desc +else + pass $desc +fi # # Object suid # ugidfw set 1 subject uid $uidrange object suid mode rasx -echo "# object notsuid:" -su -fm $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" +desc="object notsuid" +if su -fm $uidinrange -c "$command1"; then + pass $desc +else + fail $desc +fi + chmod u+s $file1 -echo "# object suid:" -su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" +desc="object suid" +if su -fm $uidinrange -c "$command1"; then + fail $desc +else + pass $desc +fi chmod u-s $file1 # # Object sgid # ugidfw set 1 subject uid $uidrange object sgid mode rasx -echo "# object notsgid:" -su -fm $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" +desc="object notsgid" +if su -fm $uidinrange -c "$command1"; then + pass $desc +else + fail $desc +fi + chmod g+s $file1 -echo "# object sgid:" -su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" +desc="object sgid" +if su -fm $uidinrange -c "$command1"; then + fail $desc +else + pass $desc +fi chmod g-s $file1 # # Object uid matches subject # ugidfw set 1 subject uid $uidrange object uid_of_subject mode rasx -echo "# object uid notmatches subject:" -su -fm $uidinrange -c "if $command2; then echo ok; else echo not ok; fi" -echo "# object uid matches subject:" -su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" + +desc="object uid notmatches subject" +if su -fm $uidinrange -c "$command2"; then + pass $desc +else + fail $desc +fi + +desc="object uid matches subject" +if su -fm $uidinrange -c "$command1"; then + fail $desc +else + pass $desc +fi # # Object gid matches subject # ugidfw set 1 subject uid $uidrange object gid_of_subject mode rasx -echo "# object gid notmatches subject:" -su -fm $uidinrange -c "if $command2; then echo ok; else echo not ok; fi" -echo "# object gid matches subject:" -su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" + +desc="object gid notmatches subject" +if su -fm $uidinrange -c "$command2"; then + pass $desc +else + fail $desc +fi + +desc="object gid matches subject" +if su -fm $uidinrange -c "$command1"; then + fail $desc +else + pass $desc +fi # # Object type # +desc="object not type" ugidfw set 1 subject uid $uidrange object type dbclsp mode rasx -echo "# object not type:" -su -fm $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" -ugidfw set 1 subject uid $uidrange object type r mode rasx -echo "# object type:" -su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" +if su -fm $uidinrange -c "$command1"; then + pass $desc +else + fail $desc +fi +desc="object type" +ugidfw set 1 subject uid $uidrange object type r mode rasx +if su -fm $uidinrange -c "$command1"; then + fail $desc +else + pass $desc +fi