1# $OpenBSD: sftp-perm.sh,v 1.3 2021/03/31 21:59:26 djm Exp $ 2# Placed in the Public Domain. 3 4tid="sftp permissions" 5 6SERVER_LOG=${OBJ}/sftp-server.log 7CLIENT_LOG=${OBJ}/sftp.log 8TEST_SFTP_SERVER=${OBJ}/sftp-server.sh 9 10prepare_server() { 11 printf "#!/bin/sh\nexec $SFTPSERVER -el debug3 $* 2>$SERVER_LOG\n" \ 12 > $TEST_SFTP_SERVER 13 chmod a+x $TEST_SFTP_SERVER 14} 15 16run_client() { 17 echo "$@" | ${SFTP} -D ${TEST_SFTP_SERVER} -vvvb - >$CLIENT_LOG 2>&1 18} 19 20prepare_files() { 21 _prep="$1" 22 rm -f ${COPY} ${COPY}.1 23 test -d ${COPY}.dd && { rmdir ${COPY}.dd || fatal "rmdir ${COPY}.dd"; } 24 test -z "$_prep" && return 25 sh -c "$_prep" || fail "preparation failed: \"$_prep\"" 26} 27 28postcondition() { 29 _title="$1" 30 _check="$2" 31 test -z "$_check" && return 32 ${TEST_SHELL} -c "$_check" || fail "postcondition check failed: $_title" 33} 34 35ro_test() { 36 _desc=$1 37 _cmd="$2" 38 _prep="$3" 39 _expect_success_post="$4" 40 _expect_fail_post="$5" 41 verbose "$tid: read-only $_desc" 42 # Plain (no options, mostly to test that _cmd is good) 43 prepare_files "$_prep" 44 prepare_server 45 run_client "$_cmd" || fail "plain $_desc failed" 46 postcondition "$_desc no-readonly" "$_expect_success_post" 47 # Read-only enabled 48 prepare_files "$_prep" 49 prepare_server -R 50 run_client "$_cmd" && fail "read-only $_desc succeeded" 51 postcondition "$_desc readonly" "$_expect_fail_post" 52} 53 54perm_test() { 55 _op=$1 56 _whitelist_ops=$2 57 _cmd="$3" 58 _prep="$4" 59 _expect_success_post="$5" 60 _expect_fail_post="$6" 61 verbose "$tid: explicit $_op" 62 # Plain (no options, mostly to test that _cmd is good) 63 prepare_files "$_prep" 64 prepare_server 65 run_client "$_cmd" || fail "plain $_op failed" 66 postcondition "$_op no white/blacklists" "$_expect_success_post" 67 # Whitelist 68 prepare_files "$_prep" 69 prepare_server -p $_op,$_whitelist_ops 70 run_client "$_cmd" || fail "whitelisted $_op failed" 71 postcondition "$_op whitelisted" "$_expect_success_post" 72 # Blacklist 73 prepare_files "$_prep" 74 prepare_server -P $_op 75 run_client "$_cmd" && fail "blacklisted $_op succeeded" 76 postcondition "$_op blacklisted" "$_expect_fail_post" 77 # Whitelist with op missing. 78 prepare_files "$_prep" 79 prepare_server -p $_whitelist_ops 80 run_client "$_cmd" && fail "no whitelist $_op succeeded" 81 postcondition "$_op not in whitelist" "$_expect_fail_post" 82} 83 84ro_test \ 85 "upload" \ 86 "put $DATA $COPY" \ 87 "" \ 88 "cmp $DATA $COPY" \ 89 "test ! -f $COPY" 90 91ro_test \ 92 "setstat" \ 93 "chmod 0700 $COPY" \ 94 "touch $COPY; chmod 0400 $COPY" \ 95 "test -x $COPY" \ 96 "test ! -x $COPY" 97 98ro_test \ 99 "rm" \ 100 "rm $COPY" \ 101 "touch $COPY" \ 102 "test ! -f $COPY" \ 103 "test -f $COPY" 104 105ro_test \ 106 "mkdir" \ 107 "mkdir ${COPY}.dd" \ 108 "" \ 109 "test -d ${COPY}.dd" \ 110 "test ! -d ${COPY}.dd" 111 112ro_test \ 113 "rmdir" \ 114 "rmdir ${COPY}.dd" \ 115 "mkdir ${COPY}.dd" \ 116 "test ! -d ${COPY}.dd" \ 117 "test -d ${COPY}.dd" 118 119ro_test \ 120 "posix-rename" \ 121 "rename $COPY ${COPY}.1" \ 122 "touch $COPY" \ 123 "test -f ${COPY}.1 -a ! -f $COPY" \ 124 "test -f $COPY -a ! -f ${COPY}.1" 125 126ro_test \ 127 "oldrename" \ 128 "rename -l $COPY ${COPY}.1" \ 129 "touch $COPY" \ 130 "test -f ${COPY}.1 -a ! -f $COPY" \ 131 "test -f $COPY -a ! -f ${COPY}.1" 132 133ro_test \ 134 "symlink" \ 135 "ln -s $COPY ${COPY}.1" \ 136 "touch $COPY" \ 137 "test -h ${COPY}.1" \ 138 "test ! -h ${COPY}.1" 139 140ro_test \ 141 "hardlink" \ 142 "ln $COPY ${COPY}.1" \ 143 "touch $COPY" \ 144 "test -f ${COPY}.1" \ 145 "test ! -f ${COPY}.1" 146 147# Test explicit permissions 148 149perm_test \ 150 "open" \ 151 "realpath,stat,lstat,read,close" \ 152 "get $DATA $COPY" \ 153 "" \ 154 "cmp $DATA $COPY" \ 155 "! cmp $DATA $COPY 2>/dev/null" 156 157perm_test \ 158 "read" \ 159 "realpath,stat,lstat,open,close" \ 160 "get $DATA $COPY" \ 161 "" \ 162 "cmp $DATA $COPY" \ 163 "! cmp $DATA $COPY 2>/dev/null" 164 165perm_test \ 166 "write" \ 167 "realpath,stat,lstat,open,close" \ 168 "put $DATA $COPY" \ 169 "" \ 170 "cmp $DATA $COPY" \ 171 "! cmp $DATA $COPY 2>/dev/null" 172 173perm_test \ 174 "lstat" \ 175 "realpath,stat,open,read,close" \ 176 "get $DATA $COPY" \ 177 "" \ 178 "cmp $DATA $COPY" \ 179 "! cmp $DATA $COPY 2>/dev/null" 180 181perm_test \ 182 "opendir" \ 183 "realpath,readdir,stat,lstat" \ 184 "ls -ln $OBJ" 185 186perm_test \ 187 "readdir" \ 188 "realpath,opendir,stat,lstat" \ 189 "ls -ln $OBJ" 190 191perm_test \ 192 "setstat" \ 193 "realpath,stat,lstat" \ 194 "chmod 0700 $COPY" \ 195 "touch $COPY; chmod 0400 $COPY" \ 196 "test -x $COPY" \ 197 "test ! -x $COPY" 198 199perm_test \ 200 "remove" \ 201 "realpath,stat,lstat" \ 202 "rm $COPY" \ 203 "touch $COPY" \ 204 "test ! -f $COPY" \ 205 "test -f $COPY" 206 207perm_test \ 208 "mkdir" \ 209 "realpath,stat,lstat" \ 210 "mkdir ${COPY}.dd" \ 211 "" \ 212 "test -d ${COPY}.dd" \ 213 "test ! -d ${COPY}.dd" 214 215perm_test \ 216 "rmdir" \ 217 "realpath,stat,lstat" \ 218 "rmdir ${COPY}.dd" \ 219 "mkdir ${COPY}.dd" \ 220 "test ! -d ${COPY}.dd" \ 221 "test -d ${COPY}.dd" 222 223# Can't readily test this because the client falls back to traditional rename. 224# XXX maybe there is a behaviorial difference we can test for? 225#perm_test \ 226# "posix-rename" \ 227# "realpath,stat,lstat" \ 228# "rename $COPY ${COPY}.1" \ 229# "touch $COPY" \ 230# "test -f ${COPY}.1 -a ! -f $COPY" \ 231# "test -f $COPY -a ! -f ${COPY}.1" 232 233perm_test \ 234 "rename" \ 235 "realpath,stat,lstat" \ 236 "rename -l $COPY ${COPY}.1" \ 237 "touch $COPY" \ 238 "test -f ${COPY}.1 -a ! -f $COPY" \ 239 "test -f $COPY -a ! -f ${COPY}.1" 240 241perm_test \ 242 "symlink" \ 243 "realpath,stat,lstat" \ 244 "ln -s $COPY ${COPY}.1" \ 245 "touch $COPY" \ 246 "test -h ${COPY}.1" \ 247 "test ! -h ${COPY}.1" 248 249perm_test \ 250 "hardlink" \ 251 "realpath,stat,lstat" \ 252 "ln $COPY ${COPY}.1" \ 253 "touch $COPY" \ 254 "test -f ${COPY}.1" \ 255 "test ! -f ${COPY}.1" 256 257perm_test \ 258 "statvfs" \ 259 "realpath,stat,lstat" \ 260 "df /" 261 262# XXX need good tests for: 263# fstat 264# fsetstat 265# realpath 266# stat 267# readlink 268# fstatvfs 269 270rm -rf ${COPY} ${COPY}.1 ${COPY}.dd 271 272