From: Tim Shimmin Date: Tue, 20 Feb 2001 08:07:09 +0000 (+0000) Subject: tidy up a bit X-Git-Tag: v1.1.0~1307 X-Git-Url: http://git.apps.os.sepia.ceph.com/?p=xfstests-dev.git;a=commitdiff_plain;h=f5b4f28d63fb9bc00488fb6b2dc30de10e3f4217 tidy up a bit --- diff --git a/051 b/051 index a4fc3954..4c4fa368 100755 --- a/051 +++ b/051 @@ -62,26 +62,20 @@ _ls() ls -ln $* | awk '{ print $1, $3, $4, $NF }' | _filter_id } -_get_newid() + +_setup_ids() { - cat /etc/passwd /etc/group $tmp.ids | gawk -F: ' + eval `cat /etc/passwd /etc/group | gawk -F: ' { ids[$3]=1 } END { - for(i=1;i<1000000;i++){ + j=1 + for(i=1; i<1000000 && j<=3;i++){ if (! (i in ids)) { - print i; - exit + printf "acl%d=%d;", j, i; + j++ } } - }' -} - -_setup_ids() -{ - touch $tmp.ids - acl1=`_get_newid`; echo "::$acl1" >>$tmp.ids - acl2=`_get_newid`; echo "::$acl2" >>$tmp.ids - acl3=`_get_newid`; echo "::$acl3" >>$tmp.ids + }'` } _filter_id() @@ -95,7 +89,7 @@ _filter_id() -e "s/g:$acl3/g:id3/" \ -e "s/ $acl1 / id1 /" \ -e "s/ $acl2 / id2 /" \ - -e "s/ $acl3 / id3 /" \ + -e "s/ $acl3 / id3 /" } # ----- @@ -152,6 +146,9 @@ echo "" echo "=== Test minimal ACE ===" echo "Setup file" +# Note: as this is a shell script, +# will need read and execute permission set +# in order to execute it. touch file1 cat <file1 #!/bin/sh @@ -252,14 +249,19 @@ $runas -u $acl3 -g $acl3 ./file1 2>&1 echo "" echo "--- Test MASK ---" -chacl u::---,g::---,o::---,g:$acl2:r-x,m::-wx file1 2>&1 + +# group +chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1 chacl -l file1 | _filter_id echo "Expect to FAIL as MASK prohibits execution" $runas -u $acl2 -g $acl2 ./file1 2>&1 -chacl u::---,g::---,o::---,u:$acl2:r-x,m::-wx file1 2>&1 + +# user +chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1 echo "Expect to FAIL as MASK prohibits execution" $runas -u $acl2 -g $acl2 ./file1 2>&1 +# user chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1 echo "Expect to PASS as MASK allows execution" $runas -u $acl2 -g $acl2 ./file1 2>&1 diff --git a/051.out b/051.out index 0d84941b..9fc8003a 100644 --- a/051.out +++ b/051.out @@ -21,27 +21,27 @@ file1 [u::r-x,g::---,o::---] Expect to PASS Test was executed Expect to FAIL -sh: ./file1: Permission denied +./file1: Permission denied --- Test group permissions --- file1 [u::---,g::r-x,o::---] Expect to FAIL - acl1 is owner -sh: ./file1: Permission denied +./file1: Permission denied Expect to PASS - acl2 matches group Test was executed Expect to PASS - acl2 matches sup group Test was executed Expect to FAIL - acl3 is not in group -sh: ./file1: Permission denied +./file1: Permission denied --- Test other permissions --- file1 [u::---,g::---,o::r-x] Expect to FAIL - acl1 is owner -sh: ./file1: Permission denied +./file1: Permission denied Expect to FAIL - acl2 is in group -sh: ./file1: Permission denied +./file1: Permission denied Expect to FAIL - acl2 is in sup. group -sh: ./file1: Permission denied +./file1: Permission denied Expect to PASS - acl3 is not owner or in group Test was executed @@ -56,7 +56,7 @@ Expect to PASS - USER ACE matches user file1 [u::---,g::---,o::---,u:id2:r-x,m::rwx] Test was executed Expect to FAIL - USER ACE does not match user -sh: ./file1: Permission denied +./file1: Permission denied --- Test adding a GROUP ACE --- Expect to FAIL as no MASK provided @@ -69,20 +69,20 @@ Test was executed Expect to PASS - GROUP ACE matches sup group Test was executed Expect to FAIL - GROUP ACE does not match group -sh: ./file1: Permission denied +./file1: Permission denied --- Test MASK --- -file1 [u::---,g::---,o::---,g:id2:r-x,m::-wx] +file1 [u::---,g::---,o::---,g:id2:r-x,m::-w-] Expect to FAIL as MASK prohibits execution -./file1: ./file1: Permission denied +./file1: Permission denied Expect to FAIL as MASK prohibits execution -./file1: ./file1: Permission denied +./file1: Permission denied Expect to PASS as MASK allows execution Test was executed --- Test ACE priority --- Expect to FAIL as should match on owner -sh: ./file1: Permission denied +./file1: Permission denied Expect to PASS as should match on user Test was executed diff --git a/src/runas.c b/src/runas.c index b7a18c6d..45e81463 100644 --- a/src/runas.c +++ b/src/runas.c @@ -62,7 +62,8 @@ main(int argc, char **argv) int c; uid_t uid = -1; gid_t gid = -1; - char *cmd=NULL; + int pid; + char **cmd; gid_t sgids[SUP_MAX]; int sup_cnt = 0; int status; @@ -91,13 +92,18 @@ main(int argc, char **argv) } /* build up the cmd */ - for ( ; optind < argc; optind++) { - cmd = realloc(cmd, (cmd==NULL?0:strlen(cmd)) + - strlen(argv[optind]) + 4); - strcat(cmd, " "); - strcat(cmd, argv[optind]); - } - + if (optind == argc) { + usage(); + exit(1); + } + else { + char **p; + p = cmd = (char **)malloc(sizeof(char *) * (argc - optind + 1)); + for ( ; optind < argc; optind++, p++) { + *p = strdup(argv[optind]); + } + *p = NULL; + } if (gid != -1) { if (setegid(gid) == -1) { @@ -123,8 +129,19 @@ main(int argc, char **argv) } } - status = system(cmd); + pid = fork(); + if (pid == -1) { + fprintf(stderr, "%s: fork failed: %s\n", + prog, strerror(errno)); + exit(1); + } + if (pid == 0) { + execv(cmd[0], cmd); + fprintf(stderr, "%s: %s\n", cmd[0], strerror(errno)); + exit(errno); + } + wait(&status); if (WIFSIGNALED(status)) { fprintf(stderr, "%s: command terminated with signal %d\n", prog, WTERMSIG(status));