1#! /bin/bash 2# 3# This Source Code Form is subject to the terms of the Mozilla Public 4# License, v. 2.0. If a copy of the MPL was not distributed with this 5# file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 7######################################################################## 8# 9# mozilla/security/nss/tests/dbtest/dbtest.sh 10# 11# Certificate generating and handeling for NSS QA, can be included 12# multiple times from all.sh and the individual scripts 13# 14# needs to work on all Unix and Windows platforms 15# 16# included from (don't expect this to be up to date) 17# -------------------------------------------------- 18# all.sh 19# ssl.sh 20# smime.sh 21# tools.sh 22# 23# special strings 24# --------------- 25# FIXME ... known problems, search for this string 26# NOTE .... unexpected behavior 27# 28# FIXME - Netscape - NSS 29######################################################################## 30 31############################## dbtest_init ############################### 32# local shell function to initialize this script 33######################################################################## 34dbtest_init() 35{ 36 SCRIPTNAME="dbtests.sh" 37 if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for 38 CLEANUP="${SCRIPTNAME}" # cleaning this script will do it 39 fi 40 if [ -z "${INIT_SOURCED}" ] ; then 41 cd ../common 42 . ./init.sh 43 fi 44 if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here 45 cd ../cert 46 . ./cert.sh 47 fi 48 49 SCRIPTNAME="dbtests.sh" 50 RONLY_DIR=${HOSTDIR}/ronlydir 51 EMPTY_DIR=${HOSTDIR}/emptydir 52 CONFLICT_DIR=${HOSTDIR}/conflictdir 53 54 html_head "CERT and Key DB Tests" 55 56} 57 58############################## dbtest_cleanup ############################ 59# local shell function to finish this script (no exit since it might be 60# sourced) 61######################################################################## 62dbtest_cleanup() 63{ 64 html "</TABLE><BR>" 65 cd ${QADIR} 66 chmod a+rw $RONLY_DIR 67 . common/cleanup.sh 68} 69 70Echo() 71{ 72 echo 73 echo "---------------------------------------------------------------" 74 echo "| $*" 75 echo "---------------------------------------------------------------" 76} 77dbtest_main() 78{ 79 cd ${HOSTDIR} 80 81 82 Echo "test opening the database read/write in a nonexisting directory" 83 ${BINDIR}/certutil -L -X -d ./non_existent_dir 84 ret=$? 85 if [ $ret -ne 255 ]; then 86 html_failed "Certutil succeeded in a nonexisting directory $ret" 87 else 88 html_passed "Certutil didn't work in a nonexisting dir $ret" 89 fi 90 ${BINDIR}/dbtest -r -d ./non_existent_dir 91 ret=$? 92 if [ $ret -ne 46 ]; then 93 html_failed "Dbtest readonly succeeded in a nonexisting directory $ret" 94 else 95 html_passed "Dbtest readonly didn't work in a nonexisting dir $ret" 96 fi 97 98 Echo "test force opening the database in a nonexisting directory" 99 ${BINDIR}/dbtest -f -d ./non_existent_dir 100 ret=$? 101 if [ $ret -ne 0 ]; then 102 html_failed "Dbtest force failed in a nonexisting directory $ret" 103 else 104 html_passed "Dbtest force succeeded in a nonexisting dir $ret" 105 fi 106 107 Echo "test opening the database readonly in an empty directory" 108 mkdir $EMPTY_DIR 109 ${BINDIR}/tstclnt -h ${HOST} -d $EMPTY_DIR 110 ret=$? 111 if [ $ret -ne 1 ]; then 112 html_failed "Tstclnt succeded in an empty directory $ret" 113 else 114 html_passed "Tstclnt didn't work in an empty dir $ret" 115 fi 116 ${BINDIR}/dbtest -r -d $EMPTY_DIR 117 ret=$? 118 if [ $ret -ne 46 ]; then 119 html_failed "Dbtest readonly succeeded in an empty directory $ret" 120 else 121 html_passed "Dbtest readonly didn't work in an empty dir $ret" 122 fi 123 rm -rf $EMPTY_DIR/* 2>/dev/null 124 ${BINDIR}/dbtest -i -d $EMPTY_DIR 125 ret=$? 126 if [ $ret -ne 0 ]; then 127 html_failed "Dbtest logout after empty DB Init loses key $ret" 128 else 129 html_passed "Dbtest logout after empty DB Init has key" 130 fi 131 rm -rf $EMPTY_DIR/* 2>/dev/null 132 ${BINDIR}/dbtest -i -p pass -d $EMPTY_DIR 133 ret=$? 134 if [ $ret -ne 0 ]; then 135 html_failed "Dbtest password DB Init loses needlogin state $ret" 136 else 137 html_passed "Dbtest password DB Init maintains needlogin state" 138 fi 139 rm -rf $EMPTY_DIR/* 2>/dev/null 140 ${BINDIR}/certutil -D -n xxxx -d $EMPTY_DIR #created DB 141 ret=$? 142 if [ $ret -ne 255 ]; then 143 html_failed "Certutil succeeded in deleting a cert in an empty directory $ret" 144 else 145 html_passed "Certutil didn't work in an empty dir $ret" 146 fi 147 rm -rf $EMPTY_DIR/* 2>/dev/null 148 Echo "test force opening the database readonly in a empty directory" 149 ${BINDIR}/dbtest -r -f -d $EMPTY_DIR 150 ret=$? 151 if [ $ret -ne 0 ]; then 152 html_failed "Dbtest force readonly failed in an empty directory $ret" 153 else 154 html_passed "Dbtest force readonly succeeded in an empty dir $ret" 155 fi 156 157 Echo "test opening the database r/w in a readonly directory" 158 mkdir $RONLY_DIR 159 cp -r ${CLIENTDIR}/* $RONLY_DIR 160 chmod -w $RONLY_DIR $RONLY_DIR/* 161 162 # On Mac OS X 10.1, if we do a "chmod -w" on files in an 163 # NFS-mounted directory, it takes several seconds for the 164 # first open to see the files are readonly, but subsequent 165 # opens immediately see the files are readonly. As a 166 # workaround we open the files once first. (Bug 185074) 167 if [ "${OS_ARCH}" = "Darwin" ]; then 168 cat $RONLY_DIR/* > /dev/null 169 fi 170 171 # skipping the next two tests when user is root, 172 # otherwise they would fail due to rooty powers 173 if [ $UID -ne 0 ]; then 174 ${BINDIR}/dbtest -d $RONLY_DIR 175 ret=$? 176 if [ $ret -ne 46 ]; then 177 html_failed "Dbtest r/w succeeded in a readonly directory $ret" 178 else 179 html_passed "Dbtest r/w didn't work in an readonly dir $ret" 180 fi 181 else 182 html_passed "Skipping Dbtest r/w in a readonly dir because user is root" 183 fi 184 if [ $UID -ne 0 ]; then 185 ${BINDIR}/certutil -D -n "TestUser" -d . 186 ret=$? 187 if [ $ret -ne 255 ]; then 188 html_failed "Certutil succeeded in deleting a cert in a readonly directory $ret" 189 else 190 html_passed "Certutil didn't work in an readonly dir $ret" 191 fi 192 else 193 html_passed "Skipping Certutil delete cert in a readonly directory test because user is root" 194 fi 195 196 Echo "test opening the database ronly in a readonly directory" 197 198 ${BINDIR}/dbtest -d $RONLY_DIR -r 199 ret=$? 200 if [ $ret -ne 0 ]; then 201 html_failed "Dbtest readonly failed in a readonly directory $ret" 202 else 203 html_passed "Dbtest readonly succeeded in a readonly dir $ret" 204 fi 205 206 Echo "test force opening the database r/w in a readonly directory" 207 ${BINDIR}/dbtest -d $RONLY_DIR -f 208 ret=$? 209 if [ $ret -ne 0 ]; then 210 html_failed "Dbtest force failed in a readonly directory $ret" 211 else 212 html_passed "Dbtest force succeeded in a readonly dir $ret" 213 fi 214 215 Echo "ls -l $RONLY_DIR" 216 ls -ld $RONLY_DIR $RONLY_DIR/* 217 218 mkdir ${CONFLICT_DIR} 219 Echo "test creating a new cert with a conflicting nickname" 220 cd ${CONFLICT_DIR} 221 pwd 222 ${BINDIR}/certutil -N -d ${CONFLICT_DIR} -f ${R_PWFILE} 223 ret=$? 224 if [ $ret -ne 0 ]; then 225 html_failed "Nicknane conflict test failed, couldn't create database $ret" 226 else 227 ${BINDIR}/certutil -A -n alice -t ,, -i ${R_ALICEDIR}/Alice.cert -d ${CONFLICT_DIR} 228 ret=$? 229 if [ $ret -ne 0 ]; then 230 html_failed "Nicknane conflict test failed, couldn't import alice cert $ret" 231 else 232 ${BINDIR}/certutil -A -n alice -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR} 233 ret=$? 234 if [ $ret -eq 0 ]; then 235 html_failed "Nicknane conflict test failed, could import conflict nickname $ret" 236 else 237 html_passed "Nicknane conflict test, could not import conflict nickname $ret" 238 fi 239 fi 240 fi 241 242 Echo "test importing an old cert to a conflicting nickname" 243 # first, import the certificate 244 ${BINDIR}/certutil -A -n bob -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR} 245 # now import with a different nickname 246 ${BINDIR}/certutil -A -n alice -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR} 247 # the old one should still be there... 248 ${BINDIR}/certutil -L -n bob -d ${CONFLICT_DIR} 249 ret=$? 250 if [ $ret -ne 0 ]; then 251 html_failed "Nicknane conflict test-setting nickname conflict incorrectly worked" 252 else 253 html_passed "Nicknane conflict test-setting nickname conflict was correctly rejected" 254 fi 255 256} 257 258################## main ################################################# 259 260dbtest_init 261dbtest_main 2>&1 262dbtest_cleanup 263