163d1fd59SEnji Cooper /* $NetBSD: t_msgctl.c,v 1.5 2017/01/13 20:44:45 christos Exp $ */ 257718be8SEnji Cooper 357718be8SEnji Cooper /*- 457718be8SEnji Cooper * Copyright (c) 2011 The NetBSD Foundation, Inc. 557718be8SEnji Cooper * All rights reserved. 657718be8SEnji Cooper * 757718be8SEnji Cooper * This code is derived from software contributed to The NetBSD Foundation 857718be8SEnji Cooper * by Jukka Ruohonen. 957718be8SEnji Cooper * 1057718be8SEnji Cooper * Redistribution and use in source and binary forms, with or without 1157718be8SEnji Cooper * modification, are permitted provided that the following conditions 1257718be8SEnji Cooper * are met: 1357718be8SEnji Cooper * 1. Redistributions of source code must retain the above copyright 1457718be8SEnji Cooper * notice, this list of conditions and the following disclaimer. 1557718be8SEnji Cooper * 2. Redistributions in binary form must reproduce the above copyright 1657718be8SEnji Cooper * notice, this list of conditions and the following disclaimer in the 1757718be8SEnji Cooper * documentation and/or other materials provided with the distribution. 1857718be8SEnji Cooper * 1957718be8SEnji Cooper * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 2057718be8SEnji Cooper * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 2157718be8SEnji Cooper * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 2257718be8SEnji Cooper * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 2357718be8SEnji Cooper * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2457718be8SEnji Cooper * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2557718be8SEnji Cooper * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2657718be8SEnji Cooper * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2757718be8SEnji Cooper * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2857718be8SEnji Cooper * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2957718be8SEnji Cooper * POSSIBILITY OF SUCH DAMAGE. 3057718be8SEnji Cooper */ 3157718be8SEnji Cooper #include <sys/cdefs.h> 3263d1fd59SEnji Cooper __RCSID("$NetBSD: t_msgctl.c,v 1.5 2017/01/13 20:44:45 christos Exp $"); 3357718be8SEnji Cooper 3457718be8SEnji Cooper #include <sys/msg.h> 3557718be8SEnji Cooper #include <sys/stat.h> 3657718be8SEnji Cooper #include <sys/sysctl.h> 3757718be8SEnji Cooper #include <sys/wait.h> 3857718be8SEnji Cooper 3957718be8SEnji Cooper #include <atf-c.h> 4057718be8SEnji Cooper #include <errno.h> 4163d1fd59SEnji Cooper #include <limits.h> 4257718be8SEnji Cooper #include <pwd.h> 4357718be8SEnji Cooper #include <stdio.h> 4457718be8SEnji Cooper #include <stdlib.h> 4557718be8SEnji Cooper #include <string.h> 4657718be8SEnji Cooper #include <sysexits.h> 4757718be8SEnji Cooper #include <time.h> 4857718be8SEnji Cooper #include <unistd.h> 4957718be8SEnji Cooper 5057718be8SEnji Cooper #define MSG_KEY 12345689 5157718be8SEnji Cooper #define MSG_MTYPE_1 0x41 5257718be8SEnji Cooper 5357718be8SEnji Cooper struct msg { 5457718be8SEnji Cooper long mtype; 5557718be8SEnji Cooper char buf[3]; 5657718be8SEnji Cooper }; 5757718be8SEnji Cooper 5857718be8SEnji Cooper static void clean(void); 5957718be8SEnji Cooper 6057718be8SEnji Cooper static void 6157718be8SEnji Cooper clean(void) 6257718be8SEnji Cooper { 6357718be8SEnji Cooper int id; 6457718be8SEnji Cooper 6557718be8SEnji Cooper if ((id = msgget(MSG_KEY, 0)) != -1) 6657718be8SEnji Cooper (void)msgctl(id, IPC_RMID, 0); 6757718be8SEnji Cooper } 6857718be8SEnji Cooper 6957718be8SEnji Cooper ATF_TC_WITH_CLEANUP(msgctl_err); 7057718be8SEnji Cooper ATF_TC_HEAD(msgctl_err, tc) 7157718be8SEnji Cooper { 7257718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test errors from msgctl(2)"); 7357718be8SEnji Cooper } 7457718be8SEnji Cooper 7557718be8SEnji Cooper ATF_TC_BODY(msgctl_err, tc) 7657718be8SEnji Cooper { 7757718be8SEnji Cooper const int cmd[] = { IPC_STAT, IPC_SET, IPC_RMID }; 7857718be8SEnji Cooper struct msqid_ds msgds; 7957718be8SEnji Cooper size_t i; 8057718be8SEnji Cooper int id; 8157718be8SEnji Cooper 8257718be8SEnji Cooper (void)memset(&msgds, 0, sizeof(struct msqid_ds)); 8357718be8SEnji Cooper 8457718be8SEnji Cooper id = msgget(MSG_KEY, IPC_CREAT | 0600); 8557718be8SEnji Cooper ATF_REQUIRE(id != -1); 8657718be8SEnji Cooper 8757718be8SEnji Cooper errno = 0; 8857718be8SEnji Cooper ATF_REQUIRE_ERRNO(EINVAL, msgctl(id, INT_MAX, &msgds) == -1); 8957718be8SEnji Cooper 9057718be8SEnji Cooper errno = 0; 9157718be8SEnji Cooper ATF_REQUIRE_ERRNO(EFAULT, msgctl(id, IPC_STAT, (void *)-1) == -1); 9257718be8SEnji Cooper 9357718be8SEnji Cooper for (i = 0; i < __arraycount(cmd); i++) { 9457718be8SEnji Cooper errno = 0; 9557718be8SEnji Cooper ATF_REQUIRE_ERRNO(EINVAL, msgctl(-1, cmd[i], &msgds) == -1); 9657718be8SEnji Cooper } 9757718be8SEnji Cooper 9857718be8SEnji Cooper ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0); 9957718be8SEnji Cooper } 10057718be8SEnji Cooper 10157718be8SEnji Cooper ATF_TC_CLEANUP(msgctl_err, tc) 10257718be8SEnji Cooper { 10357718be8SEnji Cooper clean(); 10457718be8SEnji Cooper } 10557718be8SEnji Cooper 10657718be8SEnji Cooper ATF_TC_WITH_CLEANUP(msgctl_perm); 10757718be8SEnji Cooper ATF_TC_HEAD(msgctl_perm, tc) 10857718be8SEnji Cooper { 10957718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test permissions with msgctl(2)"); 11057718be8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "root"); 11157718be8SEnji Cooper } 11257718be8SEnji Cooper 11357718be8SEnji Cooper ATF_TC_BODY(msgctl_perm, tc) 11457718be8SEnji Cooper { 11557718be8SEnji Cooper struct msqid_ds msgds; 11657718be8SEnji Cooper struct passwd *pw; 11757718be8SEnji Cooper pid_t pid; 11857718be8SEnji Cooper int sta; 11957718be8SEnji Cooper int id; 12057718be8SEnji Cooper 12157718be8SEnji Cooper (void)memset(&msgds, 0, sizeof(struct msqid_ds)); 12257718be8SEnji Cooper 12357718be8SEnji Cooper pw = getpwnam("nobody"); 12457718be8SEnji Cooper id = msgget(MSG_KEY, IPC_CREAT | 0600); 12557718be8SEnji Cooper 12657718be8SEnji Cooper ATF_REQUIRE(id != -1); 12757718be8SEnji Cooper ATF_REQUIRE(pw != NULL); 12857718be8SEnji Cooper ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0); 12957718be8SEnji Cooper 13057718be8SEnji Cooper pid = fork(); 13157718be8SEnji Cooper ATF_REQUIRE(pid >= 0); 13257718be8SEnji Cooper 13357718be8SEnji Cooper if (pid == 0) { 13457718be8SEnji Cooper 13557718be8SEnji Cooper if (setuid(pw->pw_uid) != 0) 13657718be8SEnji Cooper _exit(EX_OSERR); 13757718be8SEnji Cooper 13857718be8SEnji Cooper msgds.msg_perm.uid = getuid(); 13957718be8SEnji Cooper msgds.msg_perm.gid = getgid(); 14057718be8SEnji Cooper 14157718be8SEnji Cooper errno = 0; 14257718be8SEnji Cooper 14357718be8SEnji Cooper if (msgctl(id, IPC_SET, &msgds) == 0) 14457718be8SEnji Cooper _exit(EXIT_FAILURE); 14557718be8SEnji Cooper 14657718be8SEnji Cooper if (errno != EPERM) 14757718be8SEnji Cooper _exit(EXIT_FAILURE); 14857718be8SEnji Cooper 14957718be8SEnji Cooper (void)memset(&msgds, 0, sizeof(struct msqid_ds)); 15057718be8SEnji Cooper 15157718be8SEnji Cooper if (msgctl(id, IPC_STAT, &msgds) != 0) 15257718be8SEnji Cooper _exit(EX_OSERR); 15357718be8SEnji Cooper 15457718be8SEnji Cooper msgds.msg_qbytes = 1; 15557718be8SEnji Cooper 15657718be8SEnji Cooper if (msgctl(id, IPC_SET, &msgds) == 0) 15757718be8SEnji Cooper _exit(EXIT_FAILURE); 15857718be8SEnji Cooper 15957718be8SEnji Cooper if (errno != EPERM) 16057718be8SEnji Cooper _exit(EXIT_FAILURE); 16157718be8SEnji Cooper 16257718be8SEnji Cooper _exit(EXIT_SUCCESS); 16357718be8SEnji Cooper } 16457718be8SEnji Cooper 16557718be8SEnji Cooper (void)wait(&sta); 16657718be8SEnji Cooper 16757718be8SEnji Cooper if (WIFEXITED(sta) == 0) { 16857718be8SEnji Cooper 16957718be8SEnji Cooper if (WEXITSTATUS(sta) == EX_OSERR) 17057718be8SEnji Cooper atf_tc_fail("system call failed"); 17157718be8SEnji Cooper 17257718be8SEnji Cooper if (WEXITSTATUS(sta) == EXIT_FAILURE) 17357718be8SEnji Cooper atf_tc_fail("UID %u manipulated root's " 17457718be8SEnji Cooper "message queue", pw->pw_uid); 17557718be8SEnji Cooper } 17657718be8SEnji Cooper 17757718be8SEnji Cooper ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0); 17857718be8SEnji Cooper } 17957718be8SEnji Cooper 18057718be8SEnji Cooper ATF_TC_CLEANUP(msgctl_perm, tc) 18157718be8SEnji Cooper { 18257718be8SEnji Cooper clean(); 18357718be8SEnji Cooper } 18457718be8SEnji Cooper 18557718be8SEnji Cooper ATF_TC_WITH_CLEANUP(msgctl_pid); 18657718be8SEnji Cooper ATF_TC_HEAD(msgctl_pid, tc) 18757718be8SEnji Cooper { 18857718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test that PIDs are updated"); 18957718be8SEnji Cooper } 19057718be8SEnji Cooper 19157718be8SEnji Cooper ATF_TC_BODY(msgctl_pid, tc) 19257718be8SEnji Cooper { 19357718be8SEnji Cooper struct msg msg = { MSG_MTYPE_1, { 'a', 'b', 'c' } }; 19457718be8SEnji Cooper struct msqid_ds msgds; 19557718be8SEnji Cooper int id, sta; 19657718be8SEnji Cooper pid_t pid; 19757718be8SEnji Cooper 19857718be8SEnji Cooper id = msgget(MSG_KEY, IPC_CREAT | 0600); 19957718be8SEnji Cooper ATF_REQUIRE(id != -1); 20057718be8SEnji Cooper 20157718be8SEnji Cooper pid = fork(); 20257718be8SEnji Cooper ATF_REQUIRE(pid >= 0); 20357718be8SEnji Cooper 20457718be8SEnji Cooper if (pid == 0) { 20557718be8SEnji Cooper 206*70aca7c8SConrad Meyer (void)msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); 20757718be8SEnji Cooper 20857718be8SEnji Cooper _exit(EXIT_SUCCESS); 20957718be8SEnji Cooper } 21057718be8SEnji Cooper 21157718be8SEnji Cooper (void)sleep(1); 21257718be8SEnji Cooper (void)wait(&sta); 21357718be8SEnji Cooper (void)memset(&msgds, 0, sizeof(struct msqid_ds)); 21457718be8SEnji Cooper 21557718be8SEnji Cooper ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0); 21657718be8SEnji Cooper 21757718be8SEnji Cooper if (pid != msgds.msg_lspid) 21857718be8SEnji Cooper atf_tc_fail("the PID of last msgsnd(2) was not updated"); 21957718be8SEnji Cooper 22057718be8SEnji Cooper pid = fork(); 22157718be8SEnji Cooper ATF_REQUIRE(pid >= 0); 22257718be8SEnji Cooper 22357718be8SEnji Cooper if (pid == 0) { 22457718be8SEnji Cooper 22557718be8SEnji Cooper (void)msgrcv(id, &msg, 22657718be8SEnji Cooper sizeof(struct msg), MSG_MTYPE_1, IPC_NOWAIT); 22757718be8SEnji Cooper 22857718be8SEnji Cooper _exit(EXIT_SUCCESS); 22957718be8SEnji Cooper } 23057718be8SEnji Cooper 23157718be8SEnji Cooper (void)sleep(1); 23257718be8SEnji Cooper (void)wait(&sta); 23357718be8SEnji Cooper (void)memset(&msgds, 0, sizeof(struct msqid_ds)); 23457718be8SEnji Cooper 23557718be8SEnji Cooper ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0); 23657718be8SEnji Cooper 23757718be8SEnji Cooper if (pid != msgds.msg_lrpid) 23857718be8SEnji Cooper atf_tc_fail("the PID of last msgrcv(2) was not updated"); 23957718be8SEnji Cooper 24057718be8SEnji Cooper ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0); 24157718be8SEnji Cooper } 24257718be8SEnji Cooper 24357718be8SEnji Cooper ATF_TC_CLEANUP(msgctl_pid, tc) 24457718be8SEnji Cooper { 24557718be8SEnji Cooper clean(); 24657718be8SEnji Cooper } 24757718be8SEnji Cooper 24857718be8SEnji Cooper ATF_TC_WITH_CLEANUP(msgctl_set); 24957718be8SEnji Cooper ATF_TC_HEAD(msgctl_set, tc) 25057718be8SEnji Cooper { 25157718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test msgctl(2) with IPC_SET"); 25257718be8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "root"); 25357718be8SEnji Cooper } 25457718be8SEnji Cooper 25557718be8SEnji Cooper ATF_TC_BODY(msgctl_set, tc) 25657718be8SEnji Cooper { 25757718be8SEnji Cooper struct msqid_ds msgds; 25857718be8SEnji Cooper struct passwd *pw; 25957718be8SEnji Cooper int id; 26057718be8SEnji Cooper 26157718be8SEnji Cooper (void)memset(&msgds, 0, sizeof(struct msqid_ds)); 26257718be8SEnji Cooper 26357718be8SEnji Cooper pw = getpwnam("nobody"); 26457718be8SEnji Cooper id = msgget(MSG_KEY, IPC_CREAT | 0600); 26557718be8SEnji Cooper 26657718be8SEnji Cooper ATF_REQUIRE(id != -1); 26757718be8SEnji Cooper ATF_REQUIRE(pw != NULL); 26857718be8SEnji Cooper ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0); 26957718be8SEnji Cooper 27057718be8SEnji Cooper msgds.msg_perm.uid = pw->pw_uid; 27157718be8SEnji Cooper 27257718be8SEnji Cooper if (msgctl(id, IPC_SET, &msgds) != 0) 27357718be8SEnji Cooper atf_tc_fail("root failed to change the UID of message queue"); 27457718be8SEnji Cooper 27557718be8SEnji Cooper msgds.msg_perm.uid = getuid(); 27657718be8SEnji Cooper msgds.msg_perm.gid = pw->pw_gid; 27757718be8SEnji Cooper 27857718be8SEnji Cooper if (msgctl(id, IPC_SET, &msgds) != 0) 27957718be8SEnji Cooper atf_tc_fail("root failed to change the GID of message queue"); 28057718be8SEnji Cooper 28157718be8SEnji Cooper /* 28257718be8SEnji Cooper * Note: setting the qbytes to zero fails even as root. 28357718be8SEnji Cooper */ 28457718be8SEnji Cooper msgds.msg_qbytes = 1; 28557718be8SEnji Cooper msgds.msg_perm.gid = getgid(); 28657718be8SEnji Cooper 28757718be8SEnji Cooper if (msgctl(id, IPC_SET, &msgds) != 0) 28857718be8SEnji Cooper atf_tc_fail("root failed to change qbytes of message queue"); 28957718be8SEnji Cooper 29057718be8SEnji Cooper ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0); 29157718be8SEnji Cooper } 29257718be8SEnji Cooper 29357718be8SEnji Cooper ATF_TC_CLEANUP(msgctl_set, tc) 29457718be8SEnji Cooper { 29557718be8SEnji Cooper clean(); 29657718be8SEnji Cooper } 29757718be8SEnji Cooper 29857718be8SEnji Cooper ATF_TC_WITH_CLEANUP(msgctl_time); 29957718be8SEnji Cooper ATF_TC_HEAD(msgctl_time, tc) 30057718be8SEnji Cooper { 30157718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test that access times are updated"); 30257718be8SEnji Cooper } 30357718be8SEnji Cooper 30457718be8SEnji Cooper ATF_TC_BODY(msgctl_time, tc) 30557718be8SEnji Cooper { 30657718be8SEnji Cooper struct msg msg = { MSG_MTYPE_1, { 'a', 'b', 'c' } }; 30757718be8SEnji Cooper struct msqid_ds msgds; 30857718be8SEnji Cooper time_t t; 30957718be8SEnji Cooper int id; 31057718be8SEnji Cooper 31157718be8SEnji Cooper id = msgget(MSG_KEY, IPC_CREAT | 0600); 31257718be8SEnji Cooper ATF_REQUIRE(id != -1); 31357718be8SEnji Cooper 31457718be8SEnji Cooper t = time(NULL); 31557718be8SEnji Cooper 31657718be8SEnji Cooper (void)memset(&msgds, 0, sizeof(struct msqid_ds)); 317*70aca7c8SConrad Meyer (void)msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); 31857718be8SEnji Cooper (void)msgctl(id, IPC_STAT, &msgds); 31957718be8SEnji Cooper 32057718be8SEnji Cooper if (llabs(t - msgds.msg_stime) > 1) 32157718be8SEnji Cooper atf_tc_fail("time of last msgsnd(2) was not updated"); 32257718be8SEnji Cooper 32357718be8SEnji Cooper if (msgds.msg_rtime != 0) 32457718be8SEnji Cooper atf_tc_fail("time of last msgrcv(2) was updated incorrectly"); 32557718be8SEnji Cooper 32657718be8SEnji Cooper t = time(NULL); 32757718be8SEnji Cooper 32857718be8SEnji Cooper (void)memset(&msgds, 0, sizeof(struct msqid_ds)); 32957718be8SEnji Cooper (void)msgrcv(id, &msg, sizeof(struct msg), MSG_MTYPE_1, IPC_NOWAIT); 33057718be8SEnji Cooper (void)msgctl(id, IPC_STAT, &msgds); 33157718be8SEnji Cooper 33257718be8SEnji Cooper if (llabs(t - msgds.msg_rtime) > 1) 33357718be8SEnji Cooper atf_tc_fail("time of last msgrcv(2) was not updated"); 33457718be8SEnji Cooper 33557718be8SEnji Cooper /* 33657718be8SEnji Cooper * Note: this is non-zero even after the memset(3). 33757718be8SEnji Cooper */ 33857718be8SEnji Cooper if (msgds.msg_stime == 0) 33957718be8SEnji Cooper atf_tc_fail("time of last msgsnd(2) was updated incorrectly"); 34057718be8SEnji Cooper 34157718be8SEnji Cooper ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0); 34257718be8SEnji Cooper } 34357718be8SEnji Cooper 34457718be8SEnji Cooper ATF_TC_CLEANUP(msgctl_time, tc) 34557718be8SEnji Cooper { 34657718be8SEnji Cooper clean(); 34757718be8SEnji Cooper } 34857718be8SEnji Cooper 34957718be8SEnji Cooper ATF_TP_ADD_TCS(tp) 35057718be8SEnji Cooper { 35157718be8SEnji Cooper 35257718be8SEnji Cooper ATF_TP_ADD_TC(tp, msgctl_err); 35357718be8SEnji Cooper ATF_TP_ADD_TC(tp, msgctl_perm); 35457718be8SEnji Cooper ATF_TP_ADD_TC(tp, msgctl_pid); 35557718be8SEnji Cooper ATF_TP_ADD_TC(tp, msgctl_set); 35657718be8SEnji Cooper ATF_TP_ADD_TC(tp, msgctl_time); 35757718be8SEnji Cooper 35857718be8SEnji Cooper return atf_no_error(); 35957718be8SEnji Cooper } 360