1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2013 The FreeBSD Foundation 5 * 6 * This software was developed by Pawel Jakub Dawidek under sponsorship from 7 * the FreeBSD Foundation. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 #include <sys/capsicum.h> 32 #include <sys/nv.h> 33 34 #include <assert.h> 35 #include <err.h> 36 #include <errno.h> 37 #include <grp.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <unistd.h> 42 43 #include <libcasper.h> 44 45 #include <casper/cap_grp.h> 46 47 static int ntest = 1; 48 49 #define CHECK(expr) do { \ 50 if ((expr)) \ 51 printf("ok %d %s:%u\n", ntest, __FILE__, __LINE__); \ 52 else \ 53 printf("not ok %d %s:%u\n", ntest, __FILE__, __LINE__); \ 54 fflush(stdout); \ 55 ntest++; \ 56 } while (0) 57 #define CHECKX(expr) do { \ 58 if ((expr)) { \ 59 printf("ok %d %s:%u\n", ntest, __FILE__, __LINE__); \ 60 } else { \ 61 printf("not ok %d %s:%u\n", ntest, __FILE__, __LINE__); \ 62 exit(1); \ 63 } \ 64 fflush(stdout); \ 65 ntest++; \ 66 } while (0) 67 68 #define GID_WHEEL 0 69 #define GID_OPERATOR 5 70 71 #define GETGRENT0 0x0001 72 #define GETGRENT1 0x0002 73 #define GETGRENT2 0x0004 74 #define GETGRENT (GETGRENT0 | GETGRENT1 | GETGRENT2) 75 #define GETGRENT_R0 0x0008 76 #define GETGRENT_R1 0x0010 77 #define GETGRENT_R2 0x0020 78 #define GETGRENT_R (GETGRENT_R0 | GETGRENT_R1 | GETGRENT_R2) 79 #define GETGRNAM 0x0040 80 #define GETGRNAM_R 0x0080 81 #define GETGRGID 0x0100 82 #define GETGRGID_R 0x0200 83 #define SETGRENT 0x0400 84 85 static bool 86 group_mem_compare(char **mem0, char **mem1) 87 { 88 int i0, i1; 89 90 if (mem0 == NULL && mem1 == NULL) 91 return (true); 92 if (mem0 == NULL || mem1 == NULL) 93 return (false); 94 95 for (i0 = 0; mem0[i0] != NULL; i0++) { 96 for (i1 = 0; mem1[i1] != NULL; i1++) { 97 if (strcmp(mem0[i0], mem1[i1]) == 0) 98 break; 99 } 100 if (mem1[i1] == NULL) 101 return (false); 102 } 103 104 return (true); 105 } 106 107 static bool 108 group_compare(const struct group *grp0, const struct group *grp1) 109 { 110 111 if (grp0 == NULL && grp1 == NULL) 112 return (true); 113 if (grp0 == NULL || grp1 == NULL) 114 return (false); 115 116 if (strcmp(grp0->gr_name, grp1->gr_name) != 0) 117 return (false); 118 119 if (grp0->gr_passwd != NULL || grp1->gr_passwd != NULL) { 120 if (grp0->gr_passwd == NULL || grp1->gr_passwd == NULL) 121 return (false); 122 if (strcmp(grp0->gr_passwd, grp1->gr_passwd) != 0) 123 return (false); 124 } 125 126 if (grp0->gr_gid != grp1->gr_gid) 127 return (false); 128 129 if (!group_mem_compare(grp0->gr_mem, grp1->gr_mem)) 130 return (false); 131 132 return (true); 133 } 134 135 static unsigned int 136 runtest_cmds(cap_channel_t *capgrp) 137 { 138 char bufs[1024], bufc[1024]; 139 unsigned int result; 140 struct group *grps, *grpc; 141 struct group sts, stc; 142 143 result = 0; 144 145 (void)setgrent(); 146 if (cap_setgrent(capgrp) == 1) 147 result |= SETGRENT; 148 149 grps = getgrent(); 150 grpc = cap_getgrent(capgrp); 151 if (group_compare(grps, grpc)) { 152 result |= GETGRENT0; 153 grps = getgrent(); 154 grpc = cap_getgrent(capgrp); 155 if (group_compare(grps, grpc)) 156 result |= GETGRENT1; 157 } 158 159 getgrent_r(&sts, bufs, sizeof(bufs), &grps); 160 cap_getgrent_r(capgrp, &stc, bufc, sizeof(bufc), &grpc); 161 if (group_compare(grps, grpc)) { 162 result |= GETGRENT_R0; 163 getgrent_r(&sts, bufs, sizeof(bufs), &grps); 164 cap_getgrent_r(capgrp, &stc, bufc, sizeof(bufc), &grpc); 165 if (group_compare(grps, grpc)) 166 result |= GETGRENT_R1; 167 } 168 169 (void)setgrent(); 170 if (cap_setgrent(capgrp) == 1) 171 result |= SETGRENT; 172 173 getgrent_r(&sts, bufs, sizeof(bufs), &grps); 174 cap_getgrent_r(capgrp, &stc, bufc, sizeof(bufc), &grpc); 175 if (group_compare(grps, grpc)) 176 result |= GETGRENT_R2; 177 178 grps = getgrent(); 179 grpc = cap_getgrent(capgrp); 180 if (group_compare(grps, grpc)) 181 result |= GETGRENT2; 182 183 grps = getgrnam("wheel"); 184 grpc = cap_getgrnam(capgrp, "wheel"); 185 if (group_compare(grps, grpc)) { 186 grps = getgrnam("operator"); 187 grpc = cap_getgrnam(capgrp, "operator"); 188 if (group_compare(grps, grpc)) 189 result |= GETGRNAM; 190 } 191 192 getgrnam_r("wheel", &sts, bufs, sizeof(bufs), &grps); 193 cap_getgrnam_r(capgrp, "wheel", &stc, bufc, sizeof(bufc), &grpc); 194 if (group_compare(grps, grpc)) { 195 getgrnam_r("operator", &sts, bufs, sizeof(bufs), &grps); 196 cap_getgrnam_r(capgrp, "operator", &stc, bufc, sizeof(bufc), 197 &grpc); 198 if (group_compare(grps, grpc)) 199 result |= GETGRNAM_R; 200 } 201 202 grps = getgrgid(GID_WHEEL); 203 grpc = cap_getgrgid(capgrp, GID_WHEEL); 204 if (group_compare(grps, grpc)) { 205 grps = getgrgid(GID_OPERATOR); 206 grpc = cap_getgrgid(capgrp, GID_OPERATOR); 207 if (group_compare(grps, grpc)) 208 result |= GETGRGID; 209 } 210 211 getgrgid_r(GID_WHEEL, &sts, bufs, sizeof(bufs), &grps); 212 cap_getgrgid_r(capgrp, GID_WHEEL, &stc, bufc, sizeof(bufc), &grpc); 213 if (group_compare(grps, grpc)) { 214 getgrgid_r(GID_OPERATOR, &sts, bufs, sizeof(bufs), &grps); 215 cap_getgrgid_r(capgrp, GID_OPERATOR, &stc, bufc, sizeof(bufc), 216 &grpc); 217 if (group_compare(grps, grpc)) 218 result |= GETGRGID_R; 219 } 220 221 return (result); 222 } 223 224 static void 225 test_cmds(cap_channel_t *origcapgrp) 226 { 227 cap_channel_t *capgrp; 228 const char *cmds[7], *fields[4], *names[5]; 229 gid_t gids[5]; 230 231 fields[0] = "gr_name"; 232 fields[1] = "gr_passwd"; 233 fields[2] = "gr_gid"; 234 fields[3] = "gr_mem"; 235 236 names[0] = "wheel"; 237 names[1] = "daemon"; 238 names[2] = "kmem"; 239 names[3] = "sys"; 240 names[4] = "operator"; 241 242 gids[0] = 0; 243 gids[1] = 1; 244 gids[2] = 2; 245 gids[3] = 3; 246 gids[4] = 5; 247 248 /* 249 * Allow: 250 * cmds: setgrent, getgrent, getgrent_r, getgrnam, getgrnam_r, 251 * getgrgid, getgrgid_r 252 * fields: gr_name, gr_passwd, gr_gid, gr_mem 253 * groups: 254 * names: wheel, daemon, kmem, sys, operator 255 * gids: 256 */ 257 capgrp = cap_clone(origcapgrp); 258 CHECK(capgrp != NULL); 259 260 cmds[0] = "setgrent"; 261 cmds[1] = "getgrent"; 262 cmds[2] = "getgrent_r"; 263 cmds[3] = "getgrnam"; 264 cmds[4] = "getgrnam_r"; 265 cmds[5] = "getgrgid"; 266 cmds[6] = "getgrgid_r"; 267 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == 0); 268 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == 0); 269 CHECK(cap_grp_limit_groups(capgrp, names, 5, NULL, 0) == 0); 270 271 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 272 GETGRNAM | GETGRNAM_R | GETGRGID | GETGRGID_R)); 273 274 cap_close(capgrp); 275 276 /* 277 * Allow: 278 * cmds: setgrent, getgrent, getgrent_r, getgrnam, getgrnam_r, 279 * getgrgid, getgrgid_r 280 * fields: gr_name, gr_passwd, gr_gid, gr_mem 281 * groups: 282 * names: 283 * gids: 0, 1, 2, 3, 5 284 */ 285 capgrp = cap_clone(origcapgrp); 286 CHECK(capgrp != NULL); 287 288 cmds[0] = "setgrent"; 289 cmds[1] = "getgrent"; 290 cmds[2] = "getgrent_r"; 291 cmds[3] = "getgrnam"; 292 cmds[4] = "getgrnam_r"; 293 cmds[5] = "getgrgid"; 294 cmds[6] = "getgrgid_r"; 295 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == 0); 296 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == 0); 297 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 5) == 0); 298 299 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 300 GETGRNAM | GETGRNAM_R | GETGRGID | GETGRGID_R)); 301 302 cap_close(capgrp); 303 304 /* 305 * Allow: 306 * cmds: getgrent, getgrent_r, getgrnam, getgrnam_r, 307 * getgrgid, getgrgid_r 308 * fields: gr_name, gr_passwd, gr_gid, gr_mem 309 * groups: 310 * names: wheel, daemon, kmem, sys, operator 311 * gids: 312 * Disallow: 313 * cmds: setgrent 314 * fields: 315 * groups: 316 */ 317 capgrp = cap_clone(origcapgrp); 318 CHECK(capgrp != NULL); 319 320 cap_setgrent(capgrp); 321 322 cmds[0] = "getgrent"; 323 cmds[1] = "getgrent_r"; 324 cmds[2] = "getgrnam"; 325 cmds[3] = "getgrnam_r"; 326 cmds[4] = "getgrgid"; 327 cmds[5] = "getgrgid_r"; 328 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 329 cmds[0] = "setgrent"; 330 cmds[1] = "getgrent"; 331 cmds[2] = "getgrent_r"; 332 cmds[3] = "getgrnam"; 333 cmds[4] = "getgrnam_r"; 334 cmds[5] = "getgrgid"; 335 cmds[6] = "getgrgid_r"; 336 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 337 cmds[0] = "setgrent"; 338 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 339 CHECK(cap_grp_limit_groups(capgrp, names, 5, NULL, 0) == 0); 340 341 CHECK(runtest_cmds(capgrp) == (GETGRENT0 | GETGRENT1 | GETGRENT_R0 | 342 GETGRENT_R1 | GETGRNAM | GETGRNAM_R | GETGRGID | GETGRGID_R)); 343 344 cap_close(capgrp); 345 346 /* 347 * Allow: 348 * cmds: getgrent, getgrent_r, getgrnam, getgrnam_r, 349 * getgrgid, getgrgid_r 350 * fields: gr_name, gr_passwd, gr_gid, gr_mem 351 * groups: 352 * names: 353 * gids: 0, 1, 2, 3, 5 354 * Disallow: 355 * cmds: setgrent 356 * fields: 357 * groups: 358 */ 359 capgrp = cap_clone(origcapgrp); 360 CHECK(capgrp != NULL); 361 362 cap_setgrent(capgrp); 363 364 cmds[0] = "getgrent"; 365 cmds[1] = "getgrent_r"; 366 cmds[2] = "getgrnam"; 367 cmds[3] = "getgrnam_r"; 368 cmds[4] = "getgrgid"; 369 cmds[5] = "getgrgid_r"; 370 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 371 cmds[0] = "setgrent"; 372 cmds[1] = "getgrent"; 373 cmds[2] = "getgrent_r"; 374 cmds[3] = "getgrnam"; 375 cmds[4] = "getgrnam_r"; 376 cmds[5] = "getgrgid"; 377 cmds[6] = "getgrgid_r"; 378 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 379 cmds[0] = "setgrent"; 380 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 381 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 5) == 0); 382 383 CHECK(runtest_cmds(capgrp) == (GETGRENT0 | GETGRENT1 | GETGRENT_R0 | 384 GETGRENT_R1 | GETGRNAM | GETGRNAM_R | GETGRGID | GETGRGID_R)); 385 386 cap_close(capgrp); 387 388 /* 389 * Allow: 390 * cmds: setgrent, getgrent_r, getgrnam, getgrnam_r, 391 * getgrgid, getgrgid_r 392 * fields: gr_name, gr_passwd, gr_gid, gr_mem 393 * groups: 394 * names: wheel, daemon, kmem, sys, operator 395 * gids: 396 * Disallow: 397 * cmds: getgrent 398 * fields: 399 * groups: 400 */ 401 capgrp = cap_clone(origcapgrp); 402 CHECK(capgrp != NULL); 403 404 cmds[0] = "setgrent"; 405 cmds[1] = "getgrent_r"; 406 cmds[2] = "getgrnam"; 407 cmds[3] = "getgrnam_r"; 408 cmds[4] = "getgrgid"; 409 cmds[5] = "getgrgid_r"; 410 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 411 cmds[0] = "setgrent"; 412 cmds[1] = "getgrent"; 413 cmds[2] = "getgrent_r"; 414 cmds[3] = "getgrnam"; 415 cmds[4] = "getgrnam_r"; 416 cmds[5] = "getgrgid"; 417 cmds[6] = "getgrgid_r"; 418 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 419 cmds[0] = "getgrent"; 420 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 421 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == 0); 422 CHECK(cap_grp_limit_groups(capgrp, names, 5, NULL, 0) == 0); 423 424 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT_R2 | 425 GETGRNAM | GETGRNAM_R | GETGRGID | GETGRGID_R)); 426 427 cap_close(capgrp); 428 429 /* 430 * Allow: 431 * cmds: setgrent, getgrent_r, getgrnam, getgrnam_r, 432 * getgrgid, getgrgid_r 433 * fields: gr_name, gr_passwd, gr_gid, gr_mem 434 * groups: 435 * names: 436 * gids: 0, 1, 2, 3, 5 437 * Disallow: 438 * cmds: getgrent 439 * fields: 440 * groups: 441 */ 442 capgrp = cap_clone(origcapgrp); 443 CHECK(capgrp != NULL); 444 445 cmds[0] = "setgrent"; 446 cmds[1] = "getgrent_r"; 447 cmds[2] = "getgrnam"; 448 cmds[3] = "getgrnam_r"; 449 cmds[4] = "getgrgid"; 450 cmds[5] = "getgrgid_r"; 451 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 452 cmds[0] = "setgrent"; 453 cmds[1] = "getgrent"; 454 cmds[2] = "getgrent_r"; 455 cmds[3] = "getgrnam"; 456 cmds[4] = "getgrnam_r"; 457 cmds[5] = "getgrgid"; 458 cmds[6] = "getgrgid_r"; 459 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 460 cmds[0] = "getgrent"; 461 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 462 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == 0); 463 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 5) == 0); 464 465 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT_R2 | 466 GETGRNAM | GETGRNAM_R | GETGRGID | GETGRGID_R)); 467 468 cap_close(capgrp); 469 470 /* 471 * Allow: 472 * cmds: setgrent, getgrent, getgrnam, getgrnam_r, 473 * getgrgid, getgrgid_r 474 * fields: gr_name, gr_passwd, gr_gid, gr_mem 475 * groups: 476 * names: wheel, daemon, kmem, sys, operator 477 * gids: 478 * Disallow: 479 * cmds: getgrent_r 480 * fields: 481 * groups: 482 */ 483 capgrp = cap_clone(origcapgrp); 484 CHECK(capgrp != NULL); 485 486 cmds[0] = "setgrent"; 487 cmds[1] = "getgrent"; 488 cmds[2] = "getgrnam"; 489 cmds[3] = "getgrnam_r"; 490 cmds[4] = "getgrgid"; 491 cmds[5] = "getgrgid_r"; 492 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 493 cmds[0] = "setgrent"; 494 cmds[1] = "getgrent"; 495 cmds[2] = "getgrent_r"; 496 cmds[3] = "getgrnam"; 497 cmds[4] = "getgrnam_r"; 498 cmds[5] = "getgrgid"; 499 cmds[6] = "getgrgid_r"; 500 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 501 cmds[0] = "getgrent_r"; 502 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 503 CHECK(cap_grp_limit_groups(capgrp, names, 5, NULL, 0) == 0); 504 505 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT0 | GETGRENT1 | 506 GETGRNAM | GETGRNAM_R | GETGRGID | GETGRGID_R)); 507 508 cap_close(capgrp); 509 510 /* 511 * Allow: 512 * cmds: setgrent, getgrent, getgrnam, getgrnam_r, 513 * getgrgid, getgrgid_r 514 * fields: gr_name, gr_passwd, gr_gid, gr_mem 515 * groups: 516 * names: 517 * gids: 0, 1, 2, 3, 5 518 * Disallow: 519 * cmds: getgrent_r 520 * fields: 521 * groups: 522 */ 523 capgrp = cap_clone(origcapgrp); 524 CHECK(capgrp != NULL); 525 526 cmds[0] = "setgrent"; 527 cmds[1] = "getgrent"; 528 cmds[2] = "getgrnam"; 529 cmds[3] = "getgrnam_r"; 530 cmds[4] = "getgrgid"; 531 cmds[5] = "getgrgid_r"; 532 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 533 cmds[0] = "setgrent"; 534 cmds[1] = "getgrent"; 535 cmds[2] = "getgrent_r"; 536 cmds[3] = "getgrnam"; 537 cmds[4] = "getgrnam_r"; 538 cmds[5] = "getgrgid"; 539 cmds[6] = "getgrgid_r"; 540 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 541 cmds[0] = "getgrent_r"; 542 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 543 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 5) == 0); 544 545 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT0 | GETGRENT1 | 546 GETGRNAM | GETGRNAM_R | GETGRGID | GETGRGID_R)); 547 548 cap_close(capgrp); 549 550 /* 551 * Allow: 552 * cmds: setgrent, getgrent, getgrent_r, getgrnam_r, 553 * getgrgid, getgrgid_r 554 * fields: gr_name, gr_passwd, gr_gid, gr_mem 555 * groups: 556 * names: wheel, daemon, kmem, sys, operator 557 * gids: 558 * Disallow: 559 * cmds: getgrnam 560 * fields: 561 * groups: 562 */ 563 capgrp = cap_clone(origcapgrp); 564 CHECK(capgrp != NULL); 565 566 cmds[0] = "setgrent"; 567 cmds[1] = "getgrent"; 568 cmds[2] = "getgrent_r"; 569 cmds[3] = "getgrnam_r"; 570 cmds[4] = "getgrgid"; 571 cmds[5] = "getgrgid_r"; 572 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 573 cmds[0] = "setgrent"; 574 cmds[1] = "getgrent"; 575 cmds[2] = "getgrent_r"; 576 cmds[3] = "getgrnam"; 577 cmds[4] = "getgrnam_r"; 578 cmds[5] = "getgrgid"; 579 cmds[6] = "getgrgid_r"; 580 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 581 cmds[0] = "getgrnam"; 582 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 583 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == 0); 584 CHECK(cap_grp_limit_groups(capgrp, names, 5, NULL, 0) == 0); 585 586 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 587 GETGRNAM_R | GETGRGID | GETGRGID_R)); 588 589 cap_close(capgrp); 590 591 /* 592 * Allow: 593 * cmds: setgrent, getgrent, getgrent_r, getgrnam_r, 594 * getgrgid, getgrgid_r 595 * fields: gr_name, gr_passwd, gr_gid, gr_mem 596 * groups: 597 * names: 598 * gids: 0, 1, 2, 3, 5 599 * Disallow: 600 * cmds: getgrnam 601 * fields: 602 * groups: 603 */ 604 capgrp = cap_clone(origcapgrp); 605 CHECK(capgrp != NULL); 606 607 cmds[0] = "setgrent"; 608 cmds[1] = "getgrent"; 609 cmds[2] = "getgrent_r"; 610 cmds[3] = "getgrnam_r"; 611 cmds[4] = "getgrgid"; 612 cmds[5] = "getgrgid_r"; 613 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 614 cmds[0] = "setgrent"; 615 cmds[1] = "getgrent"; 616 cmds[2] = "getgrent_r"; 617 cmds[3] = "getgrnam"; 618 cmds[4] = "getgrnam_r"; 619 cmds[5] = "getgrgid"; 620 cmds[6] = "getgrgid_r"; 621 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 622 cmds[0] = "getgrnam"; 623 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 624 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == 0); 625 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 5) == 0); 626 627 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 628 GETGRNAM_R | GETGRGID | GETGRGID_R)); 629 630 cap_close(capgrp); 631 632 /* 633 * Allow: 634 * cmds: setgrent, getgrent, getgrent_r, getgrnam, 635 * getgrgid, getgrgid_r 636 * fields: gr_name, gr_passwd, gr_gid, gr_mem 637 * groups: 638 * names: wheel, daemon, kmem, sys, operator 639 * gids: 640 * Disallow: 641 * cmds: getgrnam_r 642 * fields: 643 * groups: 644 */ 645 capgrp = cap_clone(origcapgrp); 646 CHECK(capgrp != NULL); 647 648 cmds[0] = "setgrent"; 649 cmds[1] = "getgrent"; 650 cmds[2] = "getgrent_r"; 651 cmds[3] = "getgrnam"; 652 cmds[4] = "getgrgid"; 653 cmds[5] = "getgrgid_r"; 654 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 655 cmds[0] = "setgrent"; 656 cmds[1] = "getgrent"; 657 cmds[2] = "getgrent_r"; 658 cmds[3] = "getgrnam"; 659 cmds[4] = "getgrnam_r"; 660 cmds[5] = "getgrgid"; 661 cmds[6] = "getgrgid_r"; 662 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 663 cmds[0] = "getgrnam_r"; 664 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 665 CHECK(cap_grp_limit_groups(capgrp, names, 5, NULL, 0) == 0); 666 667 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 668 GETGRNAM | GETGRGID | GETGRGID_R)); 669 670 cap_close(capgrp); 671 672 /* 673 * Allow: 674 * cmds: setgrent, getgrent, getgrent_r, getgrnam, 675 * getgrgid, getgrgid_r 676 * fields: gr_name, gr_passwd, gr_gid, gr_mem 677 * groups: 678 * names: 679 * gids: 0, 1, 2, 3, 5 680 * Disallow: 681 * cmds: getgrnam_r 682 * fields: 683 * groups: 684 */ 685 capgrp = cap_clone(origcapgrp); 686 CHECK(capgrp != NULL); 687 688 cmds[0] = "setgrent"; 689 cmds[1] = "getgrent"; 690 cmds[2] = "getgrent_r"; 691 cmds[3] = "getgrnam"; 692 cmds[4] = "getgrgid"; 693 cmds[5] = "getgrgid_r"; 694 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 695 cmds[0] = "setgrent"; 696 cmds[1] = "getgrent"; 697 cmds[2] = "getgrent_r"; 698 cmds[3] = "getgrnam"; 699 cmds[4] = "getgrnam_r"; 700 cmds[5] = "getgrgid"; 701 cmds[6] = "getgrgid_r"; 702 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 703 cmds[0] = "getgrnam_r"; 704 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 705 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 5) == 0); 706 707 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 708 GETGRNAM | GETGRGID | GETGRGID_R)); 709 710 cap_close(capgrp); 711 712 /* 713 * Allow: 714 * cmds: setgrent, getgrent, getgrent_r, getgrnam, getgrnam_r, 715 * getgrgid_r 716 * fields: gr_name, gr_passwd, gr_gid, gr_mem 717 * groups: 718 * names: wheel, daemon, kmem, sys, operator 719 * gids: 720 * Disallow: 721 * cmds: getgrgid 722 * fields: 723 * groups: 724 */ 725 capgrp = cap_clone(origcapgrp); 726 CHECK(capgrp != NULL); 727 728 cmds[0] = "setgrent"; 729 cmds[1] = "getgrent"; 730 cmds[2] = "getgrent_r"; 731 cmds[3] = "getgrnam"; 732 cmds[4] = "getgrnam_r"; 733 cmds[5] = "getgrgid_r"; 734 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 735 cmds[0] = "setgrent"; 736 cmds[1] = "getgrent"; 737 cmds[2] = "getgrent_r"; 738 cmds[3] = "getgrnam"; 739 cmds[4] = "getgrnam_r"; 740 cmds[5] = "getgrgid"; 741 cmds[6] = "getgrgid_r"; 742 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 743 cmds[0] = "getgrgid"; 744 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 745 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == 0); 746 CHECK(cap_grp_limit_groups(capgrp, names, 5, NULL, 0) == 0); 747 748 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 749 GETGRNAM | GETGRNAM_R | GETGRGID_R)); 750 751 cap_close(capgrp); 752 753 /* 754 * Allow: 755 * cmds: setgrent, getgrent, getgrent_r, getgrnam, getgrnam_r, 756 * getgrgid_r 757 * fields: gr_name, gr_passwd, gr_gid, gr_mem 758 * groups: 759 * names: 760 * gids: 0, 1, 2, 3, 5 761 * Disallow: 762 * cmds: getgrgid 763 * fields: 764 * groups: 765 */ 766 capgrp = cap_clone(origcapgrp); 767 CHECK(capgrp != NULL); 768 769 cmds[0] = "setgrent"; 770 cmds[1] = "getgrent"; 771 cmds[2] = "getgrent_r"; 772 cmds[3] = "getgrnam"; 773 cmds[4] = "getgrnam_r"; 774 cmds[5] = "getgrgid_r"; 775 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 776 cmds[0] = "setgrent"; 777 cmds[1] = "getgrent"; 778 cmds[2] = "getgrent_r"; 779 cmds[3] = "getgrnam"; 780 cmds[4] = "getgrnam_r"; 781 cmds[5] = "getgrgid"; 782 cmds[6] = "getgrgid_r"; 783 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 784 cmds[0] = "getgrgid"; 785 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 786 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == 0); 787 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 5) == 0); 788 789 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 790 GETGRNAM | GETGRNAM_R | GETGRGID_R)); 791 792 cap_close(capgrp); 793 794 /* 795 * Allow: 796 * cmds: setgrent, getgrent, getgrent_r, getgrnam, getgrnam_r, 797 * getgrgid 798 * fields: gr_name, gr_passwd, gr_gid, gr_mem 799 * groups: 800 * names: wheel, daemon, kmem, sys, operator 801 * gids: 802 * Disallow: 803 * cmds: getgrgid_r 804 * fields: 805 * groups: 806 */ 807 capgrp = cap_clone(origcapgrp); 808 CHECK(capgrp != NULL); 809 810 cmds[0] = "setgrent"; 811 cmds[1] = "getgrent"; 812 cmds[2] = "getgrent_r"; 813 cmds[3] = "getgrnam"; 814 cmds[4] = "getgrnam_r"; 815 cmds[5] = "getgrgid"; 816 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 817 cmds[0] = "setgrent"; 818 cmds[1] = "getgrent"; 819 cmds[2] = "getgrent_r"; 820 cmds[3] = "getgrnam"; 821 cmds[4] = "getgrnam_r"; 822 cmds[5] = "getgrgid"; 823 cmds[6] = "getgrgid_r"; 824 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 825 cmds[0] = "getgrgid_r"; 826 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 827 CHECK(cap_grp_limit_groups(capgrp, names, 5, NULL, 0) == 0); 828 829 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 830 GETGRNAM | GETGRNAM_R | GETGRGID)); 831 832 cap_close(capgrp); 833 834 /* 835 * Allow: 836 * cmds: setgrent, getgrent, getgrent_r, getgrnam, getgrnam_r, 837 * getgrgid 838 * fields: gr_name, gr_passwd, gr_gid, gr_mem 839 * groups: 840 * names: 841 * gids: 0, 1, 2, 3, 5 842 * Disallow: 843 * cmds: getgrgid_r 844 * fields: 845 * groups: 846 */ 847 capgrp = cap_clone(origcapgrp); 848 CHECK(capgrp != NULL); 849 850 cmds[0] = "setgrent"; 851 cmds[1] = "getgrent"; 852 cmds[2] = "getgrent_r"; 853 cmds[3] = "getgrnam"; 854 cmds[4] = "getgrnam_r"; 855 cmds[5] = "getgrgid"; 856 CHECK(cap_grp_limit_cmds(capgrp, cmds, 6) == 0); 857 cmds[0] = "setgrent"; 858 cmds[1] = "getgrent"; 859 cmds[2] = "getgrent_r"; 860 cmds[3] = "getgrnam"; 861 cmds[4] = "getgrnam_r"; 862 cmds[5] = "getgrgid"; 863 cmds[6] = "getgrgid_r"; 864 CHECK(cap_grp_limit_cmds(capgrp, cmds, 7) == -1 && errno == ENOTCAPABLE); 865 cmds[0] = "getgrgid_r"; 866 CHECK(cap_grp_limit_cmds(capgrp, cmds, 1) == -1 && errno == ENOTCAPABLE); 867 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 5) == 0); 868 869 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 870 GETGRNAM | GETGRNAM_R | GETGRGID)); 871 872 cap_close(capgrp); 873 } 874 875 #define GR_NAME 0x01 876 #define GR_PASSWD 0x02 877 #define GR_GID 0x04 878 #define GR_MEM 0x08 879 880 static unsigned int 881 group_fields(const struct group *grp) 882 { 883 unsigned int result; 884 885 result = 0; 886 887 if (grp->gr_name != NULL && grp->gr_name[0] != '\0') 888 result |= GR_NAME; 889 890 if (grp->gr_passwd != NULL && grp->gr_passwd[0] != '\0') 891 result |= GR_PASSWD; 892 893 if (grp->gr_gid != (gid_t)-1) 894 result |= GR_GID; 895 896 if (grp->gr_mem != NULL && grp->gr_mem[0] != NULL) 897 result |= GR_MEM; 898 899 return (result); 900 } 901 902 static bool 903 runtest_fields(cap_channel_t *capgrp, unsigned int expected) 904 { 905 char buf[1024]; 906 struct group *grp; 907 struct group st; 908 909 (void)cap_setgrent(capgrp); 910 grp = cap_getgrent(capgrp); 911 if (group_fields(grp) != expected) 912 return (false); 913 914 (void)cap_setgrent(capgrp); 915 cap_getgrent_r(capgrp, &st, buf, sizeof(buf), &grp); 916 if (group_fields(grp) != expected) 917 return (false); 918 919 grp = cap_getgrnam(capgrp, "wheel"); 920 if (group_fields(grp) != expected) 921 return (false); 922 923 cap_getgrnam_r(capgrp, "wheel", &st, buf, sizeof(buf), &grp); 924 if (group_fields(grp) != expected) 925 return (false); 926 927 grp = cap_getgrgid(capgrp, GID_WHEEL); 928 if (group_fields(grp) != expected) 929 return (false); 930 931 cap_getgrgid_r(capgrp, GID_WHEEL, &st, buf, sizeof(buf), &grp); 932 if (group_fields(grp) != expected) 933 return (false); 934 935 return (true); 936 } 937 938 static void 939 test_fields(cap_channel_t *origcapgrp) 940 { 941 cap_channel_t *capgrp; 942 const char *fields[4]; 943 944 /* No limits. */ 945 946 CHECK(runtest_fields(origcapgrp, GR_NAME | GR_PASSWD | GR_GID | GR_MEM)); 947 948 /* 949 * Allow: 950 * fields: gr_name, gr_passwd, gr_gid, gr_mem 951 */ 952 capgrp = cap_clone(origcapgrp); 953 CHECK(capgrp != NULL); 954 955 fields[0] = "gr_name"; 956 fields[1] = "gr_passwd"; 957 fields[2] = "gr_gid"; 958 fields[3] = "gr_mem"; 959 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == 0); 960 961 CHECK(runtest_fields(capgrp, GR_NAME | GR_PASSWD | GR_GID | GR_MEM)); 962 963 cap_close(capgrp); 964 965 /* 966 * Allow: 967 * fields: gr_passwd, gr_gid, gr_mem 968 */ 969 capgrp = cap_clone(origcapgrp); 970 CHECK(capgrp != NULL); 971 972 fields[0] = "gr_passwd"; 973 fields[1] = "gr_gid"; 974 fields[2] = "gr_mem"; 975 CHECK(cap_grp_limit_fields(capgrp, fields, 3) == 0); 976 fields[0] = "gr_name"; 977 fields[1] = "gr_passwd"; 978 fields[2] = "gr_gid"; 979 fields[3] = "gr_mem"; 980 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == -1 && 981 errno == ENOTCAPABLE); 982 983 CHECK(runtest_fields(capgrp, GR_PASSWD | GR_GID | GR_MEM)); 984 985 cap_close(capgrp); 986 987 /* 988 * Allow: 989 * fields: gr_name, gr_gid, gr_mem 990 */ 991 capgrp = cap_clone(origcapgrp); 992 CHECK(capgrp != NULL); 993 994 fields[0] = "gr_name"; 995 fields[1] = "gr_gid"; 996 fields[2] = "gr_mem"; 997 CHECK(cap_grp_limit_fields(capgrp, fields, 3) == 0); 998 fields[0] = "gr_name"; 999 fields[1] = "gr_passwd"; 1000 fields[2] = "gr_gid"; 1001 fields[3] = "gr_mem"; 1002 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == -1 && 1003 errno == ENOTCAPABLE); 1004 fields[0] = "gr_passwd"; 1005 CHECK(cap_grp_limit_fields(capgrp, fields, 1) == -1 && 1006 errno == ENOTCAPABLE); 1007 1008 CHECK(runtest_fields(capgrp, GR_NAME | GR_GID | GR_MEM)); 1009 1010 cap_close(capgrp); 1011 1012 /* 1013 * Allow: 1014 * fields: gr_name, gr_passwd, gr_mem 1015 */ 1016 capgrp = cap_clone(origcapgrp); 1017 CHECK(capgrp != NULL); 1018 1019 fields[0] = "gr_name"; 1020 fields[1] = "gr_passwd"; 1021 fields[2] = "gr_mem"; 1022 CHECK(cap_grp_limit_fields(capgrp, fields, 3) == 0); 1023 fields[0] = "gr_name"; 1024 fields[1] = "gr_passwd"; 1025 fields[2] = "gr_gid"; 1026 fields[3] = "gr_mem"; 1027 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == -1 && 1028 errno == ENOTCAPABLE); 1029 fields[0] = "gr_gid"; 1030 CHECK(cap_grp_limit_fields(capgrp, fields, 1) == -1 && 1031 errno == ENOTCAPABLE); 1032 1033 CHECK(runtest_fields(capgrp, GR_NAME | GR_PASSWD | GR_MEM)); 1034 1035 cap_close(capgrp); 1036 1037 /* 1038 * Allow: 1039 * fields: gr_name, gr_passwd, gr_gid 1040 */ 1041 capgrp = cap_clone(origcapgrp); 1042 CHECK(capgrp != NULL); 1043 1044 fields[0] = "gr_name"; 1045 fields[1] = "gr_passwd"; 1046 fields[2] = "gr_gid"; 1047 CHECK(cap_grp_limit_fields(capgrp, fields, 3) == 0); 1048 fields[0] = "gr_name"; 1049 fields[1] = "gr_passwd"; 1050 fields[2] = "gr_gid"; 1051 fields[3] = "gr_mem"; 1052 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == -1 && 1053 errno == ENOTCAPABLE); 1054 fields[0] = "gr_mem"; 1055 CHECK(cap_grp_limit_fields(capgrp, fields, 1) == -1 && 1056 errno == ENOTCAPABLE); 1057 1058 CHECK(runtest_fields(capgrp, GR_NAME | GR_PASSWD | GR_GID)); 1059 1060 cap_close(capgrp); 1061 1062 /* 1063 * Allow: 1064 * fields: gr_name, gr_passwd 1065 */ 1066 capgrp = cap_clone(origcapgrp); 1067 CHECK(capgrp != NULL); 1068 1069 fields[0] = "gr_name"; 1070 fields[1] = "gr_passwd"; 1071 CHECK(cap_grp_limit_fields(capgrp, fields, 2) == 0); 1072 fields[0] = "gr_name"; 1073 fields[1] = "gr_passwd"; 1074 fields[2] = "gr_gid"; 1075 fields[3] = "gr_mem"; 1076 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == -1 && 1077 errno == ENOTCAPABLE); 1078 fields[0] = "gr_gid"; 1079 CHECK(cap_grp_limit_fields(capgrp, fields, 1) == -1 && 1080 errno == ENOTCAPABLE); 1081 1082 CHECK(runtest_fields(capgrp, GR_NAME | GR_PASSWD)); 1083 1084 cap_close(capgrp); 1085 1086 /* 1087 * Allow: 1088 * fields: gr_name, gr_gid 1089 */ 1090 capgrp = cap_clone(origcapgrp); 1091 CHECK(capgrp != NULL); 1092 1093 fields[0] = "gr_name"; 1094 fields[1] = "gr_gid"; 1095 CHECK(cap_grp_limit_fields(capgrp, fields, 2) == 0); 1096 fields[0] = "gr_name"; 1097 fields[1] = "gr_passwd"; 1098 fields[2] = "gr_gid"; 1099 fields[3] = "gr_mem"; 1100 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == -1 && 1101 errno == ENOTCAPABLE); 1102 fields[0] = "gr_mem"; 1103 CHECK(cap_grp_limit_fields(capgrp, fields, 1) == -1 && 1104 errno == ENOTCAPABLE); 1105 1106 CHECK(runtest_fields(capgrp, GR_NAME | GR_GID)); 1107 1108 cap_close(capgrp); 1109 1110 /* 1111 * Allow: 1112 * fields: gr_name, gr_mem 1113 */ 1114 capgrp = cap_clone(origcapgrp); 1115 CHECK(capgrp != NULL); 1116 1117 fields[0] = "gr_name"; 1118 fields[1] = "gr_mem"; 1119 CHECK(cap_grp_limit_fields(capgrp, fields, 2) == 0); 1120 fields[0] = "gr_name"; 1121 fields[1] = "gr_passwd"; 1122 fields[2] = "gr_gid"; 1123 fields[3] = "gr_mem"; 1124 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == -1 && 1125 errno == ENOTCAPABLE); 1126 fields[0] = "gr_passwd"; 1127 CHECK(cap_grp_limit_fields(capgrp, fields, 1) == -1 && 1128 errno == ENOTCAPABLE); 1129 1130 CHECK(runtest_fields(capgrp, GR_NAME | GR_MEM)); 1131 1132 cap_close(capgrp); 1133 1134 /* 1135 * Allow: 1136 * fields: gr_passwd, gr_gid 1137 */ 1138 capgrp = cap_clone(origcapgrp); 1139 CHECK(capgrp != NULL); 1140 1141 fields[0] = "gr_passwd"; 1142 fields[1] = "gr_gid"; 1143 CHECK(cap_grp_limit_fields(capgrp, fields, 2) == 0); 1144 fields[0] = "gr_name"; 1145 fields[1] = "gr_passwd"; 1146 fields[2] = "gr_gid"; 1147 fields[3] = "gr_mem"; 1148 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == -1 && 1149 errno == ENOTCAPABLE); 1150 fields[0] = "gr_mem"; 1151 CHECK(cap_grp_limit_fields(capgrp, fields, 1) == -1 && 1152 errno == ENOTCAPABLE); 1153 1154 CHECK(runtest_fields(capgrp, GR_PASSWD | GR_GID)); 1155 1156 cap_close(capgrp); 1157 1158 /* 1159 * Allow: 1160 * fields: gr_passwd, gr_mem 1161 */ 1162 capgrp = cap_clone(origcapgrp); 1163 CHECK(capgrp != NULL); 1164 1165 fields[0] = "gr_passwd"; 1166 fields[1] = "gr_mem"; 1167 CHECK(cap_grp_limit_fields(capgrp, fields, 2) == 0); 1168 fields[0] = "gr_name"; 1169 fields[1] = "gr_passwd"; 1170 fields[2] = "gr_gid"; 1171 fields[3] = "gr_mem"; 1172 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == -1 && 1173 errno == ENOTCAPABLE); 1174 fields[0] = "gr_gid"; 1175 CHECK(cap_grp_limit_fields(capgrp, fields, 1) == -1 && 1176 errno == ENOTCAPABLE); 1177 1178 CHECK(runtest_fields(capgrp, GR_PASSWD | GR_MEM)); 1179 1180 cap_close(capgrp); 1181 1182 /* 1183 * Allow: 1184 * fields: gr_gid, gr_mem 1185 */ 1186 capgrp = cap_clone(origcapgrp); 1187 CHECK(capgrp != NULL); 1188 1189 fields[0] = "gr_gid"; 1190 fields[1] = "gr_mem"; 1191 CHECK(cap_grp_limit_fields(capgrp, fields, 2) == 0); 1192 fields[0] = "gr_name"; 1193 fields[1] = "gr_passwd"; 1194 fields[2] = "gr_gid"; 1195 fields[3] = "gr_mem"; 1196 CHECK(cap_grp_limit_fields(capgrp, fields, 4) == -1 && 1197 errno == ENOTCAPABLE); 1198 fields[0] = "gr_passwd"; 1199 CHECK(cap_grp_limit_fields(capgrp, fields, 1) == -1 && 1200 errno == ENOTCAPABLE); 1201 1202 CHECK(runtest_fields(capgrp, GR_GID | GR_MEM)); 1203 1204 cap_close(capgrp); 1205 } 1206 1207 static bool 1208 runtest_groups(cap_channel_t *capgrp, const char **names, const gid_t *gids, 1209 size_t ngroups) 1210 { 1211 char buf[1024]; 1212 struct group *grp; 1213 struct group st; 1214 unsigned int i, got; 1215 1216 (void)cap_setgrent(capgrp); 1217 got = 0; 1218 for (;;) { 1219 grp = cap_getgrent(capgrp); 1220 if (grp == NULL) 1221 break; 1222 got++; 1223 for (i = 0; i < ngroups; i++) { 1224 if (strcmp(names[i], grp->gr_name) == 0 && 1225 gids[i] == grp->gr_gid) { 1226 break; 1227 } 1228 } 1229 if (i == ngroups) 1230 return (false); 1231 } 1232 if (got != ngroups) 1233 return (false); 1234 1235 (void)cap_setgrent(capgrp); 1236 got = 0; 1237 for (;;) { 1238 cap_getgrent_r(capgrp, &st, buf, sizeof(buf), &grp); 1239 if (grp == NULL) 1240 break; 1241 got++; 1242 for (i = 0; i < ngroups; i++) { 1243 if (strcmp(names[i], grp->gr_name) == 0 && 1244 gids[i] == grp->gr_gid) { 1245 break; 1246 } 1247 } 1248 if (i == ngroups) 1249 return (false); 1250 } 1251 if (got != ngroups) 1252 return (false); 1253 1254 for (i = 0; i < ngroups; i++) { 1255 grp = cap_getgrnam(capgrp, names[i]); 1256 if (grp == NULL) 1257 return (false); 1258 } 1259 1260 for (i = 0; i < ngroups; i++) { 1261 cap_getgrnam_r(capgrp, names[i], &st, buf, sizeof(buf), &grp); 1262 if (grp == NULL) 1263 return (false); 1264 } 1265 1266 for (i = 0; i < ngroups; i++) { 1267 grp = cap_getgrgid(capgrp, gids[i]); 1268 if (grp == NULL) 1269 return (false); 1270 } 1271 1272 for (i = 0; i < ngroups; i++) { 1273 cap_getgrgid_r(capgrp, gids[i], &st, buf, sizeof(buf), &grp); 1274 if (grp == NULL) 1275 return (false); 1276 } 1277 1278 return (true); 1279 } 1280 1281 static void 1282 test_groups(cap_channel_t *origcapgrp) 1283 { 1284 cap_channel_t *capgrp; 1285 const char *names[5]; 1286 gid_t gids[5]; 1287 1288 /* 1289 * Allow: 1290 * groups: 1291 * names: wheel, daemon, kmem, sys, tty 1292 * gids: 1293 */ 1294 capgrp = cap_clone(origcapgrp); 1295 CHECK(capgrp != NULL); 1296 1297 names[0] = "wheel"; 1298 names[1] = "daemon"; 1299 names[2] = "kmem"; 1300 names[3] = "sys"; 1301 names[4] = "tty"; 1302 CHECK(cap_grp_limit_groups(capgrp, names, 5, NULL, 0) == 0); 1303 gids[0] = 0; 1304 gids[1] = 1; 1305 gids[2] = 2; 1306 gids[3] = 3; 1307 gids[4] = 4; 1308 1309 CHECK(runtest_groups(capgrp, names, gids, 5)); 1310 1311 cap_close(capgrp); 1312 1313 /* 1314 * Allow: 1315 * groups: 1316 * names: kmem, sys, tty 1317 * gids: 1318 */ 1319 capgrp = cap_clone(origcapgrp); 1320 CHECK(capgrp != NULL); 1321 1322 names[0] = "kmem"; 1323 names[1] = "sys"; 1324 names[2] = "tty"; 1325 CHECK(cap_grp_limit_groups(capgrp, names, 3, NULL, 0) == 0); 1326 names[3] = "daemon"; 1327 CHECK(cap_grp_limit_groups(capgrp, names, 4, NULL, 0) == -1 && 1328 errno == ENOTCAPABLE); 1329 names[0] = "daemon"; 1330 CHECK(cap_grp_limit_groups(capgrp, names, 1, NULL, 0) == -1 && 1331 errno == ENOTCAPABLE); 1332 names[0] = "kmem"; 1333 gids[0] = 2; 1334 gids[1] = 3; 1335 gids[2] = 4; 1336 1337 CHECK(runtest_groups(capgrp, names, gids, 3)); 1338 1339 cap_close(capgrp); 1340 1341 /* 1342 * Allow: 1343 * groups: 1344 * names: wheel, kmem, tty 1345 * gids: 1346 */ 1347 capgrp = cap_clone(origcapgrp); 1348 CHECK(capgrp != NULL); 1349 1350 names[0] = "wheel"; 1351 names[1] = "kmem"; 1352 names[2] = "tty"; 1353 CHECK(cap_grp_limit_groups(capgrp, names, 3, NULL, 0) == 0); 1354 names[3] = "daemon"; 1355 CHECK(cap_grp_limit_groups(capgrp, names, 4, NULL, 0) == -1 && 1356 errno == ENOTCAPABLE); 1357 names[0] = "daemon"; 1358 CHECK(cap_grp_limit_groups(capgrp, names, 1, NULL, 0) == -1 && 1359 errno == ENOTCAPABLE); 1360 names[0] = "wheel"; 1361 gids[0] = 0; 1362 gids[1] = 2; 1363 gids[2] = 4; 1364 1365 CHECK(runtest_groups(capgrp, names, gids, 3)); 1366 1367 cap_close(capgrp); 1368 1369 /* 1370 * Allow: 1371 * groups: 1372 * names: 1373 * gids: 2, 3, 4 1374 */ 1375 capgrp = cap_clone(origcapgrp); 1376 CHECK(capgrp != NULL); 1377 1378 names[0] = "kmem"; 1379 names[1] = "sys"; 1380 names[2] = "tty"; 1381 gids[0] = 2; 1382 gids[1] = 3; 1383 gids[2] = 4; 1384 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 3) == 0); 1385 gids[3] = 0; 1386 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 4) == -1 && 1387 errno == ENOTCAPABLE); 1388 gids[0] = 0; 1389 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 1) == -1 && 1390 errno == ENOTCAPABLE); 1391 gids[0] = 2; 1392 1393 CHECK(runtest_groups(capgrp, names, gids, 3)); 1394 1395 cap_close(capgrp); 1396 1397 /* 1398 * Allow: 1399 * groups: 1400 * names: 1401 * gids: 0, 2, 4 1402 */ 1403 capgrp = cap_clone(origcapgrp); 1404 CHECK(capgrp != NULL); 1405 1406 names[0] = "wheel"; 1407 names[1] = "kmem"; 1408 names[2] = "tty"; 1409 gids[0] = 0; 1410 gids[1] = 2; 1411 gids[2] = 4; 1412 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 3) == 0); 1413 gids[3] = 1; 1414 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 4) == -1 && 1415 errno == ENOTCAPABLE); 1416 gids[0] = 1; 1417 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 1) == -1 && 1418 errno == ENOTCAPABLE); 1419 gids[0] = 0; 1420 1421 CHECK(runtest_groups(capgrp, names, gids, 3)); 1422 1423 cap_close(capgrp); 1424 1425 /* 1426 * Allow: 1427 * groups: 1428 * names: kmem 1429 * gids: 1430 */ 1431 capgrp = cap_clone(origcapgrp); 1432 CHECK(capgrp != NULL); 1433 1434 names[0] = "kmem"; 1435 CHECK(cap_grp_limit_groups(capgrp, names, 1, NULL, 0) == 0); 1436 names[1] = "daemon"; 1437 CHECK(cap_grp_limit_groups(capgrp, names, 2, NULL, 0) == -1 && 1438 errno == ENOTCAPABLE); 1439 names[0] = "daemon"; 1440 CHECK(cap_grp_limit_groups(capgrp, names, 1, NULL, 0) == -1 && 1441 errno == ENOTCAPABLE); 1442 names[0] = "kmem"; 1443 gids[0] = 2; 1444 1445 CHECK(runtest_groups(capgrp, names, gids, 1)); 1446 1447 cap_close(capgrp); 1448 1449 /* 1450 * Allow: 1451 * groups: 1452 * names: wheel, tty 1453 * gids: 1454 */ 1455 capgrp = cap_clone(origcapgrp); 1456 CHECK(capgrp != NULL); 1457 1458 names[0] = "wheel"; 1459 names[1] = "tty"; 1460 CHECK(cap_grp_limit_groups(capgrp, names, 2, NULL, 0) == 0); 1461 names[2] = "daemon"; 1462 CHECK(cap_grp_limit_groups(capgrp, names, 3, NULL, 0) == -1 && 1463 errno == ENOTCAPABLE); 1464 names[0] = "daemon"; 1465 CHECK(cap_grp_limit_groups(capgrp, names, 1, NULL, 0) == -1 && 1466 errno == ENOTCAPABLE); 1467 names[0] = "wheel"; 1468 gids[0] = 0; 1469 gids[1] = 4; 1470 1471 CHECK(runtest_groups(capgrp, names, gids, 2)); 1472 1473 cap_close(capgrp); 1474 1475 /* 1476 * Allow: 1477 * groups: 1478 * names: 1479 * gids: 2 1480 */ 1481 capgrp = cap_clone(origcapgrp); 1482 CHECK(capgrp != NULL); 1483 1484 names[0] = "kmem"; 1485 gids[0] = 2; 1486 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 1) == 0); 1487 gids[1] = 1; 1488 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 2) == -1 && 1489 errno == ENOTCAPABLE); 1490 gids[0] = 1; 1491 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 1) == -1 && 1492 errno == ENOTCAPABLE); 1493 gids[0] = 2; 1494 1495 CHECK(runtest_groups(capgrp, names, gids, 1)); 1496 1497 cap_close(capgrp); 1498 1499 /* 1500 * Allow: 1501 * groups: 1502 * names: 1503 * gids: 0, 4 1504 */ 1505 capgrp = cap_clone(origcapgrp); 1506 CHECK(capgrp != NULL); 1507 1508 names[0] = "wheel"; 1509 names[1] = "tty"; 1510 gids[0] = 0; 1511 gids[1] = 4; 1512 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 2) == 0); 1513 gids[2] = 1; 1514 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 3) == -1 && 1515 errno == ENOTCAPABLE); 1516 gids[0] = 1; 1517 CHECK(cap_grp_limit_groups(capgrp, NULL, 0, gids, 1) == -1 && 1518 errno == ENOTCAPABLE); 1519 gids[0] = 0; 1520 1521 CHECK(runtest_groups(capgrp, names, gids, 2)); 1522 1523 cap_close(capgrp); 1524 } 1525 1526 int 1527 main(void) 1528 { 1529 cap_channel_t *capcas, *capgrp; 1530 1531 printf("1..199\n"); 1532 fflush(stdout); 1533 1534 capcas = cap_init(); 1535 CHECKX(capcas != NULL); 1536 1537 capgrp = cap_service_open(capcas, "system.grp"); 1538 CHECKX(capgrp != NULL); 1539 1540 cap_close(capcas); 1541 1542 /* No limits. */ 1543 1544 CHECK(runtest_cmds(capgrp) == (SETGRENT | GETGRENT | GETGRENT_R | 1545 GETGRNAM | GETGRNAM_R | GETGRGID | GETGRGID_R)); 1546 1547 test_cmds(capgrp); 1548 1549 test_fields(capgrp); 1550 1551 test_groups(capgrp); 1552 1553 cap_close(capgrp); 1554 1555 exit(0); 1556 } 1557