1*b3af24b4SEnji Cooper#!/bin/sh 2*b3af24b4SEnji Cooper# 3*b3af24b4SEnji Cooper# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org> 4*b3af24b4SEnji Cooper# 5*b3af24b4SEnji Cooper# Redistribution and use in source and binary forms, with or without 6*b3af24b4SEnji Cooper# modification, are permitted provided that the following conditions 7*b3af24b4SEnji Cooper# are met: 8*b3af24b4SEnji Cooper# 1. Redistributions of source code must retain the above copyright 9*b3af24b4SEnji Cooper# notice, this list of conditions and the following disclaimer. 10*b3af24b4SEnji Cooper# 2. Redistributions in binary form must reproduce the above copyright 11*b3af24b4SEnji Cooper# notice, this list of conditions and the following disclaimer in the 12*b3af24b4SEnji Cooper# documentation and/or other materials provided with the distribution. 13*b3af24b4SEnji Cooper# 14*b3af24b4SEnji Cooper# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15*b3af24b4SEnji Cooper# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16*b3af24b4SEnji Cooper# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17*b3af24b4SEnji Cooper# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18*b3af24b4SEnji Cooper# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19*b3af24b4SEnji Cooper# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20*b3af24b4SEnji Cooper# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21*b3af24b4SEnji Cooper# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22*b3af24b4SEnji Cooper# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23*b3af24b4SEnji Cooper# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24*b3af24b4SEnji Cooper# SUCH DAMAGE. 25*b3af24b4SEnji Cooper# 26*b3af24b4SEnji Cooper# 27*b3af24b4SEnji Cooper 28*b3af24b4SEnji Cooper# This is an NFSv4 ACL fuzzer. It expects to be run by non-root in a scratch 29*b3af24b4SEnji Cooper# directory on a filesystem with NFSv4 ACLs support. Output it generates 30*b3af24b4SEnji Cooper# is expected to be fed to /usr/src/tools/regression/acltools/run script. 31*b3af24b4SEnji Cooper 32*b3af24b4SEnji CooperNUMBER_OF_COMMANDS=300 33*b3af24b4SEnji Cooper 34*b3af24b4SEnji Cooperrun_command() 35*b3af24b4SEnji Cooper{ 36*b3af24b4SEnji Cooper echo "\$ $1" 37*b3af24b4SEnji Cooper eval $1 2>&1 | sed 's/^/> /' 38*b3af24b4SEnji Cooper} 39*b3af24b4SEnji Cooper 40*b3af24b4SEnji Cooperrnd_from_0_to() 41*b3af24b4SEnji Cooper{ 42*b3af24b4SEnji Cooper max=`expr $1 + 1` 43*b3af24b4SEnji Cooper rnd=`jot -r 1` 44*b3af24b4SEnji Cooper rnd=`expr $rnd % $max` 45*b3af24b4SEnji Cooper 46*b3af24b4SEnji Cooper echo $rnd 47*b3af24b4SEnji Cooper} 48*b3af24b4SEnji Cooper 49*b3af24b4SEnji Cooperrnd_path() 50*b3af24b4SEnji Cooper{ 51*b3af24b4SEnji Cooper rnd=`rnd_from_0_to 3` 52*b3af24b4SEnji Cooper case $rnd in 53*b3af24b4SEnji Cooper 0) echo "$TMP/aaa" ;; 54*b3af24b4SEnji Cooper 1) echo "$TMP/bbb" ;; 55*b3af24b4SEnji Cooper 2) echo "$TMP/aaa/ccc" ;; 56*b3af24b4SEnji Cooper 3) echo "$TMP/bbb/ddd" ;; 57*b3af24b4SEnji Cooper esac 58*b3af24b4SEnji Cooper} 59*b3af24b4SEnji Cooper 60*b3af24b4SEnji Cooperf_prepend_random_acl_on() 61*b3af24b4SEnji Cooper{ 62*b3af24b4SEnji Cooper rnd=`rnd_from_0_to 4` 63*b3af24b4SEnji Cooper case $rnd in 64*b3af24b4SEnji Cooper 0) u="owner@" ;; 65*b3af24b4SEnji Cooper 1) u="group@" ;; 66*b3af24b4SEnji Cooper 2) u="everyone@" ;; 67*b3af24b4SEnji Cooper 3) u="u:1138" ;; 68*b3af24b4SEnji Cooper 4) u="g:1138" ;; 69*b3af24b4SEnji Cooper esac 70*b3af24b4SEnji Cooper 71*b3af24b4SEnji Cooper p="" 72*b3af24b4SEnji Cooper while :; do 73*b3af24b4SEnji Cooper rnd=`rnd_from_0_to 30` 74*b3af24b4SEnji Cooper if [ -n "$p" -a $rnd -ge 14 ]; then 75*b3af24b4SEnji Cooper break; 76*b3af24b4SEnji Cooper fi 77*b3af24b4SEnji Cooper 78*b3af24b4SEnji Cooper case $rnd in 79*b3af24b4SEnji Cooper 0) p="${p}r" ;; 80*b3af24b4SEnji Cooper 1) p="${p}w" ;; 81*b3af24b4SEnji Cooper 2) p="${p}x" ;; 82*b3af24b4SEnji Cooper 3) p="${p}p" ;; 83*b3af24b4SEnji Cooper 4) p="${p}d" ;; 84*b3af24b4SEnji Cooper 5) p="${p}D" ;; 85*b3af24b4SEnji Cooper 6) p="${p}a" ;; 86*b3af24b4SEnji Cooper 7) p="${p}A" ;; 87*b3af24b4SEnji Cooper 8) p="${p}R" ;; 88*b3af24b4SEnji Cooper 9) p="${p}W" ;; 89*b3af24b4SEnji Cooper 10) p="${p}R" ;; 90*b3af24b4SEnji Cooper 11) p="${p}c" ;; 91*b3af24b4SEnji Cooper 12) p="${p}C" ;; 92*b3af24b4SEnji Cooper 13) p="${p}o" ;; 93*b3af24b4SEnji Cooper 14) p="${p}s" ;; 94*b3af24b4SEnji Cooper esac 95*b3af24b4SEnji Cooper done 96*b3af24b4SEnji Cooper 97*b3af24b4SEnji Cooper f="" 98*b3af24b4SEnji Cooper while :; do 99*b3af24b4SEnji Cooper rnd=`rnd_from_0_to 10` 100*b3af24b4SEnji Cooper if [ $rnd -ge 6 ]; then 101*b3af24b4SEnji Cooper break; 102*b3af24b4SEnji Cooper fi 103*b3af24b4SEnji Cooper 104*b3af24b4SEnji Cooper case $rnd in 105*b3af24b4SEnji Cooper 0) f="${f}f" ;; 106*b3af24b4SEnji Cooper 1) f="${f}d" ;; 107*b3af24b4SEnji Cooper 2) f="${f}n" ;; 108*b3af24b4SEnji Cooper 3) f="${f}i" ;; 109*b3af24b4SEnji Cooper esac 110*b3af24b4SEnji Cooper done 111*b3af24b4SEnji Cooper 112*b3af24b4SEnji Cooper rnd=`rnd_from_0_to 1` 113*b3af24b4SEnji Cooper case $rnd in 114*b3af24b4SEnji Cooper 0) x="allow" ;; 115*b3af24b4SEnji Cooper 1) x="deny" ;; 116*b3af24b4SEnji Cooper esac 117*b3af24b4SEnji Cooper 118*b3af24b4SEnji Cooper acl="$u:$p:$f:$x" 119*b3af24b4SEnji Cooper 120*b3af24b4SEnji Cooper file=`rnd_path` 121*b3af24b4SEnji Cooper run_command "setfacl -a0 $acl $file" 122*b3af24b4SEnji Cooper} 123*b3af24b4SEnji Cooper 124*b3af24b4SEnji Cooperf_getfacl() 125*b3af24b4SEnji Cooper{ 126*b3af24b4SEnji Cooper file=`rnd_path` 127*b3af24b4SEnji Cooper run_command "getfacl -qn $file" 128*b3af24b4SEnji Cooper} 129*b3af24b4SEnji Cooper 130*b3af24b4SEnji Cooperf_ls_mode() 131*b3af24b4SEnji Cooper{ 132*b3af24b4SEnji Cooper file=`rnd_path` 133*b3af24b4SEnji Cooper run_command "ls -al $file | sed -n '2p' | cut -d' ' -f1" 134*b3af24b4SEnji Cooper} 135*b3af24b4SEnji Cooper 136*b3af24b4SEnji Cooperf_chmod() 137*b3af24b4SEnji Cooper{ 138*b3af24b4SEnji Cooper b1=`rnd_from_0_to 7` 139*b3af24b4SEnji Cooper b2=`rnd_from_0_to 7` 140*b3af24b4SEnji Cooper b3=`rnd_from_0_to 7` 141*b3af24b4SEnji Cooper b4=`rnd_from_0_to 7` 142*b3af24b4SEnji Cooper file=`rnd_path` 143*b3af24b4SEnji Cooper 144*b3af24b4SEnji Cooper run_command "chmod $b1$b2$b3$b4 $file $2" 145*b3af24b4SEnji Cooper} 146*b3af24b4SEnji Cooper 147*b3af24b4SEnji Cooperf_touch() 148*b3af24b4SEnji Cooper{ 149*b3af24b4SEnji Cooper file=`rnd_path` 150*b3af24b4SEnji Cooper run_command "touch $file" 151*b3af24b4SEnji Cooper} 152*b3af24b4SEnji Cooper 153*b3af24b4SEnji Cooperf_rm() 154*b3af24b4SEnji Cooper{ 155*b3af24b4SEnji Cooper file=`rnd_path` 156*b3af24b4SEnji Cooper run_command "rm -f $file" 157*b3af24b4SEnji Cooper} 158*b3af24b4SEnji Cooper 159*b3af24b4SEnji Cooperf_mkdir() 160*b3af24b4SEnji Cooper{ 161*b3af24b4SEnji Cooper file=`rnd_path` 162*b3af24b4SEnji Cooper run_command "mkdir $file" 163*b3af24b4SEnji Cooper} 164*b3af24b4SEnji Cooper 165*b3af24b4SEnji Cooperf_rmdir() 166*b3af24b4SEnji Cooper{ 167*b3af24b4SEnji Cooper file=`rnd_path` 168*b3af24b4SEnji Cooper run_command "rmdir $file" 169*b3af24b4SEnji Cooper} 170*b3af24b4SEnji Cooper 171*b3af24b4SEnji Cooperf_mv() 172*b3af24b4SEnji Cooper{ 173*b3af24b4SEnji Cooper from=`rnd_path` 174*b3af24b4SEnji Cooper to=`rnd_path` 175*b3af24b4SEnji Cooper run_command "mv -f $from $to" 176*b3af24b4SEnji Cooper} 177*b3af24b4SEnji Cooper 178*b3af24b4SEnji Cooper# XXX: To be implemented: chown(8), setting times with touch(1). 179*b3af24b4SEnji Cooper 180*b3af24b4SEnji Cooperswitch_to_random_user() 181*b3af24b4SEnji Cooper{ 182*b3af24b4SEnji Cooper # XXX: To be implemented. 183*b3af24b4SEnji Cooper} 184*b3af24b4SEnji Cooper 185*b3af24b4SEnji Cooperexecute_random_command() 186*b3af24b4SEnji Cooper{ 187*b3af24b4SEnji Cooper rnd=`rnd_from_0_to 20` 188*b3af24b4SEnji Cooper 189*b3af24b4SEnji Cooper case $rnd in 190*b3af24b4SEnji Cooper 0|10|11|12|13|15) cmd=f_prepend_random_acl_on ;; 191*b3af24b4SEnji Cooper 1) cmd=f_getfacl ;; 192*b3af24b4SEnji Cooper 2) cmd=f_ls_mode ;; 193*b3af24b4SEnji Cooper 3) cmd=f_chmod ;; 194*b3af24b4SEnji Cooper 4|18|19) cmd=f_touch ;; 195*b3af24b4SEnji Cooper 5) cmd=f_rm ;; 196*b3af24b4SEnji Cooper 6|16|17) cmd=f_mkdir ;; 197*b3af24b4SEnji Cooper 7) cmd=f_rmdir ;; 198*b3af24b4SEnji Cooper 8) cmd=f_mv ;; 199*b3af24b4SEnji Cooper esac 200*b3af24b4SEnji Cooper 201*b3af24b4SEnji Cooper $cmd "XXX" 202*b3af24b4SEnji Cooper} 203*b3af24b4SEnji Cooper 204*b3af24b4SEnji Cooperecho "# Fuzzing; will stop after $NUMBER_OF_COMMANDS commands." 205*b3af24b4SEnji CooperTMP="aclfuzzer_`dd if=/dev/random bs=1k count=1 2>/dev/null | openssl md5`" 206*b3af24b4SEnji Cooper 207*b3af24b4SEnji Cooperrun_command "whoami" 208*b3af24b4SEnji Cooperumask 022 209*b3af24b4SEnji Cooperrun_command "umask 022" 210*b3af24b4SEnji Cooperrun_command "mkdir $TMP" 211*b3af24b4SEnji Cooper 212*b3af24b4SEnji Cooperi=0; 213*b3af24b4SEnji Cooperwhile [ "$i" -lt "$NUMBER_OF_COMMANDS" ]; do 214*b3af24b4SEnji Cooper switch_to_random_user 215*b3af24b4SEnji Cooper execute_random_command 216*b3af24b4SEnji Cooper i=`expr $i + 1` 217*b3af24b4SEnji Cooperdone 218*b3af24b4SEnji Cooper 219*b3af24b4SEnji Cooperrun_command "find $TMP -exec setfacl -a0 everyone@:rxd:allow {} \;" 220*b3af24b4SEnji Cooperrun_command "rm -rfv $TMP" 221*b3af24b4SEnji Cooper 222*b3af24b4SEnji Cooperecho "# Fuzzed, thank you." 223*b3af24b4SEnji Cooper 224