xref: /freebsd/tools/regression/priv/priv_acct.c (revision edf8578117e8844e02c0121147f45e4609b30680)
1 /*-
2  * Copyright (c) 2006 nCircle Network Security, Inc.
3  * Copyright (c) 2007 Robert N. M. Watson
4  * All rights reserved.
5  *
6  * This software was developed by Robert N. M. Watson for the TrustedBSD
7  * Project under contract to nCircle Network Security, Inc.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
22  * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
24  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 /*
32  * Test that configuring accounting requires privilege.  We test four cases
33  * across {!jail, jail}:
34  *
35  * priv_acct_enable - enable accounting from a disabled state
36  * priv_acct_disable - disable accounting from an enabled state
37  * priv_acct_rotate - rotate the accounting file
38  * priv_acct_noopdisable - disable accounting when already disabled
39  */
40 
41 #include <sys/types.h>
42 #include <sys/stat.h>
43 #include <sys/sysctl.h>
44 
45 #include <err.h>
46 #include <errno.h>
47 #include <stdlib.h>
48 #include <unistd.h>
49 
50 #include "main.h"
51 
52 #define	SYSCTL_NAME	"kern.acct_configured"
53 
54 /*
55  * Actual filenames used across all of the tests.
56  */
57 static int	fpath1_initialized;
58 static char	fpath1[1024];
59 static int	fpath2_initialized;
60 static char	fpath2[1024];
61 
62 int
63 priv_acct_setup(int asroot, int injail, struct test *test)
64 {
65 	size_t len;
66 	int i;
67 
68 	len = sizeof(i);
69 	if (sysctlbyname(SYSCTL_NAME, &i, &len, NULL, 0) < 0) {
70 		warn("priv_acct_setup: sysctlbyname(%s)", SYSCTL_NAME);
71 		return (-1);
72 	}
73 	if (i != 0) {
74 		warnx("sysctlbyname(%s) indicates accounting configured",
75 		    SYSCTL_NAME);
76 		return (-1);
77 	}
78 	setup_file("priv_acct_setup: fpath1", fpath1, 0, 0, 0666);
79 	fpath1_initialized = 1;
80 	setup_file("priv_acct_setup: fpath2", fpath2, 0, 0, 0666);
81 	fpath2_initialized = 1;
82 
83 	if (test->t_test_func == priv_acct_enable ||
84 	    test->t_test_func == priv_acct_noopdisable) {
85 		if (acct(NULL) != 0) {
86 			warn("priv_acct_setup: acct(NULL)");
87 			return (-1);
88 		}
89 	} else if (test->t_test_func == priv_acct_disable ||
90 	     test->t_test_func == priv_acct_rotate) {
91 		if (acct(fpath1) != 0) {
92 			warn("priv_acct_setup: acct(\"%s\")", fpath1);
93 			return (-1);
94 		}
95 	}
96 	return (0);
97 }
98 
99 void
100 priv_acct_cleanup(int asroot, int injail, struct test *test)
101 {
102 
103 	(void)acct(NULL);
104 	if (fpath1_initialized) {
105 		(void)unlink(fpath1);
106 		fpath1_initialized = 0;
107 	}
108 	if (fpath2_initialized) {
109 		(void)unlink(fpath2);
110 		fpath2_initialized = 0;
111 	}
112 }
113 
114 void
115 priv_acct_enable(int asroot, int injail, struct test *test)
116 {
117 	int error;
118 
119 	error = acct(fpath1);
120 	if (asroot && injail)
121 		expect("priv_acct_enable(root, jail)", error, -1, EPERM);
122 	if (asroot && !injail)
123 		expect("priv_acct_enable(root, !jail)", error, 0, 0);
124 	if (!asroot && injail)
125 		expect("priv_acct_enable(!root, jail)", error, -1, EPERM);
126 	if (!asroot && !injail)
127 		expect("priv_acct_enable(!root, !jail)", error, -1, EPERM);
128 }
129 
130 void
131 priv_acct_disable(int asroot, int injail, struct test *test)
132 {
133 	int error;
134 
135 	error = acct(NULL);
136 	if (asroot && injail)
137 		expect("priv_acct_disable(root, jail)", error, -1, EPERM);
138 	if (asroot && !injail)
139 		expect("priv_acct_disable(root, !jail)", error, 0, 0);
140 	if (!asroot && injail)
141 		expect("priv_acct_disable(!root, jail)", error, -1, EPERM);
142 	if (!asroot && !injail)
143 		expect("priv_acct_disable(!root, !jail)", error, -1, EPERM);
144 }
145 
146 void
147 priv_acct_rotate(int asroot, int injail, struct test *test)
148 {
149 	int error;
150 
151 	error = acct(fpath2);
152 	if (asroot && injail)
153 		expect("priv_acct_rotate(root, jail)", error, -1, EPERM);
154 	if (asroot && !injail)
155 		expect("priv_acct_rotate(root, !jail)", error, 0, 0);
156 	if (!asroot && injail)
157 		expect("priv_acct_rotate(!root, jail)", error, -1, EPERM);
158 	if (!asroot && !injail)
159 		expect("priv_acct_rotate(!root, !jail)", error, -1, EPERM);
160 }
161 
162 void
163 priv_acct_noopdisable(int asroot, int injail, struct test *test)
164 {
165 	int error;
166 
167 	error = acct(NULL);
168 	if (asroot && injail)
169 		expect("priv_acct_noopdisable(root, jail)", error, -1, EPERM);
170 	if (asroot && !injail)
171 		expect("priv_acct_noopdisable(root, !jail)", error, 0, 0);
172 	if (!asroot && injail)
173 		expect("priv_acct_noopdisable(!root, jail)", error, -1, EPERM);
174 	if (!asroot && !injail)
175 		expect("priv_acct_noopdisable(!root, !jail)", error, -1, EPERM);
176 }
177