xref: /freebsd/tools/regression/priv/priv_cred.c (revision 2be1a816b9ff69588e55be0a84cbe2a31efc0f2f) 
1 /*-
2  * Copyright (c) 2007 Robert M. M. Watson
3  * All rights reserved.
4  *
5  * This software was developed by Robert N. M. Watson for the TrustedBSD
6  * Project.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
21  * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
23  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
24  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
25  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  * $FreeBSD$
30  */
31 
32 /*
33  * Confirm that various UID/GID/etc-related system calls require root
34  * privilege in the absense of any saved/real/etc variations in the
35  * credential.  It would be nice to also check cases where those bits of the
36  * credential are more interesting.
37  *
38  * XXXRW: Add support for testing more diverse real/saved scenarios.
39  */
40 
41 #include <sys/types.h>
42 
43 #include <err.h>
44 #include <errno.h>
45 #include <stdio.h>
46 #include <unistd.h>
47 
48 #include "main.h"
49 
50 int
51 priv_cred_setup(int asroot, int injail, struct test *test)
52 {
53 
54 	return (0);
55 }
56 
57 void
58 priv_cred_setuid(int asroot, int injail, struct test *test)
59 {
60 	int error;
61 
62 	error = setuid(UID_OTHER);
63 	if (asroot && injail)
64 		expect("priv_setuid(asroot, injail)", error, 0, 0);
65 	if (asroot && !injail)
66 		expect("priv_setuid(asroot, !injail)", error, 0, 0);
67 	if (!asroot && injail)
68 		expect("priv_setuid(!asroot, injail)", error, -1, EPERM);
69 	if (!asroot && !injail)
70 		expect("priv_setuid(!asroot, !injail)", error, -1, EPERM);
71 }
72 
73 void
74 priv_cred_seteuid(int asroot, int injail, struct test *test)
75 {
76 	int error;
77 
78 	error = seteuid(UID_OTHER);
79 	if (asroot && injail)
80 		expect("priv_seteuid(asroot, injail)", error, 0, 0);
81 	if (asroot && !injail)
82 		expect("priv_seteuid(asroot, !injail)", error, 0, 0);
83 	if (!asroot && injail)
84 		expect("priv_seteuid(!asroot, injail)", error, -1, EPERM);
85 	if (!asroot && !injail)
86 		expect("priv_seteuid(!asroot, !injail)", error, -1, EPERM);
87 }
88 
89 void
90 priv_cred_setgid(int asroot, int injail, struct test *test)
91 {
92 	int error;
93 
94 	error = setgid(GID_OTHER);
95 	if (asroot && injail)
96 		expect("priv_setgid(asroot, injail)", error, 0, 0);
97 	if (asroot && !injail)
98 		expect("priv_setgid(asroot, !injail)", error, 0, 0);
99 	if (!asroot && injail)
100 		expect("priv_setgid(!asroot, injail)", error, -1, EPERM);
101 	if (!asroot && !injail)
102 		expect("priv_setgid(!asroot, !injail)", error, -1, EPERM);
103 }
104 
105 void
106 priv_cred_setegid(int asroot, int injail, struct test *test)
107 {
108 	int error;
109 
110 	error = setegid(GID_OTHER);
111 	if (asroot && injail)
112 		expect("priv_setegid(asroot, injail)", error, 0, 0);
113 	if (asroot && !injail)
114 		expect("priv_setegid(asroot, !injail)", error, 0, 0);
115 	if (!asroot && injail)
116 		expect("priv_setegd(!asroot, injail)", error, -1, EPERM);
117 	if (!asroot && !injail)
118 		expect("priv_setegid(!asroot, !injail)", error, -1, EPERM);
119 }
120 
121 static const gid_t	gidset[] = {GID_WHEEL, GID_OTHER};
122 static const int	gidset_len = sizeof(gidset) / sizeof(gid_t);
123 
124 void
125 priv_cred_setgroups(int asroot, int injail, struct test *test)
126 {
127 	int error;
128 
129 	error = setgroups(gidset_len, gidset);
130 	if (asroot && injail)
131 		expect("priv_setgroups(asroot, injail)", error, 0, 0);
132 	if (asroot && !injail)
133 		expect("priv_setgroups(asroot, !injail)", error, 0, 0);
134 	if (!asroot && injail)
135 		expect("priv_setgroups(!asroot, injail)", error, -1, EPERM);
136 	if (!asroot && !injail)
137 		expect("priv_setgroups(!asroot, !injail)", error, -1, EPERM);
138 }
139 
140 void
141 priv_cred_setreuid(int asroot, int injail, struct test *test)
142 {
143 	int error;
144 
145 	error = setreuid(UID_OTHER, UID_OTHER);
146 	if (asroot && injail)
147 		expect("priv_setreuid(asroot, injail)", error, 0, 0);
148 	if (asroot && !injail)
149 		expect("priv_setreuid(asroot, !injail)", error, 0, 0);
150 	if (!asroot && injail)
151 		expect("priv_setreuid(!asroot, injail)", error, -1, EPERM);
152 	if (!asroot && !injail)
153 		expect("priv_setreuid(!asroot, !injail)", error, -1, EPERM);
154 }
155 
156 void
157 priv_cred_setregid(int asroot, int injail, struct test *test)
158 {
159 	int error;
160 
161 	error = setregid(GID_OTHER, GID_OTHER);
162 	if (asroot && injail)
163 		expect("priv_setregid(asroot, injail)", error, 0, 0);
164 	if (asroot && !injail)
165 		expect("priv_setregid(asroot, !injail)", error, 0, 0);
166 	if (!asroot && injail)
167 		expect("priv_setregid(!asroot, injail)", error, -1, EPERM);
168 	if (!asroot && !injail)
169 		expect("priv_setregid(!asroot, !injail)", error, -1, EPERM);
170 }
171 
172 void
173 priv_cred_setresuid(int asroot, int injail, struct test *test)
174 {
175 	int error;
176 
177 	error = setresuid(UID_OTHER, UID_OTHER, UID_OTHER);
178 	if (asroot && injail)
179 		expect("priv_setresuid(asroot, injail)", error, 0, 0);
180 	if (asroot && !injail)
181 		expect("priv_setresuid(asroot, !injail)", error, 0, 0);
182 	if (!asroot && injail)
183 		expect("priv_setresuid(!asroot, injail)", error, -1, EPERM);
184 	if (!asroot && !injail)
185 		expect("priv_setresuid(!asroot, !injail)", error, -1, EPERM);
186 }
187 
188 void
189 priv_cred_setresgid(int asroot, int injail, struct test *test)
190 {
191 	int error;
192 
193 	error = setresgid(GID_OTHER, GID_OTHER, GID_OTHER);
194 	if (asroot && injail)
195 		expect("priv_setresgid(asroot, injail)", error, 0, 0);
196 	if (asroot && !injail)
197 		expect("priv_setresgid(asroot, !injail)", error, 0, 0);
198 	if (!asroot && injail)
199 		expect("priv_setresgid(!asroot, injail)", error, -1, EPERM);
200 	if (!asroot && !injail)
201 		expect("priv_setresgid(!asroot, !injail)", error, -1, EPERM);
202 }
203 
204 void
205 priv_cred_cleanup(int asroot, int injail, struct test *test)
206 {
207 
208 }
209