xref: /freebsd/tools/regression/priv/priv_cred.c (revision d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf) 
1 /*-
2  * Copyright (c) 2007 Robert M. M. Watson
3  * All rights reserved.
4  *
5  * This software was developed by Robert N. M. Watson for the TrustedBSD
6  * Project.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
21  * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
23  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
24  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
25  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  */
29 
30 /*
31  * Confirm that various UID/GID/etc-related system calls require root
32  * privilege in the absence of any saved/real/etc variations in the
33  * credential.  It would be nice to also check cases where those bits of the
34  * credential are more interesting.
35  *
36  * XXXRW: Add support for testing more diverse real/saved scenarios.
37  */
38 
39 #include <sys/types.h>
40 
41 #include <err.h>
42 #include <errno.h>
43 #include <stdio.h>
44 #include <unistd.h>
45 
46 #include "main.h"
47 
48 int
49 priv_cred_setup(int asroot, int injail, struct test *test)
50 {
51 
52 	return (0);
53 }
54 
55 void
56 priv_cred_setuid(int asroot, int injail, struct test *test)
57 {
58 	int error;
59 
60 	error = setuid(UID_OTHER);
61 	if (asroot && injail)
62 		expect("priv_setuid(asroot, injail)", error, 0, 0);
63 	if (asroot && !injail)
64 		expect("priv_setuid(asroot, !injail)", error, 0, 0);
65 	if (!asroot && injail)
66 		expect("priv_setuid(!asroot, injail)", error, -1, EPERM);
67 	if (!asroot && !injail)
68 		expect("priv_setuid(!asroot, !injail)", error, -1, EPERM);
69 }
70 
71 void
72 priv_cred_seteuid(int asroot, int injail, struct test *test)
73 {
74 	int error;
75 
76 	error = seteuid(UID_OTHER);
77 	if (asroot && injail)
78 		expect("priv_seteuid(asroot, injail)", error, 0, 0);
79 	if (asroot && !injail)
80 		expect("priv_seteuid(asroot, !injail)", error, 0, 0);
81 	if (!asroot && injail)
82 		expect("priv_seteuid(!asroot, injail)", error, -1, EPERM);
83 	if (!asroot && !injail)
84 		expect("priv_seteuid(!asroot, !injail)", error, -1, EPERM);
85 }
86 
87 void
88 priv_cred_setgid(int asroot, int injail, struct test *test)
89 {
90 	int error;
91 
92 	error = setgid(GID_OTHER);
93 	if (asroot && injail)
94 		expect("priv_setgid(asroot, injail)", error, 0, 0);
95 	if (asroot && !injail)
96 		expect("priv_setgid(asroot, !injail)", error, 0, 0);
97 	if (!asroot && injail)
98 		expect("priv_setgid(!asroot, injail)", error, -1, EPERM);
99 	if (!asroot && !injail)
100 		expect("priv_setgid(!asroot, !injail)", error, -1, EPERM);
101 }
102 
103 void
104 priv_cred_setegid(int asroot, int injail, struct test *test)
105 {
106 	int error;
107 
108 	error = setegid(GID_OTHER);
109 	if (asroot && injail)
110 		expect("priv_setegid(asroot, injail)", error, 0, 0);
111 	if (asroot && !injail)
112 		expect("priv_setegid(asroot, !injail)", error, 0, 0);
113 	if (!asroot && injail)
114 		expect("priv_setegd(!asroot, injail)", error, -1, EPERM);
115 	if (!asroot && !injail)
116 		expect("priv_setegid(!asroot, !injail)", error, -1, EPERM);
117 }
118 
119 static const gid_t	gidset[] = {GID_WHEEL, GID_OTHER};
120 static const int	gidset_len = sizeof(gidset) / sizeof(gid_t);
121 
122 void
123 priv_cred_setgroups(int asroot, int injail, struct test *test)
124 {
125 	int error;
126 
127 	error = setgroups(gidset_len, gidset);
128 	if (asroot && injail)
129 		expect("priv_setgroups(asroot, injail)", error, 0, 0);
130 	if (asroot && !injail)
131 		expect("priv_setgroups(asroot, !injail)", error, 0, 0);
132 	if (!asroot && injail)
133 		expect("priv_setgroups(!asroot, injail)", error, -1, EPERM);
134 	if (!asroot && !injail)
135 		expect("priv_setgroups(!asroot, !injail)", error, -1, EPERM);
136 }
137 
138 void
139 priv_cred_setreuid(int asroot, int injail, struct test *test)
140 {
141 	int error;
142 
143 	error = setreuid(UID_OTHER, UID_OTHER);
144 	if (asroot && injail)
145 		expect("priv_setreuid(asroot, injail)", error, 0, 0);
146 	if (asroot && !injail)
147 		expect("priv_setreuid(asroot, !injail)", error, 0, 0);
148 	if (!asroot && injail)
149 		expect("priv_setreuid(!asroot, injail)", error, -1, EPERM);
150 	if (!asroot && !injail)
151 		expect("priv_setreuid(!asroot, !injail)", error, -1, EPERM);
152 }
153 
154 void
155 priv_cred_setregid(int asroot, int injail, struct test *test)
156 {
157 	int error;
158 
159 	error = setregid(GID_OTHER, GID_OTHER);
160 	if (asroot && injail)
161 		expect("priv_setregid(asroot, injail)", error, 0, 0);
162 	if (asroot && !injail)
163 		expect("priv_setregid(asroot, !injail)", error, 0, 0);
164 	if (!asroot && injail)
165 		expect("priv_setregid(!asroot, injail)", error, -1, EPERM);
166 	if (!asroot && !injail)
167 		expect("priv_setregid(!asroot, !injail)", error, -1, EPERM);
168 }
169 
170 void
171 priv_cred_setresuid(int asroot, int injail, struct test *test)
172 {
173 	int error;
174 
175 	error = setresuid(UID_OTHER, UID_OTHER, UID_OTHER);
176 	if (asroot && injail)
177 		expect("priv_setresuid(asroot, injail)", error, 0, 0);
178 	if (asroot && !injail)
179 		expect("priv_setresuid(asroot, !injail)", error, 0, 0);
180 	if (!asroot && injail)
181 		expect("priv_setresuid(!asroot, injail)", error, -1, EPERM);
182 	if (!asroot && !injail)
183 		expect("priv_setresuid(!asroot, !injail)", error, -1, EPERM);
184 }
185 
186 void
187 priv_cred_setresgid(int asroot, int injail, struct test *test)
188 {
189 	int error;
190 
191 	error = setresgid(GID_OTHER, GID_OTHER, GID_OTHER);
192 	if (asroot && injail)
193 		expect("priv_setresgid(asroot, injail)", error, 0, 0);
194 	if (asroot && !injail)
195 		expect("priv_setresgid(asroot, !injail)", error, 0, 0);
196 	if (!asroot && injail)
197 		expect("priv_setresgid(!asroot, injail)", error, -1, EPERM);
198 	if (!asroot && !injail)
199 		expect("priv_setresgid(!asroot, !injail)", error, -1, EPERM);
200 }
201 
202 void
203 priv_cred_cleanup(int asroot, int injail, struct test *test)
204 {
205 
206 }
207