xref: /freebsd/tools/regression/priv/priv_vfs_chown.c (revision f126890ac5386406dadf7c4cfa9566cbb56537c5) 
1 /*-
2  * Copyright (c) 2006 nCircle Network Security, Inc.
3  * Copyright (c) 2007 Robert M. M. Watson
4  * All rights reserved.
5  *
6  * This software was developed by Robert N. M. Watson for the TrustedBSD
7  * Project under contract to nCircle Network Security, Inc.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
22  * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
24  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 /*
32  * Confirm that privilege is required in the cases using chown():
33  *
34  * - If the process euid does not match the file uid.
35  *
36  * - If the target uid is different than the current uid.
37  *
38  * - If the target gid changes and we the process is not a member of the new
39  *   group.
40  */
41 
42 #include <sys/types.h>
43 #include <sys/stat.h>
44 
45 #include <err.h>
46 #include <errno.h>
47 #include <stdio.h>
48 #include <unistd.h>
49 
50 #include "main.h"
51 
52 static char fpath[1024];
53 static int fpath_initialized;
54 
55 /*
56  * Check that changing the uid of a file requires privilege.
57  */
58 int
59 priv_vfs_chown_uid_setup(int asroot, int injail, struct test *test)
60 {
61 
62 	setup_file("priv_vfs_chown_uid: fpath", fpath, UID_ROOT, GID_WHEEL,
63 	    0600);
64 	fpath_initialized = 1;
65 	return (0);
66 }
67 
68 void
69 priv_vfs_chown_uid(int asroot, int injail, struct test *test)
70 {
71 	int error;
72 
73 	error = chown(fpath, UID_OWNER, -1);
74 	if (asroot && injail)
75 		expect("priv_vfs_chown_uid(root, jail)", error, 0, 0);
76 	if (asroot && !injail)
77 		expect("priv_vfs_chown_uid(root, !jail)", error, 0, 0);
78 	if (!asroot && injail)
79 		expect("priv_vfs_chown_uid(!root, jail)", error, -1, EPERM);
80 	if (!asroot && !injail)
81 		expect("priv_vfs_chown_uid(!root, !jail)", error, -1, EPERM);
82 }
83 
84 /*
85  * Check that changing the gid of a file owned by the user is allowed without
86  * privilege as long as the gid matches the process.
87  */
88 int
89 priv_vfs_chown_mygid_setup(int asroot, int injail, struct test *test)
90 {
91 
92 	/*
93 	 * Create a file with a matching uid to the test process, but not a
94 	 * matching gid.
95 	 */
96 	setup_file("priv_vfs_chown_mygid: fpath", fpath, asroot ? UID_ROOT :
97 	    UID_OWNER, GID_OTHER, 0600);
98 	fpath_initialized = 1;
99 	return (0);
100 }
101 
102 void
103 priv_vfs_chown_mygid(int asroot, int injail, struct test *test)
104 {
105 	int error;
106 
107 	error = chown(fpath, -1, asroot ? GID_WHEEL : GID_OWNER);
108 	if (asroot && injail)
109 		expect("priv_vfs_chown_mygid(root, jail)", error, 0, 0);
110 	if (asroot && !injail)
111 		expect("priv_vfs_chown_mygid(root, !jail)", error, 0, 0);
112 	if (!asroot && injail)
113 		expect("priv_vfs_chown_mygid(!root, !jail)", error, 0, 0);
114 	if (!asroot && !injail)
115 		expect("priv_vfs_chown_mygid(!root, !jail)", error, 0, 0);
116 }
117 
118 /*
119  * Check that changing the gid of a file owned by the user is not allowed
120  * without privilege if the gid doesn't match the process.
121  */
122 int
123 priv_vfs_chown_othergid_setup(int asroot, int injail, struct test *test)
124 {
125 
126 	/*
127 	 * Create a file with a matching uid to the test process with a
128 	 * matching gid.
129 	 */
130 	setup_file("priv_vfs_chown_othergid: fpath", fpath, asroot ? UID_ROOT
131 	    : UID_OWNER, asroot ? GID_WHEEL : GID_OWNER, 0600);
132 	fpath_initialized = 1;
133 	return (0);
134 }
135 
136 void
137 priv_vfs_chown_othergid(int asroot, int injail, struct test *test)
138 {
139 	int error;
140 
141 	error = chown(fpath, -1, GID_OTHER);
142 	if (asroot && injail)
143 		expect("priv_vfs_chown_othergid(root, jail)", error, 0, 0);
144 	if (asroot && !injail)
145 		expect("priv_vfs_chown_othergid(root, !jail)", error, 0, 0);
146 	if (!asroot && injail)
147 		expect("priv_vfs_chown_othergid(!root, !jail)", error, -1,
148 		    EPERM);
149 	if (!asroot && !injail)
150 		expect("priv_vfs_chown_othergid(!root, !jail)", error, -1,
151 		    EPERM);
152 }
153 
154 void
155 priv_vfs_chown_cleanup(int asroot, int injail, struct test *test)
156 {
157 
158 	if (fpath_initialized) {
159 		(void)unlink(fpath);
160 		fpath_initialized = 0;
161 	}
162 }
163