1162271Srwatson/*- 2162271Srwatson * Copyright (c) 2006 nCircle Network Security, Inc. 3172106Srwatson * Copyright (c) 2007 Robert N. M. Watson 4162271Srwatson * All rights reserved. 5162271Srwatson * 6162271Srwatson * This software was developed by Robert N. M. Watson for the TrustedBSD 7162271Srwatson * Project under contract to nCircle Network Security, Inc. 8162271Srwatson * 9162271Srwatson * Redistribution and use in source and binary forms, with or without 10162271Srwatson * modification, are permitted provided that the following conditions 11162271Srwatson * are met: 12162271Srwatson * 1. Redistributions of source code must retain the above copyright 13162271Srwatson * notice, this list of conditions and the following disclaimer. 14162271Srwatson * 2. Redistributions in binary form must reproduce the above copyright 15162271Srwatson * notice, this list of conditions and the following disclaimer in the 16162271Srwatson * documentation and/or other materials provided with the distribution. 17162271Srwatson * 18162271Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19162271Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20162271Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21162271Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 22162271Srwatson * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23162271Srwatson * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 24162271Srwatson * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25162271Srwatson * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26162271Srwatson * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27162271Srwatson * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28162271Srwatson * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29162271Srwatson * 30162271Srwatson * $FreeBSD$ 31162271Srwatson */ 32162271Srwatson 33162271Srwatson/* 34172106Srwatson * Test that configuring accounting requires privilege. We test four cases 35172106Srwatson * across {!jail, jail}: 36172106Srwatson * 37172106Srwatson * priv_acct_enable - enable accounting from a disabled state 38172106Srwatson * priv_acct_disable - disable accounting from an enabled state 39172106Srwatson * priv_acct_rotate - rotate the accounting file 40172106Srwatson * priv_acct_noopdisable - disable accounting when already disabled 41162271Srwatson */ 42162271Srwatson 43162271Srwatson#include <sys/types.h> 44162271Srwatson#include <sys/stat.h> 45162271Srwatson#include <sys/sysctl.h> 46162271Srwatson 47162271Srwatson#include <err.h> 48162271Srwatson#include <errno.h> 49162271Srwatson#include <stdlib.h> 50162271Srwatson#include <unistd.h> 51162271Srwatson 52162271Srwatson#include "main.h" 53162271Srwatson 54162271Srwatson#define SYSCTL_NAME "kern.acct_configured" 55162271Srwatson 56172106Srwatson/* 57172106Srwatson * Actual filenames used across all of the tests. 58172106Srwatson */ 59172106Srwatsonstatic int fpath1_initialized; 60172106Srwatsonstatic char fpath1[1024]; 61172106Srwatsonstatic int fpath2_initialized; 62172106Srwatsonstatic char fpath2[1024]; 63172106Srwatson 64172106Srwatsonint 65172106Srwatsonpriv_acct_setup(int asroot, int injail, struct test *test) 66162271Srwatson{ 67162271Srwatson size_t len; 68172106Srwatson int i; 69162271Srwatson 70162271Srwatson len = sizeof(i); 71172106Srwatson if (sysctlbyname(SYSCTL_NAME, &i, &len, NULL, 0) < 0) { 72172106Srwatson warn("priv_acct_setup: sysctlbyname(%s)", SYSCTL_NAME); 73172106Srwatson return (-1); 74172106Srwatson } 75172106Srwatson if (i != 0) { 76172106Srwatson warnx("sysctlbyname(%s) indicates accounting configured", 77162271Srwatson SYSCTL_NAME); 78172106Srwatson return (-1); 79162271Srwatson } 80172106Srwatson setup_file("priv_acct_setup: fpath1", fpath1, 0, 0, 0666); 81172106Srwatson fpath1_initialized = 1; 82172106Srwatson setup_file("priv_acct_setup: fpath2", fpath2, 0, 0, 0666); 83172106Srwatson fpath2_initialized = 1; 84162271Srwatson 85172106Srwatson if (test->t_test_func == priv_acct_enable || 86172106Srwatson test->t_test_func == priv_acct_noopdisable) { 87172106Srwatson if (acct(NULL) != 0) { 88172106Srwatson warn("priv_acct_setup: acct(NULL)"); 89172106Srwatson return (-1); 90172106Srwatson } 91172106Srwatson } else if (test->t_test_func == priv_acct_disable || 92172106Srwatson test->t_test_func == priv_acct_rotate) { 93172106Srwatson if (acct(fpath1) != 0) { 94172106Srwatson warn("priv_acct_setup: acct(\"%s\")", fpath1); 95172106Srwatson return (-1); 96172106Srwatson } 97162271Srwatson } 98172106Srwatson return (0); 99172106Srwatson} 100162271Srwatson 101172106Srwatsonvoid 102172106Srwatsonpriv_acct_cleanup(int asroot, int injail, struct test *test) 103172106Srwatson{ 104162271Srwatson 105172106Srwatson (void)acct(NULL); 106172106Srwatson if (fpath1_initialized) { 107172106Srwatson (void)unlink(fpath1); 108172106Srwatson fpath1_initialized = 0; 109162271Srwatson } 110172106Srwatson if (fpath2_initialized) { 111172106Srwatson (void)unlink(fpath2); 112172106Srwatson fpath2_initialized = 0; 113162271Srwatson } 114172106Srwatson} 115162271Srwatson 116172106Srwatsonvoid 117172106Srwatsonpriv_acct_enable(int asroot, int injail, struct test *test) 118172106Srwatson{ 119172106Srwatson int error; 120162271Srwatson 121162271Srwatson error = acct(fpath1); 122172106Srwatson if (asroot && injail) 123172106Srwatson expect("priv_acct_enable(root, jail)", error, -1, EPERM); 124172106Srwatson if (asroot && !injail) 125172106Srwatson expect("priv_acct_enable(root, !jail)", error, 0, 0); 126172106Srwatson if (!asroot && injail) 127172106Srwatson expect("priv_acct_enable(!root, jail)", error, -1, EPERM); 128172106Srwatson if (!asroot && !injail) 129172106Srwatson expect("priv_acct_enable(!root, !jail)", error, -1, EPERM); 130172106Srwatson} 131162271Srwatson 132172106Srwatsonvoid 133172106Srwatsonpriv_acct_disable(int asroot, int injail, struct test *test) 134172106Srwatson{ 135172106Srwatson int error; 136162271Srwatson 137172106Srwatson error = acct(NULL); 138172106Srwatson if (asroot && injail) 139172106Srwatson expect("priv_acct_disable(root, jail)", error, -1, EPERM); 140172106Srwatson if (asroot && !injail) 141172106Srwatson expect("priv_acct_disable(root, !jail)", error, 0, 0); 142172106Srwatson if (!asroot && injail) 143172106Srwatson expect("priv_acct_disable(!root, jail)", error, -1, EPERM); 144172106Srwatson if (!asroot && !injail) 145172106Srwatson expect("priv_acct_disable(!root, !jail)", error, -1, EPERM); 146172106Srwatson} 147172106Srwatson 148172106Srwatsonvoid 149172106Srwatsonpriv_acct_rotate(int asroot, int injail, struct test *test) 150172106Srwatson{ 151172106Srwatson int error; 152172106Srwatson 153162271Srwatson error = acct(fpath2); 154172106Srwatson if (asroot && injail) 155172106Srwatson expect("priv_acct_rotate(root, jail)", error, -1, EPERM); 156172106Srwatson if (asroot && !injail) 157172106Srwatson expect("priv_acct_rotate(root, !jail)", error, 0, 0); 158172106Srwatson if (!asroot && injail) 159172106Srwatson expect("priv_acct_rotate(!root, jail)", error, -1, EPERM); 160172106Srwatson if (!asroot && !injail) 161172106Srwatson expect("priv_acct_rotate(!root, !jail)", error, -1, EPERM); 162172106Srwatson} 163162271Srwatson 164172106Srwatsonvoid 165172106Srwatsonpriv_acct_noopdisable(int asroot, int injail, struct test *test) 166172106Srwatson{ 167172106Srwatson int error; 168162271Srwatson 169162271Srwatson error = acct(NULL); 170172106Srwatson if (asroot && injail) 171172106Srwatson expect("priv_acct_noopdisable(root, jail)", error, -1, EPERM); 172172106Srwatson if (asroot && !injail) 173172106Srwatson expect("priv_acct_noopdisable(root, !jail)", error, 0, 0); 174172106Srwatson if (!asroot && injail) 175172106Srwatson expect("priv_acct_noopdisable(!root, jail)", error, -1, EPERM); 176172106Srwatson if (!asroot && !injail) 177172106Srwatson expect("priv_acct_noopdisable(!root, !jail)", error, -1, EPERM); 178162271Srwatson} 179