priv_vfs_read_write.c revision 285830 
1227825Stheraven/*-
2227825Stheraven * Copyright (c) 2006 nCircle Network Security, Inc.
3227825Stheraven * Copyright (c) 2007 Robert N. M. Watson
4353358Sdim * All rights reserved.
5353358Sdim *
6353358Sdim * This software was developed by Robert N. M. Watson for the TrustedBSD
7227825Stheraven * Project under contract to nCircle Network Security, Inc.
8227825Stheraven *
9227825Stheraven * Redistribution and use in source and binary forms, with or without
10227825Stheraven * modification, are permitted provided that the following conditions
11227825Stheraven * are met:
12227825Stheraven * 1. Redistributions of source code must retain the above copyright
13227825Stheraven *    notice, this list of conditions and the following disclaimer.
14227825Stheraven * 2. Redistributions in binary form must reproduce the above copyright
15227825Stheraven *    notice, this list of conditions and the following disclaimer in the
16227825Stheraven *    documentation and/or other materials provided with the distribution.
17227825Stheraven *
18227825Stheraven * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19227825Stheraven * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20227825Stheraven * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21227825Stheraven * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
22227825Stheraven * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23227825Stheraven * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
24227825Stheraven * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25227825Stheraven * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26241900Sdim * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27227825Stheraven * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28227825Stheraven * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29227825Stheraven *
30227825Stheraven * $FreeBSD: releng/10.2/tools/regression/priv/priv_vfs_read_write.c 172106 2007-09-09 23:08:39Z rwatson $
31241900Sdim */
32227825Stheraven
33227825Stheraven/*
34241900Sdim * This is a joint test of both the read and write privileges with respect to
35227825Stheraven * discretionary file system access control (permissions).  Only permissions,
36241900Sdim * not ACL semantics, and only privilege-related checks are performed.
37227825Stheraven */
38241900Sdim
39227825Stheraven#include <sys/types.h>
40227825Stheraven#include <sys/stat.h>
41241900Sdim
42227825Stheraven#include <err.h>
43227825Stheraven#include <errno.h>
44241900Sdim#include <fcntl.h>
45227825Stheraven#include <stdlib.h>
46227825Stheraven#include <string.h>
47241900Sdim#include <unistd.h>
48227825Stheraven
49227825Stheraven#include "main.h"
50227825Stheraven
51227825Stheravenstatic char fpath_none[1024];
52241900Sdimstatic char fpath_read[1024];
53227825Stheravenstatic char fpath_write[1024];
54227825Stheravenstatic char fpath_readwrite[1024];
55241900Sdim
56241900Sdimstatic int fpath_none_initialized;
57241900Sdimstatic int fpath_read_initialized;
58241900Sdimstatic int fpath_write_initialized;
59241900Sdimstatic int fpath_readwrite_initialized;
60241900Sdim
61227825Stheravenstatic void
62227825Stheraventry_io(const char *label, const char *fpathp, int asroot, int injail,
63227825Stheraven    int flags, int expected_error, int expected_errno)
64227825Stheraven{
65227825Stheraven	int fd;
66227825Stheraven
67227825Stheraven	fd = open(fpathp, flags);
68227825Stheraven	if (fd < 0) {
69241900Sdim		if (expected_error != -1)
70227825Stheraven			warnx("%s(%s, %s): expected (%d, %d) got (-1, %d)",
71241900Sdim			    label, asroot ? "root" : "!root", injail ? "jail"
72227825Stheraven			    : "!jail", expected_error, expected_errno, errno);
73227825Stheraven	} else {
74227825Stheraven		if (expected_error == -1)
75227825Stheraven			warnx("%s(%s, %s): expected (%d, %d) got 0", label,
76227825Stheraven			    asroot ? "root" : "!root", injail ? "jail" :
77227825Stheraven			    "!jail", expected_error, expected_errno);
78227825Stheraven		(void)close(fd);
79227825Stheraven	}
80227825Stheraven}
81227825Stheraven
82227825Stheravenint
83227825Stheravenpriv_vfs_readwrite_fowner_setup(int asroot, int injail, struct test *test)
84227825Stheraven{
85227825Stheraven
86227825Stheraven	setup_file("priv_vfs_readwrite_fowner_setup: fpath_none", fpath_none,
87227825Stheraven	    asroot ? UID_ROOT : UID_OWNER, GID_OTHER, 0000);
88227825Stheraven	fpath_none_initialized = 1;
89227825Stheraven	setup_file("priv_vfs_readwrite_fowner_setup: fpath_read", fpath_read,
90227825Stheraven	    asroot ? UID_ROOT : UID_OWNER, GID_OTHER, 0400);
91227825Stheraven	fpath_read_initialized = 1;
92227825Stheraven	setup_file("priv_vfs_readwrite_fowner_setup: fpath_write",
93227825Stheraven	    fpath_write, asroot ? UID_ROOT : UID_OWNER, GID_OTHER, 0200);
94227825Stheraven	fpath_write_initialized = 1;
95321369Sdim	setup_file("priv_vfs_readwrite_fowner_setup: fpath_readwrite",
96227825Stheraven	    fpath_readwrite, asroot ? UID_ROOT : UID_OWNER, GID_OTHER, 0600);
97227825Stheraven	fpath_readwrite_initialized = 1;
98309124Sdim	return (0);
99314564Sdim}
100227825Stheraven
101227825Stheravenint
102227825Stheravenpriv_vfs_readwrite_fgroup_setup(int asroot, int injail, struct test *test)
103227825Stheraven{
104227825Stheraven
105321369Sdim	setup_file("priv_vfs_readwrite_fgroup_setup: fpath_none", fpath_none,
106321369Sdim	    UID_OTHER, asroot ? GID_WHEEL : GID_OWNER, 0000);
107321369Sdim	fpath_none_initialized = 1;
108276792Sdim	setup_file("priv_vfs_readwrite_fgroup_setup: fpath_read", fpath_read,
109276792Sdim	    UID_OTHER, asroot ? GID_WHEEL : GID_OWNER, 0040);
110276792Sdim	fpath_read_initialized = 1;
111276792Sdim	setup_file("priv_vfs_readwrite_fgroup_setup: fpath_write",
112227825Stheraven	    fpath_write, UID_OTHER, asroot ? GID_WHEEL : GID_OWNER, 0020);
113227825Stheraven	fpath_write_initialized = 1;
114300770Sdim	setup_file("priv_vfs_readwrite_fgroup_setup: fpath_readwrite",
115300770Sdim	    fpath_readwrite, UID_OTHER, asroot ? GID_WHEEL : GID_OWNER,
116300770Sdim	    0060);
117300770Sdim	fpath_readwrite_initialized = 1;
118300770Sdim	return (0);
119300770Sdim}
120300770Sdim
121300770Sdimint
122300770Sdimpriv_vfs_readwrite_fother_setup(int asroot, int injail, struct test *test)
123300770Sdim{
124300770Sdim
125300770Sdim	setup_file("priv_vfs_readwrite_fother_setup: fpath_none", fpath_none,
126300770Sdim	    UID_OTHER, GID_OTHER, 0000);
127300770Sdim	fpath_none_initialized = 1;
128300770Sdim	setup_file("priv_vfs_readwrite_fother_setup: fpath_read", fpath_read,
129300770Sdim	    UID_OTHER, GID_OTHER, 0004);
130300770Sdim	fpath_read_initialized = 1;
131300770Sdim	setup_file("priv_vfs_readwrite_fother_setup: fpath_write",
132300770Sdim	    fpath_write, UID_OTHER, GID_OTHER, 0002);
133300770Sdim	fpath_write_initialized = 1;
134300770Sdim	setup_file("priv_vfs_readwrite_fother_setup: fpath_readwrite",
135227825Stheraven	    fpath_readwrite, UID_OTHER, GID_OTHER, 0006);
136227825Stheraven	fpath_readwrite_initialized = 1;
137227825Stheraven	return (0);
138314564Sdim}
139227825Stheraven
140300770Sdimvoid
141300770Sdimpriv_vfs_readwrite_fowner(int asroot, int injail, struct test *test)
142300770Sdim{
143300770Sdim
144300770Sdim	try_io("priv_vfs_readwrite_fowner(none, O_RDONLY)", fpath_none,
145300770Sdim	    asroot, injail, O_RDONLY, asroot ? 0 : -1, EACCES);
146227825Stheraven	try_io("priv_vfs_readwrite_fowner(none, O_WRONLY)", fpath_none,
147227825Stheraven	    asroot, injail, O_WRONLY, asroot ? 0 : -1, EACCES);
148227825Stheraven	try_io("priv_vfs_readwrite_fowner(none, O_RDWR)", fpath_none,
149344779Sdim	    asroot, injail, O_RDWR, asroot ? 0 : -1, EACCES);
150314564Sdim
151227825Stheraven	try_io("priv_vfs_readwrite_fowner(read, O_RDONLY)", fpath_read,
152227825Stheraven	    asroot, injail, O_RDONLY, 0, 0);
153227825Stheraven	try_io("priv_vfs_readwrite_fowner(read, O_WRONLY)", fpath_read,
154227825Stheraven	    asroot, injail, O_WRONLY, asroot ? 0 : -1, EACCES);
155227825Stheraven	try_io("priv_vfs_readwrite_fowner(read, O_RDWR)", fpath_read,
156227825Stheraven	    asroot, injail, O_RDWR, asroot ? 0 : -1, EACCES);
157314564Sdim
158227825Stheraven	try_io("priv_vfs_readwrite_fowner(write, O_RDONLY)", fpath_write,
159227825Stheraven	    asroot, injail, O_RDONLY, asroot ? 0 : -1, EACCES);
160227825Stheraven	try_io("priv_vfs_readwrite_fowner(write, O_WRONLY)", fpath_write,
161227825Stheraven	    asroot, injail, O_WRONLY, 0, 0);
162314564Sdim	try_io("priv_vfs_readwrite_fowner(write, O_RDWR)", fpath_write,
163227825Stheraven	    asroot, injail, O_RDWR, asroot ? 0 : -1, EACCES);
164227825Stheraven
165227825Stheraven	try_io("priv_vfs_readwrite_fowner(write, O_RDONLY)", fpath_readwrite,
166314564Sdim	    asroot, injail, O_RDONLY, 0, 0);
167227825Stheraven	try_io("priv_vfs_readwrite_fowner(write, O_WRONLY)", fpath_readwrite,
168227825Stheraven	    asroot, injail, O_WRONLY, 0, 0);
169227825Stheraven	try_io("priv_vfs_readwrite_fowner(write, O_RDWR)", fpath_readwrite,
170227825Stheraven	    asroot, injail, O_RDWR, 0, 0);
171227825Stheraven}
172227825Stheraven
173227825Stheravenvoid
174227825Stheravenpriv_vfs_readwrite_fgroup(int asroot, int injail, struct test *test)
175314564Sdim{
176314564Sdim
177314564Sdim	try_io("priv_vfs_readwrite_fgroup(none, O_RDONLY)", fpath_none,
178314564Sdim	    asroot, injail, O_RDONLY, asroot ? 0 : -1, EACCES);
179227825Stheraven	try_io("priv_vfs_readwrite_fgroup(none, O_WRONLY)", fpath_none,
180227825Stheraven	    asroot, injail, O_WRONLY, asroot ? 0 : -1, EACCES);
181227825Stheraven	try_io("priv_vfs_readwrite_fgroup(none, O_RDWR)", fpath_none,
182227825Stheraven	    asroot, injail, O_RDWR, asroot ? 0 : -1, EACCES);
183227825Stheraven
184300770Sdim	try_io("priv_vfs_readwrite_fgroup(read, O_RDONLY)", fpath_read,
185300770Sdim	    asroot, injail, O_RDONLY, 0, 0);
186300770Sdim	try_io("priv_vfs_readwrite_fgroup(read, O_WRONLY)", fpath_read,
187300770Sdim	    asroot, injail, O_WRONLY, asroot ? 0 : -1, EACCES);
188227825Stheraven	try_io("priv_vfs_readwrite_fgroup(read, O_RDWR)", fpath_read,
189227825Stheraven	    asroot, injail, O_RDWR, asroot ? 0 : -1, EACCES);
190227825Stheraven
191227825Stheraven	try_io("priv_vfs_readwrite_fgroup(write, O_RDONLY)", fpath_write,
192314564Sdim	    asroot, injail, O_RDONLY, asroot ? 0 : -1, EACCES);
193227825Stheraven	try_io("priv_vfs_readwrite_fgroup(write, O_WRONLY)", fpath_write,
194314564Sdim	    asroot, injail, O_WRONLY, 0, 0);
195314564Sdim	try_io("priv_vfs_readwrite_fgroup(write, O_RDWR)", fpath_write,
196314564Sdim	    asroot, injail, O_RDWR, asroot ? 0 : -1, EACCES);
197227825Stheraven
198227825Stheraven	try_io("priv_vfs_readwrite_fgroup(write, O_RDONLY)", fpath_readwrite,
199227825Stheraven	    asroot, injail, O_RDONLY, 0, 0);
200314564Sdim	try_io("priv_vfs_readwrite_fgroup(write, O_WRONLY)", fpath_readwrite,
201227825Stheraven	    asroot, injail, O_WRONLY, 0, 0);
202227825Stheraven	try_io("priv_vfs_readwrite_fgroup(write, O_RDWR)", fpath_readwrite,
203227825Stheraven	    asroot, injail, O_RDWR, 0, 0);
204321369Sdim}
205227825Stheraven
206309124Sdimvoid
207227825Stheravenpriv_vfs_readwrite_fother(int asroot, int injail, struct test *test)
208227825Stheraven{
209227825Stheraven
210351253Sdim	try_io("priv_vfs_readwrite_fother(none, O_RDONLY)", fpath_none,
211351253Sdim	    asroot, injail, O_RDONLY, asroot ? 0 : -1, EACCES);
212351253Sdim	try_io("priv_vfs_readwrite_fother(none, O_WRONLY)", fpath_none,
213351253Sdim	    asroot, injail, O_WRONLY, asroot ? 0 : -1, EACCES);
214351253Sdim	try_io("priv_vfs_readwrite_fother(none, O_RDWR)", fpath_none,
215227825Stheraven	    asroot, injail, O_RDWR, asroot ? 0 : -1, EACCES);
216249989Sdim
217227825Stheraven	try_io("priv_vfs_readwrite_fother(read, O_RDONLY)", fpath_read,
218309124Sdim	    asroot, injail, O_RDONLY, 0, 0);
219227825Stheraven	try_io("priv_vfs_readwrite_fother(read, O_WRONLY)", fpath_read,
220227825Stheraven	    asroot, injail, O_WRONLY, asroot ? 0 : -1, EACCES);
221227825Stheraven	try_io("priv_vfs_readwrite_fother(read, O_RDWR)", fpath_read,
222227825Stheraven	    asroot, injail, O_RDWR, asroot ? 0 : -1, EACCES);
223227825Stheraven
224309124Sdim	try_io("priv_vfs_readwrite_fother(write, O_RDONLY)", fpath_write,
225227825Stheraven	    asroot, injail, O_RDONLY, asroot ? 0 : -1, EACCES);
226227825Stheraven	try_io("priv_vfs_readwrite_fother(write, O_WRONLY)", fpath_write,
227321369Sdim	    asroot, injail, O_WRONLY, 0, 0);
228321369Sdim	try_io("priv_vfs_readwrite_fother(write, O_RDWR)", fpath_write,
229232924Stheraven	    asroot, injail, O_RDWR, asroot ? 0 : -1, EACCES);
230227825Stheraven
231227825Stheraven	try_io("priv_vfs_readwrite_fother(write, O_RDONLY)", fpath_readwrite,
232341825Sdim	    asroot, injail, O_RDONLY, 0, 0);
233227825Stheraven	try_io("priv_vfs_readwrite_fother(write, O_WRONLY)", fpath_readwrite,
234227825Stheraven	    asroot, injail, O_WRONLY, 0, 0);
235321369Sdim	try_io("priv_vfs_readwrite_fother(write, O_RDWR)", fpath_readwrite,
236232924Stheraven	    asroot, injail, O_RDWR, 0, 0);
237321369Sdim}
238321369Sdim
239321369Sdimvoid
240321369Sdimpriv_vfs_readwrite_cleanup(int asroot, int injail, struct test *test)
241227825Stheraven{
242227825Stheraven
243227825Stheraven	if (fpath_none_initialized) {
244321369Sdim		(void)unlink(fpath_none);
245227825Stheraven		fpath_none_initialized = 0;
246321369Sdim	}
247300770Sdim	if (fpath_read_initialized) {
248241900Sdim		(void)unlink(fpath_read);
249321369Sdim		fpath_read_initialized = 0;
250227825Stheraven	}
251227825Stheraven	if (fpath_write_initialized) {
252241900Sdim		(void)unlink(fpath_write);
253227825Stheraven		fpath_write_initialized = 0;
254227825Stheraven	}
255321369Sdim	if (fpath_readwrite_initialized) {
256227825Stheraven		(void)unlink(fpath_readwrite);
257227825Stheraven		fpath_readwrite_initialized = 0;
258227825Stheraven	}
259309124Sdim}
260227825Stheraven