1/* $NetBSD: t_o_search.c,v 1.10 2020/02/08 19:58:36 kamil Exp $ */ 2 3/*- 4 * Copyright (c) 2012 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Emmanuel Dreyfus. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31#include <sys/cdefs.h> 32__RCSID("$NetBSD: t_o_search.c,v 1.10 2020/02/08 19:58:36 kamil Exp $"); 33 34#include <atf-c.h> 35 36#include <sys/types.h> 37#include <sys/mount.h> 38#include <sys/statvfs.h> 39#include <sys/stat.h> 40 41#include <dirent.h> 42#include <errno.h> 43#include <fcntl.h> 44#include <limits.h> 45#include <paths.h> 46#include <stdio.h> 47#include <string.h> 48#include <unistd.h> 49#include <pwd.h> 50 51/* 52 * dholland 20130112: disable tests that require O_SEARCH semantics 53 * until a decision is reached about the semantics of O_SEARCH and a 54 * non-broken implementation is available. 55 */ 56#if defined(__FreeBSD__) || (O_MASK & O_SEARCH) != 0 57#define USE_O_SEARCH 58#endif 59 60#ifdef __FreeBSD__ 61#define statvfs statfs 62#define fstatvfs fstatfs 63#endif 64 65#define DIR "dir" 66#define FILE "dir/o_search" 67#define BASEFILE "o_search" 68 69 70ATF_TC(o_search_perm1); 71ATF_TC_HEAD(o_search_perm1, tc) 72{ 73 atf_tc_set_md_var(tc, "descr", "See that openat enforces search permission"); 74 atf_tc_set_md_var(tc, "require.user", "unprivileged"); 75} 76ATF_TC_BODY(o_search_perm1, tc) 77{ 78 int dfd; 79 int fd; 80 81 ATF_REQUIRE(mkdir(DIR, 0755) == 0); 82 ATF_REQUIRE((fd = open(FILE, O_CREAT|O_RDWR, 0644)) != -1); 83 ATF_REQUIRE(close(fd) == 0); 84 85 ATF_REQUIRE((dfd = open(DIR, O_RDONLY, 0)) != -1); 86 87 ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) != -1); 88 ATF_REQUIRE(close(fd) == 0); 89 90 ATF_REQUIRE(fchmod(dfd, 0644) == 0); 91 92 ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) == -1); 93 ATF_REQUIRE(errno == EACCES); 94 95 ATF_REQUIRE(close(dfd) == 0); 96} 97 98#ifdef USE_O_SEARCH 99 100ATF_TC(o_search_root_flag1); 101ATF_TC_HEAD(o_search_root_flag1, tc) 102{ 103 atf_tc_set_md_var(tc, "descr", "See that root openat honours O_SEARCH"); 104 atf_tc_set_md_var(tc, "require.user", "root"); 105} 106ATF_TC_BODY(o_search_root_flag1, tc) 107{ 108 int dfd; 109 int fd; 110 111 ATF_REQUIRE(mkdir(DIR, 0755) == 0); 112 ATF_REQUIRE((fd = open(FILE, O_CREAT|O_RDWR, 0644)) != -1); 113 ATF_REQUIRE(close(fd) == 0); 114 115 ATF_REQUIRE((dfd = open(DIR, O_RDONLY|O_SEARCH, 0)) != -1); 116 117 ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) != -1); 118 ATF_REQUIRE(close(fd) == 0); 119 120 ATF_REQUIRE(fchmod(dfd, 0644) == 0); 121 122 ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) != -1); 123 ATF_REQUIRE(close(fd) == 0); 124 125 ATF_REQUIRE(fchmod(dfd, 0444) == 0); 126 127 ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) != -1); 128 129 ATF_REQUIRE(close(dfd) == 0); 130} 131 132ATF_TC(o_search_unpriv_flag1); 133ATF_TC_HEAD(o_search_unpriv_flag1, tc) 134{ 135 atf_tc_set_md_var(tc, "descr", "See that openat honours O_SEARCH"); 136 atf_tc_set_md_var(tc, "require.user", "unprivileged"); 137} 138ATF_TC_BODY(o_search_unpriv_flag1, tc) 139{ 140 int dfd; 141 int fd; 142 143 ATF_REQUIRE(mkdir(DIR, 0755) == 0); 144 ATF_REQUIRE((fd = open(FILE, O_CREAT|O_RDWR, 0644)) != -1); 145 ATF_REQUIRE(close(fd) == 0); 146 147 ATF_REQUIRE((dfd = open(DIR, O_RDONLY|O_SEARCH, 0)) != -1); 148 149 ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) != -1); 150 ATF_REQUIRE(close(fd) == 0); 151 152 ATF_REQUIRE(fchmod(dfd, 0644) == 0); 153 154 ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) != -1); 155 ATF_REQUIRE(close(fd) == 0); 156 157 ATF_REQUIRE(fchmod(dfd, 0444) == 0); 158 159 ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) != -1); 160 161 ATF_REQUIRE(close(dfd) == 0); 162} 163 164#endif /* USE_O_SEARCH */ 165 166ATF_TC(o_search_perm2); 167ATF_TC_HEAD(o_search_perm2, tc) 168{ 169 atf_tc_set_md_var(tc, "descr", "See that faccessat enforces search permission"); 170 atf_tc_set_md_var(tc, "require.user", "unprivileged"); 171} 172ATF_TC_BODY(o_search_perm2, tc) 173{ 174 int dfd; 175 int fd; 176 ATF_REQUIRE(mkdir(DIR, 0755) == 0); 177 ATF_REQUIRE((fd = open(FILE, O_CREAT|O_RDWR, 0644)) != -1); 178 ATF_REQUIRE(close(fd) == 0); 179 180 ATF_REQUIRE((dfd = open(DIR, O_RDONLY, 0)) != -1); 181 182 ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) == 0); 183 184 ATF_REQUIRE(fchmod(dfd, 0644) == 0); 185 186 ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) == -1); 187 ATF_REQUIRE(errno == EACCES); 188 189 ATF_REQUIRE(close(dfd) == 0); 190} 191 192#ifdef USE_O_SEARCH 193 194ATF_TC(o_search_root_flag2); 195ATF_TC_HEAD(o_search_root_flag2, tc) 196{ 197 atf_tc_set_md_var(tc, "descr", "See that root fstatat honours O_SEARCH"); 198 atf_tc_set_md_var(tc, "require.user", "root"); 199} 200ATF_TC_BODY(o_search_root_flag2, tc) 201{ 202 int dfd; 203 int fd; 204 205 ATF_REQUIRE(mkdir(DIR, 0755) == 0); 206 ATF_REQUIRE((fd = open(FILE, O_CREAT|O_RDWR, 0644)) != -1); 207 ATF_REQUIRE(close(fd) == 0); 208 209 ATF_REQUIRE((dfd = open(DIR, O_RDONLY|O_SEARCH, 0)) != -1); 210 211 ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) == 0); 212 213 ATF_REQUIRE(fchmod(dfd, 0644) == 0); 214 215 ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) == 0); 216 217 ATF_REQUIRE(fchmod(dfd, 0444) == 0); 218 219 ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) == 0); 220 221 ATF_REQUIRE(close(dfd) == 0); 222} 223 224ATF_TC(o_search_unpriv_flag2); 225ATF_TC_HEAD(o_search_unpriv_flag2, tc) 226{ 227 atf_tc_set_md_var(tc, "descr", "See that fstatat honours O_SEARCH"); 228 atf_tc_set_md_var(tc, "require.user", "unprivileged"); 229} 230ATF_TC_BODY(o_search_unpriv_flag2, tc) 231{ 232 int dfd; 233 int fd; 234 235 ATF_REQUIRE(mkdir(DIR, 0755) == 0); 236 ATF_REQUIRE((fd = open(FILE, O_CREAT|O_RDWR, 0644)) != -1); 237 ATF_REQUIRE(close(fd) == 0); 238 239 ATF_REQUIRE((dfd = open(DIR, O_RDONLY|O_SEARCH, 0)) != -1); 240 241 ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) == 0); 242 243 ATF_REQUIRE(fchmod(dfd, 0644) == 0); 244 245 ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) == 0); 246 247 ATF_REQUIRE(fchmod(dfd, 0444) == 0); 248 249 ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) == 0); 250 251 ATF_REQUIRE(close(dfd) == 0); 252} 253 254#endif /* USE_O_SEARCH */ 255 256 257ATF_TC(o_search_notdir); 258ATF_TC_HEAD(o_search_notdir, tc) 259{ 260 atf_tc_set_md_var(tc, "descr", "See that openat fails with non dir fd"); 261} 262ATF_TC_BODY(o_search_notdir, tc) 263{ 264 int dfd; 265 int fd; 266 267 ATF_REQUIRE(mkdir(DIR, 0755) == 0); 268 ATF_REQUIRE((dfd = open(FILE, O_CREAT|O_SEARCH, 0644)) != -1); 269 ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) == -1); 270 ATF_REQUIRE(errno == ENOTDIR); 271 ATF_REQUIRE(close(dfd) == 0); 272} 273 274#ifdef USE_O_SEARCH 275ATF_TC(o_search_nord); 276ATF_TC_HEAD(o_search_nord, tc) 277{ 278 atf_tc_set_md_var(tc, "descr", "See that openat succeeds with no read permission"); 279 atf_tc_set_md_var(tc, "require.user", "unprivileged"); 280} 281ATF_TC_BODY(o_search_nord, tc) 282{ 283 int dfd, fd; 284 285 ATF_REQUIRE(mkdir(DIR, 0755) == 0); 286 ATF_REQUIRE((fd = open(FILE, O_CREAT|O_RDWR, 0644)) != -1); 287 ATF_REQUIRE(close(fd) == 0); 288 289 ATF_REQUIRE(chmod(DIR, 0100) == 0); 290 ATF_REQUIRE((dfd = open(DIR, O_SEARCH, 0)) != -1); 291 292 ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) != -1); 293 294 ATF_REQUIRE(close(dfd) == 0); 295} 296 297ATF_TC(o_search_getdents); 298ATF_TC_HEAD(o_search_getdents, tc) 299{ 300 atf_tc_set_md_var(tc, "descr", "See that O_SEARCH forbids getdents"); 301} 302ATF_TC_BODY(o_search_getdents, tc) 303{ 304 char buf[1024]; 305 int dfd; 306 307 ATF_REQUIRE(mkdir(DIR, 0755) == 0); 308 ATF_REQUIRE((dfd = open(DIR, O_SEARCH, 0)) != -1); 309 ATF_REQUIRE(getdents(dfd, buf, sizeof(buf)) < 0); 310 ATF_REQUIRE(close(dfd) == 0); 311} 312 313ATF_TC(o_search_revokex); 314ATF_TC_HEAD(o_search_revokex, tc) 315{ 316 atf_tc_set_md_var(tc, "descr", "See that *at behaves after chmod -x"); 317 atf_tc_set_md_var(tc, "require.user", "unprivileged"); 318} 319ATF_TC_BODY(o_search_revokex, tc) 320{ 321 struct statvfs vst; 322 struct stat sb; 323 int dfd, fd; 324 325 ATF_REQUIRE(mkdir(DIR, 0755) == 0); 326 ATF_REQUIRE((fd = open(FILE, O_CREAT|O_RDWR, 0644)) != -1); 327 ATF_REQUIRE(close(fd) == 0); 328 329 ATF_REQUIRE((dfd = open(DIR, O_SEARCH, 0)) != -1); 330 331 /* Drop permissions. The kernel must still not check the exec bit. */ 332 ATF_REQUIRE(chmod(DIR, 0000) == 0); 333 334 fstatvfs(dfd, &vst); 335 if (strcmp(vst.f_fstypename, "nfs") == 0) 336 atf_tc_expect_fail("NFS protocol cannot observe O_SEARCH semantics"); 337 338 ATF_REQUIRE(fstatat(dfd, BASEFILE, &sb, 0) == 0); 339 340 ATF_REQUIRE(close(dfd) == 0); 341} 342#endif /* USE_O_SEARCH */ 343 344ATF_TP_ADD_TCS(tp) 345{ 346 347 ATF_TP_ADD_TC(tp, o_search_perm1); 348#ifdef USE_O_SEARCH 349 ATF_TP_ADD_TC(tp, o_search_root_flag1); 350 ATF_TP_ADD_TC(tp, o_search_unpriv_flag1); 351#endif 352 ATF_TP_ADD_TC(tp, o_search_perm2); 353#ifdef USE_O_SEARCH 354 ATF_TP_ADD_TC(tp, o_search_root_flag2); 355 ATF_TP_ADD_TC(tp, o_search_unpriv_flag2); 356#endif 357 ATF_TP_ADD_TC(tp, o_search_notdir); 358#ifdef USE_O_SEARCH 359 ATF_TP_ADD_TC(tp, o_search_nord); 360 ATF_TP_ADD_TC(tp, o_search_getdents); 361 ATF_TP_ADD_TC(tp, o_search_revokex); 362#endif 363 364 return atf_no_error(); 365} 366