1272343Sngie/* $NetBSD: t_msgctl.c,v 1.4 2014/02/27 00:59:50 joerg Exp $ */
2272343Sngie
3272343Sngie/*-
4272343Sngie * Copyright (c) 2011 The NetBSD Foundation, Inc.
5272343Sngie * All rights reserved.
6272343Sngie *
7272343Sngie * This code is derived from software contributed to The NetBSD Foundation
8272343Sngie * by Jukka Ruohonen.
9272343Sngie *
10272343Sngie * Redistribution and use in source and binary forms, with or without
11272343Sngie * modification, are permitted provided that the following conditions
12272343Sngie * are met:
13272343Sngie * 1. Redistributions of source code must retain the above copyright
14272343Sngie *    notice, this list of conditions and the following disclaimer.
15272343Sngie * 2. Redistributions in binary form must reproduce the above copyright
16272343Sngie *    notice, this list of conditions and the following disclaimer in the
17272343Sngie *    documentation and/or other materials provided with the distribution.
18272343Sngie *
19272343Sngie * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20272343Sngie * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21272343Sngie * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22272343Sngie * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23272343Sngie * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24272343Sngie * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25272343Sngie * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26272343Sngie * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27272343Sngie * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28272343Sngie * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29272343Sngie * POSSIBILITY OF SUCH DAMAGE.
30272343Sngie */
31272343Sngie#include <sys/cdefs.h>
32272343Sngie__RCSID("$NetBSD: t_msgctl.c,v 1.4 2014/02/27 00:59:50 joerg Exp $");
33272343Sngie
34272343Sngie#include <sys/msg.h>
35272343Sngie#include <sys/stat.h>
36272343Sngie#include <sys/sysctl.h>
37272343Sngie#include <sys/wait.h>
38272343Sngie
39272343Sngie#include <atf-c.h>
40272343Sngie#include <errno.h>
41272343Sngie#include <pwd.h>
42272343Sngie#include <stdio.h>
43272343Sngie#include <stdlib.h>
44272343Sngie#include <string.h>
45272343Sngie#include <sysexits.h>
46272343Sngie#include <time.h>
47272343Sngie#include <unistd.h>
48272343Sngie
49273530Sngie#ifdef __FreeBSD__
50273530Sngie#include <limits.h>
51273530Sngie#endif
52273530Sngie
53272343Sngie#define MSG_KEY		12345689
54272343Sngie#define MSG_MTYPE_1	0x41
55272343Sngie
56272343Sngiestruct msg {
57272343Sngie	long		 mtype;
58272343Sngie	char		 buf[3];
59272343Sngie};
60272343Sngie
61272343Sngiestatic void		clean(void);
62272343Sngie
63272343Sngiestatic void
64272343Sngieclean(void)
65272343Sngie{
66272343Sngie	int id;
67272343Sngie
68272343Sngie	if ((id = msgget(MSG_KEY, 0)) != -1)
69272343Sngie		(void)msgctl(id, IPC_RMID, 0);
70272343Sngie}
71272343Sngie
72272343SngieATF_TC_WITH_CLEANUP(msgctl_err);
73272343SngieATF_TC_HEAD(msgctl_err, tc)
74272343Sngie{
75272343Sngie	atf_tc_set_md_var(tc, "descr", "Test errors from msgctl(2)");
76272343Sngie}
77272343Sngie
78272343SngieATF_TC_BODY(msgctl_err, tc)
79272343Sngie{
80272343Sngie	const int cmd[] = { IPC_STAT, IPC_SET, IPC_RMID };
81272343Sngie	struct msqid_ds msgds;
82272343Sngie	size_t i;
83272343Sngie	int id;
84272343Sngie
85272343Sngie	(void)memset(&msgds, 0, sizeof(struct msqid_ds));
86272343Sngie
87272343Sngie	id = msgget(MSG_KEY, IPC_CREAT | 0600);
88272343Sngie	ATF_REQUIRE(id != -1);
89272343Sngie
90272343Sngie	errno = 0;
91272343Sngie	ATF_REQUIRE_ERRNO(EINVAL, msgctl(id, INT_MAX, &msgds) == -1);
92272343Sngie
93272343Sngie	errno = 0;
94272343Sngie	ATF_REQUIRE_ERRNO(EFAULT, msgctl(id, IPC_STAT, (void *)-1) == -1);
95272343Sngie
96272343Sngie	for (i = 0; i < __arraycount(cmd); i++) {
97272343Sngie		errno = 0;
98272343Sngie		ATF_REQUIRE_ERRNO(EINVAL, msgctl(-1, cmd[i], &msgds) == -1);
99272343Sngie	}
100272343Sngie
101272343Sngie	ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
102272343Sngie}
103272343Sngie
104272343SngieATF_TC_CLEANUP(msgctl_err, tc)
105272343Sngie{
106272343Sngie	clean();
107272343Sngie}
108272343Sngie
109272343SngieATF_TC_WITH_CLEANUP(msgctl_perm);
110272343SngieATF_TC_HEAD(msgctl_perm, tc)
111272343Sngie{
112272343Sngie	atf_tc_set_md_var(tc, "descr", "Test permissions with msgctl(2)");
113272343Sngie	atf_tc_set_md_var(tc, "require.user", "root");
114272343Sngie}
115272343Sngie
116272343SngieATF_TC_BODY(msgctl_perm, tc)
117272343Sngie{
118272343Sngie	struct msqid_ds msgds;
119272343Sngie	struct passwd *pw;
120272343Sngie	pid_t pid;
121272343Sngie	int sta;
122272343Sngie	int id;
123272343Sngie
124272343Sngie	(void)memset(&msgds, 0, sizeof(struct msqid_ds));
125272343Sngie
126272343Sngie	pw = getpwnam("nobody");
127272343Sngie	id = msgget(MSG_KEY, IPC_CREAT | 0600);
128272343Sngie
129272343Sngie	ATF_REQUIRE(id != -1);
130272343Sngie	ATF_REQUIRE(pw != NULL);
131272343Sngie	ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
132272343Sngie
133272343Sngie	pid = fork();
134272343Sngie	ATF_REQUIRE(pid >= 0);
135272343Sngie
136272343Sngie	if (pid == 0) {
137272343Sngie
138272343Sngie		if (setuid(pw->pw_uid) != 0)
139272343Sngie			_exit(EX_OSERR);
140272343Sngie
141272343Sngie		msgds.msg_perm.uid = getuid();
142272343Sngie		msgds.msg_perm.gid = getgid();
143272343Sngie
144272343Sngie		errno = 0;
145272343Sngie
146272343Sngie		if (msgctl(id, IPC_SET, &msgds) == 0)
147272343Sngie			_exit(EXIT_FAILURE);
148272343Sngie
149272343Sngie		if (errno != EPERM)
150272343Sngie			_exit(EXIT_FAILURE);
151272343Sngie
152272343Sngie		(void)memset(&msgds, 0, sizeof(struct msqid_ds));
153272343Sngie
154272343Sngie		if (msgctl(id, IPC_STAT, &msgds) != 0)
155272343Sngie			_exit(EX_OSERR);
156272343Sngie
157272343Sngie		msgds.msg_qbytes = 1;
158272343Sngie
159272343Sngie		if (msgctl(id, IPC_SET, &msgds) == 0)
160272343Sngie			_exit(EXIT_FAILURE);
161272343Sngie
162272343Sngie		if (errno != EPERM)
163272343Sngie			_exit(EXIT_FAILURE);
164272343Sngie
165272343Sngie		_exit(EXIT_SUCCESS);
166272343Sngie	}
167272343Sngie
168272343Sngie	(void)wait(&sta);
169272343Sngie
170272343Sngie	if (WIFEXITED(sta) == 0) {
171272343Sngie
172272343Sngie		if (WEXITSTATUS(sta) == EX_OSERR)
173272343Sngie			atf_tc_fail("system call failed");
174272343Sngie
175272343Sngie		if (WEXITSTATUS(sta) == EXIT_FAILURE)
176272343Sngie			atf_tc_fail("UID %u manipulated root's "
177272343Sngie			    "message queue", pw->pw_uid);
178272343Sngie	}
179272343Sngie
180272343Sngie	ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
181272343Sngie}
182272343Sngie
183272343SngieATF_TC_CLEANUP(msgctl_perm, tc)
184272343Sngie{
185272343Sngie	clean();
186272343Sngie}
187272343Sngie
188272343SngieATF_TC_WITH_CLEANUP(msgctl_pid);
189272343SngieATF_TC_HEAD(msgctl_pid, tc)
190272343Sngie{
191272343Sngie	atf_tc_set_md_var(tc, "descr", "Test that PIDs are updated");
192272343Sngie}
193272343Sngie
194272343SngieATF_TC_BODY(msgctl_pid, tc)
195272343Sngie{
196272343Sngie	struct msg msg = { MSG_MTYPE_1, { 'a', 'b', 'c' } };
197272343Sngie	struct msqid_ds msgds;
198272343Sngie	int id, sta;
199272343Sngie	pid_t pid;
200272343Sngie
201272343Sngie	id = msgget(MSG_KEY, IPC_CREAT | 0600);
202272343Sngie	ATF_REQUIRE(id != -1);
203272343Sngie
204272343Sngie	pid = fork();
205272343Sngie	ATF_REQUIRE(pid >= 0);
206272343Sngie
207272343Sngie	if (pid == 0) {
208272343Sngie
209272343Sngie		(void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
210272343Sngie
211272343Sngie		_exit(EXIT_SUCCESS);
212272343Sngie	}
213272343Sngie
214272343Sngie	(void)sleep(1);
215272343Sngie	(void)wait(&sta);
216272343Sngie	(void)memset(&msgds, 0, sizeof(struct msqid_ds));
217272343Sngie
218272343Sngie	ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
219272343Sngie
220272343Sngie	if (pid != msgds.msg_lspid)
221272343Sngie		atf_tc_fail("the PID of last msgsnd(2) was not updated");
222272343Sngie
223272343Sngie	pid = fork();
224272343Sngie	ATF_REQUIRE(pid >= 0);
225272343Sngie
226272343Sngie	if (pid == 0) {
227272343Sngie
228272343Sngie		(void)msgrcv(id, &msg,
229272343Sngie		    sizeof(struct msg), MSG_MTYPE_1, IPC_NOWAIT);
230272343Sngie
231272343Sngie		_exit(EXIT_SUCCESS);
232272343Sngie	}
233272343Sngie
234272343Sngie	(void)sleep(1);
235272343Sngie	(void)wait(&sta);
236272343Sngie	(void)memset(&msgds, 0, sizeof(struct msqid_ds));
237272343Sngie
238272343Sngie	ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
239272343Sngie
240272343Sngie	if (pid != msgds.msg_lrpid)
241272343Sngie		atf_tc_fail("the PID of last msgrcv(2) was not updated");
242272343Sngie
243272343Sngie	ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
244272343Sngie}
245272343Sngie
246272343SngieATF_TC_CLEANUP(msgctl_pid, tc)
247272343Sngie{
248272343Sngie	clean();
249272343Sngie}
250272343Sngie
251272343SngieATF_TC_WITH_CLEANUP(msgctl_set);
252272343SngieATF_TC_HEAD(msgctl_set, tc)
253272343Sngie{
254272343Sngie	atf_tc_set_md_var(tc, "descr", "Test msgctl(2) with IPC_SET");
255272343Sngie	atf_tc_set_md_var(tc, "require.user", "root");
256272343Sngie}
257272343Sngie
258272343SngieATF_TC_BODY(msgctl_set, tc)
259272343Sngie{
260272343Sngie	struct msqid_ds msgds;
261272343Sngie	struct passwd *pw;
262272343Sngie	int id;
263272343Sngie
264272343Sngie	(void)memset(&msgds, 0, sizeof(struct msqid_ds));
265272343Sngie
266272343Sngie	pw = getpwnam("nobody");
267272343Sngie	id = msgget(MSG_KEY, IPC_CREAT | 0600);
268272343Sngie
269272343Sngie	ATF_REQUIRE(id != -1);
270272343Sngie	ATF_REQUIRE(pw != NULL);
271272343Sngie	ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
272272343Sngie
273272343Sngie	msgds.msg_perm.uid = pw->pw_uid;
274272343Sngie
275272343Sngie	if (msgctl(id, IPC_SET, &msgds) != 0)
276272343Sngie		atf_tc_fail("root failed to change the UID of message queue");
277272343Sngie
278272343Sngie	msgds.msg_perm.uid = getuid();
279272343Sngie	msgds.msg_perm.gid = pw->pw_gid;
280272343Sngie
281272343Sngie	if (msgctl(id, IPC_SET, &msgds) != 0)
282272343Sngie		atf_tc_fail("root failed to change the GID of message queue");
283272343Sngie
284272343Sngie	/*
285272343Sngie	 * Note: setting the qbytes to zero fails even as root.
286272343Sngie	 */
287272343Sngie	msgds.msg_qbytes = 1;
288272343Sngie	msgds.msg_perm.gid = getgid();
289272343Sngie
290272343Sngie	if (msgctl(id, IPC_SET, &msgds) != 0)
291272343Sngie		atf_tc_fail("root failed to change qbytes of message queue");
292272343Sngie
293272343Sngie	ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
294272343Sngie}
295272343Sngie
296272343SngieATF_TC_CLEANUP(msgctl_set, tc)
297272343Sngie{
298272343Sngie	clean();
299272343Sngie}
300272343Sngie
301272343SngieATF_TC_WITH_CLEANUP(msgctl_time);
302272343SngieATF_TC_HEAD(msgctl_time, tc)
303272343Sngie{
304272343Sngie	atf_tc_set_md_var(tc, "descr", "Test that access times are updated");
305272343Sngie}
306272343Sngie
307272343SngieATF_TC_BODY(msgctl_time, tc)
308272343Sngie{
309272343Sngie	struct msg msg = { MSG_MTYPE_1, { 'a', 'b', 'c' } };
310272343Sngie	struct msqid_ds msgds;
311272343Sngie	time_t t;
312272343Sngie	int id;
313272343Sngie
314272343Sngie	id = msgget(MSG_KEY, IPC_CREAT | 0600);
315272343Sngie	ATF_REQUIRE(id != -1);
316272343Sngie
317272343Sngie	t = time(NULL);
318272343Sngie
319272343Sngie	(void)memset(&msgds, 0, sizeof(struct msqid_ds));
320272343Sngie	(void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
321272343Sngie	(void)msgctl(id, IPC_STAT, &msgds);
322272343Sngie
323272343Sngie	if (llabs(t - msgds.msg_stime) > 1)
324272343Sngie		atf_tc_fail("time of last msgsnd(2) was not updated");
325272343Sngie
326272343Sngie	if (msgds.msg_rtime != 0)
327272343Sngie		atf_tc_fail("time of last msgrcv(2) was updated incorrectly");
328272343Sngie
329272343Sngie	t = time(NULL);
330272343Sngie
331272343Sngie	(void)memset(&msgds, 0, sizeof(struct msqid_ds));
332272343Sngie	(void)msgrcv(id, &msg, sizeof(struct msg), MSG_MTYPE_1, IPC_NOWAIT);
333272343Sngie	(void)msgctl(id, IPC_STAT, &msgds);
334272343Sngie
335272343Sngie	if (llabs(t - msgds.msg_rtime) > 1)
336272343Sngie		atf_tc_fail("time of last msgrcv(2) was not updated");
337272343Sngie
338272343Sngie	/*
339272343Sngie	 * Note: this is non-zero even after the memset(3).
340272343Sngie	 */
341272343Sngie	if (msgds.msg_stime == 0)
342272343Sngie		atf_tc_fail("time of last msgsnd(2) was updated incorrectly");
343272343Sngie
344272343Sngie	ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
345272343Sngie}
346272343Sngie
347272343SngieATF_TC_CLEANUP(msgctl_time, tc)
348272343Sngie{
349272343Sngie	clean();
350272343Sngie}
351272343Sngie
352272343SngieATF_TP_ADD_TCS(tp)
353272343Sngie{
354272343Sngie
355272343Sngie	ATF_TP_ADD_TC(tp, msgctl_err);
356272343Sngie	ATF_TP_ADD_TC(tp, msgctl_perm);
357272343Sngie	ATF_TP_ADD_TC(tp, msgctl_pid);
358272343Sngie	ATF_TP_ADD_TC(tp, msgctl_set);
359272343Sngie	ATF_TP_ADD_TC(tp, msgctl_time);
360272343Sngie
361272343Sngie	return atf_no_error();
362272343Sngie}
363