]>
git.proxmox.com Git - mirror_spl-debian.git/blob - module/splat/splat-cred.c
1 /*****************************************************************************\
2 * Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC.
3 * Copyright (C) 2007 The Regents of the University of California.
4 * Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
5 * Written by Brian Behlendorf <behlendorf1@llnl.gov>.
8 * This file is part of the SPL, Solaris Porting Layer.
9 * For details, see <http://zfsonlinux.org/>.
11 * The SPL is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; either version 2 of the License, or (at your
14 * option) any later version.
16 * The SPL is distributed in the hope that it will be useful, but WITHOUT
17 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
18 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * You should have received a copy of the GNU General Public License along
22 * with the SPL. If not, see <http://www.gnu.org/licenses/>.
23 *****************************************************************************
24 * Solaris Porting LAyer Tests (SPLAT) Credential Tests.
25 \*****************************************************************************/
28 #include <sys/random.h>
29 #include "splat-internal.h"
31 #define SPLAT_CRED_NAME "cred"
32 #define SPLAT_CRED_DESC "Kernel Cred Tests"
34 #define SPLAT_CRED_TEST1_ID 0x0e01
35 #define SPLAT_CRED_TEST1_NAME "cred"
36 #define SPLAT_CRED_TEST1_DESC "Task Credential Test"
38 #define SPLAT_CRED_TEST2_ID 0x0e02
39 #define SPLAT_CRED_TEST2_NAME "kcred"
40 #define SPLAT_CRED_TEST2_DESC "Kernel Credential Test"
42 #define SPLAT_CRED_TEST3_ID 0x0e03
43 #define SPLAT_CRED_TEST3_NAME "groupmember"
44 #define SPLAT_CRED_TEST3_DESC "Group Member Test"
46 #define GROUP_STR_SIZE 128
47 #define GROUP_STR_REDZONE 16
50 splat_cred_test1(struct file
*file
, void *arg
)
52 char str
[GROUP_STR_SIZE
];
53 uid_t uid
, ruid
, suid
;
54 gid_t gid
, rgid
, sgid
, *groups
;
55 int ngroups
, i
, count
= 0;
57 uid
= crgetuid(CRED());
58 ruid
= crgetruid(CRED());
59 suid
= crgetsuid(CRED());
61 gid
= crgetgid(CRED());
62 rgid
= crgetrgid(CRED());
63 sgid
= crgetsgid(CRED());
66 ngroups
= crgetngroups(CRED());
67 groups
= crgetgroups(CRED());
69 memset(str
, 0, GROUP_STR_SIZE
);
70 for (i
= 0; i
< ngroups
; i
++) {
71 count
+= sprintf(str
+ count
, "%d ", groups
[i
]);
73 if (count
> (GROUP_STR_SIZE
- GROUP_STR_REDZONE
)) {
74 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
75 "Failed too many group entries for temp "
76 "buffer: %d, %s\n", ngroups
, str
);
83 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
84 "uid: %d ruid: %d suid: %d "
85 "gid: %d rgid: %d sgid: %d\n",
86 uid
, ruid
, suid
, gid
, rgid
, sgid
);
87 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
88 "ngroups: %d groups: %s\n", ngroups
, str
);
90 if (uid
|| ruid
|| suid
|| gid
|| rgid
|| sgid
) {
91 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
92 "Failed expected all uids+gids to be %d\n", 0);
96 if (ngroups
> NGROUPS_MAX
) {
97 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
98 "Failed ngroups must not exceed NGROUPS_MAX: "
99 "%d > %d\n", ngroups
, NGROUPS_MAX
);
103 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
104 "Success sane CRED(): %d\n", 0);
107 } /* splat_cred_test1() */
110 splat_cred_test2(struct file
*file
, void *arg
)
112 char str
[GROUP_STR_SIZE
];
113 uid_t uid
, ruid
, suid
;
114 gid_t gid
, rgid
, sgid
, *groups
;
115 int ngroups
, i
, count
= 0;
117 uid
= crgetuid(kcred
);
118 ruid
= crgetruid(kcred
);
119 suid
= crgetsuid(kcred
);
121 gid
= crgetgid(kcred
);
122 rgid
= crgetrgid(kcred
);
123 sgid
= crgetsgid(kcred
);
126 ngroups
= crgetngroups(kcred
);
127 groups
= crgetgroups(kcred
);
129 memset(str
, 0, GROUP_STR_SIZE
);
130 for (i
= 0; i
< ngroups
; i
++) {
131 count
+= sprintf(str
+ count
, "%d ", groups
[i
]);
133 if (count
> (GROUP_STR_SIZE
- GROUP_STR_REDZONE
)) {
134 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
135 "Failed too many group entries for temp "
136 "buffer: %d, %s\n", ngroups
, str
);
143 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
144 "uid: %d ruid: %d suid: %d "
145 "gid: %d rgid: %d sgid: %d\n",
146 uid
, ruid
, suid
, gid
, rgid
, sgid
);
147 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
148 "ngroups: %d groups: %s\n", ngroups
, str
);
150 if (uid
|| ruid
|| suid
|| gid
|| rgid
|| sgid
) {
151 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
152 "Failed expected all uids+gids to be %d\n", 0);
156 if (ngroups
> NGROUPS_MAX
) {
157 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
158 "Failed ngroups must not exceed NGROUPS_MAX: "
159 "%d > %d\n", ngroups
, NGROUPS_MAX
);
163 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
164 "Success sane kcred: %d\n", 0);
167 } /* splat_cred_test2() */
170 * Verify the groupmember() works correctly by constructing an interesting
171 * CRED() and checking that the expected gids are part of it.
174 splat_cred_test3(struct file
*file
, void *arg
)
176 gid_t known_gid
, missing_gid
, tmp_gid
;
178 struct group_info
*gi
;
181 get_random_bytes((void *)&rnd
, 1);
182 known_gid
= (rnd
> 0) ? rnd
: 1;
186 * Create an interesting known set of gids for test purposes. The
187 * gids are pseudo randomly selected are will be in the range of
188 * 1:(NGROUPS_MAX-1). Gid 0 is explicitly avoided so we can reliably
189 * test for its absence in the test cases.
191 gi
= groups_alloc(NGROUPS_SMALL
);
193 splat_vprint(file
, SPLAT_CRED_TEST3_NAME
, "Failed create "
194 "group_info for known gids: %d\n", -ENOMEM
);
199 for (i
= 0, tmp_gid
= known_gid
; i
< NGROUPS_SMALL
; i
++) {
200 splat_vprint(file
, SPLAT_CRED_TEST3_NAME
, "Adding gid %d "
201 "to current CRED() (%d/%d)\n", tmp_gid
, i
, gi
->ngroups
);
202 #ifdef HAVE_KUIDGID_T
203 GROUP_AT(gi
, i
) = make_kgid(current_user_ns(), tmp_gid
);
205 GROUP_AT(gi
, i
) = tmp_gid
;
206 #endif /* HAVE_KUIDGID_T */
207 tmp_gid
= ((tmp_gid
* 17) % (NGROUPS_MAX
- 1)) + 1;
210 /* Set the new groups in the CRED() and release our reference. */
211 rc
= set_current_groups(gi
);
215 splat_vprint(file
, SPLAT_CRED_TEST3_NAME
, "Failed to add "
216 "gid %d to current group: %d\n", known_gid
, rc
);
220 /* Verify groupmember() finds the known_gid in the CRED() */
221 rc
= groupmember(known_gid
, CRED());
223 splat_vprint(file
, SPLAT_CRED_TEST3_NAME
, "Failed to find "
224 "known gid %d in CRED()'s groups.\n", known_gid
);
229 /* Verify groupmember() does NOT finds the missing gid in the CRED() */
230 rc
= groupmember(missing_gid
, CRED());
232 splat_vprint(file
, SPLAT_CRED_TEST3_NAME
, "Failed missing "
233 "gid %d was found in CRED()'s groups.\n", missing_gid
);
238 splat_vprint(file
, SPLAT_CRED_TEST3_NAME
, "Success groupmember() "
239 "correctly detects expected gids in CRED(): %d\n", rc
);
243 int i
, grps
= crgetngroups(CRED());
245 splat_vprint(file
, SPLAT_CRED_TEST3_NAME
, "%d groups: ", grps
);
246 for (i
= 0; i
< grps
; i
++)
247 splat_print(file
, "%d ", crgetgroups(CRED())[i
]);
248 splat_print(file
, "%s", "\n");
253 } /* splat_cred_test3() */
256 splat_cred_init(void)
258 splat_subsystem_t
*sub
;
260 sub
= kmalloc(sizeof(*sub
), GFP_KERNEL
);
264 memset(sub
, 0, sizeof(*sub
));
265 strncpy(sub
->desc
.name
, SPLAT_CRED_NAME
, SPLAT_NAME_SIZE
);
266 strncpy(sub
->desc
.desc
, SPLAT_CRED_DESC
, SPLAT_DESC_SIZE
);
267 INIT_LIST_HEAD(&sub
->subsystem_list
);
268 INIT_LIST_HEAD(&sub
->test_list
);
269 spin_lock_init(&sub
->test_lock
);
270 sub
->desc
.id
= SPLAT_SUBSYSTEM_CRED
;
272 SPLAT_TEST_INIT(sub
, SPLAT_CRED_TEST1_NAME
, SPLAT_CRED_TEST1_DESC
,
273 SPLAT_CRED_TEST1_ID
, splat_cred_test1
);
274 SPLAT_TEST_INIT(sub
, SPLAT_CRED_TEST2_NAME
, SPLAT_CRED_TEST2_DESC
,
275 SPLAT_CRED_TEST2_ID
, splat_cred_test2
);
276 SPLAT_TEST_INIT(sub
, SPLAT_CRED_TEST3_NAME
, SPLAT_CRED_TEST3_DESC
,
277 SPLAT_CRED_TEST3_ID
, splat_cred_test3
);
280 } /* splat_cred_init() */
283 splat_cred_fini(splat_subsystem_t
*sub
)
287 SPLAT_TEST_FINI(sub
, SPLAT_CRED_TEST3_ID
);
288 SPLAT_TEST_FINI(sub
, SPLAT_CRED_TEST2_ID
);
289 SPLAT_TEST_FINI(sub
, SPLAT_CRED_TEST1_ID
);
292 } /* splat_cred_fini() */
297 return SPLAT_SUBSYSTEM_CRED
;
298 } /* splat_cred_id() */