module/splat/splat-cred.c

   1 /*****************************************************************************\
   2  *  Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC.
   3  *  Copyright (C) 2007 The Regents of the University of California.
   4  *  Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
   5  *  Written by Brian Behlendorf <behlendorf1@llnl.gov>.
   6  *  UCRL-CODE-235197
   7  *
   8  *  This file is part of the SPL, Solaris Porting Layer.
   9  *  For details, see <http://github.com/behlendorf/spl/>.
  10  *
  11  *  The SPL is free software; you can redistribute it and/or modify it
  12  *  under the terms of the GNU General Public License as published by the
  13  *  Free Software Foundation; either version 2 of the License, or (at your
  14  *  option) any later version.
  15  *
  16  *  The SPL is distributed in the hope that it will be useful, but WITHOUT
  17  *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  18  *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  19  *  for more details.
  20  *
  21  *  You should have received a copy of the GNU General Public License along
  22  *  with the SPL.  If not, see <http://www.gnu.org/licenses/>.
  23  *****************************************************************************
  24  *  Solaris Porting LAyer Tests (SPLAT) Credential Tests.
  25 \*****************************************************************************/
  26
  27 #include "splat-internal.h"
  28
  29 #define SPLAT_CRED_NAME                 "cred"
  30 #define SPLAT_CRED_DESC                 "Kernel Cred Tests"
  31
  32 #define SPLAT_CRED_TEST1_ID             0x0e01
  33 #define SPLAT_CRED_TEST1_NAME           "cred"
  34 #define SPLAT_CRED_TEST1_DESC           "Task Credential Test"
  35
  36 #define SPLAT_CRED_TEST2_ID             0x0e02
  37 #define SPLAT_CRED_TEST2_NAME           "kcred"
  38 #define SPLAT_CRED_TEST2_DESC           "Kernel Credential Test"
  39
  40 #define SPLAT_CRED_TEST3_ID             0x0e03
  41 #define SPLAT_CRED_TEST3_NAME           "groupmember"
  42 #define SPLAT_CRED_TEST3_DESC           "Group Member Test"
  43
  44 #define GROUP_STR_SIZE                  128
  45 #define GROUP_STR_REDZONE               16
  46
  47 static int
  48 splat_cred_test1(struct file *file, void *arg)
  49 {
  50         char str[GROUP_STR_SIZE];
  51         uid_t uid, ruid, suid;
  52         gid_t gid, rgid, sgid, *groups;
  53         int ngroups, i, count = 0;
  54
  55         uid  = crgetuid(CRED());
  56         ruid = crgetruid(CRED());
  57         suid = crgetsuid(CRED());
  58
  59         gid  = crgetgid(CRED());
  60         rgid = crgetrgid(CRED());
  61         sgid = crgetsgid(CRED());
  62
  63         crhold(CRED());
  64         ngroups = crgetngroups(CRED());
  65         groups  = crgetgroups(CRED());
  66
  67         memset(str, 0, GROUP_STR_SIZE);
  68         for (i = 0; i < ngroups; i++) {
  69                 count += sprintf(str + count, "%d ", groups[i]);
  70
  71                 if (count > (GROUP_STR_SIZE - GROUP_STR_REDZONE)) {
  72                         splat_vprint(file, SPLAT_CRED_TEST1_NAME,
  73                                      "Failed too many group entries for temp "
  74                                      "buffer: %d, %s\n", ngroups, str);
  75                         return -ENOSPC;
  76                 }
  77         }
  78
  79         crfree(CRED());
  80
  81         splat_vprint(file, SPLAT_CRED_TEST1_NAME,
  82                      "uid: %d ruid: %d suid: %d "
  83                      "gid: %d rgid: %d sgid: %d\n",
  84                      uid, ruid, suid, gid, rgid, sgid);
  85         splat_vprint(file, SPLAT_CRED_TEST1_NAME,
  86                      "ngroups: %d groups: %s\n", ngroups, str);
  87
  88         if (uid || ruid || suid || gid || rgid || sgid) {
  89                 splat_vprint(file, SPLAT_CRED_TEST1_NAME,
  90                              "Failed expected all uids+gids to be %d\n", 0);
  91                 return -EIDRM;
  92         }
  93
  94         if (ngroups > NGROUPS_MAX) {
  95                 splat_vprint(file, SPLAT_CRED_TEST1_NAME,
  96                              "Failed ngroups must not exceed NGROUPS_MAX: "
  97                              "%d > %d\n", ngroups, NGROUPS_MAX);
  98                 return -EIDRM;
  99         }
 100
 101         splat_vprint(file, SPLAT_CRED_TEST1_NAME,
 102                      "Success sane CRED(): %d\n", 0);
 103
 104         return 0;
 105 } /* splat_cred_test1() */
 106
 107 static int
 108 splat_cred_test2(struct file *file, void *arg)
 109 {
 110         char str[GROUP_STR_SIZE];
 111         uid_t uid, ruid, suid;
 112         gid_t gid, rgid, sgid, *groups;
 113         int ngroups, i, count = 0;
 114
 115         uid  = crgetuid(kcred);
 116         ruid = crgetruid(kcred);
 117         suid = crgetsuid(kcred);
 118
 119         gid  = crgetgid(kcred);
 120         rgid = crgetrgid(kcred);
 121         sgid = crgetsgid(kcred);
 122
 123         crhold(kcred);
 124         ngroups = crgetngroups(kcred);
 125         groups  = crgetgroups(kcred);
 126
 127         memset(str, 0, GROUP_STR_SIZE);
 128         for (i = 0; i < ngroups; i++) {
 129                 count += sprintf(str + count, "%d ", groups[i]);
 130
 131                 if (count > (GROUP_STR_SIZE - GROUP_STR_REDZONE)) {
 132                         splat_vprint(file, SPLAT_CRED_TEST2_NAME,
 133                                      "Failed too many group entries for temp "
 134                                      "buffer: %d, %s\n", ngroups, str);
 135                         return -ENOSPC;
 136                 }
 137         }
 138
 139         crfree(kcred);
 140
 141         splat_vprint(file, SPLAT_CRED_TEST2_NAME,
 142                      "uid: %d ruid: %d suid: %d "
 143                      "gid: %d rgid: %d sgid: %d\n",
 144                      uid, ruid, suid, gid, rgid, sgid);
 145         splat_vprint(file, SPLAT_CRED_TEST2_NAME,
 146                      "ngroups: %d groups: %s\n", ngroups, str);
 147
 148         if (uid || ruid || suid || gid || rgid || sgid) {
 149                 splat_vprint(file, SPLAT_CRED_TEST2_NAME,
 150                              "Failed expected all uids+gids to be %d\n", 0);
 151                 return -EIDRM;
 152         }
 153
 154         if (ngroups > NGROUPS_MAX) {
 155                 splat_vprint(file, SPLAT_CRED_TEST2_NAME,
 156                              "Failed ngroups must not exceed NGROUPS_MAX: "
 157                              "%d > %d\n", ngroups, NGROUPS_MAX);
 158                 return -EIDRM;
 159         }
 160
 161         splat_vprint(file, SPLAT_CRED_TEST2_NAME,
 162                      "Success sane kcred: %d\n", 0);
 163
 164         return 0;
 165 } /* splat_cred_test2() */
 166
 167 /*
 168  * On most/all systems it can be expected that a task with root
 169  * permissions also is a member of the root group,  Since the
 170  * test suite is always run as root we check first that CRED() is
 171  * a member of the root group, and secondly that it is not a member
 172  * of our fake group.  This test will break is someone happens to
 173  * create group number NGROUPS_MAX-1 and then added root to it.
 174  */
 175 static int
 176 splat_cred_test3(struct file *file, void *arg)
 177 {
 178         gid_t root_gid, fake_gid;
 179         int rc;
 180
 181         root_gid = 0;
 182         fake_gid = NGROUPS_MAX-1;
 183
 184         rc = groupmember(root_gid, CRED());
 185         if (!rc) {
 186                 splat_vprint(file, SPLAT_CRED_TEST3_NAME,
 187                              "Failed root git %d expected to be member "
 188                              "of CRED() groups: %d\n", root_gid, rc);
 189                 return -EIDRM;
 190         }
 191
 192         rc = groupmember(fake_gid, CRED());
 193         if (rc) {
 194                 splat_vprint(file, SPLAT_CRED_TEST3_NAME,
 195                              "Failed fake git %d expected not to be member "
 196                              "of CRED() groups: %d\n", fake_gid, rc);
 197                 return -EIDRM;
 198         }
 199
 200         splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Success root gid "
 201                      "is a member of the expected groups: %d\n", rc);
 202
 203         return rc;
 204 } /* splat_cred_test3() */
 205
 206 splat_subsystem_t *
 207 splat_cred_init(void)
 208 {
 209         splat_subsystem_t *sub;
 210
 211         sub = kmalloc(sizeof(*sub), GFP_KERNEL);
 212         if (sub == NULL)
 213                 return NULL;
 214
 215         memset(sub, 0, sizeof(*sub));
 216         strncpy(sub->desc.name, SPLAT_CRED_NAME, SPLAT_NAME_SIZE);
 217         strncpy(sub->desc.desc, SPLAT_CRED_DESC, SPLAT_DESC_SIZE);
 218         INIT_LIST_HEAD(&sub->subsystem_list);
 219         INIT_LIST_HEAD(&sub->test_list);
 220         spin_lock_init(&sub->test_lock);
 221         sub->desc.id = SPLAT_SUBSYSTEM_CRED;
 222
 223         SPLAT_TEST_INIT(sub, SPLAT_CRED_TEST1_NAME, SPLAT_CRED_TEST1_DESC,
 224                       SPLAT_CRED_TEST1_ID, splat_cred_test1);
 225         SPLAT_TEST_INIT(sub, SPLAT_CRED_TEST2_NAME, SPLAT_CRED_TEST2_DESC,
 226                       SPLAT_CRED_TEST2_ID, splat_cred_test2);
 227         SPLAT_TEST_INIT(sub, SPLAT_CRED_TEST3_NAME, SPLAT_CRED_TEST3_DESC,
 228                       SPLAT_CRED_TEST3_ID, splat_cred_test3);
 229
 230         return sub;
 231 } /* splat_cred_init() */
 232
 233 void
 234 splat_cred_fini(splat_subsystem_t *sub)
 235 {
 236         ASSERT(sub);
 237
 238         SPLAT_TEST_FINI(sub, SPLAT_CRED_TEST3_ID);
 239         SPLAT_TEST_FINI(sub, SPLAT_CRED_TEST2_ID);
 240         SPLAT_TEST_FINI(sub, SPLAT_CRED_TEST1_ID);
 241
 242         kfree(sub);
 243 } /* splat_cred_fini() */
 244
 245 int
 246 splat_cred_id(void)
 247 {
 248         return SPLAT_SUBSYSTEM_CRED;
 249 } /* splat_cred_id() */