]>
Commit | Line | Data |
---|---|---|
716154c5 BB |
1 | /*****************************************************************************\ |
2 | * Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC. | |
3 | * Copyright (C) 2007 The Regents of the University of California. | |
4 | * Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER). | |
5 | * Written by Brian Behlendorf <behlendorf1@llnl.gov>. | |
ec7d53e9 BB |
6 | * UCRL-CODE-235197 |
7 | * | |
716154c5 | 8 | * This file is part of the SPL, Solaris Porting Layer. |
3d6af2dd | 9 | * For details, see <http://zfsonlinux.org/>. |
716154c5 BB |
10 | * |
11 | * The SPL is free software; you can redistribute it and/or modify it | |
12 | * under the terms of the GNU General Public License as published by the | |
13 | * Free Software Foundation; either version 2 of the License, or (at your | |
14 | * option) any later version. | |
ec7d53e9 | 15 | * |
716154c5 | 16 | * The SPL is distributed in the hope that it will be useful, but WITHOUT |
ec7d53e9 BB |
17 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
18 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
19 | * for more details. | |
20 | * | |
21 | * You should have received a copy of the GNU General Public License along | |
716154c5 BB |
22 | * with the SPL. If not, see <http://www.gnu.org/licenses/>. |
23 | ***************************************************************************** | |
24 | * Solaris Porting LAyer Tests (SPLAT) Credential Tests. | |
25 | \*****************************************************************************/ | |
ec7d53e9 | 26 | |
df870a69 | 27 | #include <sys/cred.h> |
9e4fb5c2 | 28 | #include <sys/random.h> |
ec7d53e9 BB |
29 | #include "splat-internal.h" |
30 | ||
31 | #define SPLAT_CRED_NAME "cred" | |
32 | #define SPLAT_CRED_DESC "Kernel Cred Tests" | |
33 | ||
34 | #define SPLAT_CRED_TEST1_ID 0x0e01 | |
35 | #define SPLAT_CRED_TEST1_NAME "cred" | |
36 | #define SPLAT_CRED_TEST1_DESC "Task Credential Test" | |
37 | ||
38 | #define SPLAT_CRED_TEST2_ID 0x0e02 | |
39 | #define SPLAT_CRED_TEST2_NAME "kcred" | |
40 | #define SPLAT_CRED_TEST2_DESC "Kernel Credential Test" | |
41 | ||
42 | #define SPLAT_CRED_TEST3_ID 0x0e03 | |
43 | #define SPLAT_CRED_TEST3_NAME "groupmember" | |
44 | #define SPLAT_CRED_TEST3_DESC "Group Member Test" | |
45 | ||
46 | #define GROUP_STR_SIZE 128 | |
47 | #define GROUP_STR_REDZONE 16 | |
48 | ||
49 | static int | |
50 | splat_cred_test1(struct file *file, void *arg) | |
51 | { | |
52 | char str[GROUP_STR_SIZE]; | |
53 | uid_t uid, ruid, suid; | |
54 | gid_t gid, rgid, sgid, *groups; | |
55 | int ngroups, i, count = 0; | |
56 | ||
57 | uid = crgetuid(CRED()); | |
58 | ruid = crgetruid(CRED()); | |
59 | suid = crgetsuid(CRED()); | |
60 | ||
61 | gid = crgetgid(CRED()); | |
62 | rgid = crgetrgid(CRED()); | |
63 | sgid = crgetsgid(CRED()); | |
64 | ||
65 | crhold(CRED()); | |
66 | ngroups = crgetngroups(CRED()); | |
67 | groups = crgetgroups(CRED()); | |
68 | ||
69 | memset(str, 0, GROUP_STR_SIZE); | |
70 | for (i = 0; i < ngroups; i++) { | |
71 | count += sprintf(str + count, "%d ", groups[i]); | |
72 | ||
73 | if (count > (GROUP_STR_SIZE - GROUP_STR_REDZONE)) { | |
74 | splat_vprint(file, SPLAT_CRED_TEST1_NAME, | |
75 | "Failed too many group entries for temp " | |
76 | "buffer: %d, %s\n", ngroups, str); | |
77 | return -ENOSPC; | |
78 | } | |
79 | } | |
80 | ||
81 | crfree(CRED()); | |
82 | ||
83 | splat_vprint(file, SPLAT_CRED_TEST1_NAME, | |
84 | "uid: %d ruid: %d suid: %d " | |
85 | "gid: %d rgid: %d sgid: %d\n", | |
86 | uid, ruid, suid, gid, rgid, sgid); | |
87 | splat_vprint(file, SPLAT_CRED_TEST1_NAME, | |
88 | "ngroups: %d groups: %s\n", ngroups, str); | |
89 | ||
90 | if (uid || ruid || suid || gid || rgid || sgid) { | |
91 | splat_vprint(file, SPLAT_CRED_TEST1_NAME, | |
92 | "Failed expected all uids+gids to be %d\n", 0); | |
93 | return -EIDRM; | |
94 | } | |
95 | ||
96 | if (ngroups > NGROUPS_MAX) { | |
97 | splat_vprint(file, SPLAT_CRED_TEST1_NAME, | |
98 | "Failed ngroups must not exceed NGROUPS_MAX: " | |
99 | "%d > %d\n", ngroups, NGROUPS_MAX); | |
100 | return -EIDRM; | |
101 | } | |
102 | ||
103 | splat_vprint(file, SPLAT_CRED_TEST1_NAME, | |
104 | "Success sane CRED(): %d\n", 0); | |
105 | ||
106 | return 0; | |
107 | } /* splat_cred_test1() */ | |
108 | ||
109 | static int | |
110 | splat_cred_test2(struct file *file, void *arg) | |
111 | { | |
112 | char str[GROUP_STR_SIZE]; | |
113 | uid_t uid, ruid, suid; | |
114 | gid_t gid, rgid, sgid, *groups; | |
115 | int ngroups, i, count = 0; | |
116 | ||
117 | uid = crgetuid(kcred); | |
118 | ruid = crgetruid(kcred); | |
119 | suid = crgetsuid(kcred); | |
120 | ||
121 | gid = crgetgid(kcred); | |
122 | rgid = crgetrgid(kcred); | |
123 | sgid = crgetsgid(kcred); | |
124 | ||
125 | crhold(kcred); | |
126 | ngroups = crgetngroups(kcred); | |
127 | groups = crgetgroups(kcred); | |
128 | ||
129 | memset(str, 0, GROUP_STR_SIZE); | |
130 | for (i = 0; i < ngroups; i++) { | |
131 | count += sprintf(str + count, "%d ", groups[i]); | |
132 | ||
133 | if (count > (GROUP_STR_SIZE - GROUP_STR_REDZONE)) { | |
134 | splat_vprint(file, SPLAT_CRED_TEST2_NAME, | |
135 | "Failed too many group entries for temp " | |
136 | "buffer: %d, %s\n", ngroups, str); | |
137 | return -ENOSPC; | |
138 | } | |
139 | } | |
140 | ||
141 | crfree(kcred); | |
142 | ||
143 | splat_vprint(file, SPLAT_CRED_TEST2_NAME, | |
144 | "uid: %d ruid: %d suid: %d " | |
145 | "gid: %d rgid: %d sgid: %d\n", | |
146 | uid, ruid, suid, gid, rgid, sgid); | |
147 | splat_vprint(file, SPLAT_CRED_TEST2_NAME, | |
148 | "ngroups: %d groups: %s\n", ngroups, str); | |
149 | ||
150 | if (uid || ruid || suid || gid || rgid || sgid) { | |
151 | splat_vprint(file, SPLAT_CRED_TEST2_NAME, | |
152 | "Failed expected all uids+gids to be %d\n", 0); | |
153 | return -EIDRM; | |
154 | } | |
155 | ||
156 | if (ngroups > NGROUPS_MAX) { | |
157 | splat_vprint(file, SPLAT_CRED_TEST2_NAME, | |
158 | "Failed ngroups must not exceed NGROUPS_MAX: " | |
159 | "%d > %d\n", ngroups, NGROUPS_MAX); | |
160 | return -EIDRM; | |
161 | } | |
162 | ||
163 | splat_vprint(file, SPLAT_CRED_TEST2_NAME, | |
164 | "Success sane kcred: %d\n", 0); | |
165 | ||
166 | return 0; | |
167 | } /* splat_cred_test2() */ | |
168 | ||
169 | /* | |
9e4fb5c2 LG |
170 | * Verify the groupmember() works correctly by constructing an interesting |
171 | * CRED() and checking that the expected gids are part of it. | |
ec7d53e9 BB |
172 | */ |
173 | static int | |
174 | splat_cred_test3(struct file *file, void *arg) | |
175 | { | |
9e4fb5c2 LG |
176 | gid_t known_gid, missing_gid, tmp_gid; |
177 | unsigned char rnd; | |
178 | struct group_info *gi; | |
179 | int i, rc; | |
180 | ||
181 | get_random_bytes((void *)&rnd, 1); | |
182 | known_gid = (rnd > 0) ? rnd : 1; | |
183 | missing_gid = 0; | |
184 | ||
185 | /* | |
186 | * Create an interesting known set of gids for test purposes. The | |
187 | * gids are pseudo randomly selected are will be in the range of | |
188 | * 1:(NGROUPS_MAX-1). Gid 0 is explicitly avoided so we can reliably | |
189 | * test for its absence in the test cases. | |
190 | */ | |
191 | gi = groups_alloc(NGROUPS_SMALL); | |
192 | if (gi == NULL) { | |
193 | splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Failed create " | |
194 | "group_info for known gids: %d\n", -ENOMEM); | |
195 | rc = -ENOMEM; | |
196 | goto show_groups; | |
197 | } | |
198 | ||
199 | for (i = 0, tmp_gid = known_gid; i < NGROUPS_SMALL; i++) { | |
200 | splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Adding gid %d " | |
201 | "to current CRED() (%d/%d)\n", tmp_gid, i, gi->ngroups); | |
202 | #ifdef HAVE_KUIDGID_T | |
203 | GROUP_AT(gi, i) = make_kgid(current_user_ns(), tmp_gid); | |
204 | #else | |
205 | GROUP_AT(gi, i) = tmp_gid; | |
206 | #endif /* HAVE_KUIDGID_T */ | |
207 | tmp_gid = ((tmp_gid * 17) % (NGROUPS_MAX - 1)) + 1; | |
208 | } | |
ec7d53e9 | 209 | |
9e4fb5c2 LG |
210 | /* Set the new groups in the CRED() and release our reference. */ |
211 | rc = set_current_groups(gi); | |
212 | put_group_info(gi); | |
ec7d53e9 | 213 | |
9e4fb5c2 LG |
214 | if (rc) { |
215 | splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Failed to add " | |
216 | "gid %d to current group: %d\n", known_gid, rc); | |
217 | goto show_groups; | |
218 | } | |
219 | ||
220 | /* Verify groupmember() finds the known_gid in the CRED() */ | |
221 | rc = groupmember(known_gid, CRED()); | |
ec7d53e9 | 222 | if (!rc) { |
9e4fb5c2 LG |
223 | splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Failed to find " |
224 | "known gid %d in CRED()'s groups.\n", known_gid); | |
225 | rc = -EIDRM; | |
226 | goto show_groups; | |
ec7d53e9 BB |
227 | } |
228 | ||
9e4fb5c2 LG |
229 | /* Verify groupmember() does NOT finds the missing gid in the CRED() */ |
230 | rc = groupmember(missing_gid, CRED()); | |
ec7d53e9 | 231 | if (rc) { |
9e4fb5c2 LG |
232 | splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Failed missing " |
233 | "gid %d was found in CRED()'s groups.\n", missing_gid); | |
234 | rc = -EIDRM; | |
235 | goto show_groups; | |
236 | } | |
237 | ||
238 | splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Success groupmember() " | |
239 | "correctly detects expected gids in CRED(): %d\n", rc); | |
240 | ||
241 | show_groups: | |
242 | if (rc) { | |
243 | int i, grps = crgetngroups(CRED()); | |
244 | ||
245 | splat_vprint(file, SPLAT_CRED_TEST3_NAME, "%d groups: ", grps); | |
246 | for (i = 0; i < grps; i++) | |
247 | splat_print(file, "%d ", crgetgroups(CRED())[i]); | |
248 | splat_print(file, "%s", "\n"); | |
ec7d53e9 BB |
249 | } |
250 | ||
ec7d53e9 | 251 | |
9e4fb5c2 | 252 | return (rc); |
ec7d53e9 BB |
253 | } /* splat_cred_test3() */ |
254 | ||
255 | splat_subsystem_t * | |
256 | splat_cred_init(void) | |
257 | { | |
258 | splat_subsystem_t *sub; | |
259 | ||
260 | sub = kmalloc(sizeof(*sub), GFP_KERNEL); | |
261 | if (sub == NULL) | |
262 | return NULL; | |
263 | ||
264 | memset(sub, 0, sizeof(*sub)); | |
265 | strncpy(sub->desc.name, SPLAT_CRED_NAME, SPLAT_NAME_SIZE); | |
266 | strncpy(sub->desc.desc, SPLAT_CRED_DESC, SPLAT_DESC_SIZE); | |
267 | INIT_LIST_HEAD(&sub->subsystem_list); | |
268 | INIT_LIST_HEAD(&sub->test_list); | |
269 | spin_lock_init(&sub->test_lock); | |
270 | sub->desc.id = SPLAT_SUBSYSTEM_CRED; | |
271 | ||
272 | SPLAT_TEST_INIT(sub, SPLAT_CRED_TEST1_NAME, SPLAT_CRED_TEST1_DESC, | |
273 | SPLAT_CRED_TEST1_ID, splat_cred_test1); | |
274 | SPLAT_TEST_INIT(sub, SPLAT_CRED_TEST2_NAME, SPLAT_CRED_TEST2_DESC, | |
275 | SPLAT_CRED_TEST2_ID, splat_cred_test2); | |
276 | SPLAT_TEST_INIT(sub, SPLAT_CRED_TEST3_NAME, SPLAT_CRED_TEST3_DESC, | |
277 | SPLAT_CRED_TEST3_ID, splat_cred_test3); | |
278 | ||
279 | return sub; | |
280 | } /* splat_cred_init() */ | |
281 | ||
282 | void | |
283 | splat_cred_fini(splat_subsystem_t *sub) | |
284 | { | |
285 | ASSERT(sub); | |
286 | ||
287 | SPLAT_TEST_FINI(sub, SPLAT_CRED_TEST3_ID); | |
288 | SPLAT_TEST_FINI(sub, SPLAT_CRED_TEST2_ID); | |
289 | SPLAT_TEST_FINI(sub, SPLAT_CRED_TEST1_ID); | |
290 | ||
291 | kfree(sub); | |
292 | } /* splat_cred_fini() */ | |
293 | ||
294 | int | |
295 | splat_cred_id(void) | |
296 | { | |
297 | return SPLAT_SUBSYSTEM_CRED; | |
298 | } /* splat_cred_id() */ |