]>
git.proxmox.com Git - mirror_spl-debian.git/blob - module/splat/splat-cred.c
0efabd8541292aa5d74fe568ff9afa6674ce53ab
1 /*****************************************************************************\
2 * Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC.
3 * Copyright (C) 2007 The Regents of the University of California.
4 * Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
5 * Written by Brian Behlendorf <behlendorf1@llnl.gov>.
8 * This file is part of the SPL, Solaris Porting Layer.
9 * For details, see <http://github.com/behlendorf/spl/>.
11 * The SPL is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; either version 2 of the License, or (at your
14 * option) any later version.
16 * The SPL is distributed in the hope that it will be useful, but WITHOUT
17 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
18 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * You should have received a copy of the GNU General Public License along
22 * with the SPL. If not, see <http://www.gnu.org/licenses/>.
23 *****************************************************************************
24 * Solaris Porting LAyer Tests (SPLAT) Credential Tests.
25 \*****************************************************************************/
28 #include "splat-internal.h"
30 #define SPLAT_CRED_NAME "cred"
31 #define SPLAT_CRED_DESC "Kernel Cred Tests"
33 #define SPLAT_CRED_TEST1_ID 0x0e01
34 #define SPLAT_CRED_TEST1_NAME "cred"
35 #define SPLAT_CRED_TEST1_DESC "Task Credential Test"
37 #define SPLAT_CRED_TEST2_ID 0x0e02
38 #define SPLAT_CRED_TEST2_NAME "kcred"
39 #define SPLAT_CRED_TEST2_DESC "Kernel Credential Test"
41 #define SPLAT_CRED_TEST3_ID 0x0e03
42 #define SPLAT_CRED_TEST3_NAME "groupmember"
43 #define SPLAT_CRED_TEST3_DESC "Group Member Test"
45 #define GROUP_STR_SIZE 128
46 #define GROUP_STR_REDZONE 16
49 splat_cred_test1(struct file
*file
, void *arg
)
51 char str
[GROUP_STR_SIZE
];
52 uid_t uid
, ruid
, suid
;
53 gid_t gid
, rgid
, sgid
, *groups
;
54 int ngroups
, i
, count
= 0;
56 uid
= crgetuid(CRED());
57 ruid
= crgetruid(CRED());
58 suid
= crgetsuid(CRED());
60 gid
= crgetgid(CRED());
61 rgid
= crgetrgid(CRED());
62 sgid
= crgetsgid(CRED());
65 ngroups
= crgetngroups(CRED());
66 groups
= crgetgroups(CRED());
68 memset(str
, 0, GROUP_STR_SIZE
);
69 for (i
= 0; i
< ngroups
; i
++) {
70 count
+= sprintf(str
+ count
, "%d ", groups
[i
]);
72 if (count
> (GROUP_STR_SIZE
- GROUP_STR_REDZONE
)) {
73 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
74 "Failed too many group entries for temp "
75 "buffer: %d, %s\n", ngroups
, str
);
82 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
83 "uid: %d ruid: %d suid: %d "
84 "gid: %d rgid: %d sgid: %d\n",
85 uid
, ruid
, suid
, gid
, rgid
, sgid
);
86 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
87 "ngroups: %d groups: %s\n", ngroups
, str
);
89 if (uid
|| ruid
|| suid
|| gid
|| rgid
|| sgid
) {
90 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
91 "Failed expected all uids+gids to be %d\n", 0);
95 if (ngroups
> NGROUPS_MAX
) {
96 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
97 "Failed ngroups must not exceed NGROUPS_MAX: "
98 "%d > %d\n", ngroups
, NGROUPS_MAX
);
102 splat_vprint(file
, SPLAT_CRED_TEST1_NAME
,
103 "Success sane CRED(): %d\n", 0);
106 } /* splat_cred_test1() */
109 splat_cred_test2(struct file
*file
, void *arg
)
111 char str
[GROUP_STR_SIZE
];
112 uid_t uid
, ruid
, suid
;
113 gid_t gid
, rgid
, sgid
, *groups
;
114 int ngroups
, i
, count
= 0;
116 uid
= crgetuid(kcred
);
117 ruid
= crgetruid(kcred
);
118 suid
= crgetsuid(kcred
);
120 gid
= crgetgid(kcred
);
121 rgid
= crgetrgid(kcred
);
122 sgid
= crgetsgid(kcred
);
125 ngroups
= crgetngroups(kcred
);
126 groups
= crgetgroups(kcred
);
128 memset(str
, 0, GROUP_STR_SIZE
);
129 for (i
= 0; i
< ngroups
; i
++) {
130 count
+= sprintf(str
+ count
, "%d ", groups
[i
]);
132 if (count
> (GROUP_STR_SIZE
- GROUP_STR_REDZONE
)) {
133 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
134 "Failed too many group entries for temp "
135 "buffer: %d, %s\n", ngroups
, str
);
142 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
143 "uid: %d ruid: %d suid: %d "
144 "gid: %d rgid: %d sgid: %d\n",
145 uid
, ruid
, suid
, gid
, rgid
, sgid
);
146 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
147 "ngroups: %d groups: %s\n", ngroups
, str
);
149 if (uid
|| ruid
|| suid
|| gid
|| rgid
|| sgid
) {
150 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
151 "Failed expected all uids+gids to be %d\n", 0);
155 if (ngroups
> NGROUPS_MAX
) {
156 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
157 "Failed ngroups must not exceed NGROUPS_MAX: "
158 "%d > %d\n", ngroups
, NGROUPS_MAX
);
162 splat_vprint(file
, SPLAT_CRED_TEST2_NAME
,
163 "Success sane kcred: %d\n", 0);
166 } /* splat_cred_test2() */
169 * On most/all systems it can be expected that a task with root
170 * permissions also is a member of the root group, Since the
171 * test suite is always run as root we check first that CRED() is
172 * a member of the root group, and secondly that it is not a member
173 * of our fake group. This test will break is someone happens to
174 * create group number NGROUPS_MAX-1 and then added root to it.
177 splat_cred_test3(struct file
*file
, void *arg
)
179 gid_t root_gid
, fake_gid
;
183 fake_gid
= NGROUPS_MAX
-1;
185 rc
= groupmember(root_gid
, CRED());
187 splat_vprint(file
, SPLAT_CRED_TEST3_NAME
,
188 "Failed root git %d expected to be member "
189 "of CRED() groups: %d\n", root_gid
, rc
);
193 rc
= groupmember(fake_gid
, CRED());
195 splat_vprint(file
, SPLAT_CRED_TEST3_NAME
,
196 "Failed fake git %d expected not to be member "
197 "of CRED() groups: %d\n", fake_gid
, rc
);
201 splat_vprint(file
, SPLAT_CRED_TEST3_NAME
, "Success root gid "
202 "is a member of the expected groups: %d\n", rc
);
205 } /* splat_cred_test3() */
208 splat_cred_init(void)
210 splat_subsystem_t
*sub
;
212 sub
= kmalloc(sizeof(*sub
), GFP_KERNEL
);
216 memset(sub
, 0, sizeof(*sub
));
217 strncpy(sub
->desc
.name
, SPLAT_CRED_NAME
, SPLAT_NAME_SIZE
);
218 strncpy(sub
->desc
.desc
, SPLAT_CRED_DESC
, SPLAT_DESC_SIZE
);
219 INIT_LIST_HEAD(&sub
->subsystem_list
);
220 INIT_LIST_HEAD(&sub
->test_list
);
221 spin_lock_init(&sub
->test_lock
);
222 sub
->desc
.id
= SPLAT_SUBSYSTEM_CRED
;
224 SPLAT_TEST_INIT(sub
, SPLAT_CRED_TEST1_NAME
, SPLAT_CRED_TEST1_DESC
,
225 SPLAT_CRED_TEST1_ID
, splat_cred_test1
);
226 SPLAT_TEST_INIT(sub
, SPLAT_CRED_TEST2_NAME
, SPLAT_CRED_TEST2_DESC
,
227 SPLAT_CRED_TEST2_ID
, splat_cred_test2
);
228 SPLAT_TEST_INIT(sub
, SPLAT_CRED_TEST3_NAME
, SPLAT_CRED_TEST3_DESC
,
229 SPLAT_CRED_TEST3_ID
, splat_cred_test3
);
232 } /* splat_cred_init() */
235 splat_cred_fini(splat_subsystem_t
*sub
)
239 SPLAT_TEST_FINI(sub
, SPLAT_CRED_TEST3_ID
);
240 SPLAT_TEST_FINI(sub
, SPLAT_CRED_TEST2_ID
);
241 SPLAT_TEST_FINI(sub
, SPLAT_CRED_TEST1_ID
);
244 } /* splat_cred_fini() */
249 return SPLAT_SUBSYSTEM_CRED
;
250 } /* splat_cred_id() */