]> git.proxmox.com Git - mirror_spl-debian.git/blob - module/splat/splat-cred.c
projects / mirror_spl-debian.git / blob
? search:


0efabd8541292aa5d74fe568ff9afa6674ce53ab
[mirror_spl-debian.git] / module / splat / splat-cred.c
1 /*****************************************************************************\
2 * Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC.
3 * Copyright (C) 2007 The Regents of the University of California.
4 * Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
5 * Written by Brian Behlendorf <behlendorf1@llnl.gov>.
6 * UCRL-CODE-235197
7 *
8 * This file is part of the SPL, Solaris Porting Layer.
9 * For details, see <http://github.com/behlendorf/spl/>.
10 *
11 * The SPL is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; either version 2 of the License, or (at your
14 * option) any later version.
15 *
16 * The SPL is distributed in the hope that it will be useful, but WITHOUT
17 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
18 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 * for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with the SPL. If not, see <http://www.gnu.org/licenses/>.
23 *****************************************************************************
24 * Solaris Porting LAyer Tests (SPLAT) Credential Tests.
25 \*****************************************************************************/
26
27 #include <sys/cred.h>
28 #include "splat-internal.h"
29
30 #define SPLAT_CRED_NAME "cred"
31 #define SPLAT_CRED_DESC "Kernel Cred Tests"
32
33 #define SPLAT_CRED_TEST1_ID 0x0e01
34 #define SPLAT_CRED_TEST1_NAME "cred"
35 #define SPLAT_CRED_TEST1_DESC "Task Credential Test"
36
37 #define SPLAT_CRED_TEST2_ID 0x0e02
38 #define SPLAT_CRED_TEST2_NAME "kcred"
39 #define SPLAT_CRED_TEST2_DESC "Kernel Credential Test"
40
41 #define SPLAT_CRED_TEST3_ID 0x0e03
42 #define SPLAT_CRED_TEST3_NAME "groupmember"
43 #define SPLAT_CRED_TEST3_DESC "Group Member Test"
44
45 #define GROUP_STR_SIZE 128
46 #define GROUP_STR_REDZONE 16
47
48 static int
49 splat_cred_test1(struct file *file, void *arg)
50 {
51 char str[GROUP_STR_SIZE];
52 uid_t uid, ruid, suid;
53 gid_t gid, rgid, sgid, *groups;
54 int ngroups, i, count = 0;
55
56 uid = crgetuid(CRED());
57 ruid = crgetruid(CRED());
58 suid = crgetsuid(CRED());
59
60 gid = crgetgid(CRED());
61 rgid = crgetrgid(CRED());
62 sgid = crgetsgid(CRED());
63
64 crhold(CRED());
65 ngroups = crgetngroups(CRED());
66 groups = crgetgroups(CRED());
67
68 memset(str, 0, GROUP_STR_SIZE);
69 for (i = 0; i < ngroups; i++) {
70 count += sprintf(str + count, "%d ", groups[i]);
71
72 if (count > (GROUP_STR_SIZE - GROUP_STR_REDZONE)) {
73 splat_vprint(file, SPLAT_CRED_TEST1_NAME,
74 "Failed too many group entries for temp "
75 "buffer: %d, %s\n", ngroups, str);
76 return -ENOSPC;
77 }
78 }
79
80 crfree(CRED());
81
82 splat_vprint(file, SPLAT_CRED_TEST1_NAME,
83 "uid: %d ruid: %d suid: %d "
84 "gid: %d rgid: %d sgid: %d\n",
85 uid, ruid, suid, gid, rgid, sgid);
86 splat_vprint(file, SPLAT_CRED_TEST1_NAME,
87 "ngroups: %d groups: %s\n", ngroups, str);
88
89 if (uid || ruid || suid || gid || rgid || sgid) {
90 splat_vprint(file, SPLAT_CRED_TEST1_NAME,
91 "Failed expected all uids+gids to be %d\n", 0);
92 return -EIDRM;
93 }
94
95 if (ngroups > NGROUPS_MAX) {
96 splat_vprint(file, SPLAT_CRED_TEST1_NAME,
97 "Failed ngroups must not exceed NGROUPS_MAX: "
98 "%d > %d\n", ngroups, NGROUPS_MAX);
99 return -EIDRM;
100 }
101
102 splat_vprint(file, SPLAT_CRED_TEST1_NAME,
103 "Success sane CRED(): %d\n", 0);
104
105 return 0;
106 } /* splat_cred_test1() */
107
108 static int
109 splat_cred_test2(struct file *file, void *arg)
110 {
111 char str[GROUP_STR_SIZE];
112 uid_t uid, ruid, suid;
113 gid_t gid, rgid, sgid, *groups;
114 int ngroups, i, count = 0;
115
116 uid = crgetuid(kcred);
117 ruid = crgetruid(kcred);
118 suid = crgetsuid(kcred);
119
120 gid = crgetgid(kcred);
121 rgid = crgetrgid(kcred);
122 sgid = crgetsgid(kcred);
123
124 crhold(kcred);
125 ngroups = crgetngroups(kcred);
126 groups = crgetgroups(kcred);
127
128 memset(str, 0, GROUP_STR_SIZE);
129 for (i = 0; i < ngroups; i++) {
130 count += sprintf(str + count, "%d ", groups[i]);
131
132 if (count > (GROUP_STR_SIZE - GROUP_STR_REDZONE)) {
133 splat_vprint(file, SPLAT_CRED_TEST2_NAME,
134 "Failed too many group entries for temp "
135 "buffer: %d, %s\n", ngroups, str);
136 return -ENOSPC;
137 }
138 }
139
140 crfree(kcred);
141
142 splat_vprint(file, SPLAT_CRED_TEST2_NAME,
143 "uid: %d ruid: %d suid: %d "
144 "gid: %d rgid: %d sgid: %d\n",
145 uid, ruid, suid, gid, rgid, sgid);
146 splat_vprint(file, SPLAT_CRED_TEST2_NAME,
147 "ngroups: %d groups: %s\n", ngroups, str);
148
149 if (uid || ruid || suid || gid || rgid || sgid) {
150 splat_vprint(file, SPLAT_CRED_TEST2_NAME,
151 "Failed expected all uids+gids to be %d\n", 0);
152 return -EIDRM;
153 }
154
155 if (ngroups > NGROUPS_MAX) {
156 splat_vprint(file, SPLAT_CRED_TEST2_NAME,
157 "Failed ngroups must not exceed NGROUPS_MAX: "
158 "%d > %d\n", ngroups, NGROUPS_MAX);
159 return -EIDRM;
160 }
161
162 splat_vprint(file, SPLAT_CRED_TEST2_NAME,
163 "Success sane kcred: %d\n", 0);
164
165 return 0;
166 } /* splat_cred_test2() */
167
168 /*
169 * On most/all systems it can be expected that a task with root
170 * permissions also is a member of the root group, Since the
171 * test suite is always run as root we check first that CRED() is
172 * a member of the root group, and secondly that it is not a member
173 * of our fake group. This test will break is someone happens to
174 * create group number NGROUPS_MAX-1 and then added root to it.
175 */
176 static int
177 splat_cred_test3(struct file *file, void *arg)
178 {
179 gid_t root_gid, fake_gid;
180 int rc;
181
182 root_gid = 0;
183 fake_gid = NGROUPS_MAX-1;
184
185 rc = groupmember(root_gid, CRED());
186 if (!rc) {
187 splat_vprint(file, SPLAT_CRED_TEST3_NAME,
188 "Failed root git %d expected to be member "
189 "of CRED() groups: %d\n", root_gid, rc);
190 return -EIDRM;
191 }
192
193 rc = groupmember(fake_gid, CRED());
194 if (rc) {
195 splat_vprint(file, SPLAT_CRED_TEST3_NAME,
196 "Failed fake git %d expected not to be member "
197 "of CRED() groups: %d\n", fake_gid, rc);
198 return -EIDRM;
199 }
200
201 splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Success root gid "
202 "is a member of the expected groups: %d\n", rc);
203
204 return rc;
205 } /* splat_cred_test3() */
206
207 splat_subsystem_t *
208 splat_cred_init(void)
209 {
210 splat_subsystem_t *sub;
211
212 sub = kmalloc(sizeof(*sub), GFP_KERNEL);
213 if (sub == NULL)
214 return NULL;
215
216 memset(sub, 0, sizeof(*sub));
217 strncpy(sub->desc.name, SPLAT_CRED_NAME, SPLAT_NAME_SIZE);
218 strncpy(sub->desc.desc, SPLAT_CRED_DESC, SPLAT_DESC_SIZE);
219 INIT_LIST_HEAD(&sub->subsystem_list);
220 INIT_LIST_HEAD(&sub->test_list);
221 spin_lock_init(&sub->test_lock);
222 sub->desc.id = SPLAT_SUBSYSTEM_CRED;
223
224 SPLAT_TEST_INIT(sub, SPLAT_CRED_TEST1_NAME, SPLAT_CRED_TEST1_DESC,
225 SPLAT_CRED_TEST1_ID, splat_cred_test1);
226 SPLAT_TEST_INIT(sub, SPLAT_CRED_TEST2_NAME, SPLAT_CRED_TEST2_DESC,
227 SPLAT_CRED_TEST2_ID, splat_cred_test2);
228 SPLAT_TEST_INIT(sub, SPLAT_CRED_TEST3_NAME, SPLAT_CRED_TEST3_DESC,
229 SPLAT_CRED_TEST3_ID, splat_cred_test3);
230
231 return sub;
232 } /* splat_cred_init() */
233
234 void
235 splat_cred_fini(splat_subsystem_t *sub)
236 {
237 ASSERT(sub);
238
239 SPLAT_TEST_FINI(sub, SPLAT_CRED_TEST3_ID);
240 SPLAT_TEST_FINI(sub, SPLAT_CRED_TEST2_ID);
241 SPLAT_TEST_FINI(sub, SPLAT_CRED_TEST1_ID);
242
243 kfree(sub);
244 } /* splat_cred_fini() */
245
246 int
247 splat_cred_id(void)
248 {
249 return SPLAT_SUBSYSTEM_CRED;
250 } /* splat_cred_id() */
Unnamed repository; edit this file 'description' to name the repository.