1*86d7f5d3SJohn Marino #include <sys/types.h>
2*86d7f5d3SJohn Marino #include <sys/jail.h>
3*86d7f5d3SJohn Marino #include <sys/wait.h>
4*86d7f5d3SJohn Marino #include <unistd.h>
5*86d7f5d3SJohn Marino #include <stdio.h>
6*86d7f5d3SJohn Marino #include <stdlib.h>
7*86d7f5d3SJohn Marino
8*86d7f5d3SJohn Marino void setup();
9*86d7f5d3SJohn Marino void teardown();
10*86d7f5d3SJohn Marino
11*86d7f5d3SJohn Marino uid_t unpriv_uid = 5000;
12*86d7f5d3SJohn Marino gid_t unpriv_gid = 5000;
13*86d7f5d3SJohn Marino
14*86d7f5d3SJohn Marino void
test(int (* fn)(),int expected,char * msg,char * msg2)15*86d7f5d3SJohn Marino test(int (*fn)(), int expected, char *msg, char *msg2)
16*86d7f5d3SJohn Marino {
17*86d7f5d3SJohn Marino int retval;
18*86d7f5d3SJohn Marino
19*86d7f5d3SJohn Marino setup();
20*86d7f5d3SJohn Marino retval = fn();
21*86d7f5d3SJohn Marino teardown();
22*86d7f5d3SJohn Marino
23*86d7f5d3SJohn Marino printf("%s (%s): ", msg, msg2);
24*86d7f5d3SJohn Marino
25*86d7f5d3SJohn Marino if (retval == expected) {
26*86d7f5d3SJohn Marino printf("OK\n");
27*86d7f5d3SJohn Marino } else {
28*86d7f5d3SJohn Marino printf("FAILED (was: %d, expected: %d)\n", retval, expected);
29*86d7f5d3SJohn Marino }
30*86d7f5d3SJohn Marino fflush(stdout);
31*86d7f5d3SJohn Marino }
32*86d7f5d3SJohn Marino
33*86d7f5d3SJohn Marino void
test_as_root(int (* fn)(),int expected,char * msg)34*86d7f5d3SJohn Marino test_as_root(int (*fn)(), int expected, char *msg)
35*86d7f5d3SJohn Marino {
36*86d7f5d3SJohn Marino if (getuid() != 0) {
37*86d7f5d3SJohn Marino fprintf(stderr, "must be run as root\n");
38*86d7f5d3SJohn Marino exit(-1);
39*86d7f5d3SJohn Marino }
40*86d7f5d3SJohn Marino
41*86d7f5d3SJohn Marino test(fn, expected, msg, "as root");
42*86d7f5d3SJohn Marino }
43*86d7f5d3SJohn Marino
44*86d7f5d3SJohn Marino void
test_as_jailed_root(int (* fn)(),int expected,char * msg)45*86d7f5d3SJohn Marino test_as_jailed_root(int (*fn)(), int expected, char *msg)
46*86d7f5d3SJohn Marino {
47*86d7f5d3SJohn Marino if (getuid() != 0) {
48*86d7f5d3SJohn Marino fprintf(stderr, "must be run as root\n");
49*86d7f5d3SJohn Marino exit(-1);
50*86d7f5d3SJohn Marino }
51*86d7f5d3SJohn Marino
52*86d7f5d3SJohn Marino int child = fork();
53*86d7f5d3SJohn Marino
54*86d7f5d3SJohn Marino if (child == -1) {
55*86d7f5d3SJohn Marino fprintf(stderr, "fork failed\n");
56*86d7f5d3SJohn Marino exit(-2);
57*86d7f5d3SJohn Marino }
58*86d7f5d3SJohn Marino
59*86d7f5d3SJohn Marino if (child) {
60*86d7f5d3SJohn Marino struct jail j;
61*86d7f5d3SJohn Marino j.version = 1;
62*86d7f5d3SJohn Marino j.path = "/";
63*86d7f5d3SJohn Marino j.hostname = "jail";
64*86d7f5d3SJohn Marino j.n_ips = 0;
65*86d7f5d3SJohn Marino
66*86d7f5d3SJohn Marino int jid = jail(&j);
67*86d7f5d3SJohn Marino if (jid < 0) {
68*86d7f5d3SJohn Marino fprintf(stderr, "jail failed\n");
69*86d7f5d3SJohn Marino exit(-1); // TODO
70*86d7f5d3SJohn Marino }
71*86d7f5d3SJohn Marino test(fn, expected, msg, "as jailed root");
72*86d7f5d3SJohn Marino exit(0);
73*86d7f5d3SJohn Marino }
74*86d7f5d3SJohn Marino else {
75*86d7f5d3SJohn Marino waitpid(child, NULL, 0);
76*86d7f5d3SJohn Marino }
77*86d7f5d3SJohn Marino }
78*86d7f5d3SJohn Marino
79*86d7f5d3SJohn Marino void
test_as_unpriv(int (* fn)(),int expected,char * msg)80*86d7f5d3SJohn Marino test_as_unpriv(int (*fn)(), int expected, char *msg)
81*86d7f5d3SJohn Marino {
82*86d7f5d3SJohn Marino if (getuid() != 0) {
83*86d7f5d3SJohn Marino fprintf(stderr, "must be run as root\n");
84*86d7f5d3SJohn Marino exit(-1);
85*86d7f5d3SJohn Marino }
86*86d7f5d3SJohn Marino
87*86d7f5d3SJohn Marino int child = fork();
88*86d7f5d3SJohn Marino
89*86d7f5d3SJohn Marino if (child == -1) {
90*86d7f5d3SJohn Marino fprintf(stderr, "fork failed\n");
91*86d7f5d3SJohn Marino exit(-2);
92*86d7f5d3SJohn Marino }
93*86d7f5d3SJohn Marino
94*86d7f5d3SJohn Marino if (child) {
95*86d7f5d3SJohn Marino setgid(unpriv_gid);
96*86d7f5d3SJohn Marino setuid(unpriv_uid);
97*86d7f5d3SJohn Marino
98*86d7f5d3SJohn Marino if (getuid() != unpriv_uid || getgid() != unpriv_gid) {
99*86d7f5d3SJohn Marino fprintf(stderr, "setuid/gid failed\n");
100*86d7f5d3SJohn Marino exit(-1); // TODO
101*86d7f5d3SJohn Marino }
102*86d7f5d3SJohn Marino test(fn, expected, msg, "as unpriv");
103*86d7f5d3SJohn Marino exit(0);
104*86d7f5d3SJohn Marino }
105*86d7f5d3SJohn Marino else {
106*86d7f5d3SJohn Marino waitpid(child, NULL, 0);
107*86d7f5d3SJohn Marino }
108*86d7f5d3SJohn Marino }
109*86d7f5d3SJohn Marino
110*86d7f5d3SJohn Marino void
test_as_jailed_unpriv(int (* fn)(),int expected,char * msg)111*86d7f5d3SJohn Marino test_as_jailed_unpriv(int (*fn)(), int expected, char *msg)
112*86d7f5d3SJohn Marino {
113*86d7f5d3SJohn Marino if (getuid() != 0) {
114*86d7f5d3SJohn Marino fprintf(stderr, "must be run as root\n");
115*86d7f5d3SJohn Marino exit(-1);
116*86d7f5d3SJohn Marino }
117*86d7f5d3SJohn Marino
118*86d7f5d3SJohn Marino int child = fork();
119*86d7f5d3SJohn Marino
120*86d7f5d3SJohn Marino if (child == -1) {
121*86d7f5d3SJohn Marino fprintf(stderr, "fork failed\n");
122*86d7f5d3SJohn Marino exit(-2);
123*86d7f5d3SJohn Marino }
124*86d7f5d3SJohn Marino
125*86d7f5d3SJohn Marino if (child) {
126*86d7f5d3SJohn Marino struct jail j;
127*86d7f5d3SJohn Marino j.version = 1;
128*86d7f5d3SJohn Marino j.path = "/";
129*86d7f5d3SJohn Marino j.hostname = "jail";
130*86d7f5d3SJohn Marino j.n_ips = 0;
131*86d7f5d3SJohn Marino
132*86d7f5d3SJohn Marino int jid = jail(&j);
133*86d7f5d3SJohn Marino if (jid < 0) {
134*86d7f5d3SJohn Marino fprintf(stderr, "jail failed\n");
135*86d7f5d3SJohn Marino exit(-1); // TODO
136*86d7f5d3SJohn Marino }
137*86d7f5d3SJohn Marino
138*86d7f5d3SJohn Marino setgid(unpriv_gid);
139*86d7f5d3SJohn Marino setuid(unpriv_uid);
140*86d7f5d3SJohn Marino
141*86d7f5d3SJohn Marino if (getuid() != unpriv_uid || getgid() != unpriv_gid) {
142*86d7f5d3SJohn Marino fprintf(stderr, "setuid/gid failed\n");
143*86d7f5d3SJohn Marino exit(-1); // TODO
144*86d7f5d3SJohn Marino }
145*86d7f5d3SJohn Marino test(fn, expected, msg, "as jailed unpriv");
146*86d7f5d3SJohn Marino exit(0);
147*86d7f5d3SJohn Marino }
148*86d7f5d3SJohn Marino else {
149*86d7f5d3SJohn Marino waitpid(child, NULL, 0);
150*86d7f5d3SJohn Marino }
151*86d7f5d3SJohn Marino }
152