xref: /minix3/tests/fs/vfs/t_unpriv.c (revision 0a6a1f1d05b60e214de2f05a7310ddd1f0e590e7) 
1*0a6a1f1dSLionel Sambuc /*	$NetBSD: t_unpriv.c,v 1.12 2015/04/09 19:51:13 riastradh Exp $	*/
211be35a1SLionel Sambuc 
311be35a1SLionel Sambuc /*-
411be35a1SLionel Sambuc  * Copyright (c) 2011 The NetBSD Foundation, Inc.
511be35a1SLionel Sambuc  * All rights reserved.
611be35a1SLionel Sambuc  *
711be35a1SLionel Sambuc  * Redistribution and use in source and binary forms, with or without
811be35a1SLionel Sambuc  * modification, are permitted provided that the following conditions
911be35a1SLionel Sambuc  * are met:
1011be35a1SLionel Sambuc  * 1. Redistributions of source code must retain the above copyright
1111be35a1SLionel Sambuc  *    notice, this list of conditions and the following disclaimer.
1211be35a1SLionel Sambuc  * 2. Redistributions in binary form must reproduce the above copyright
1311be35a1SLionel Sambuc  *    notice, this list of conditions and the following disclaimer in the
1411be35a1SLionel Sambuc  *    documentation and/or other materials provided with the distribution.
1511be35a1SLionel Sambuc  *
1611be35a1SLionel Sambuc  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
1711be35a1SLionel Sambuc  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
1811be35a1SLionel Sambuc  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1911be35a1SLionel Sambuc  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
2011be35a1SLionel Sambuc  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2111be35a1SLionel Sambuc  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2211be35a1SLionel Sambuc  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
2311be35a1SLionel Sambuc  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
2411be35a1SLionel Sambuc  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
2511be35a1SLionel Sambuc  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
2611be35a1SLionel Sambuc  * POSSIBILITY OF SUCH DAMAGE.
2711be35a1SLionel Sambuc  */
2811be35a1SLionel Sambuc 
2911be35a1SLionel Sambuc #include <sys/stat.h>
3011be35a1SLionel Sambuc #include <sys/time.h>
3111be35a1SLionel Sambuc 
3211be35a1SLionel Sambuc #include <atf-c.h>
3311be35a1SLionel Sambuc #include <libgen.h>
34*0a6a1f1dSLionel Sambuc #include <limits.h>
3511be35a1SLionel Sambuc #include <unistd.h>
3611be35a1SLionel Sambuc 
3711be35a1SLionel Sambuc #include <rump/rump_syscalls.h>
3811be35a1SLionel Sambuc #include <rump/rump.h>
3911be35a1SLionel Sambuc 
4011be35a1SLionel Sambuc #include "../common/h_fsmacros.h"
4111be35a1SLionel Sambuc #include "../../h_macros.h"
4211be35a1SLionel Sambuc 
4311be35a1SLionel Sambuc #define USES_OWNER							 \
4411be35a1SLionel Sambuc 	if (FSTYPE_MSDOS(tc))						 \
4511be35a1SLionel Sambuc 	    atf_tc_skip("owner not supported by file system")
4611be35a1SLionel Sambuc 
4711be35a1SLionel Sambuc static void
owner(const atf_tc_t * tc,const char * mp)4811be35a1SLionel Sambuc owner(const atf_tc_t *tc, const char *mp)
4911be35a1SLionel Sambuc {
5011be35a1SLionel Sambuc 
5111be35a1SLionel Sambuc 	USES_OWNER;
5211be35a1SLionel Sambuc 
5311be35a1SLionel Sambuc 	FSTEST_ENTER();
5411be35a1SLionel Sambuc 
5511be35a1SLionel Sambuc 	rump_pub_lwproc_rfork(RUMP_RFCFDG);
5611be35a1SLionel Sambuc 	if (rump_sys_setuid(1) == -1)
5711be35a1SLionel Sambuc 		atf_tc_fail_errno("setuid");
5811be35a1SLionel Sambuc         if (rump_sys_chown(".", 1, -1) != -1 || errno != EPERM)
5911be35a1SLionel Sambuc 		atf_tc_fail_errno("chown");
6011be35a1SLionel Sambuc         if (rump_sys_chmod(".", 0000) != -1 || errno != EPERM)
6111be35a1SLionel Sambuc                 atf_tc_fail_errno("chmod");
6211be35a1SLionel Sambuc 	rump_pub_lwproc_releaselwp();
6311be35a1SLionel Sambuc 
6411be35a1SLionel Sambuc 	if (rump_sys_chown(".", 1, -1) == -1)
6511be35a1SLionel Sambuc 		atf_tc_fail_errno("chown");
6611be35a1SLionel Sambuc 
6711be35a1SLionel Sambuc 	rump_pub_lwproc_rfork(RUMP_RFCFDG);
6811be35a1SLionel Sambuc 	if (rump_sys_setuid(1) == -1)
6911be35a1SLionel Sambuc 		atf_tc_fail_errno("setuid");
7011be35a1SLionel Sambuc         if (rump_sys_chown(".", 1, -1) == -1)
7111be35a1SLionel Sambuc 		atf_tc_fail_errno("chown");
7211be35a1SLionel Sambuc         if (rump_sys_chmod(".", 0000) == -1)
7311be35a1SLionel Sambuc                 atf_tc_fail_errno("chmod");
7411be35a1SLionel Sambuc 	rump_pub_lwproc_releaselwp();
7511be35a1SLionel Sambuc 
7611be35a1SLionel Sambuc 	FSTEST_EXIT();
7711be35a1SLionel Sambuc }
7811be35a1SLionel Sambuc 
7911be35a1SLionel Sambuc static void
dirperms(const atf_tc_t * tc,const char * mp)8011be35a1SLionel Sambuc dirperms(const atf_tc_t *tc, const char *mp)
8111be35a1SLionel Sambuc {
8211be35a1SLionel Sambuc 	char name[] = "dir.test/file.test";
8311be35a1SLionel Sambuc 	char *dir = dirname(name);
8411be35a1SLionel Sambuc 	int fd;
8511be35a1SLionel Sambuc 
8611be35a1SLionel Sambuc 	if (FSTYPE_SYSVBFS(tc))
8711be35a1SLionel Sambuc 		atf_tc_skip("directories not supported by file system");
8811be35a1SLionel Sambuc 
8911be35a1SLionel Sambuc 	FSTEST_ENTER();
9011be35a1SLionel Sambuc 
9111be35a1SLionel Sambuc 	if (rump_sys_mkdir(dir, 0777) == -1)
9211be35a1SLionel Sambuc 		atf_tc_fail_errno("mkdir");
9311be35a1SLionel Sambuc 
9411be35a1SLionel Sambuc 	rump_pub_lwproc_rfork(RUMP_RFCFDG);
9511be35a1SLionel Sambuc 	if (rump_sys_setuid(1) == -1)
9611be35a1SLionel Sambuc 		atf_tc_fail_errno("setuid");
9711be35a1SLionel Sambuc 	if (FSTYPE_ZFS(tc))
9811be35a1SLionel Sambuc 		atf_tc_expect_fail("PR kern/47656: Test known to be broken");
9911be35a1SLionel Sambuc         if (rump_sys_open(name, O_RDWR|O_CREAT, 0666) != -1 || errno != EACCES)
10011be35a1SLionel Sambuc 		atf_tc_fail_errno("open");
10111be35a1SLionel Sambuc 	rump_pub_lwproc_releaselwp();
10211be35a1SLionel Sambuc 
10311be35a1SLionel Sambuc 	if ((fd = rump_sys_open(name, O_RDWR|O_CREAT, 0666)) == -1)
10411be35a1SLionel Sambuc 		atf_tc_fail_errno("open");
10511be35a1SLionel Sambuc 	if (rump_sys_close(fd) == -1)
10611be35a1SLionel Sambuc 		atf_tc_fail_errno("close");
10711be35a1SLionel Sambuc 
10811be35a1SLionel Sambuc 	rump_pub_lwproc_rfork(RUMP_RFCFDG);
10911be35a1SLionel Sambuc 	if (rump_sys_setuid(1) == -1)
11011be35a1SLionel Sambuc 		atf_tc_fail_errno("setuid");
11111be35a1SLionel Sambuc         if (rump_sys_unlink(name) != -1 || errno != EACCES)
11211be35a1SLionel Sambuc 		atf_tc_fail_errno("unlink");
11311be35a1SLionel Sambuc 	rump_pub_lwproc_releaselwp();
11411be35a1SLionel Sambuc 
11511be35a1SLionel Sambuc         if (rump_sys_unlink(name) == -1)
11611be35a1SLionel Sambuc 		atf_tc_fail_errno("unlink");
11711be35a1SLionel Sambuc 
11811be35a1SLionel Sambuc 	if (rump_sys_rmdir(dir) == -1)
11911be35a1SLionel Sambuc 		atf_tc_fail_errno("rmdir");
12011be35a1SLionel Sambuc 
12111be35a1SLionel Sambuc 	FSTEST_EXIT();
12211be35a1SLionel Sambuc }
12311be35a1SLionel Sambuc 
12411be35a1SLionel Sambuc static void
times(const atf_tc_t * tc,const char * mp)12511be35a1SLionel Sambuc times(const atf_tc_t *tc, const char *mp)
12611be35a1SLionel Sambuc {
12711be35a1SLionel Sambuc 	const char *name = "file.test";
12811be35a1SLionel Sambuc 	int fd;
129*0a6a1f1dSLionel Sambuc 	unsigned int i, j;
13011be35a1SLionel Sambuc 	struct timeval tmv[2];
131*0a6a1f1dSLionel Sambuc 	static struct timeval tmvs[] = {
132*0a6a1f1dSLionel Sambuc 		{ QUAD_MIN, 0 },
133*0a6a1f1dSLionel Sambuc 		{ 0, 0 },
134*0a6a1f1dSLionel Sambuc 		{ QUAD_MAX, 999999 }
135*0a6a1f1dSLionel Sambuc 	};
13611be35a1SLionel Sambuc 
13711be35a1SLionel Sambuc 	FSTEST_ENTER();
13811be35a1SLionel Sambuc 
13911be35a1SLionel Sambuc 	if ((fd = rump_sys_open(name, O_RDWR|O_CREAT, 0666)) == -1)
14011be35a1SLionel Sambuc 		atf_tc_fail_errno("open");
14111be35a1SLionel Sambuc 	if (rump_sys_close(fd) == -1)
14211be35a1SLionel Sambuc 		atf_tc_fail_errno("close");
14311be35a1SLionel Sambuc 
14411be35a1SLionel Sambuc 	rump_pub_lwproc_rfork(RUMP_RFCFDG);
14511be35a1SLionel Sambuc 	if (rump_sys_setuid(1) == -1)
14611be35a1SLionel Sambuc 		atf_tc_fail_errno("setuid");
14711be35a1SLionel Sambuc 	if (FSTYPE_ZFS(tc))
14811be35a1SLionel Sambuc 		atf_tc_expect_fail("PR kern/47656: Test known to be broken");
14911be35a1SLionel Sambuc 	if (rump_sys_utimes(name, NULL) != -1 || errno != EACCES)
15011be35a1SLionel Sambuc 		atf_tc_fail_errno("utimes");
15111be35a1SLionel Sambuc 	rump_pub_lwproc_releaselwp();
15211be35a1SLionel Sambuc 
15311be35a1SLionel Sambuc 	if (rump_sys_utimes(name, NULL) == -1)
15411be35a1SLionel Sambuc 		atf_tc_fail_errno("utimes");
15511be35a1SLionel Sambuc 
156*0a6a1f1dSLionel Sambuc 	for (i = 0; i < sizeof(tmvs) / sizeof(tmvs[0]); i++) {
157*0a6a1f1dSLionel Sambuc 		for (j = 0; j < sizeof(tmvs) / sizeof(tmvs[0]); j++) {
158*0a6a1f1dSLionel Sambuc 			tmv[0] = tmvs[i];
159*0a6a1f1dSLionel Sambuc 			tmv[1] = tmvs[j];
16011be35a1SLionel Sambuc 			rump_pub_lwproc_rfork(RUMP_RFCFDG);
16111be35a1SLionel Sambuc 			if (rump_sys_setuid(1) == -1)
16211be35a1SLionel Sambuc 				atf_tc_fail_errno("setuid");
16311be35a1SLionel Sambuc 			if (rump_sys_utimes(name, tmv) != -1 || errno != EPERM)
16411be35a1SLionel Sambuc 				atf_tc_fail_errno("utimes");
16511be35a1SLionel Sambuc 			rump_pub_lwproc_releaselwp();
16611be35a1SLionel Sambuc 
16711be35a1SLionel Sambuc 			if (rump_sys_utimes(name, tmv) == -1)
16811be35a1SLionel Sambuc 				atf_tc_fail_errno("utimes");
169*0a6a1f1dSLionel Sambuc 		}
170*0a6a1f1dSLionel Sambuc 	}
17111be35a1SLionel Sambuc 
17211be35a1SLionel Sambuc 	if (rump_sys_unlink(name) == -1)
17311be35a1SLionel Sambuc 		atf_tc_fail_errno("unlink");
17411be35a1SLionel Sambuc 
17511be35a1SLionel Sambuc 	FSTEST_EXIT();
17611be35a1SLionel Sambuc }
17711be35a1SLionel Sambuc 
17811be35a1SLionel Sambuc static void
flags(const atf_tc_t * tc,const char * mp)17911be35a1SLionel Sambuc flags(const atf_tc_t *tc, const char *mp)
18011be35a1SLionel Sambuc {
18111be35a1SLionel Sambuc 	const char *name = "file.test";
18211be35a1SLionel Sambuc 	int fd, fflags;
18311be35a1SLionel Sambuc 	struct stat st;
18411be35a1SLionel Sambuc 
18511be35a1SLionel Sambuc 	FSTEST_ENTER();
18611be35a1SLionel Sambuc 
18711be35a1SLionel Sambuc 	if ((fd = rump_sys_open(name, O_RDWR|O_CREAT, 0666)) == -1)
18811be35a1SLionel Sambuc 		atf_tc_fail_errno("open");
18911be35a1SLionel Sambuc 	if (rump_sys_close(fd) == -1)
19011be35a1SLionel Sambuc 		atf_tc_fail_errno("close");
19111be35a1SLionel Sambuc 
19211be35a1SLionel Sambuc 	if (rump_sys_stat(name, &st) == -1)
19311be35a1SLionel Sambuc 		atf_tc_fail_errno("stat");
19411be35a1SLionel Sambuc 	if (FSTYPE_ZFS(tc))
19511be35a1SLionel Sambuc 		atf_tc_expect_fail("PR kern/47656: Test known to be broken");
19611be35a1SLionel Sambuc 	if (rump_sys_chflags(name, st.st_flags) == -1) {
19711be35a1SLionel Sambuc 		if (errno == EOPNOTSUPP)
19811be35a1SLionel Sambuc 			atf_tc_skip("file flags not supported by file system");
19911be35a1SLionel Sambuc 		atf_tc_fail_errno("chflags");
20011be35a1SLionel Sambuc 	}
20111be35a1SLionel Sambuc 
20211be35a1SLionel Sambuc 	fflags = st.st_flags | UF_IMMUTABLE;
20311be35a1SLionel Sambuc 
20411be35a1SLionel Sambuc 	rump_pub_lwproc_rfork(RUMP_RFCFDG);
20511be35a1SLionel Sambuc 	if (rump_sys_setuid(1) == -1)
20611be35a1SLionel Sambuc 		atf_tc_fail_errno("setuid");
20711be35a1SLionel Sambuc 	fflags |= UF_IMMUTABLE;
20811be35a1SLionel Sambuc 	if (rump_sys_chflags(name, fflags) != -1 || errno != EPERM)
20911be35a1SLionel Sambuc 		atf_tc_fail_errno("chflags");
21011be35a1SLionel Sambuc 	rump_pub_lwproc_releaselwp();
21111be35a1SLionel Sambuc 
21211be35a1SLionel Sambuc 	if (rump_sys_chflags(name, fflags) == -1)
21311be35a1SLionel Sambuc 		atf_tc_fail_errno("chflags");
21411be35a1SLionel Sambuc 
21511be35a1SLionel Sambuc 	fflags &= ~UF_IMMUTABLE;
21611be35a1SLionel Sambuc 	if (rump_sys_chflags(name, fflags) == -1)
21711be35a1SLionel Sambuc 		atf_tc_fail_errno("chflags");
21811be35a1SLionel Sambuc 
21911be35a1SLionel Sambuc 	if (rump_sys_unlink(name) == -1)
22011be35a1SLionel Sambuc 		atf_tc_fail_errno("unlink");
22111be35a1SLionel Sambuc 
22211be35a1SLionel Sambuc 	FSTEST_EXIT();
22311be35a1SLionel Sambuc }
22411be35a1SLionel Sambuc 
22511be35a1SLionel Sambuc ATF_TC_FSAPPLY(owner, "owner unprivileged checks");
22611be35a1SLionel Sambuc ATF_TC_FSAPPLY(dirperms, "directory permission checks");
22711be35a1SLionel Sambuc ATF_TC_FSAPPLY(times, "time set checks");
22811be35a1SLionel Sambuc ATF_TC_FSAPPLY(flags, "file flags checks");
22911be35a1SLionel Sambuc 
ATF_TP_ADD_TCS(tp)23011be35a1SLionel Sambuc ATF_TP_ADD_TCS(tp)
23111be35a1SLionel Sambuc {
23211be35a1SLionel Sambuc 
23311be35a1SLionel Sambuc 	ATF_TP_FSAPPLY(owner);
23411be35a1SLionel Sambuc 	ATF_TP_FSAPPLY(dirperms);
23511be35a1SLionel Sambuc 	ATF_TP_FSAPPLY(times);
23611be35a1SLionel Sambuc 	ATF_TP_FSAPPLY(flags);
23711be35a1SLionel Sambuc 
23811be35a1SLionel Sambuc 	return atf_no_error();
23911be35a1SLionel Sambuc }
240