1*49a6e16fSderaadt /* $OpenBSD: t_revoke.c,v 1.3 2021/12/13 16:56:48 deraadt Exp $ */
2a545a52cSbluhm /* $NetBSD: t_revoke.c,v 1.2 2017/01/13 21:15:57 christos Exp $ */
3a545a52cSbluhm
4a545a52cSbluhm /*-
5a545a52cSbluhm * Copyright (c) 2011 The NetBSD Foundation, Inc.
6a545a52cSbluhm * All rights reserved.
7a545a52cSbluhm *
8a545a52cSbluhm * This code is derived from software contributed to The NetBSD Foundation
9a545a52cSbluhm * by Jukka Ruohonen.
10a545a52cSbluhm *
11a545a52cSbluhm * Redistribution and use in source and binary forms, with or without
12a545a52cSbluhm * modification, are permitted provided that the following conditions
13a545a52cSbluhm * are met:
14a545a52cSbluhm * 1. Redistributions of source code must retain the above copyright
15a545a52cSbluhm * notice, this list of conditions and the following disclaimer.
16a545a52cSbluhm * 2. Redistributions in binary form must reproduce the above copyright
17a545a52cSbluhm * notice, this list of conditions and the following disclaimer in the
18a545a52cSbluhm * documentation and/or other materials provided with the distribution.
19a545a52cSbluhm *
20a545a52cSbluhm * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
21a545a52cSbluhm * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22a545a52cSbluhm * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23a545a52cSbluhm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
24a545a52cSbluhm * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25a545a52cSbluhm * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26a545a52cSbluhm * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27a545a52cSbluhm * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28a545a52cSbluhm * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29a545a52cSbluhm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30a545a52cSbluhm * POSSIBILITY OF SUCH DAMAGE.
31a545a52cSbluhm */
32a545a52cSbluhm
33a545a52cSbluhm #include "macros.h"
34a545a52cSbluhm
35a545a52cSbluhm #include <sys/resource.h>
36a545a52cSbluhm #include <sys/wait.h>
37a545a52cSbluhm
38a545a52cSbluhm #include "atf-c.h"
39a545a52cSbluhm #include <fcntl.h>
40a545a52cSbluhm #include <errno.h>
41a545a52cSbluhm #include <pwd.h>
42a545a52cSbluhm #include <stdio.h>
43a545a52cSbluhm #include <stdlib.h>
44a545a52cSbluhm #include <string.h>
45a545a52cSbluhm #include <unistd.h>
46a545a52cSbluhm
47a545a52cSbluhm static const char path[] = "revoke";
48a545a52cSbluhm
49a545a52cSbluhm ATF_TC_WITH_CLEANUP(revoke_basic);
ATF_TC_HEAD(revoke_basic,tc)50a545a52cSbluhm ATF_TC_HEAD(revoke_basic, tc)
51a545a52cSbluhm {
52a545a52cSbluhm atf_tc_set_md_var(tc, "descr", "A basic test of revoke(2)");
53a545a52cSbluhm }
54a545a52cSbluhm
ATF_TC_BODY(revoke_basic,tc)55a545a52cSbluhm ATF_TC_BODY(revoke_basic, tc)
56a545a52cSbluhm {
57a545a52cSbluhm struct rlimit res;
58a545a52cSbluhm char tmp[10];
59a545a52cSbluhm size_t i, n;
60a545a52cSbluhm int *buf;
61a545a52cSbluhm
62a545a52cSbluhm (void)memset(&res, 0, sizeof(struct rlimit));
63a545a52cSbluhm (void)getrlimit(RLIMIT_NOFILE, &res);
64a545a52cSbluhm
65a545a52cSbluhm if ((n = res.rlim_cur / 10) == 0)
66a545a52cSbluhm n = 10;
67a545a52cSbluhm
68a545a52cSbluhm buf = calloc(n, sizeof(int));
69a545a52cSbluhm ATF_REQUIRE(buf != NULL);
70a545a52cSbluhm
71a545a52cSbluhm buf[0] = open(path, O_RDWR | O_CREAT, 0600);
72a545a52cSbluhm ATF_REQUIRE(buf[0] >= 0);
73a545a52cSbluhm
74a545a52cSbluhm for (i = 1; i < n; i++) {
75a545a52cSbluhm buf[i] = open(path, O_RDWR);
76a545a52cSbluhm ATF_REQUIRE(buf[i] >= 0);
77a545a52cSbluhm }
78a545a52cSbluhm
79a545a52cSbluhm ATF_REQUIRE(revoke(path) == 0);
80a545a52cSbluhm
81a545a52cSbluhm for (i = 0; i < n; i++) {
82a545a52cSbluhm
83a545a52cSbluhm ATF_REQUIRE(read(buf[i], tmp, sizeof(tmp)) == -1);
84a545a52cSbluhm
85a545a52cSbluhm (void)close(buf[i]);
86a545a52cSbluhm }
87a545a52cSbluhm
88a545a52cSbluhm free(buf);
89a545a52cSbluhm
90a545a52cSbluhm (void)unlink(path);
91a545a52cSbluhm }
92a545a52cSbluhm
ATF_TC_CLEANUP(revoke_basic,tc)93a545a52cSbluhm ATF_TC_CLEANUP(revoke_basic, tc)
94a545a52cSbluhm {
95a545a52cSbluhm (void)unlink(path);
96a545a52cSbluhm }
97a545a52cSbluhm
98a545a52cSbluhm ATF_TC(revoke_err);
ATF_TC_HEAD(revoke_err,tc)99a545a52cSbluhm ATF_TC_HEAD(revoke_err, tc)
100a545a52cSbluhm {
101a545a52cSbluhm atf_tc_set_md_var(tc, "descr", "Test errors from revoke(2)");
102a545a52cSbluhm atf_tc_set_md_var(tc, "require.user", "unprivileged");
103a545a52cSbluhm }
104a545a52cSbluhm
ATF_TC_BODY(revoke_err,tc)105a545a52cSbluhm ATF_TC_BODY(revoke_err, tc)
106a545a52cSbluhm {
107a545a52cSbluhm char buf[1024 + 1]; /* XXX: From the manual page... */
108a545a52cSbluhm
109a545a52cSbluhm (void)memset(buf, 'x', sizeof(buf));
110a545a52cSbluhm
111a545a52cSbluhm errno = 0;
112a545a52cSbluhm ATF_REQUIRE_ERRNO(EFAULT, revoke((char *)-1) == -1);
113a545a52cSbluhm
114a545a52cSbluhm errno = 0;
115a545a52cSbluhm ATF_REQUIRE_ERRNO(ENAMETOOLONG, revoke(buf) == -1);
116a545a52cSbluhm
117a545a52cSbluhm errno = 0;
1187496d4e5Sbluhm #ifdef __OpenBSD__
119a545a52cSbluhm ATF_REQUIRE_ERRNO(ENOTTY, revoke("/etc/passwd") == -1);
1207496d4e5Sbluhm #else
1217496d4e5Sbluhm ATF_REQUIRE_ERRNO(EPERM, revoke("/etc/passwd") == -1);
1227496d4e5Sbluhm #endif
123a545a52cSbluhm
124a545a52cSbluhm errno = 0;
125a545a52cSbluhm ATF_REQUIRE_ERRNO(ENOENT, revoke("/etc/xxx/yyy") == -1);
126a545a52cSbluhm }
127a545a52cSbluhm
128a545a52cSbluhm ATF_TC_WITH_CLEANUP(revoke_perm);
ATF_TC_HEAD(revoke_perm,tc)129a545a52cSbluhm ATF_TC_HEAD(revoke_perm, tc)
130a545a52cSbluhm {
131a545a52cSbluhm atf_tc_set_md_var(tc, "descr", "Test permissions revoke(2)");
132a545a52cSbluhm atf_tc_set_md_var(tc, "require.user", "root");
133a545a52cSbluhm }
134a545a52cSbluhm
ATF_TC_BODY(revoke_perm,tc)135a545a52cSbluhm ATF_TC_BODY(revoke_perm, tc)
136a545a52cSbluhm {
137a545a52cSbluhm struct passwd *pw;
138a545a52cSbluhm int fd, sta;
139a545a52cSbluhm pid_t pid;
140a545a52cSbluhm
141a545a52cSbluhm pw = getpwnam("nobody");
142a545a52cSbluhm fd = open(path, O_RDWR | O_CREAT, 0600);
143a545a52cSbluhm
144a545a52cSbluhm ATF_REQUIRE(fd >= 0);
145a545a52cSbluhm ATF_REQUIRE(pw != NULL);
146a545a52cSbluhm ATF_REQUIRE(revoke(path) == 0);
147a545a52cSbluhm
148a545a52cSbluhm pid = fork();
149a545a52cSbluhm ATF_REQUIRE(pid >= 0);
150a545a52cSbluhm
151a545a52cSbluhm if (pid == 0) {
152a545a52cSbluhm
153a545a52cSbluhm if (setuid(pw->pw_uid) != 0)
154a545a52cSbluhm _exit(EXIT_FAILURE);
155a545a52cSbluhm
156a545a52cSbluhm errno = 0;
157a545a52cSbluhm
158a545a52cSbluhm if (revoke(path) == 0)
159a545a52cSbluhm _exit(EXIT_FAILURE);
160a545a52cSbluhm
161a545a52cSbluhm if (errno != EACCES)
162a545a52cSbluhm _exit(EXIT_FAILURE);
163a545a52cSbluhm
164a545a52cSbluhm if (close(fd) != 0)
165a545a52cSbluhm _exit(EXIT_FAILURE);
166a545a52cSbluhm
167a545a52cSbluhm _exit(EXIT_SUCCESS);
168a545a52cSbluhm }
169a545a52cSbluhm
170a545a52cSbluhm (void)wait(&sta);
171a545a52cSbluhm
172a545a52cSbluhm if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
173a545a52cSbluhm atf_tc_fail("revoke(2) did not obey permissions");
174a545a52cSbluhm
175a545a52cSbluhm (void)close(fd);
176a545a52cSbluhm ATF_REQUIRE(unlink(path) == 0);
177a545a52cSbluhm }
178a545a52cSbluhm
ATF_TC_CLEANUP(revoke_perm,tc)179a545a52cSbluhm ATF_TC_CLEANUP(revoke_perm, tc)
180a545a52cSbluhm {
181a545a52cSbluhm (void)unlink(path);
182a545a52cSbluhm }
183a545a52cSbluhm
ATF_TP_ADD_TCS(tp)184a545a52cSbluhm ATF_TP_ADD_TCS(tp)
185a545a52cSbluhm {
186a545a52cSbluhm
1877496d4e5Sbluhm #ifndef __OpenBSD__
1887496d4e5Sbluhm /* OpenBSD supports revoke only on ttys */
1897496d4e5Sbluhm ATF_TP_ADD_TC(tp, revoke_basic);
1907496d4e5Sbluhm #endif
191a545a52cSbluhm ATF_TP_ADD_TC(tp, revoke_err);
1927496d4e5Sbluhm #ifndef __OpenBSD__
1937496d4e5Sbluhm /* OpenBSD supports revoke only on ttys */
1947496d4e5Sbluhm ATF_TP_ADD_TC(tp, revoke_perm);
1957496d4e5Sbluhm #endif
196a545a52cSbluhm
197a545a52cSbluhm return atf_no_error();
198a545a52cSbluhm }
199