1 /* 2 * Copyright (c) Wipro Technologies Ltd, 2002. All Rights Reserved. 3 * 4 * This program is free software; you can redistribute it and/or modify it 5 * under the terms of version 2 of the GNU General Public License as 6 * published by the Free Software Foundation. 7 * 8 * This program is distributed in the hope that it would be useful, but 9 * WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 * 12 * You should have received a copy of the GNU General Public License along 13 * with this program; if not, write the Free Software Foundation, Inc., 14 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 15 * 16 */ 17 /********************************************************** 18 * 19 * TEST IDENTIFIER : capset02 20 * 21 * EXECUTED BY : anyone 22 * 23 * TEST TITLE : Tests for error conditions. 24 * 25 * TEST CASE TOTAL : 4 26 * 27 * AUTHOR : Saji Kumar.V.R <saji.kumar (at) wipro.com> 28 * 29 * SIGNALS 30 * Uses SIGUSR1 to pause before test if option set. 31 * (See the parse_opts(3) man page). 32 * 33 * DESCRIPTION 34 * Verify that 35 * 1) capset() fails with errno set to EFAULT if an invalid address 36 * is given for header 37 * 2) capset() fails with errno set to EFAULT if an invalid address 38 * is given for data 39 * 3) capset() fails with errno set to EINVAL if an invalid value 40 * is given for header->version 41 * 4) capset() fails with errno set to EPERM the process does not 42 * have enough privilege to set capabilities 43 * 44 * 45 * Setup: 46 * Setup signal handling. 47 * Pause for SIGUSR1 if option specified. 48 * Call capget() to save current capability data 49 * 50 * Test: 51 * Loop if the proper options are given. 52 * do test specific setup. 53 * call capset with proper arguments 54 * if capset() fails with expected errno 55 * Test passed 56 * Otherwise 57 * Test failed 58 * do test specific cleanup 59 * 60 * Cleanup: 61 * Print errno log and/or timing stats if options given 62 * 63 * USAGE: <for command-line> 64 * capset02 [-c n] [-e] [-i n] [-I x] [-P x] [-t] [-h] [-f] [-p] 65 * where, -c n : Run n copies concurrently. 66 * -e : Turn on errno logging. 67 * -h : Show help screen 68 * -f : Turn off functional testing 69 * -i n : Execute test n times. 70 * -I x : Execute test for x seconds. 71 * -p : Pause for SIGUSR1 before starting 72 * -P x : Pause for x seconds between iterations. 73 * -t : Turn on syscall timing. 74 * 75 ****************************************************************/ 76 #include <sys/types.h> 77 #include <sys/wait.h> 78 #include <errno.h> 79 #include <pwd.h> 80 #include <signal.h> 81 #include <string.h> 82 #include <unistd.h> 83 #include "test.h" 84 #include "safe_macros.h" 85 #include "lapi/syscalls.h" 86 87 /**************************************************************************/ 88 /* */ 89 /* Some archs do not have the manpage documented sys/capability.h file, */ 90 /* and require the use of the line below */ 91 92 #include <linux/capability.h> 93 94 /* If you are having issues with including this file and have the sys/ */ 95 /* version, then you may want to try switching to it. -Robbie W. */ 96 /**************************************************************************/ 97 98 #define INVALID_VERSION 0 99 100 static void setup(void); 101 static void cleanup(void); 102 static void test_setup(int, char *); 103 static void child_func(void); 104 105 static pid_t child_pid = -1; 106 107 char *TCID = "capset02"; 108 109 static struct __user_cap_header_struct header; 110 static struct __user_cap_data_struct data; 111 112 struct test_case_t { 113 cap_user_header_t headerp; 114 cap_user_data_t datap; 115 int exp_errno; 116 char *errdesc; 117 } test_cases[] = { 118 #ifndef UCLINUX 119 /* Skip since uClinux does not implement memory protection */ 120 { 121 (cap_user_header_t) - 1, &data, EFAULT, "EFAULT"}, { 122 &header, (cap_user_data_t) - 1, EFAULT, "EFAULT"}, 123 #endif 124 { 125 &header, &data, EINVAL, "EINVAL"}, { 126 &header, &data, EPERM, "EPERM"},}; 127 128 int TST_TOTAL = sizeof(test_cases) / sizeof(test_cases[0]); 129 130 int main(int ac, char **av) 131 { 132 133 int lc, i; 134 135 tst_parse_opts(ac, av, NULL, NULL); 136 #ifdef UCLINUX 137 maybe_run_child(&child_func, ""); 138 #endif 139 140 setup(); 141 142 for (lc = 0; TEST_LOOPING(lc); lc++) { 143 144 tst_count = 0; 145 146 #ifdef UCLINUX 147 i = 2; 148 #else 149 i = 0; 150 #endif 151 152 for (; i < TST_TOTAL; i++) { 153 154 test_setup(i, av[0]); 155 TEST(ltp_syscall(__NR_capset, test_cases[i].headerp, 156 test_cases[i].datap)); 157 158 if (TEST_RETURN == -1 && 159 TEST_ERRNO == test_cases[i].exp_errno) { 160 tst_resm(TPASS, "capset() returned -1," 161 " errno: %s", test_cases[i].errdesc); 162 } else { 163 tst_resm(TFAIL | TTERRNO, 164 "Test Failed, capset() returned %ld", 165 TEST_RETURN); 166 } 167 } 168 } 169 170 cleanup(); 171 172 tst_exit(); 173 174 } 175 176 void setup(void) 177 { 178 tst_require_root(); 179 180 TEST_PAUSE; 181 182 /* 183 * Save current capability data. 184 * header.version must be _LINUX_CAPABILITY_VERSION 185 */ 186 header.version = _LINUX_CAPABILITY_VERSION; 187 if (ltp_syscall(__NR_capget, &header, &data) == -1) 188 tst_brkm(TBROK | TERRNO, NULL, "capget failed"); 189 } 190 191 void cleanup(void) 192 { 193 if (0 < child_pid) { 194 kill(child_pid, SIGTERM); 195 wait(NULL); 196 } 197 } 198 199 void child_func(void) 200 { 201 for (;;) { 202 sleep(10); 203 } 204 } 205 206 void test_setup(int i, char *argv0) 207 { 208 char nobody_uid[] = "nobody"; 209 struct passwd *ltpuser; 210 211 switch (i) { 212 case 0: 213 break; 214 215 case 1: 216 header.version = _LINUX_CAPABILITY_VERSION; 217 header.pid = 0; 218 break; 219 220 case 2: 221 header.version = INVALID_VERSION; 222 header.pid = 0; 223 break; 224 225 case 3: 226 header.version = _LINUX_CAPABILITY_VERSION; 227 /* 228 * when a non-zero pid is specified, process should have 229 * CAP_SETPCAP capability to change capabilities. 230 * by default, CAP_SETPCAP is not enabled. So giving 231 * a non-zero pid results in capset() failing with 232 * errno EPERM 233 * 234 * Note: this seems to have changed with recent kernels 235 * => create a child and try to set its capabilities 236 */ 237 child_pid = FORK_OR_VFORK(); 238 if (child_pid == -1) 239 tst_brkm(TBROK | TERRNO, cleanup, "fork failed"); 240 else if (child_pid == 0) { 241 #ifdef UCLINUX 242 if (self_exec(argv0, "") < 0) { 243 perror("self_exec failed"); 244 exit(1); 245 } 246 #else 247 child_func(); 248 #endif 249 } else { 250 header.pid = child_pid; 251 ltpuser = getpwnam(nobody_uid); 252 if (ltpuser == NULL) 253 tst_brkm(TBROK | TERRNO, cleanup, 254 "getpwnam failed"); 255 SAFE_SETEUID(cleanup, ltpuser->pw_uid); 256 257 } 258 break; 259 260 } 261 } 262
