1 /* 2 * Copyright (c) Wipro Technologies Ltd, 2002. All Rights Reserved. 3 * 4 * This program is free software; you can redistribute it and/or modify it 5 * under the terms of version 2 of the GNU General Public License as 6 * published by the Free Software Foundation. 7 * 8 * This program is distributed in the hope that it would be useful, but 9 * WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 * 12 * You should have received a copy of the GNU General Public License along 13 * with this program; if not, write the Free Software Foundation, Inc., 14 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 15 * 16 */ 17 /********************************************************** 18 * 19 * TEST IDENTIFIER : capset02 20 * 21 * EXECUTED BY : anyone 22 * 23 * TEST TITLE : Tests for error conditions. 24 * 25 * TEST CASE TOTAL : 4 26 * 27 * AUTHOR : Saji Kumar.V.R <saji.kumar (at) wipro.com> 28 * 29 * SIGNALS 30 * Uses SIGUSR1 to pause before test if option set. 31 * (See the parse_opts(3) man page). 32 * 33 * DESCRIPTION 34 * Verify that 35 * 1) capset() fails with errno set to EFAULT if an invalid address 36 * is given for header 37 * 2) capset() fails with errno set to EFAULT if an invalid address 38 * is given for data 39 * 3) capset() fails with errno set to EINVAL if an invalid value 40 * is given for header->version 41 * 4) capset() fails with errno set to EPERM the process does not 42 * have enough privilege to set capabilities 43 * 44 * 45 * Setup: 46 * Setup signal handling. 47 * Pause for SIGUSR1 if option specified. 48 * Call capget() to save current capability data 49 * 50 * Test: 51 * Loop if the proper options are given. 52 * do test specific setup. 53 * call capset with proper arguments 54 * if capset() fails with expected errno 55 * Test passed 56 * Otherwise 57 * Test failed 58 * do test specific cleanup 59 * 60 * Cleanup: 61 * Print errno log and/or timing stats if options given 62 * 63 * USAGE: <for command-line> 64 * capset02 [-c n] [-e] [-i n] [-I x] [-P x] [-t] [-h] [-f] [-p] 65 * where, -c n : Run n copies concurrently. 66 * -e : Turn on errno logging. 67 * -h : Show help screen 68 * -f : Turn off functional testing 69 * -i n : Execute test n times. 70 * -I x : Execute test for x seconds. 71 * -p : Pause for SIGUSR1 before starting 72 * -P x : Pause for x seconds between iterations. 73 * -t : Turn on syscall timing. 74 * 75 ****************************************************************/ 76 #include <sys/types.h> 77 #include <sys/wait.h> 78 #include <errno.h> 79 #include <pwd.h> 80 #include <signal.h> 81 #include <string.h> 82 #include <unistd.h> 83 #include "test.h" 84 #include "linux_syscall_numbers.h" 85 86 /**************************************************************************/ 87 /* */ 88 /* Some archs do not have the manpage documented sys/capability.h file, */ 89 /* and require the use of the line below */ 90 91 #include <linux/capability.h> 92 93 /* If you are having issues with including this file and have the sys/ */ 94 /* version, then you may want to try switching to it. -Robbie W. */ 95 /**************************************************************************/ 96 97 #define INVALID_VERSION 0 98 99 static void setup(void); 100 static void cleanup(void); 101 static void test_setup(int, char *); 102 static void child_func(void); 103 104 static pid_t child_pid = -1; 105 106 char *TCID = "capset02"; 107 108 static struct __user_cap_header_struct header; 109 static struct __user_cap_data_struct data; 110 111 struct test_case_t { 112 cap_user_header_t headerp; 113 cap_user_data_t datap; 114 int exp_errno; 115 char *errdesc; 116 } test_cases[] = { 117 #ifndef UCLINUX 118 /* Skip since uClinux does not implement memory protection */ 119 { 120 (cap_user_header_t) - 1, &data, EFAULT, "EFAULT"}, { 121 &header, (cap_user_data_t) - 1, EFAULT, "EFAULT"}, 122 #endif 123 { 124 &header, &data, EINVAL, "EINVAL"}, { 125 &header, &data, EPERM, "EPERM"},}; 126 127 int TST_TOTAL = sizeof(test_cases) / sizeof(test_cases[0]); 128 129 int main(int ac, char **av) 130 { 131 132 int lc, i; 133 134 tst_parse_opts(ac, av, NULL, NULL); 135 #ifdef UCLINUX 136 maybe_run_child(&child_func, ""); 137 #endif 138 139 setup(); 140 141 for (lc = 0; TEST_LOOPING(lc); lc++) { 142 143 tst_count = 0; 144 145 #ifdef UCLINUX 146 i = 2; 147 #else 148 i = 0; 149 #endif 150 151 for (; i < TST_TOTAL; i++) { 152 153 test_setup(i, av[0]); 154 TEST(ltp_syscall(__NR_capset, test_cases[i].headerp, 155 test_cases[i].datap)); 156 157 if (TEST_RETURN == -1 && 158 TEST_ERRNO == test_cases[i].exp_errno) { 159 tst_resm(TPASS, "capset() returned -1," 160 " errno: %s", test_cases[i].errdesc); 161 } else { 162 tst_resm(TFAIL | TTERRNO, 163 "Test Failed, capset() returned %ld", 164 TEST_RETURN); 165 } 166 } 167 } 168 169 cleanup(); 170 171 tst_exit(); 172 173 } 174 175 void setup(void) 176 { 177 tst_require_root(); 178 179 TEST_PAUSE; 180 181 /* 182 * Save current capability data. 183 * header.version must be _LINUX_CAPABILITY_VERSION 184 */ 185 header.version = _LINUX_CAPABILITY_VERSION; 186 if (ltp_syscall(__NR_capget, &header, &data) == -1) 187 tst_brkm(TBROK | TERRNO, NULL, "capget failed"); 188 } 189 190 void cleanup(void) 191 { 192 if (0 < child_pid) { 193 kill(child_pid, SIGTERM); 194 wait(NULL); 195 } 196 } 197 198 void child_func(void) 199 { 200 for (;;) { 201 sleep(10); 202 } 203 } 204 205 void test_setup(int i, char *argv0) 206 { 207 char nobody_uid[] = "nobody"; 208 struct passwd *ltpuser; 209 210 switch (i) { 211 case 0: 212 break; 213 214 case 1: 215 header.version = _LINUX_CAPABILITY_VERSION; 216 header.pid = 0; 217 break; 218 219 case 2: 220 header.version = INVALID_VERSION; 221 header.pid = 0; 222 break; 223 224 case 3: 225 header.version = _LINUX_CAPABILITY_VERSION; 226 /* 227 * when a non-zero pid is specified, process should have 228 * CAP_SETPCAP capability to change capabilities. 229 * by default, CAP_SETPCAP is not enabled. So giving 230 * a non-zero pid results in capset() failing with 231 * errno EPERM 232 * 233 * Note: this seems to have changed with recent kernels 234 * => create a child and try to set its capabilities 235 */ 236 child_pid = FORK_OR_VFORK(); 237 if (child_pid == -1) 238 tst_brkm(TBROK | TERRNO, cleanup, "fork failed"); 239 else if (child_pid == 0) { 240 #ifdef UCLINUX 241 if (self_exec(argv0, "") < 0) { 242 perror("self_exec failed"); 243 exit(1); 244 } 245 #else 246 child_func(); 247 #endif 248 } else { 249 header.pid = child_pid; 250 ltpuser = getpwnam(nobody_uid); 251 if (ltpuser == NULL) 252 tst_brkm(TBROK | TERRNO, cleanup, 253 "getpwnam failed"); 254 if (seteuid(ltpuser->pw_uid) == -1) 255 tst_brkm(TBROK | TERRNO, cleanup, 256 "seteuid failed"); 257 258 } 259 break; 260 261 } 262 } 263
