/* * Copyright (c) Wipro Technologies Ltd, 2002. All Rights Reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of version 2 of the GNU General Public License as * published by the Free Software Foundation. * * This program is distributed in the hope that it would be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * You should have received a copy of the GNU General Public License along * with this program; if not, write the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * */ /********************************************************** * * TEST IDENTIFIER : capset02 * * EXECUTED BY : anyone * * TEST TITLE : Tests for error conditions. * * TEST CASE TOTAL : 4 * * AUTHOR : Saji Kumar.V.R * * SIGNALS * Uses SIGUSR1 to pause before test if option set. * (See the parse_opts(3) man page). * * DESCRIPTION * Verify that * 1) capset() fails with errno set to EFAULT if an invalid address * is given for header * 2) capset() fails with errno set to EFAULT if an invalid address * is given for data * 3) capset() fails with errno set to EINVAL if an invalid value * is given for header->version * 4) capset() fails with errno set to EPERM the process does not * have enough privilege to set capabilities * * * Setup: * Setup signal handling. * Pause for SIGUSR1 if option specified. * Call capget() to save current capability data * * Test: * Loop if the proper options are given. * do test specific setup. * call capset with proper arguments * if capset() fails with expected errno * Test passed * Otherwise * Test failed * do test specific cleanup * * Cleanup: * Print errno log and/or timing stats if options given * * USAGE: * capset02 [-c n] [-e] [-i n] [-I x] [-P x] [-t] [-h] [-f] [-p] * where, -c n : Run n copies concurrently. * -e : Turn on errno logging. * -h : Show help screen * -f : Turn off functional testing * -i n : Execute test n times. * -I x : Execute test for x seconds. * -p : Pause for SIGUSR1 before starting * -P x : Pause for x seconds between iterations. * -t : Turn on syscall timing. * ****************************************************************/ #include #include #include #include #include #include #include #include "test.h" #include "linux_syscall_numbers.h" /**************************************************************************/ /* */ /* Some archs do not have the manpage documented sys/capability.h file, */ /* and require the use of the line below */ #include /* If you are having issues with including this file and have the sys/ */ /* version, then you may want to try switching to it. -Robbie W. */ /**************************************************************************/ #define INVALID_VERSION 0 static void setup(void); static void cleanup(void); static void test_setup(int, char *); static void child_func(void); static pid_t child_pid = -1; char *TCID = "capset02"; static struct __user_cap_header_struct header; static struct __user_cap_data_struct data; struct test_case_t { cap_user_header_t headerp; cap_user_data_t datap; int exp_errno; char *errdesc; } test_cases[] = { #ifndef UCLINUX /* Skip since uClinux does not implement memory protection */ { (cap_user_header_t) - 1, &data, EFAULT, "EFAULT"}, { &header, (cap_user_data_t) - 1, EFAULT, "EFAULT"}, #endif { &header, &data, EINVAL, "EINVAL"}, { &header, &data, EPERM, "EPERM"},}; int TST_TOTAL = sizeof(test_cases) / sizeof(test_cases[0]); int main(int ac, char **av) { int lc, i; tst_parse_opts(ac, av, NULL, NULL); #ifdef UCLINUX maybe_run_child(&child_func, ""); #endif setup(); for (lc = 0; TEST_LOOPING(lc); lc++) { tst_count = 0; #ifdef UCLINUX i = 2; #else i = 0; #endif for (; i < TST_TOTAL; i++) { test_setup(i, av[0]); TEST(ltp_syscall(__NR_capset, test_cases[i].headerp, test_cases[i].datap)); if (TEST_RETURN == -1 && TEST_ERRNO == test_cases[i].exp_errno) { tst_resm(TPASS, "capset() returned -1," " errno: %s", test_cases[i].errdesc); } else { tst_resm(TFAIL | TTERRNO, "Test Failed, capset() returned %ld", TEST_RETURN); } } } cleanup(); tst_exit(); } void setup(void) { tst_require_root(); TEST_PAUSE; /* * Save current capability data. * header.version must be _LINUX_CAPABILITY_VERSION */ header.version = _LINUX_CAPABILITY_VERSION; if (ltp_syscall(__NR_capget, &header, &data) == -1) tst_brkm(TBROK | TERRNO, NULL, "capget failed"); } void cleanup(void) { if (0 < child_pid) { kill(child_pid, SIGTERM); wait(NULL); } } void child_func(void) { for (;;) { sleep(10); } } void test_setup(int i, char *argv0) { char nobody_uid[] = "nobody"; struct passwd *ltpuser; switch (i) { case 0: break; case 1: header.version = _LINUX_CAPABILITY_VERSION; header.pid = 0; break; case 2: header.version = INVALID_VERSION; header.pid = 0; break; case 3: header.version = _LINUX_CAPABILITY_VERSION; /* * when a non-zero pid is specified, process should have * CAP_SETPCAP capability to change capabilities. * by default, CAP_SETPCAP is not enabled. So giving * a non-zero pid results in capset() failing with * errno EPERM * * Note: this seems to have changed with recent kernels * => create a child and try to set its capabilities */ child_pid = FORK_OR_VFORK(); if (child_pid == -1) tst_brkm(TBROK | TERRNO, cleanup, "fork failed"); else if (child_pid == 0) { #ifdef UCLINUX if (self_exec(argv0, "") < 0) { perror("self_exec failed"); exit(1); } #else child_func(); #endif } else { header.pid = child_pid; ltpuser = getpwnam(nobody_uid); if (ltpuser == NULL) tst_brkm(TBROK | TERRNO, cleanup, "getpwnam failed"); if (seteuid(ltpuser->pw_uid) == -1) tst_brkm(TBROK | TERRNO, cleanup, "seteuid failed"); } break; } }