1 /* $NetBSD: t_msgctl.c,v 1.4 2014/02/27 00:59:50 joerg Exp $ */
2
3 /*-
4 * Copyright (c) 2011 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Jukka Ruohonen.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31 #include <sys/cdefs.h>
32 __RCSID("$NetBSD: t_msgctl.c,v 1.4 2014/02/27 00:59:50 joerg Exp $");
33
34 #include <sys/msg.h>
35 #include <sys/stat.h>
36 #include <sys/sysctl.h>
37 #include <sys/wait.h>
38
39 #include <atf-c.h>
40 #include <errno.h>
41 #include <pwd.h>
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #include <sysexits.h>
46 #include <time.h>
47 #include <unistd.h>
48
49 #ifdef __FreeBSD__
50 #include <limits.h>
51 #endif
52
53 #define MSG_KEY 12345689
54 #define MSG_MTYPE_1 0x41
55
56 struct msg {
57 long mtype;
58 char buf[3];
59 };
60
61 static void clean(void);
62
63 static void
clean(void)64 clean(void)
65 {
66 int id;
67
68 if ((id = msgget(MSG_KEY, 0)) != -1)
69 (void)msgctl(id, IPC_RMID, 0);
70 }
71
72 ATF_TC_WITH_CLEANUP(msgctl_err);
ATF_TC_HEAD(msgctl_err,tc)73 ATF_TC_HEAD(msgctl_err, tc)
74 {
75 atf_tc_set_md_var(tc, "descr", "Test errors from msgctl(2)");
76 }
77
ATF_TC_BODY(msgctl_err,tc)78 ATF_TC_BODY(msgctl_err, tc)
79 {
80 const int cmd[] = { IPC_STAT, IPC_SET, IPC_RMID };
81 struct msqid_ds msgds;
82 size_t i;
83 int id;
84
85 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
86
87 id = msgget(MSG_KEY, IPC_CREAT | 0600);
88 ATF_REQUIRE(id != -1);
89
90 errno = 0;
91 ATF_REQUIRE_ERRNO(EINVAL, msgctl(id, INT_MAX, &msgds) == -1);
92
93 errno = 0;
94 ATF_REQUIRE_ERRNO(EFAULT, msgctl(id, IPC_STAT, (void *)-1) == -1);
95
96 for (i = 0; i < __arraycount(cmd); i++) {
97 errno = 0;
98 ATF_REQUIRE_ERRNO(EINVAL, msgctl(-1, cmd[i], &msgds) == -1);
99 }
100
101 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
102 }
103
ATF_TC_CLEANUP(msgctl_err,tc)104 ATF_TC_CLEANUP(msgctl_err, tc)
105 {
106 clean();
107 }
108
109 ATF_TC_WITH_CLEANUP(msgctl_perm);
ATF_TC_HEAD(msgctl_perm,tc)110 ATF_TC_HEAD(msgctl_perm, tc)
111 {
112 atf_tc_set_md_var(tc, "descr", "Test permissions with msgctl(2)");
113 atf_tc_set_md_var(tc, "require.user", "root");
114 }
115
ATF_TC_BODY(msgctl_perm,tc)116 ATF_TC_BODY(msgctl_perm, tc)
117 {
118 struct msqid_ds msgds;
119 struct passwd *pw;
120 pid_t pid;
121 int sta;
122 int id;
123
124 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
125
126 pw = getpwnam("nobody");
127 id = msgget(MSG_KEY, IPC_CREAT | 0600);
128
129 ATF_REQUIRE(id != -1);
130 ATF_REQUIRE(pw != NULL);
131 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
132
133 pid = fork();
134 ATF_REQUIRE(pid >= 0);
135
136 if (pid == 0) {
137
138 if (setuid(pw->pw_uid) != 0)
139 _exit(EX_OSERR);
140
141 msgds.msg_perm.uid = getuid();
142 msgds.msg_perm.gid = getgid();
143
144 errno = 0;
145
146 if (msgctl(id, IPC_SET, &msgds) == 0)
147 _exit(EXIT_FAILURE);
148
149 if (errno != EPERM)
150 _exit(EXIT_FAILURE);
151
152 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
153
154 if (msgctl(id, IPC_STAT, &msgds) != 0)
155 _exit(EX_OSERR);
156
157 msgds.msg_qbytes = 1;
158
159 if (msgctl(id, IPC_SET, &msgds) == 0)
160 _exit(EXIT_FAILURE);
161
162 if (errno != EPERM)
163 _exit(EXIT_FAILURE);
164
165 _exit(EXIT_SUCCESS);
166 }
167
168 (void)wait(&sta);
169
170 if (WIFEXITED(sta) == 0) {
171
172 if (WEXITSTATUS(sta) == EX_OSERR)
173 atf_tc_fail("system call failed");
174
175 if (WEXITSTATUS(sta) == EXIT_FAILURE)
176 atf_tc_fail("UID %u manipulated root's "
177 "message queue", pw->pw_uid);
178 }
179
180 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
181 }
182
ATF_TC_CLEANUP(msgctl_perm,tc)183 ATF_TC_CLEANUP(msgctl_perm, tc)
184 {
185 clean();
186 }
187
188 ATF_TC_WITH_CLEANUP(msgctl_pid);
ATF_TC_HEAD(msgctl_pid,tc)189 ATF_TC_HEAD(msgctl_pid, tc)
190 {
191 atf_tc_set_md_var(tc, "descr", "Test that PIDs are updated");
192 }
193
ATF_TC_BODY(msgctl_pid,tc)194 ATF_TC_BODY(msgctl_pid, tc)
195 {
196 struct msg msg = { MSG_MTYPE_1, { 'a', 'b', 'c' } };
197 struct msqid_ds msgds;
198 int id, sta;
199 pid_t pid;
200
201 id = msgget(MSG_KEY, IPC_CREAT | 0600);
202 ATF_REQUIRE(id != -1);
203
204 pid = fork();
205 ATF_REQUIRE(pid >= 0);
206
207 if (pid == 0) {
208
209 (void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
210
211 _exit(EXIT_SUCCESS);
212 }
213
214 (void)sleep(1);
215 (void)wait(&sta);
216 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
217
218 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
219
220 if (pid != msgds.msg_lspid)
221 atf_tc_fail("the PID of last msgsnd(2) was not updated");
222
223 pid = fork();
224 ATF_REQUIRE(pid >= 0);
225
226 if (pid == 0) {
227
228 (void)msgrcv(id, &msg,
229 sizeof(struct msg), MSG_MTYPE_1, IPC_NOWAIT);
230
231 _exit(EXIT_SUCCESS);
232 }
233
234 (void)sleep(1);
235 (void)wait(&sta);
236 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
237
238 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
239
240 if (pid != msgds.msg_lrpid)
241 atf_tc_fail("the PID of last msgrcv(2) was not updated");
242
243 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
244 }
245
ATF_TC_CLEANUP(msgctl_pid,tc)246 ATF_TC_CLEANUP(msgctl_pid, tc)
247 {
248 clean();
249 }
250
251 ATF_TC_WITH_CLEANUP(msgctl_set);
ATF_TC_HEAD(msgctl_set,tc)252 ATF_TC_HEAD(msgctl_set, tc)
253 {
254 atf_tc_set_md_var(tc, "descr", "Test msgctl(2) with IPC_SET");
255 atf_tc_set_md_var(tc, "require.user", "root");
256 }
257
ATF_TC_BODY(msgctl_set,tc)258 ATF_TC_BODY(msgctl_set, tc)
259 {
260 struct msqid_ds msgds;
261 struct passwd *pw;
262 int id;
263
264 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
265
266 pw = getpwnam("nobody");
267 id = msgget(MSG_KEY, IPC_CREAT | 0600);
268
269 ATF_REQUIRE(id != -1);
270 ATF_REQUIRE(pw != NULL);
271 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
272
273 msgds.msg_perm.uid = pw->pw_uid;
274
275 if (msgctl(id, IPC_SET, &msgds) != 0)
276 atf_tc_fail("root failed to change the UID of message queue");
277
278 msgds.msg_perm.uid = getuid();
279 msgds.msg_perm.gid = pw->pw_gid;
280
281 if (msgctl(id, IPC_SET, &msgds) != 0)
282 atf_tc_fail("root failed to change the GID of message queue");
283
284 /*
285 * Note: setting the qbytes to zero fails even as root.
286 */
287 msgds.msg_qbytes = 1;
288 msgds.msg_perm.gid = getgid();
289
290 if (msgctl(id, IPC_SET, &msgds) != 0)
291 atf_tc_fail("root failed to change qbytes of message queue");
292
293 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
294 }
295
ATF_TC_CLEANUP(msgctl_set,tc)296 ATF_TC_CLEANUP(msgctl_set, tc)
297 {
298 clean();
299 }
300
301 ATF_TC_WITH_CLEANUP(msgctl_time);
ATF_TC_HEAD(msgctl_time,tc)302 ATF_TC_HEAD(msgctl_time, tc)
303 {
304 atf_tc_set_md_var(tc, "descr", "Test that access times are updated");
305 }
306
ATF_TC_BODY(msgctl_time,tc)307 ATF_TC_BODY(msgctl_time, tc)
308 {
309 struct msg msg = { MSG_MTYPE_1, { 'a', 'b', 'c' } };
310 struct msqid_ds msgds;
311 time_t t;
312 int id;
313
314 id = msgget(MSG_KEY, IPC_CREAT | 0600);
315 ATF_REQUIRE(id != -1);
316
317 t = time(NULL);
318
319 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
320 (void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
321 (void)msgctl(id, IPC_STAT, &msgds);
322
323 if (llabs(t - msgds.msg_stime) > 1)
324 atf_tc_fail("time of last msgsnd(2) was not updated");
325
326 if (msgds.msg_rtime != 0)
327 atf_tc_fail("time of last msgrcv(2) was updated incorrectly");
328
329 t = time(NULL);
330
331 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
332 (void)msgrcv(id, &msg, sizeof(struct msg), MSG_MTYPE_1, IPC_NOWAIT);
333 (void)msgctl(id, IPC_STAT, &msgds);
334
335 if (llabs(t - msgds.msg_rtime) > 1)
336 atf_tc_fail("time of last msgrcv(2) was not updated");
337
338 /*
339 * Note: this is non-zero even after the memset(3).
340 */
341 if (msgds.msg_stime == 0)
342 atf_tc_fail("time of last msgsnd(2) was updated incorrectly");
343
344 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
345 }
346
ATF_TC_CLEANUP(msgctl_time,tc)347 ATF_TC_CLEANUP(msgctl_time, tc)
348 {
349 clean();
350 }
351
ATF_TP_ADD_TCS(tp)352 ATF_TP_ADD_TCS(tp)
353 {
354
355 ATF_TP_ADD_TC(tp, msgctl_err);
356 ATF_TP_ADD_TC(tp, msgctl_perm);
357 ATF_TP_ADD_TC(tp, msgctl_pid);
358 ATF_TP_ADD_TC(tp, msgctl_set);
359 ATF_TP_ADD_TC(tp, msgctl_time);
360
361 return atf_no_error();
362 }
363