1 /* $NetBSD: t_msgctl.c,v 1.4 2014/02/27 00:59:50 joerg Exp $ */
2
3 /*-
4 * Copyright (c) 2011 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Jukka Ruohonen.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31 #include <sys/cdefs.h>
32 __RCSID("$NetBSD: t_msgctl.c,v 1.4 2014/02/27 00:59:50 joerg Exp $");
33
34 #include <sys/msg.h>
35 #include <sys/stat.h>
36 #include <sys/sysctl.h>
37 #include <sys/wait.h>
38
39 #include <atf-c.h>
40 #include <errno.h>
41 #include <pwd.h>
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #include <sysexits.h>
46 #include <time.h>
47 #include <unistd.h>
48
49 #define MSG_KEY 12345689
50 #define MSG_MTYPE_1 0x41
51
52 struct msg {
53 long mtype;
54 char buf[3];
55 };
56
57 static void clean(void);
58
59 static void
clean(void)60 clean(void)
61 {
62 int id;
63
64 if ((id = msgget(MSG_KEY, 0)) != -1)
65 (void)msgctl(id, IPC_RMID, 0);
66 }
67
68 ATF_TC_WITH_CLEANUP(msgctl_err);
ATF_TC_HEAD(msgctl_err,tc)69 ATF_TC_HEAD(msgctl_err, tc)
70 {
71 atf_tc_set_md_var(tc, "descr", "Test errors from msgctl(2)");
72 }
73
ATF_TC_BODY(msgctl_err,tc)74 ATF_TC_BODY(msgctl_err, tc)
75 {
76 const int cmd[] = { IPC_STAT, IPC_SET, IPC_RMID };
77 struct msqid_ds msgds;
78 size_t i;
79 int id;
80
81 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
82
83 id = msgget(MSG_KEY, IPC_CREAT | 0600);
84 ATF_REQUIRE(id != -1);
85
86 errno = 0;
87 ATF_REQUIRE_ERRNO(EINVAL, msgctl(id, INT_MAX, &msgds) == -1);
88
89 errno = 0;
90 ATF_REQUIRE_ERRNO(EFAULT, msgctl(id, IPC_STAT, (void *)-1) == -1);
91
92 for (i = 0; i < __arraycount(cmd); i++) {
93 errno = 0;
94 ATF_REQUIRE_ERRNO(EINVAL, msgctl(-1, cmd[i], &msgds) == -1);
95 }
96
97 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
98 }
99
ATF_TC_CLEANUP(msgctl_err,tc)100 ATF_TC_CLEANUP(msgctl_err, tc)
101 {
102 clean();
103 }
104
105 ATF_TC_WITH_CLEANUP(msgctl_perm);
ATF_TC_HEAD(msgctl_perm,tc)106 ATF_TC_HEAD(msgctl_perm, tc)
107 {
108 atf_tc_set_md_var(tc, "descr", "Test permissions with msgctl(2)");
109 atf_tc_set_md_var(tc, "require.user", "root");
110 }
111
ATF_TC_BODY(msgctl_perm,tc)112 ATF_TC_BODY(msgctl_perm, tc)
113 {
114 struct msqid_ds msgds;
115 struct passwd *pw;
116 pid_t pid;
117 int sta;
118 int id;
119
120 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
121
122 pw = getpwnam("nobody");
123 id = msgget(MSG_KEY, IPC_CREAT | 0600);
124
125 ATF_REQUIRE(id != -1);
126 ATF_REQUIRE(pw != NULL);
127 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
128
129 pid = fork();
130 ATF_REQUIRE(pid >= 0);
131
132 if (pid == 0) {
133
134 if (setuid(pw->pw_uid) != 0)
135 _exit(EX_OSERR);
136
137 msgds.msg_perm.uid = getuid();
138 msgds.msg_perm.gid = getgid();
139
140 errno = 0;
141
142 if (msgctl(id, IPC_SET, &msgds) == 0)
143 _exit(EXIT_FAILURE);
144
145 if (errno != EPERM)
146 _exit(EXIT_FAILURE);
147
148 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
149
150 if (msgctl(id, IPC_STAT, &msgds) != 0)
151 _exit(EX_OSERR);
152
153 msgds.msg_qbytes = 1;
154
155 if (msgctl(id, IPC_SET, &msgds) == 0)
156 _exit(EXIT_FAILURE);
157
158 if (errno != EPERM)
159 _exit(EXIT_FAILURE);
160
161 _exit(EXIT_SUCCESS);
162 }
163
164 (void)wait(&sta);
165
166 if (WIFEXITED(sta) == 0) {
167
168 if (WEXITSTATUS(sta) == EX_OSERR)
169 atf_tc_fail("system call failed");
170
171 if (WEXITSTATUS(sta) == EXIT_FAILURE)
172 atf_tc_fail("UID %u manipulated root's "
173 "message queue", pw->pw_uid);
174 }
175
176 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
177 }
178
ATF_TC_CLEANUP(msgctl_perm,tc)179 ATF_TC_CLEANUP(msgctl_perm, tc)
180 {
181 clean();
182 }
183
184 ATF_TC_WITH_CLEANUP(msgctl_pid);
ATF_TC_HEAD(msgctl_pid,tc)185 ATF_TC_HEAD(msgctl_pid, tc)
186 {
187 atf_tc_set_md_var(tc, "descr", "Test that PIDs are updated");
188 }
189
ATF_TC_BODY(msgctl_pid,tc)190 ATF_TC_BODY(msgctl_pid, tc)
191 {
192 struct msg msg = { MSG_MTYPE_1, { 'a', 'b', 'c' } };
193 struct msqid_ds msgds;
194 int id, sta;
195 pid_t pid;
196
197 id = msgget(MSG_KEY, IPC_CREAT | 0600);
198 ATF_REQUIRE(id != -1);
199
200 pid = fork();
201 ATF_REQUIRE(pid >= 0);
202
203 if (pid == 0) {
204
205 (void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
206
207 _exit(EXIT_SUCCESS);
208 }
209
210 (void)sleep(1);
211 (void)wait(&sta);
212 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
213
214 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
215
216 if (pid != msgds.msg_lspid)
217 atf_tc_fail("the PID of last msgsnd(2) was not updated");
218
219 pid = fork();
220 ATF_REQUIRE(pid >= 0);
221
222 if (pid == 0) {
223
224 (void)msgrcv(id, &msg,
225 sizeof(struct msg), MSG_MTYPE_1, IPC_NOWAIT);
226
227 _exit(EXIT_SUCCESS);
228 }
229
230 (void)sleep(1);
231 (void)wait(&sta);
232 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
233
234 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
235
236 if (pid != msgds.msg_lrpid)
237 atf_tc_fail("the PID of last msgrcv(2) was not updated");
238
239 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
240 }
241
ATF_TC_CLEANUP(msgctl_pid,tc)242 ATF_TC_CLEANUP(msgctl_pid, tc)
243 {
244 clean();
245 }
246
247 ATF_TC_WITH_CLEANUP(msgctl_set);
ATF_TC_HEAD(msgctl_set,tc)248 ATF_TC_HEAD(msgctl_set, tc)
249 {
250 atf_tc_set_md_var(tc, "descr", "Test msgctl(2) with IPC_SET");
251 atf_tc_set_md_var(tc, "require.user", "root");
252 }
253
ATF_TC_BODY(msgctl_set,tc)254 ATF_TC_BODY(msgctl_set, tc)
255 {
256 struct msqid_ds msgds;
257 struct passwd *pw;
258 int id;
259
260 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
261
262 pw = getpwnam("nobody");
263 id = msgget(MSG_KEY, IPC_CREAT | 0600);
264
265 ATF_REQUIRE(id != -1);
266 ATF_REQUIRE(pw != NULL);
267 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
268
269 msgds.msg_perm.uid = pw->pw_uid;
270
271 if (msgctl(id, IPC_SET, &msgds) != 0)
272 atf_tc_fail("root failed to change the UID of message queue");
273
274 msgds.msg_perm.uid = getuid();
275 msgds.msg_perm.gid = pw->pw_gid;
276
277 if (msgctl(id, IPC_SET, &msgds) != 0)
278 atf_tc_fail("root failed to change the GID of message queue");
279
280 /*
281 * Note: setting the qbytes to zero fails even as root.
282 */
283 msgds.msg_qbytes = 1;
284 msgds.msg_perm.gid = getgid();
285
286 if (msgctl(id, IPC_SET, &msgds) != 0)
287 atf_tc_fail("root failed to change qbytes of message queue");
288
289 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
290 }
291
ATF_TC_CLEANUP(msgctl_set,tc)292 ATF_TC_CLEANUP(msgctl_set, tc)
293 {
294 clean();
295 }
296
297 ATF_TC_WITH_CLEANUP(msgctl_time);
ATF_TC_HEAD(msgctl_time,tc)298 ATF_TC_HEAD(msgctl_time, tc)
299 {
300 atf_tc_set_md_var(tc, "descr", "Test that access times are updated");
301 }
302
ATF_TC_BODY(msgctl_time,tc)303 ATF_TC_BODY(msgctl_time, tc)
304 {
305 struct msg msg = { MSG_MTYPE_1, { 'a', 'b', 'c' } };
306 struct msqid_ds msgds;
307 time_t t;
308 int id;
309
310 id = msgget(MSG_KEY, IPC_CREAT | 0600);
311 ATF_REQUIRE(id != -1);
312
313 t = time(NULL);
314
315 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
316 (void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
317 (void)msgctl(id, IPC_STAT, &msgds);
318
319 if (llabs(t - msgds.msg_stime) > 1)
320 atf_tc_fail("time of last msgsnd(2) was not updated");
321
322 if (msgds.msg_rtime != 0)
323 atf_tc_fail("time of last msgrcv(2) was updated incorrectly");
324
325 t = time(NULL);
326
327 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
328 (void)msgrcv(id, &msg, sizeof(struct msg), MSG_MTYPE_1, IPC_NOWAIT);
329 (void)msgctl(id, IPC_STAT, &msgds);
330
331 if (llabs(t - msgds.msg_rtime) > 1)
332 atf_tc_fail("time of last msgrcv(2) was not updated");
333
334 /*
335 * Note: this is non-zero even after the memset(3).
336 */
337 if (msgds.msg_stime == 0)
338 atf_tc_fail("time of last msgsnd(2) was updated incorrectly");
339
340 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
341 }
342
ATF_TC_CLEANUP(msgctl_time,tc)343 ATF_TC_CLEANUP(msgctl_time, tc)
344 {
345 clean();
346 }
347
ATF_TP_ADD_TCS(tp)348 ATF_TP_ADD_TCS(tp)
349 {
350
351 ATF_TP_ADD_TC(tp, msgctl_err);
352 ATF_TP_ADD_TC(tp, msgctl_perm);
353 ATF_TP_ADD_TC(tp, msgctl_pid);
354 ATF_TP_ADD_TC(tp, msgctl_set);
355 ATF_TP_ADD_TC(tp, msgctl_time);
356
357 return atf_no_error();
358 }
359