PERFORCE change 137394 for review

Tue Mar 11 14:01:47 UTC 2008

http://perforce.freebsd.org/chv.cgi?CH=137394

Change 137394 by zhouzhouyi at zhouzhouyi_mactest on 2008/03/11 14:01:06

	add setuid and setgid test for MAC Framework follows the example of fstest/fstest.c

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#15 edit

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#15 (text+ko) ====

@@ -230,7 +230,7 @@
 usage(void)
 {
 
-	fprintf(stderr, "usage: mactest -m label_string -f macconf_file syscall args ...\n");
+	fprintf(stderr, "usage: mactest  [-u uid] [-g gid1[,gid2[...]]] -m label_string -f macconf_file syscall args ...\n");
 	exit(1);
 }
 
@@ -549,6 +549,42 @@
 	return (i);
 }
 
+
+static void
+set_gids(char *gids)
+{
+	gid_t *gidset;
+	long ngroups;
+	char *g, *endp;
+	unsigned i;
+
+	ngroups = sysconf(_SC_NGROUPS_MAX);
+	assert(ngroups > 0);
+	gidset = malloc(sizeof(*gidset) * ngroups);
+	assert(gidset != NULL);
+	for (i = 0, g = strtok(gids, ","); g != NULL; g = strtok(NULL, ","), i++) {
+		if (i >= ngroups) {
+			fprintf(stderr, "too many gids\n");
+			exit(1);
+		}
+		gidset[i] = strtol(g, &endp, 0);
+		if (*endp != '\0' && !isspace((unsigned char)*endp)) {
+			fprintf(stderr, "invalid gid '%s' - number expected\n",
+			    g);
+			exit(1);
+		}
+	}
+	if (setgroups(i, gidset) < 0) {
+		fprintf(stderr, "cannot change groups: %s\n", strerror(errno));
+		exit(1);
+	}
+	if (setegid(gidset[0]) < 0) {
+		fprintf(stderr, "cannot change effective gid: %s\n", strerror(errno));
+		exit(1);
+	}
+	free(gidset);
+}
+
 int
 main(int argc, char *argv[])
 {
@@ -560,10 +596,13 @@
 	int error;
 	int mactestpipefd;
 	char buf[2048];
-	int ch;
+	char *gids, *endp;
+	int  uid, ch;
 
+	uid = -1;
+        gids = NULL;
 
-	while ((ch = getopt(argc, argv, "m:f:")) != -1) {
+	while ((ch = getopt(argc, argv, "m:f:g:u:")) != -1) {
 		switch(ch) {
 		case 'm':
 			label_string = optarg;
@@ -571,6 +610,17 @@
 		case 'f':
 			macconf_file = optarg;
 			break;
+                case 'g':
+                        gids = optarg;
+                        break;
+                case 'u':
+                        uid = (int)strtol(optarg, &endp, 0);
+                        if (*endp != '\0' && !isspace((unsigned char)*endp)) {
+                                fprintf(stderr, "invalid uid '%s' - number "
+                                    "expected\n", optarg);
+                                exit(1);
+                        }
+                        break;
 		default:
 			usage();
 		}
@@ -611,6 +661,18 @@
 	
 	logfd = open(LOGDEV, O_RDWR);
 
+	if (gids != NULL) {
+                set_gids(gids);
+        }
+        
+	if (uid != -1) {
+                if (setuid(uid) < 0) {
+                        fprintf(stderr, "cannot change uid: %s\n",
+                            strerror(errno));
+                        exit(1);
+                }
+        }
+
 /*Begin to log
  */
 	ioctl(logfd, BEGINLOG, NULL);
