CoCalc -- pwd

GitHub Repository: freebsd/freebsd-src
Path: blob/main/lib/libcasper/services/cap_pwd/tests/pwd_test.c
⁴⁸³⁸³ views
1
/*-
2
 * SPDX-License-Identifier: BSD-2-Clause
3
 *
4
 * Copyright (c) 2013 The FreeBSD Foundation
5
 *
6
 * This software was developed by Pawel Jakub Dawidek under sponsorship from
7
 * the FreeBSD Foundation.
8
 *
9
 * Redistribution and use in source and binary forms, with or without
10
 * modification, are permitted provided that the following conditions
11
 * are met:
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 * 2. Redistributions in binary form must reproduce the above copyright
15
 *    notice, this list of conditions and the following disclaimer in the
16
 *    documentation and/or other materials provided with the distribution.
17
 *
18
 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
19
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
22
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28
 * SUCH DAMAGE.
29
 */
30

31
#include <sys/capsicum.h>
32
#include <sys/nv.h>
33

34
#include <assert.h>
35
#include <err.h>
36
#include <errno.h>
37
#include <pwd.h>
38
#include <stdio.h>
39
#include <stdlib.h>
40
#include <string.h>
41
#include <unistd.h>
42

43
#include <libcasper.h>
44

45
#include <casper/cap_pwd.h>
46

47
static int ntest = 1;
48

49
#define CHECK(expr)     do {						\
50
	if ((expr))							\
51
		printf("ok %d # %s:%u\n", ntest, __FILE__, __LINE__);	\
52
	else								\
53
		printf("not ok %d # %s:%u\n", ntest, __FILE__, __LINE__); \
54
	fflush(stdout);							\
55
	ntest++;							\
56
} while (0)
57
#define CHECKX(expr)     do {						\
58
	if ((expr)) {							\
59
		printf("ok %d # %s:%u\n", ntest, __FILE__, __LINE__);	\
60
	} else {							\
61
		printf("not ok %d # %s:%u\n", ntest, __FILE__, __LINE__); \
62
		exit(1);						\
63
	}								\
64
	fflush(stdout);							\
65
	ntest++;							\
66
} while (0)
67

68
#define	UID_ROOT	0
69
#define	UID_OPERATOR	2
70

71
#define	GETPWENT0	0x0001
72
#define	GETPWENT1	0x0002
73
#define	GETPWENT2	0x0004
74
#define	GETPWENT	(GETPWENT0 | GETPWENT1 | GETPWENT2)
75
#define	GETPWENT_R0	0x0008
76
#define	GETPWENT_R1	0x0010
77
#define	GETPWENT_R2	0x0020
78
#define	GETPWENT_R	(GETPWENT_R0 | GETPWENT_R1 | GETPWENT_R2)
79
#define	GETPWNAM	0x0040
80
#define	GETPWNAM_R	0x0080
81
#define	GETPWUID	0x0100
82
#define	GETPWUID_R	0x0200
83

84
static bool
85
passwd_compare(const struct passwd *pwd0, const struct passwd *pwd1)
86
{
87

88
	if (pwd0 == NULL && pwd1 == NULL)
89
		return (true);
90
	if (pwd0 == NULL || pwd1 == NULL)
91
		return (false);
92

93
	if (strcmp(pwd0->pw_name, pwd1->pw_name) != 0)
94
		return (false);
95

96
	if (pwd0->pw_passwd != NULL || pwd1->pw_passwd != NULL) {
97
		if (pwd0->pw_passwd == NULL || pwd1->pw_passwd == NULL)
98
			return (false);
99
		if (strcmp(pwd0->pw_passwd, pwd1->pw_passwd) != 0)
100
			return (false);
101
	}
102

103
	if (pwd0->pw_uid != pwd1->pw_uid)
104
		return (false);
105

106
	if (pwd0->pw_gid != pwd1->pw_gid)
107
		return (false);
108

109
	if (pwd0->pw_change != pwd1->pw_change)
110
		return (false);
111

112
	if (pwd0->pw_class != NULL || pwd1->pw_class != NULL) {
113
		if (pwd0->pw_class == NULL || pwd1->pw_class == NULL)
114
			return (false);
115
		if (strcmp(pwd0->pw_class, pwd1->pw_class) != 0)
116
			return (false);
117
	}
118

119
	if (pwd0->pw_gecos != NULL || pwd1->pw_gecos != NULL) {
120
		if (pwd0->pw_gecos == NULL || pwd1->pw_gecos == NULL)
121
			return (false);
122
		if (strcmp(pwd0->pw_gecos, pwd1->pw_gecos) != 0)
123
			return (false);
124
	}
125

126
	if (pwd0->pw_dir != NULL || pwd1->pw_dir != NULL) {
127
		if (pwd0->pw_dir == NULL || pwd1->pw_dir == NULL)
128
			return (false);
129
		if (strcmp(pwd0->pw_dir, pwd1->pw_dir) != 0)
130
			return (false);
131
	}
132

133
	if (pwd0->pw_shell != NULL || pwd1->pw_shell != NULL) {
134
		if (pwd0->pw_shell == NULL || pwd1->pw_shell == NULL)
135
			return (false);
136
		if (strcmp(pwd0->pw_shell, pwd1->pw_shell) != 0)
137
			return (false);
138
	}
139

140
	if (pwd0->pw_expire != pwd1->pw_expire)
141
		return (false);
142

143
	if (pwd0->pw_fields != pwd1->pw_fields)
144
		return (false);
145

146
	return (true);
147
}
148

149
static unsigned int
150
runtest_cmds(cap_channel_t *cappwd)
151
{
152
	char bufs[1024], bufc[1024];
153
	unsigned int result;
154
	struct passwd *pwds, *pwdc;
155
	struct passwd sts, stc;
156

157
	result = 0;
158

159
	setpwent();
160
	cap_setpwent(cappwd);
161

162
	pwds = getpwent();
163
	pwdc = cap_getpwent(cappwd);
164
	if (passwd_compare(pwds, pwdc)) {
165
		result |= GETPWENT0;
166
		pwds = getpwent();
167
		pwdc = cap_getpwent(cappwd);
168
		if (passwd_compare(pwds, pwdc))
169
			result |= GETPWENT1;
170
	}
171

172
	getpwent_r(&sts, bufs, sizeof(bufs), &pwds);
173
	cap_getpwent_r(cappwd, &stc, bufc, sizeof(bufc), &pwdc);
174
	if (passwd_compare(pwds, pwdc)) {
175
		result |= GETPWENT_R0;
176
		getpwent_r(&sts, bufs, sizeof(bufs), &pwds);
177
		cap_getpwent_r(cappwd, &stc, bufc, sizeof(bufc), &pwdc);
178
		if (passwd_compare(pwds, pwdc))
179
			result |= GETPWENT_R1;
180
	}
181

182
	setpwent();
183
	cap_setpwent(cappwd);
184

185
	getpwent_r(&sts, bufs, sizeof(bufs), &pwds);
186
	cap_getpwent_r(cappwd, &stc, bufc, sizeof(bufc), &pwdc);
187
	if (passwd_compare(pwds, pwdc))
188
		result |= GETPWENT_R2;
189

190
	pwds = getpwent();
191
	pwdc = cap_getpwent(cappwd);
192
	if (passwd_compare(pwds, pwdc))
193
		result |= GETPWENT2;
194

195
	pwds = getpwnam("root");
196
	pwdc = cap_getpwnam(cappwd, "root");
197
	if (passwd_compare(pwds, pwdc)) {
198
		pwds = getpwnam("operator");
199
		pwdc = cap_getpwnam(cappwd, "operator");
200
		if (passwd_compare(pwds, pwdc))
201
			result |= GETPWNAM;
202
	}
203

204
	getpwnam_r("root", &sts, bufs, sizeof(bufs), &pwds);
205
	cap_getpwnam_r(cappwd, "root", &stc, bufc, sizeof(bufc), &pwdc);
206
	if (passwd_compare(pwds, pwdc)) {
207
		getpwnam_r("operator", &sts, bufs, sizeof(bufs), &pwds);
208
		cap_getpwnam_r(cappwd, "operator", &stc, bufc, sizeof(bufc),
209
		    &pwdc);
210
		if (passwd_compare(pwds, pwdc))
211
			result |= GETPWNAM_R;
212
	}
213

214
	pwds = getpwuid(UID_ROOT);
215
	pwdc = cap_getpwuid(cappwd, UID_ROOT);
216
	if (passwd_compare(pwds, pwdc)) {
217
		pwds = getpwuid(UID_OPERATOR);
218
		pwdc = cap_getpwuid(cappwd, UID_OPERATOR);
219
		if (passwd_compare(pwds, pwdc))
220
			result |= GETPWUID;
221
	}
222

223
	getpwuid_r(UID_ROOT, &sts, bufs, sizeof(bufs), &pwds);
224
	cap_getpwuid_r(cappwd, UID_ROOT, &stc, bufc, sizeof(bufc), &pwdc);
225
	if (passwd_compare(pwds, pwdc)) {
226
		getpwuid_r(UID_OPERATOR, &sts, bufs, sizeof(bufs), &pwds);
227
		cap_getpwuid_r(cappwd, UID_OPERATOR, &stc, bufc, sizeof(bufc),
228
		    &pwdc);
229
		if (passwd_compare(pwds, pwdc))
230
			result |= GETPWUID_R;
231
	}
232

233
	return (result);
234
}
235

236
static void
237
test_cmds(cap_channel_t *origcappwd)
238
{
239
	cap_channel_t *cappwd;
240
	const char *cmds[7], *fields[10], *names[6];
241
	uid_t uids[5];
242

243
	fields[0] = "pw_name";
244
	fields[1] = "pw_passwd";
245
	fields[2] = "pw_uid";
246
	fields[3] = "pw_gid";
247
	fields[4] = "pw_change";
248
	fields[5] = "pw_class";
249
	fields[6] = "pw_gecos";
250
	fields[7] = "pw_dir";
251
	fields[8] = "pw_shell";
252
	fields[9] = "pw_expire";
253

254
	names[0] = "root";
255
	names[1] = "toor";
256
	names[2] = "daemon";
257
	names[3] = "operator";
258
	names[4] = "bin";
259
	names[5] = "kmem";
260

261
	uids[0] = 0;
262
	uids[1] = 1;
263
	uids[2] = 2;
264
	uids[3] = 3;
265
	uids[4] = 5;
266

267
	/*
268
	 * Allow:
269
	 * cmds: setpwent, getpwent, getpwent_r, getpwnam, getpwnam_r,
270
	 *       getpwuid, getpwuid_r
271
	 * users:
272
	 *     names: root, toor, daemon, operator, bin, kmem
273
	 *     uids:
274
	 */
275
	cappwd = cap_clone(origcappwd);
276
	CHECK(cappwd != NULL);
277

278
	cmds[0] = "setpwent";
279
	cmds[1] = "getpwent";
280
	cmds[2] = "getpwent_r";
281
	cmds[3] = "getpwnam";
282
	cmds[4] = "getpwnam_r";
283
	cmds[5] = "getpwuid";
284
	cmds[6] = "getpwuid_r";
285
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == 0);
286
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
287
	CHECK(cap_pwd_limit_users(cappwd, names, 6, NULL, 0) == 0);
288

289
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R |
290
	    GETPWNAM | GETPWNAM_R | GETPWUID | GETPWUID_R));
291

292
	cap_close(cappwd);
293

294
	/*
295
	 * Allow:
296
	 * cmds: setpwent, getpwent, getpwent_r, getpwnam, getpwnam_r,
297
	 *       getpwuid, getpwuid_r
298
	 * users:
299
	 *     names:
300
	 *     uids: 0, 1, 2, 3, 5
301
	 */
302
	cappwd = cap_clone(origcappwd);
303
	CHECK(cappwd != NULL);
304

305
	cmds[0] = "setpwent";
306
	cmds[1] = "getpwent";
307
	cmds[2] = "getpwent_r";
308
	cmds[3] = "getpwnam";
309
	cmds[4] = "getpwnam_r";
310
	cmds[5] = "getpwuid";
311
	cmds[6] = "getpwuid_r";
312
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == 0);
313
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
314
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 5) == 0);
315

316
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R |
317
	    GETPWNAM | GETPWNAM_R | GETPWUID | GETPWUID_R));
318

319
	cap_close(cappwd);
320

321
	/*
322
	 * Allow:
323
	 * cmds: getpwent, getpwent_r, getpwnam, getpwnam_r,
324
	 *       getpwuid, getpwuid_r
325
	 * users:
326
	 *     names: root, toor, daemon, operator, bin, kmem
327
	 *     uids:
328
	 * Disallow:
329
	 * cmds: setpwent
330
	 * users:
331
	 */
332
	cappwd = cap_clone(origcappwd);
333
	CHECK(cappwd != NULL);
334

335
	cap_setpwent(cappwd);
336

337
	cmds[0] = "getpwent";
338
	cmds[1] = "getpwent_r";
339
	cmds[2] = "getpwnam";
340
	cmds[3] = "getpwnam_r";
341
	cmds[4] = "getpwuid";
342
	cmds[5] = "getpwuid_r";
343
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
344
	cmds[0] = "setpwent";
345
	cmds[1] = "getpwent";
346
	cmds[2] = "getpwent_r";
347
	cmds[3] = "getpwnam";
348
	cmds[4] = "getpwnam_r";
349
	cmds[5] = "getpwuid";
350
	cmds[6] = "getpwuid_r";
351
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
352
	cmds[0] = "setpwent";
353
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
354
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
355
	CHECK(cap_pwd_limit_users(cappwd, names, 6, NULL, 0) == 0);
356

357
	CHECK(runtest_cmds(cappwd) == (GETPWENT0 | GETPWENT1 | GETPWENT_R0 |
358
	    GETPWENT_R1 | GETPWNAM | GETPWNAM_R | GETPWUID | GETPWUID_R));
359

360
	cap_close(cappwd);
361

362
	/*
363
	 * Allow:
364
	 * cmds: getpwent, getpwent_r, getpwnam, getpwnam_r,
365
	 *       getpwuid, getpwuid_r
366
	 * users:
367
	 *     names:
368
	 *     uids: 0, 1, 2, 3, 5
369
	 * Disallow:
370
	 * cmds: setpwent
371
	 * users:
372
	 */
373
	cappwd = cap_clone(origcappwd);
374
	CHECK(cappwd != NULL);
375

376
	cap_setpwent(cappwd);
377

378
	cmds[0] = "getpwent";
379
	cmds[1] = "getpwent_r";
380
	cmds[2] = "getpwnam";
381
	cmds[3] = "getpwnam_r";
382
	cmds[4] = "getpwuid";
383
	cmds[5] = "getpwuid_r";
384
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
385
	cmds[0] = "setpwent";
386
	cmds[1] = "getpwent";
387
	cmds[2] = "getpwent_r";
388
	cmds[3] = "getpwnam";
389
	cmds[4] = "getpwnam_r";
390
	cmds[5] = "getpwuid";
391
	cmds[6] = "getpwuid_r";
392
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
393
	cmds[0] = "setpwent";
394
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
395
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
396
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 5) == 0);
397

398
	CHECK(runtest_cmds(cappwd) == (GETPWENT0 | GETPWENT1 | GETPWENT_R0 |
399
	    GETPWENT_R1 | GETPWNAM | GETPWNAM_R | GETPWUID | GETPWUID_R));
400

401
	cap_close(cappwd);
402

403
	/*
404
	 * Allow:
405
	 * cmds: setpwent, getpwent_r, getpwnam, getpwnam_r,
406
	 *       getpwuid, getpwuid_r
407
	 * users:
408
	 *     names: root, toor, daemon, operator, bin, kmem
409
	 *     uids:
410
	 * Disallow:
411
	 * cmds: getpwent
412
	 * users:
413
	 */
414
	cappwd = cap_clone(origcappwd);
415
	CHECK(cappwd != NULL);
416

417
	cmds[0] = "setpwent";
418
	cmds[1] = "getpwent_r";
419
	cmds[2] = "getpwnam";
420
	cmds[3] = "getpwnam_r";
421
	cmds[4] = "getpwuid";
422
	cmds[5] = "getpwuid_r";
423
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
424
	cmds[0] = "setpwent";
425
	cmds[1] = "getpwent";
426
	cmds[2] = "getpwent_r";
427
	cmds[3] = "getpwnam";
428
	cmds[4] = "getpwnam_r";
429
	cmds[5] = "getpwuid";
430
	cmds[6] = "getpwuid_r";
431
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
432
	cmds[0] = "getpwent";
433
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
434
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
435
	CHECK(cap_pwd_limit_users(cappwd, names, 6, NULL, 0) == 0);
436

437
	CHECK(runtest_cmds(cappwd) == (GETPWENT_R2 |
438
	    GETPWNAM | GETPWNAM_R | GETPWUID | GETPWUID_R));
439

440
	cap_close(cappwd);
441

442
	/*
443
	 * Allow:
444
	 * cmds: setpwent, getpwent_r, getpwnam, getpwnam_r,
445
	 *       getpwuid, getpwuid_r
446
	 * users:
447
	 *     names:
448
	 *     uids: 0, 1, 2, 3, 5
449
	 * Disallow:
450
	 * cmds: getpwent
451
	 * users:
452
	 */
453
	cappwd = cap_clone(origcappwd);
454
	CHECK(cappwd != NULL);
455

456
	cmds[0] = "setpwent";
457
	cmds[1] = "getpwent_r";
458
	cmds[2] = "getpwnam";
459
	cmds[3] = "getpwnam_r";
460
	cmds[4] = "getpwuid";
461
	cmds[5] = "getpwuid_r";
462
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
463
	cmds[0] = "setpwent";
464
	cmds[1] = "getpwent";
465
	cmds[2] = "getpwent_r";
466
	cmds[3] = "getpwnam";
467
	cmds[4] = "getpwnam_r";
468
	cmds[5] = "getpwuid";
469
	cmds[6] = "getpwuid_r";
470
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
471
	cmds[0] = "getpwent";
472
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
473
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
474
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 5) == 0);
475

476
	CHECK(runtest_cmds(cappwd) == (GETPWENT_R2 |
477
	    GETPWNAM | GETPWNAM_R | GETPWUID | GETPWUID_R));
478

479
	cap_close(cappwd);
480

481
	/*
482
	 * Allow:
483
	 * cmds: setpwent, getpwent, getpwnam, getpwnam_r,
484
	 *       getpwuid, getpwuid_r
485
	 * users:
486
	 *     names: root, toor, daemon, operator, bin, kmem
487
	 *     uids:
488
	 * Disallow:
489
	 * cmds: getpwent_r
490
	 * users:
491
	 */
492
	cappwd = cap_clone(origcappwd);
493
	CHECK(cappwd != NULL);
494

495
	cmds[0] = "setpwent";
496
	cmds[1] = "getpwent";
497
	cmds[2] = "getpwnam";
498
	cmds[3] = "getpwnam_r";
499
	cmds[4] = "getpwuid";
500
	cmds[5] = "getpwuid_r";
501
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
502
	cmds[0] = "setpwent";
503
	cmds[1] = "getpwent";
504
	cmds[2] = "getpwent_r";
505
	cmds[3] = "getpwnam";
506
	cmds[4] = "getpwnam_r";
507
	cmds[5] = "getpwuid";
508
	cmds[6] = "getpwuid_r";
509
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
510
	cmds[0] = "getpwent_r";
511
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
512
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
513
	CHECK(cap_pwd_limit_users(cappwd, names, 6, NULL, 0) == 0);
514

515
	CHECK(runtest_cmds(cappwd) == (GETPWENT0 | GETPWENT1 |
516
	    GETPWNAM | GETPWNAM_R | GETPWUID | GETPWUID_R));
517

518
	cap_close(cappwd);
519

520
	/*
521
	 * Allow:
522
	 * cmds: setpwent, getpwent, getpwnam, getpwnam_r,
523
	 *       getpwuid, getpwuid_r
524
	 * users:
525
	 *     names:
526
	 *     uids: 0, 1, 2, 3, 5
527
	 * Disallow:
528
	 * cmds: getpwent_r
529
	 * users:
530
	 */
531
	cappwd = cap_clone(origcappwd);
532
	CHECK(cappwd != NULL);
533

534
	cmds[0] = "setpwent";
535
	cmds[1] = "getpwent";
536
	cmds[2] = "getpwnam";
537
	cmds[3] = "getpwnam_r";
538
	cmds[4] = "getpwuid";
539
	cmds[5] = "getpwuid_r";
540
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
541
	cmds[0] = "setpwent";
542
	cmds[1] = "getpwent";
543
	cmds[2] = "getpwent_r";
544
	cmds[3] = "getpwnam";
545
	cmds[4] = "getpwnam_r";
546
	cmds[5] = "getpwuid";
547
	cmds[6] = "getpwuid_r";
548
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
549
	cmds[0] = "getpwent_r";
550
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
551
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
552
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 5) == 0);
553

554
	CHECK(runtest_cmds(cappwd) == (GETPWENT0 | GETPWENT1 |
555
	    GETPWNAM | GETPWNAM_R | GETPWUID | GETPWUID_R));
556

557
	cap_close(cappwd);
558

559
	/*
560
	 * Allow:
561
	 * cmds: setpwent, getpwent, getpwent_r, getpwnam_r,
562
	 *       getpwuid, getpwuid_r
563
	 * users:
564
	 *     names: root, toor, daemon, operator, bin, kmem
565
	 *     uids:
566
	 * Disallow:
567
	 * cmds: getpwnam
568
	 * users:
569
	 */
570
	cappwd = cap_clone(origcappwd);
571
	CHECK(cappwd != NULL);
572

573
	cmds[0] = "setpwent";
574
	cmds[1] = "getpwent";
575
	cmds[2] = "getpwent_r";
576
	cmds[3] = "getpwnam_r";
577
	cmds[4] = "getpwuid";
578
	cmds[5] = "getpwuid_r";
579
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
580
	cmds[0] = "setpwent";
581
	cmds[1] = "getpwent";
582
	cmds[2] = "getpwent_r";
583
	cmds[3] = "getpwnam";
584
	cmds[4] = "getpwnam_r";
585
	cmds[5] = "getpwuid";
586
	cmds[6] = "getpwuid_r";
587
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
588
	cmds[0] = "getpwnam";
589
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
590
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
591
	CHECK(cap_pwd_limit_users(cappwd, names, 6, NULL, 0) == 0);
592

593
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R |
594
	    GETPWNAM_R | GETPWUID | GETPWUID_R));
595

596
	cap_close(cappwd);
597

598
	/*
599
	 * Allow:
600
	 * cmds: setpwent, getpwent, getpwent_r, getpwnam_r,
601
	 *       getpwuid, getpwuid_r
602
	 * users:
603
	 *     names:
604
	 *     uids: 0, 1, 2, 3, 5
605
	 * Disallow:
606
	 * cmds: getpwnam
607
	 * users:
608
	 */
609
	cappwd = cap_clone(origcappwd);
610
	CHECK(cappwd != NULL);
611

612
	cmds[0] = "setpwent";
613
	cmds[1] = "getpwent";
614
	cmds[2] = "getpwent_r";
615
	cmds[3] = "getpwnam_r";
616
	cmds[4] = "getpwuid";
617
	cmds[5] = "getpwuid_r";
618
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
619
	cmds[0] = "setpwent";
620
	cmds[1] = "getpwent";
621
	cmds[2] = "getpwent_r";
622
	cmds[3] = "getpwnam";
623
	cmds[4] = "getpwnam_r";
624
	cmds[5] = "getpwuid";
625
	cmds[6] = "getpwuid_r";
626
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
627
	cmds[0] = "getpwnam";
628
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
629
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
630
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 5) == 0);
631

632
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R |
633
	    GETPWNAM_R | GETPWUID | GETPWUID_R));
634

635
	cap_close(cappwd);
636

637
	/*
638
	 * Allow:
639
	 * cmds: setpwent, getpwent, getpwent_r, getpwnam,
640
	 *       getpwuid, getpwuid_r
641
	 * users:
642
	 *     names: root, toor, daemon, operator, bin, kmem
643
	 *     uids:
644
	 * Disallow:
645
	 * cmds: getpwnam_r
646
	 * users:
647
	 */
648
	cappwd = cap_clone(origcappwd);
649
	CHECK(cappwd != NULL);
650

651
	cmds[0] = "setpwent";
652
	cmds[1] = "getpwent";
653
	cmds[2] = "getpwent_r";
654
	cmds[3] = "getpwnam";
655
	cmds[4] = "getpwuid";
656
	cmds[5] = "getpwuid_r";
657
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
658
	cmds[0] = "setpwent";
659
	cmds[1] = "getpwent";
660
	cmds[2] = "getpwent_r";
661
	cmds[3] = "getpwnam";
662
	cmds[4] = "getpwnam_r";
663
	cmds[5] = "getpwuid";
664
	cmds[6] = "getpwuid_r";
665
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
666
	cmds[0] = "getpwnam_r";
667
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
668
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
669
	CHECK(cap_pwd_limit_users(cappwd, names, 6, NULL, 0) == 0);
670

671
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R |
672
	    GETPWNAM | GETPWUID | GETPWUID_R));
673

674
	cap_close(cappwd);
675

676
	/*
677
	 * Allow:
678
	 * cmds: setpwent, getpwent, getpwent_r, getpwnam,
679
	 *       getpwuid, getpwuid_r
680
	 * users:
681
	 *     names:
682
	 *     uids: 0, 1, 2, 3, 5
683
	 * Disallow:
684
	 * cmds: getpwnam_r
685
	 * users:
686
	 */
687
	cappwd = cap_clone(origcappwd);
688
	CHECK(cappwd != NULL);
689

690
	cmds[0] = "setpwent";
691
	cmds[1] = "getpwent";
692
	cmds[2] = "getpwent_r";
693
	cmds[3] = "getpwnam";
694
	cmds[4] = "getpwuid";
695
	cmds[5] = "getpwuid_r";
696
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
697
	cmds[0] = "setpwent";
698
	cmds[1] = "getpwent";
699
	cmds[2] = "getpwent_r";
700
	cmds[3] = "getpwnam";
701
	cmds[4] = "getpwnam_r";
702
	cmds[5] = "getpwuid";
703
	cmds[6] = "getpwuid_r";
704
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
705
	cmds[0] = "getpwnam_r";
706
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
707
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
708
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 5) == 0);
709

710
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R |
711
	    GETPWNAM | GETPWUID | GETPWUID_R));
712

713
	cap_close(cappwd);
714

715
	/*
716
	 * Allow:
717
	 * cmds: setpwent, getpwent, getpwent_r, getpwnam, getpwnam_r,
718
	 *       getpwuid_r
719
	 * users:
720
	 *     names: root, toor, daemon, operator, bin, kmem
721
	 *     uids:
722
	 * Disallow:
723
	 * cmds: getpwuid
724
	 * users:
725
	 */
726
	cappwd = cap_clone(origcappwd);
727
	CHECK(cappwd != NULL);
728

729
	cmds[0] = "setpwent";
730
	cmds[1] = "getpwent";
731
	cmds[2] = "getpwent_r";
732
	cmds[3] = "getpwnam";
733
	cmds[4] = "getpwnam_r";
734
	cmds[5] = "getpwuid_r";
735
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
736
	cmds[0] = "setpwent";
737
	cmds[1] = "getpwent";
738
	cmds[2] = "getpwent_r";
739
	cmds[3] = "getpwnam";
740
	cmds[4] = "getpwnam_r";
741
	cmds[5] = "getpwuid";
742
	cmds[6] = "getpwuid_r";
743
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
744
	cmds[0] = "getpwuid";
745
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
746
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
747
	CHECK(cap_pwd_limit_users(cappwd, names, 6, NULL, 0) == 0);
748

749
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R |
750
	    GETPWNAM | GETPWNAM_R | GETPWUID_R));
751

752
	cap_close(cappwd);
753

754
	/*
755
	 * Allow:
756
	 * cmds: setpwent, getpwent, getpwent_r, getpwnam, getpwnam_r,
757
	 *       getpwuid_r
758
	 * users:
759
	 *     names:
760
	 *     uids: 0, 1, 2, 3, 5
761
	 * Disallow:
762
	 * cmds: getpwuid
763
	 * users:
764
	 */
765
	cappwd = cap_clone(origcappwd);
766
	CHECK(cappwd != NULL);
767

768
	cmds[0] = "setpwent";
769
	cmds[1] = "getpwent";
770
	cmds[2] = "getpwent_r";
771
	cmds[3] = "getpwnam";
772
	cmds[4] = "getpwnam_r";
773
	cmds[5] = "getpwuid_r";
774
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
775
	cmds[0] = "setpwent";
776
	cmds[1] = "getpwent";
777
	cmds[2] = "getpwent_r";
778
	cmds[3] = "getpwnam";
779
	cmds[4] = "getpwnam_r";
780
	cmds[5] = "getpwuid";
781
	cmds[6] = "getpwuid_r";
782
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
783
	cmds[0] = "getpwuid";
784
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
785
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
786
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 5) == 0);
787

788
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R |
789
	    GETPWNAM | GETPWNAM_R | GETPWUID_R));
790

791
	cap_close(cappwd);
792

793
	/*
794
	 * Allow:
795
	 * cmds: setpwent, getpwent, getpwent_r, getpwnam, getpwnam_r,
796
	 *       getpwuid
797
	 * users:
798
	 *     names: root, toor, daemon, operator, bin, kmem
799
	 *     uids:
800
	 * Disallow:
801
	 * cmds: getpwuid_r
802
	 * users:
803
	 */
804
	cappwd = cap_clone(origcappwd);
805
	CHECK(cappwd != NULL);
806

807
	cmds[0] = "setpwent";
808
	cmds[1] = "getpwent";
809
	cmds[2] = "getpwent_r";
810
	cmds[3] = "getpwnam";
811
	cmds[4] = "getpwnam_r";
812
	cmds[5] = "getpwuid";
813
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
814
	cmds[0] = "setpwent";
815
	cmds[1] = "getpwent";
816
	cmds[2] = "getpwent_r";
817
	cmds[3] = "getpwnam";
818
	cmds[4] = "getpwnam_r";
819
	cmds[5] = "getpwuid";
820
	cmds[6] = "getpwuid_r";
821
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
822
	cmds[0] = "getpwuid_r";
823
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
824
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
825
	CHECK(cap_pwd_limit_users(cappwd, names, 6, NULL, 0) == 0);
826

827
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R |
828
	    GETPWNAM | GETPWNAM_R | GETPWUID));
829

830
	cap_close(cappwd);
831

832
	/*
833
	 * Allow:
834
	 * cmds: setpwent, getpwent, getpwent_r, getpwnam, getpwnam_r,
835
	 *       getpwuid
836
	 * users:
837
	 *     names:
838
	 *     uids: 0, 1, 2, 3, 5
839
	 * Disallow:
840
	 * cmds: getpwuid_r
841
	 * users:
842
	 */
843
	cappwd = cap_clone(origcappwd);
844
	CHECK(cappwd != NULL);
845

846
	cmds[0] = "setpwent";
847
	cmds[1] = "getpwent";
848
	cmds[2] = "getpwent_r";
849
	cmds[3] = "getpwnam";
850
	cmds[4] = "getpwnam_r";
851
	cmds[5] = "getpwuid";
852
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 6) == 0);
853
	cmds[0] = "setpwent";
854
	cmds[1] = "getpwent";
855
	cmds[2] = "getpwent_r";
856
	cmds[3] = "getpwnam";
857
	cmds[4] = "getpwnam_r";
858
	cmds[5] = "getpwuid";
859
	cmds[6] = "getpwuid_r";
860
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 7) == -1 && errno == ENOTCAPABLE);
861
	cmds[0] = "getpwuid_r";
862
	CHECK(cap_pwd_limit_cmds(cappwd, cmds, 1) == -1 && errno == ENOTCAPABLE);
863
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
864
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 5) == 0);
865

866
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R |
867
	    GETPWNAM | GETPWNAM_R | GETPWUID));
868

869
	cap_close(cappwd);
870
}
871

872
#define	PW_NAME		_PWF_NAME
873
#define	PW_PASSWD	_PWF_PASSWD
874
#define	PW_UID		_PWF_UID
875
#define	PW_GID		_PWF_GID
876
#define	PW_CHANGE	_PWF_CHANGE
877
#define	PW_CLASS	_PWF_CLASS
878
#define	PW_GECOS	_PWF_GECOS
879
#define	PW_DIR		_PWF_DIR
880
#define	PW_SHELL	_PWF_SHELL
881
#define	PW_EXPIRE	_PWF_EXPIRE
882

883
static unsigned int
884
passwd_fields(const struct passwd *pwd)
885
{
886
	unsigned int result;
887

888
	result = 0;
889

890
	if (pwd->pw_name != NULL && pwd->pw_name[0] != '\0')
891
		result |= PW_NAME;
892
//	else
893
//		printf("No pw_name\n");
894

895
	if (pwd->pw_passwd != NULL && pwd->pw_passwd[0] != '\0')
896
		result |= PW_PASSWD;
897
	else if ((pwd->pw_fields & _PWF_PASSWD) != 0)
898
		result |= PW_PASSWD;
899
//	else
900
//		printf("No pw_passwd\n");
901

902
	if (pwd->pw_uid != (uid_t)-1)
903
		result |= PW_UID;
904
//	else
905
//		printf("No pw_uid\n");
906

907
	if (pwd->pw_gid != (gid_t)-1)
908
		result |= PW_GID;
909
//	else
910
//		printf("No pw_gid\n");
911

912
	if (pwd->pw_change != 0 || (pwd->pw_fields & _PWF_CHANGE) != 0)
913
		result |= PW_CHANGE;
914
//	else
915
//		printf("No pw_change\n");
916

917
	if (pwd->pw_class != NULL && pwd->pw_class[0] != '\0')
918
		result |= PW_CLASS;
919
	else if ((pwd->pw_fields & _PWF_CLASS) != 0)
920
		result |= PW_CLASS;
921
//	else
922
//		printf("No pw_class\n");
923

924
	if (pwd->pw_gecos != NULL && pwd->pw_gecos[0] != '\0')
925
		result |= PW_GECOS;
926
	else if ((pwd->pw_fields & _PWF_GECOS) != 0)
927
		result |= PW_GECOS;
928
//	else
929
//		printf("No pw_gecos\n");
930

931
	if (pwd->pw_dir != NULL && pwd->pw_dir[0] != '\0')
932
		result |= PW_DIR;
933
	else if ((pwd->pw_fields & _PWF_DIR) != 0)
934
		result |= PW_DIR;
935
//	else
936
//		printf("No pw_dir\n");
937

938
	if (pwd->pw_shell != NULL && pwd->pw_shell[0] != '\0')
939
		result |= PW_SHELL;
940
	else if ((pwd->pw_fields & _PWF_SHELL) != 0)
941
		result |= PW_SHELL;
942
//	else
943
//		printf("No pw_shell\n");
944

945
	if (pwd->pw_expire != 0 || (pwd->pw_fields & _PWF_EXPIRE) != 0)
946
		result |= PW_EXPIRE;
947
//	else
948
//		printf("No pw_expire\n");
949

950
if (false && pwd->pw_fields != (int)result) {
951
printf("fields=0x%x != result=0x%x\n", (const unsigned int)pwd->pw_fields, result);
952
printf("           fields result\n");
953
printf("PW_NAME    %d      %d\n", (pwd->pw_fields & PW_NAME) != 0, (result & PW_NAME) != 0);
954
printf("PW_PASSWD  %d      %d\n", (pwd->pw_fields & PW_PASSWD) != 0, (result & PW_PASSWD) != 0);
955
printf("PW_UID     %d      %d\n", (pwd->pw_fields & PW_UID) != 0, (result & PW_UID) != 0);
956
printf("PW_GID     %d      %d\n", (pwd->pw_fields & PW_GID) != 0, (result & PW_GID) != 0);
957
printf("PW_CHANGE  %d      %d\n", (pwd->pw_fields & PW_CHANGE) != 0, (result & PW_CHANGE) != 0);
958
printf("PW_CLASS   %d      %d\n", (pwd->pw_fields & PW_CLASS) != 0, (result & PW_CLASS) != 0);
959
printf("PW_GECOS   %d      %d\n", (pwd->pw_fields & PW_GECOS) != 0, (result & PW_GECOS) != 0);
960
printf("PW_DIR     %d      %d\n", (pwd->pw_fields & PW_DIR) != 0, (result & PW_DIR) != 0);
961
printf("PW_SHELL   %d      %d\n", (pwd->pw_fields & PW_SHELL) != 0, (result & PW_SHELL) != 0);
962
printf("PW_EXPIRE  %d      %d\n", (pwd->pw_fields & PW_EXPIRE) != 0, (result & PW_EXPIRE) != 0);
963
}
964

965
//printf("result=0x%x\n", result);
966
	return (result);
967
}
968

969
static bool
970
runtest_fields(cap_channel_t *cappwd, unsigned int expected)
971
{
972
	char buf[1024];
973
	struct passwd *pwd;
974
	struct passwd st;
975

976
//printf("expected=0x%x\n", expected);
977
	cap_setpwent(cappwd);
978
	pwd = cap_getpwent(cappwd);
979
	if ((passwd_fields(pwd) & ~expected) != 0)
980
		return (false);
981

982
	cap_setpwent(cappwd);
983
	cap_getpwent_r(cappwd, &st, buf, sizeof(buf), &pwd);
984
	if ((passwd_fields(pwd) & ~expected) != 0)
985
		return (false);
986

987
	pwd = cap_getpwnam(cappwd, "root");
988
	if ((passwd_fields(pwd) & ~expected) != 0)
989
		return (false);
990

991
	cap_getpwnam_r(cappwd, "root", &st, buf, sizeof(buf), &pwd);
992
	if ((passwd_fields(pwd) & ~expected) != 0)
993
		return (false);
994

995
	pwd = cap_getpwuid(cappwd, UID_ROOT);
996
	if ((passwd_fields(pwd) & ~expected) != 0)
997
		return (false);
998

999
	cap_getpwuid_r(cappwd, UID_ROOT, &st, buf, sizeof(buf), &pwd);
1000
	if ((passwd_fields(pwd) & ~expected) != 0)
1001
		return (false);
1002

1003
	return (true);
1004
}
1005

1006
static void
1007
test_fields(cap_channel_t *origcappwd)
1008
{
1009
	cap_channel_t *cappwd;
1010
	const char *fields[10];
1011

1012
	/* No limits. */
1013

1014
	CHECK(runtest_fields(origcappwd, PW_NAME | PW_PASSWD | PW_UID |
1015
	    PW_GID | PW_CHANGE | PW_CLASS | PW_GECOS | PW_DIR | PW_SHELL |
1016
	    PW_EXPIRE));
1017

1018
	/*
1019
	 * Allow:
1020
	 * fields: pw_name, pw_passwd, pw_uid, pw_gid, pw_change, pw_class,
1021
	 *         pw_gecos, pw_dir, pw_shell, pw_expire
1022
	 */
1023
	cappwd = cap_clone(origcappwd);
1024
	CHECK(cappwd != NULL);
1025

1026
	fields[0] = "pw_name";
1027
	fields[1] = "pw_passwd";
1028
	fields[2] = "pw_uid";
1029
	fields[3] = "pw_gid";
1030
	fields[4] = "pw_change";
1031
	fields[5] = "pw_class";
1032
	fields[6] = "pw_gecos";
1033
	fields[7] = "pw_dir";
1034
	fields[8] = "pw_shell";
1035
	fields[9] = "pw_expire";
1036
	CHECK(cap_pwd_limit_fields(cappwd, fields, 10) == 0);
1037

1038
	CHECK(runtest_fields(origcappwd, PW_NAME | PW_PASSWD | PW_UID |
1039
	    PW_GID | PW_CHANGE | PW_CLASS | PW_GECOS | PW_DIR | PW_SHELL |
1040
	    PW_EXPIRE));
1041

1042
	cap_close(cappwd);
1043

1044
	/*
1045
	 * Allow:
1046
	 * fields: pw_name, pw_passwd, pw_uid, pw_gid, pw_change
1047
	 */
1048
	cappwd = cap_clone(origcappwd);
1049
	CHECK(cappwd != NULL);
1050

1051
	fields[0] = "pw_name";
1052
	fields[1] = "pw_passwd";
1053
	fields[2] = "pw_uid";
1054
	fields[3] = "pw_gid";
1055
	fields[4] = "pw_change";
1056
	CHECK(cap_pwd_limit_fields(cappwd, fields, 5) == 0);
1057
	fields[5] = "pw_class";
1058
	CHECK(cap_pwd_limit_fields(cappwd, fields, 6) == -1 &&
1059
	    errno == ENOTCAPABLE);
1060
	fields[0] = "pw_class";
1061
	CHECK(cap_pwd_limit_fields(cappwd, fields, 1) == -1 &&
1062
	    errno == ENOTCAPABLE);
1063

1064
	CHECK(runtest_fields(cappwd, PW_NAME | PW_PASSWD | PW_UID |
1065
	    PW_GID | PW_CHANGE));
1066

1067
	cap_close(cappwd);
1068

1069
	/*
1070
	 * Allow:
1071
	 * fields: pw_class, pw_gecos, pw_dir, pw_shell, pw_expire
1072
	 */
1073
	cappwd = cap_clone(origcappwd);
1074
	CHECK(cappwd != NULL);
1075

1076
	fields[0] = "pw_class";
1077
	fields[1] = "pw_gecos";
1078
	fields[2] = "pw_dir";
1079
	fields[3] = "pw_shell";
1080
	fields[4] = "pw_expire";
1081
	CHECK(cap_pwd_limit_fields(cappwd, fields, 5) == 0);
1082
	fields[5] = "pw_uid";
1083
	CHECK(cap_pwd_limit_fields(cappwd, fields, 6) == -1 &&
1084
	    errno == ENOTCAPABLE);
1085
	fields[0] = "pw_uid";
1086
	CHECK(cap_pwd_limit_fields(cappwd, fields, 1) == -1 &&
1087
	    errno == ENOTCAPABLE);
1088

1089
	CHECK(runtest_fields(cappwd, PW_CLASS | PW_GECOS | PW_DIR |
1090
	    PW_SHELL | PW_EXPIRE));
1091

1092
	cap_close(cappwd);
1093

1094
	/*
1095
	 * Allow:
1096
	 * fields: pw_name, pw_uid, pw_change, pw_gecos, pw_shell
1097
	 */
1098
	cappwd = cap_clone(origcappwd);
1099
	CHECK(cappwd != NULL);
1100

1101
	fields[0] = "pw_name";
1102
	fields[1] = "pw_uid";
1103
	fields[2] = "pw_change";
1104
	fields[3] = "pw_gecos";
1105
	fields[4] = "pw_shell";
1106
	CHECK(cap_pwd_limit_fields(cappwd, fields, 5) == 0);
1107
	fields[5] = "pw_class";
1108
	CHECK(cap_pwd_limit_fields(cappwd, fields, 6) == -1 &&
1109
	    errno == ENOTCAPABLE);
1110
	fields[0] = "pw_class";
1111
	CHECK(cap_pwd_limit_fields(cappwd, fields, 1) == -1 &&
1112
	    errno == ENOTCAPABLE);
1113

1114
	CHECK(runtest_fields(cappwd, PW_NAME | PW_UID | PW_CHANGE |
1115
	    PW_GECOS | PW_SHELL));
1116

1117
	cap_close(cappwd);
1118

1119
	/*
1120
	 * Allow:
1121
	 * fields: pw_passwd, pw_gid, pw_class, pw_dir, pw_expire
1122
	 */
1123
	cappwd = cap_clone(origcappwd);
1124
	CHECK(cappwd != NULL);
1125

1126
	fields[0] = "pw_passwd";
1127
	fields[1] = "pw_gid";
1128
	fields[2] = "pw_class";
1129
	fields[3] = "pw_dir";
1130
	fields[4] = "pw_expire";
1131
	CHECK(cap_pwd_limit_fields(cappwd, fields, 5) == 0);
1132
	fields[5] = "pw_uid";
1133
	CHECK(cap_pwd_limit_fields(cappwd, fields, 6) == -1 &&
1134
	    errno == ENOTCAPABLE);
1135
	fields[0] = "pw_uid";
1136
	CHECK(cap_pwd_limit_fields(cappwd, fields, 1) == -1 &&
1137
	    errno == ENOTCAPABLE);
1138

1139
	CHECK(runtest_fields(cappwd, PW_PASSWD | PW_GID | PW_CLASS |
1140
	    PW_DIR | PW_EXPIRE));
1141

1142
	cap_close(cappwd);
1143

1144
	/*
1145
	 * Allow:
1146
	 * fields: pw_uid, pw_class, pw_shell
1147
	 */
1148
	cappwd = cap_clone(origcappwd);
1149
	CHECK(cappwd != NULL);
1150

1151
	fields[0] = "pw_uid";
1152
	fields[1] = "pw_class";
1153
	fields[2] = "pw_shell";
1154
	CHECK(cap_pwd_limit_fields(cappwd, fields, 3) == 0);
1155
	fields[3] = "pw_change";
1156
	CHECK(cap_pwd_limit_fields(cappwd, fields, 4) == -1 &&
1157
	    errno == ENOTCAPABLE);
1158
	fields[0] = "pw_change";
1159
	CHECK(cap_pwd_limit_fields(cappwd, fields, 1) == -1 &&
1160
	    errno == ENOTCAPABLE);
1161

1162
	CHECK(runtest_fields(cappwd, PW_UID | PW_CLASS | PW_SHELL));
1163

1164
	cap_close(cappwd);
1165

1166
	/*
1167
	 * Allow:
1168
	 * fields: pw_change
1169
	 */
1170
	cappwd = cap_clone(origcappwd);
1171
	CHECK(cappwd != NULL);
1172

1173
	fields[0] = "pw_change";
1174
	CHECK(cap_pwd_limit_fields(cappwd, fields, 1) == 0);
1175
	fields[1] = "pw_uid";
1176
	CHECK(cap_pwd_limit_fields(cappwd, fields, 2) == -1 &&
1177
	    errno == ENOTCAPABLE);
1178
	fields[0] = "pw_uid";
1179
	CHECK(cap_pwd_limit_fields(cappwd, fields, 1) == -1 &&
1180
	    errno == ENOTCAPABLE);
1181

1182
	CHECK(runtest_fields(cappwd, PW_CHANGE));
1183

1184
	cap_close(cappwd);
1185
}
1186

1187
static bool
1188
runtest_users(cap_channel_t *cappwd, const char **names, const uid_t *uids,
1189
    size_t nusers)
1190
{
1191
	char buf[1024];
1192
	struct passwd *pwd;
1193
	struct passwd st;
1194
	unsigned int i, got;
1195

1196
	cap_setpwent(cappwd);
1197
	got = 0;
1198
	for (;;) {
1199
		pwd = cap_getpwent(cappwd);
1200
		if (pwd == NULL)
1201
			break;
1202
		got++;
1203
		for (i = 0; i < nusers; i++) {
1204
			if (strcmp(names[i], pwd->pw_name) == 0 &&
1205
			    uids[i] == pwd->pw_uid) {
1206
				break;
1207
			}
1208
		}
1209
		if (i == nusers)
1210
			return (false);
1211
	}
1212
	if (got != nusers)
1213
		return (false);
1214

1215
	cap_setpwent(cappwd);
1216
	got = 0;
1217
	for (;;) {
1218
		cap_getpwent_r(cappwd, &st, buf, sizeof(buf), &pwd);
1219
		if (pwd == NULL)
1220
			break;
1221
		got++;
1222
		for (i = 0; i < nusers; i++) {
1223
			if (strcmp(names[i], pwd->pw_name) == 0 &&
1224
			    uids[i] == pwd->pw_uid) {
1225
				break;
1226
			}
1227
		}
1228
		if (i == nusers)
1229
			return (false);
1230
	}
1231
	if (got != nusers)
1232
		return (false);
1233

1234
	for (i = 0; i < nusers; i++) {
1235
		pwd = cap_getpwnam(cappwd, names[i]);
1236
		if (pwd == NULL)
1237
			return (false);
1238
	}
1239

1240
	for (i = 0; i < nusers; i++) {
1241
		cap_getpwnam_r(cappwd, names[i], &st, buf, sizeof(buf), &pwd);
1242
		if (pwd == NULL)
1243
			return (false);
1244
	}
1245

1246
	for (i = 0; i < nusers; i++) {
1247
		pwd = cap_getpwuid(cappwd, uids[i]);
1248
		if (pwd == NULL)
1249
			return (false);
1250
	}
1251

1252
	for (i = 0; i < nusers; i++) {
1253
		cap_getpwuid_r(cappwd, uids[i], &st, buf, sizeof(buf), &pwd);
1254
		if (pwd == NULL)
1255
			return (false);
1256
	}
1257

1258
	return (true);
1259
}
1260

1261
static void
1262
test_users(cap_channel_t *origcappwd)
1263
{
1264
	cap_channel_t *cappwd;
1265
	const char *names[6];
1266
	uid_t uids[6];
1267

1268
	/*
1269
	 * Allow:
1270
	 * users:
1271
	 *     names: root, toor, daemon, operator, bin, tty
1272
	 *     uids:
1273
	 */
1274
	cappwd = cap_clone(origcappwd);
1275
	CHECK(cappwd != NULL);
1276

1277
	names[0] = "root";
1278
	names[1] = "toor";
1279
	names[2] = "daemon";
1280
	names[3] = "operator";
1281
	names[4] = "bin";
1282
	names[5] = "tty";
1283
	CHECK(cap_pwd_limit_users(cappwd, names, 6, NULL, 0) == 0);
1284
	uids[0] = 0;
1285
	uids[1] = 0;
1286
	uids[2] = 1;
1287
	uids[3] = 2;
1288
	uids[4] = 3;
1289
	uids[5] = 4;
1290

1291
	CHECK(runtest_users(cappwd, names, uids, 6));
1292

1293
	cap_close(cappwd);
1294

1295
	/*
1296
	 * Allow:
1297
	 * users:
1298
	 *     names: daemon, operator, bin
1299
	 *     uids:
1300
	 */
1301
	cappwd = cap_clone(origcappwd);
1302
	CHECK(cappwd != NULL);
1303

1304
	names[0] = "daemon";
1305
	names[1] = "operator";
1306
	names[2] = "bin";
1307
	CHECK(cap_pwd_limit_users(cappwd, names, 3, NULL, 0) == 0);
1308
	names[3] = "tty";
1309
	CHECK(cap_pwd_limit_users(cappwd, names, 4, NULL, 0) == -1 &&
1310
	    errno == ENOTCAPABLE);
1311
	names[0] = "tty";
1312
	CHECK(cap_pwd_limit_users(cappwd, names, 1, NULL, 0) == -1 &&
1313
	    errno == ENOTCAPABLE);
1314
	names[0] = "daemon";
1315
	uids[0] = 1;
1316
	uids[1] = 2;
1317
	uids[2] = 3;
1318

1319
	CHECK(runtest_users(cappwd, names, uids, 3));
1320

1321
	cap_close(cappwd);
1322

1323
	/*
1324
	 * Allow:
1325
	 * users:
1326
	 *     names: daemon, bin, tty
1327
	 *     uids:
1328
	 */
1329
	cappwd = cap_clone(origcappwd);
1330
	CHECK(cappwd != NULL);
1331

1332
	names[0] = "daemon";
1333
	names[1] = "bin";
1334
	names[2] = "tty";
1335
	CHECK(cap_pwd_limit_users(cappwd, names, 3, NULL, 0) == 0);
1336
	names[3] = "operator";
1337
	CHECK(cap_pwd_limit_users(cappwd, names, 4, NULL, 0) == -1 &&
1338
	    errno == ENOTCAPABLE);
1339
	names[0] = "operator";
1340
	CHECK(cap_pwd_limit_users(cappwd, names, 1, NULL, 0) == -1 &&
1341
	    errno == ENOTCAPABLE);
1342
	names[0] = "daemon";
1343
	uids[0] = 1;
1344
	uids[1] = 3;
1345
	uids[2] = 4;
1346

1347
	CHECK(runtest_users(cappwd, names, uids, 3));
1348

1349
	cap_close(cappwd);
1350

1351
	/*
1352
	 * Allow:
1353
	 * users:
1354
	 *     names:
1355
	 *     uids: 1, 2, 3
1356
	 */
1357
	cappwd = cap_clone(origcappwd);
1358
	CHECK(cappwd != NULL);
1359

1360
	names[0] = "daemon";
1361
	names[1] = "operator";
1362
	names[2] = "bin";
1363
	uids[0] = 1;
1364
	uids[1] = 2;
1365
	uids[2] = 3;
1366
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 3) == 0);
1367
	uids[3] = 4;
1368
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 4) == -1 &&
1369
	    errno == ENOTCAPABLE);
1370
	uids[0] = 4;
1371
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 1) == -1 &&
1372
	    errno == ENOTCAPABLE);
1373
	uids[0] = 1;
1374

1375
	CHECK(runtest_users(cappwd, names, uids, 3));
1376

1377
	cap_close(cappwd);
1378

1379
	/*
1380
	 * Allow:
1381
	 * users:
1382
	 *     names:
1383
	 *     uids: 1, 3, 4
1384
	 */
1385
	cappwd = cap_clone(origcappwd);
1386
	CHECK(cappwd != NULL);
1387

1388
	names[0] = "daemon";
1389
	names[1] = "bin";
1390
	names[2] = "tty";
1391
	uids[0] = 1;
1392
	uids[1] = 3;
1393
	uids[2] = 4;
1394
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 3) == 0);
1395
	uids[3] = 5;
1396
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 4) == -1 &&
1397
	    errno == ENOTCAPABLE);
1398
	uids[0] = 5;
1399
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 1) == -1 &&
1400
	    errno == ENOTCAPABLE);
1401
	uids[0] = 1;
1402

1403
	CHECK(runtest_users(cappwd, names, uids, 3));
1404

1405
	cap_close(cappwd);
1406

1407
	/*
1408
	 * Allow:
1409
	 * users:
1410
	 *     names: bin
1411
	 *     uids:
1412
	 */
1413
	cappwd = cap_clone(origcappwd);
1414
	CHECK(cappwd != NULL);
1415

1416
	names[0] = "bin";
1417
	CHECK(cap_pwd_limit_users(cappwd, names, 1, NULL, 0) == 0);
1418
	names[1] = "operator";
1419
	CHECK(cap_pwd_limit_users(cappwd, names, 2, NULL, 0) == -1 &&
1420
	    errno == ENOTCAPABLE);
1421
	names[0] = "operator";
1422
	CHECK(cap_pwd_limit_users(cappwd, names, 1, NULL, 0) == -1 &&
1423
	    errno == ENOTCAPABLE);
1424
	names[0] = "bin";
1425
	uids[0] = 3;
1426

1427
	CHECK(runtest_users(cappwd, names, uids, 1));
1428

1429
	cap_close(cappwd);
1430

1431
	/*
1432
	 * Allow:
1433
	 * users:
1434
	 *     names: daemon, tty
1435
	 *     uids:
1436
	 */
1437
	cappwd = cap_clone(origcappwd);
1438
	CHECK(cappwd != NULL);
1439

1440
	names[0] = "daemon";
1441
	names[1] = "tty";
1442
	CHECK(cap_pwd_limit_users(cappwd, names, 2, NULL, 0) == 0);
1443
	names[2] = "operator";
1444
	CHECK(cap_pwd_limit_users(cappwd, names, 3, NULL, 0) == -1 &&
1445
	    errno == ENOTCAPABLE);
1446
	names[0] = "operator";
1447
	CHECK(cap_pwd_limit_users(cappwd, names, 1, NULL, 0) == -1 &&
1448
	    errno == ENOTCAPABLE);
1449
	names[0] = "daemon";
1450
	uids[0] = 1;
1451
	uids[1] = 4;
1452

1453
	CHECK(runtest_users(cappwd, names, uids, 2));
1454

1455
	cap_close(cappwd);
1456

1457
	/*
1458
	 * Allow:
1459
	 * users:
1460
	 *     names:
1461
	 *     uids: 3
1462
	 */
1463
	cappwd = cap_clone(origcappwd);
1464
	CHECK(cappwd != NULL);
1465

1466
	names[0] = "bin";
1467
	uids[0] = 3;
1468
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 1) == 0);
1469
	uids[1] = 4;
1470
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 2) == -1 &&
1471
	    errno == ENOTCAPABLE);
1472
	uids[0] = 4;
1473
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 1) == -1 &&
1474
	    errno == ENOTCAPABLE);
1475
	uids[0] = 3;
1476

1477
	CHECK(runtest_users(cappwd, names, uids, 1));
1478

1479
	cap_close(cappwd);
1480

1481
	/*
1482
	 * Allow:
1483
	 * users:
1484
	 *     names:
1485
	 *     uids: 1, 4
1486
	 */
1487
	cappwd = cap_clone(origcappwd);
1488
	CHECK(cappwd != NULL);
1489

1490
	names[0] = "daemon";
1491
	names[1] = "tty";
1492
	uids[0] = 1;
1493
	uids[1] = 4;
1494
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 2) == 0);
1495
	uids[2] = 3;
1496
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 3) == -1 &&
1497
	    errno == ENOTCAPABLE);
1498
	uids[0] = 3;
1499
	CHECK(cap_pwd_limit_users(cappwd, NULL, 0, uids, 1) == -1 &&
1500
	    errno == ENOTCAPABLE);
1501
	uids[0] = 1;
1502

1503
	CHECK(runtest_users(cappwd, names, uids, 2));
1504

1505
	cap_close(cappwd);
1506
}
1507

1508
int
1509
main(void)
1510
{
1511
	cap_channel_t *capcas, *cappwd;
1512

1513
	printf("1..188\n");
1514
	fflush(stdout);
1515

1516
	capcas = cap_init();
1517
	CHECKX(capcas != NULL);
1518

1519
	cappwd = cap_service_open(capcas, "system.pwd");
1520
	CHECKX(cappwd != NULL);
1521

1522
	cap_close(capcas);
1523

1524
	/* No limits. */
1525

1526
	CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R | GETPWNAM |
1527
	    GETPWNAM_R | GETPWUID | GETPWUID_R));
1528

1529
	test_cmds(cappwd);
1530

1531
	test_fields(cappwd);
1532

1533
	test_users(cappwd);
1534

1535
	cap_close(cappwd);
1536

1537
	exit(0);
1538
}
1539

1540
Product

Resources

Company
