Enhance and expand kernel privilege regression tests in support of

work present in FreeBSD 7.0 to refine the kernel privilege model:

- Introduce support for jail as a testing variable, in order to
  confirm that privileges are properly restricted in the jail
  environment.

- Restructure overall testing approach so that privilege and jail
  conditions are set in the testing infrastructure before tests
  are invoked, and done so in a custom-created process to isolate
  the impact of tests from each other in a more consistent way.

- Tests now provide setup and cleanup hooks that occur before and
  after the test runs.

- New privilege tests are now present for several audit
  privileges, several credential management privileges, dmesg
  buffer reading privilege, and netinet raw socket creation.

- Other existing tests are restructured and generally improved as
  a result of better framework structure and jail as a variable.
  For exampe, we now test that certain sysctls are writable only
  outside jail, while others are writable within jail.  On a
  similar note, privileges relating to setting UFS file flags are
  now better exercised, as with the right to chmod and utimes
  files.

Approved by:	re (bmah)
Obtained from:	TrustedBSD Project

1 files changed, 40 insertions, 25 deletions

diff --git a/tools/regression/priv/priv_proc_setlogin.c b/tools/regression/priv/priv_proc_setlogin.c
index 6f5e756..f04b79f 100644
--- a/tools/regression/priv/priv_proc_setlogin.c
+++ b/tools/regression/priv/priv_proc_setlogin.c
@@ -1,5 +1,6 @@
 /*-
  * Copyright (c) 2006 nCircle Network Security, Inc.
+ * Copyright (c) 2007 Robert N. M. Watson
  * All rights reserved.
  *
  * This software was developed by Robert N. M. Watson for the TrustedBSD
@@ -30,44 +31,58 @@
  */
 
 /*
- * Test that privilege is required to call setlogin().  Do so by first
- * querying with getlogin(), then setting the result back using setlogin(),
- * at first with privilege, then without.
+ * Test privileges for setlogin(); first query with getlogin() so that the
+ * result is a no-op, since it affects the entire login session.
  */
 
+#include <sys/param.h>
+
 #include <err.h>
 #include <errno.h>
 #include <unistd.h>
 
 #include "main.h"
 
-void
-priv_proc_setlogin(void)
-{
-	char *loginname;
-	int error;
+static int initialized;
+static char *loginname;
 
-	assert_root();
+int
+priv_proc_setlogin_setup(int asroot, int injail, struct test *test)
+{
 
+	if (initialized)
+		return (0);
 	loginname = getlogin();
-	if (loginname == NULL)
-		err(-1, "getlogin");
+	if (loginname == NULL) {
+		warn("priv_proc_setlogin_setup: getlogin");
+		return (-1);
+	}
+	initialized = 1;
+	return (0);
+}
+
+void
+priv_proc_setlogin(int asroot, int injail, struct test *test)
+{
+	int error;
 
-	/*
-	 * First, with privilege.
-	 */
 	error = setlogin(loginname);
-	if (error)
-		err(-1, "setlogin(%s) as root", loginname);
+	if (asroot && injail)
+		expect("priv_proc_setlogin(asroot, injail)", error, 0, 0);
+	if (asroot && !injail)
+		expect("priv_proc_setlogin(asroot, !injail)", error, 0, 0);
+	if (!asroot && injail)
+		expect("priv_proc_setlogin(!sroot, injail)", error, -1,
+		    EPERM);
+	if (!asroot && !injail)
+		expect("priv_proc_setlogin(!asroot, !injail)", error, -1,
+		    EPERM);
+}
 
-	/*
-	 * Then again, without privilege.
-	 */
-	set_euid(UID_OTHER);
+void
+priv_proc_setlogin_cleanup(int asroot, int injail, struct test *test)
+{
 
-	error = setlogin(loginname);
-	if (error == 0)
-		errx(-1, "setlogin(%s) succeeded as !root", loginname);
-	if (errno != EPERM)
-		err(-1, "setlogin(%s) wrong errno %d", loginname, errno);
+	if (initialized)
+		(void)setlogin(loginname);
 }