1250226Sjkim/*- 295060Sjmallett * Copyright (c) 2006 nCircle Network Security, Inc. 395060Sjmallett * Copyright (c) 2007 Robert N. M. Watson 41590Srgrimes * All rights reserved. 51590Srgrimes * 61590Srgrimes * This software was developed by Robert N. M. Watson for the TrustedBSD 71590Srgrimes * Project under contract to nCircle Network Security, Inc. 81590Srgrimes * 91590Srgrimes * Redistribution and use in source and binary forms, with or without 101590Srgrimes * modification, are permitted provided that the following conditions 111590Srgrimes * are met: 121590Srgrimes * 1. Redistributions of source code must retain the above copyright 131590Srgrimes * notice, this list of conditions and the following disclaimer. 141590Srgrimes * 2. Redistributions in binary form must reproduce the above copyright 151590Srgrimes * notice, this list of conditions and the following disclaimer in the 161590Srgrimes * documentation and/or other materials provided with the distribution. 171590Srgrimes * 181590Srgrimes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19228063Sbapt * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 201590Srgrimes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 211590Srgrimes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 221590Srgrimes * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 231590Srgrimes * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 241590Srgrimes * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 251590Srgrimes * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 261590Srgrimes * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 271590Srgrimes * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 281590Srgrimes * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 291590Srgrimes * 301590Srgrimes * $FreeBSD$ 311590Srgrimes */ 321590Srgrimes 331590Srgrimes/* 341590Srgrimes * Check that privilege is required to set the sticky bit on a file but not a 351590Srgrimes * directory. 361590Srgrimes */ 371590Srgrimes 381590Srgrimes#include <sys/stat.h> 391590Srgrimes 401590Srgrimes#include <err.h> 41228063Sbapt#include <errno.h> 42228063Sbapt#include <unistd.h> 431590Srgrimes 4495060Sjmallett#include "main.h" 451590Srgrimes 46228063Sbaptchar fpath[1024]; 4795060Sjmallettint fpath_initialized; 4895060Sjmallett 491590Srgrimeschar dpath[1024]; 5095060Sjmallettint dpath_initialized; 5195060Sjmallett 5295060Sjmallettint 53228063Sbaptpriv_vfs_stickyfile_dir_fowner_setup(int asroot, int injail, 5480289Sobrien struct test *test) 55228063Sbapt{ 561590Srgrimes 571590Srgrimes setup_dir("priv_vfs_stickyfile_fowner_setup: dpath", dpath, 581590Srgrimes UID_OWNER, GID_OWNER, 0700); 591590Srgrimes dpath_initialized = 1; 601590Srgrimes return (0); 61228063Sbapt} 62228063Sbapt 6395060Sjmallettint 64228063Sbaptpriv_vfs_stickyfile_dir_fother_setup(int asroot, int injail, 65228063Sbapt struct test *test) 6695060Sjmallett{ 6795060Sjmallett 6895060Sjmallett setup_dir("priv_vfs_stickyfile_fother_setup: dpath", dpath, 691590Srgrimes UID_OTHER, GID_OTHER, 0700); 70228063Sbapt dpath_initialized = 1; 71228063Sbapt return (0); 72228063Sbapt} 73228063Sbapt 74228063Sbaptint 75228063Sbaptpriv_vfs_stickyfile_file_fowner_setup(int asroot, int injail, 7695060Sjmallett struct test *test) 7795060Sjmallett{ 7895060Sjmallett 7995060Sjmallett setup_file("priv_vfs_stickyfile_fowner_setup: fpath", fpath, 80228063Sbapt UID_OWNER, GID_OWNER, 0600); 81228063Sbapt fpath_initialized = 1; 821590Srgrimes return (0); 83228063Sbapt} 84228063Sbapt 85228063Sbaptint 86228063Sbaptpriv_vfs_stickyfile_file_fother_setup(int asroot, int injail, 87228063Sbapt struct test *test) 88241777Sed{ 8995060Sjmallett 9095060Sjmallett setup_file("priv_vfs_stickyfile_fother_setup: fpath", fpath, 9195060Sjmallett UID_OTHER, GID_OTHER, 0600); 9295060Sjmallett fpath_initialized = 1; 9395060Sjmallett return (0); 9495060Sjmallett} 9595060Sjmallett 9695060Sjmallettvoid 9795060Sjmallettpriv_vfs_stickyfile_dir_fowner(int asroot, int injail, struct test *test) 9895060Sjmallett{ 9995060Sjmallett int error; 10095060Sjmallett 10195060Sjmallett error = chmod(dpath, 0700 | S_ISTXT); 10295060Sjmallett if (asroot && injail) 10395060Sjmallett expect("priv_vfs_stickyfile_dir_fowner(root, jail)", error, 10495060Sjmallett 0, 0); 10595060Sjmallett if (asroot && !injail) 1061590Srgrimes expect("priv_vfs_stickyfile_dir_fowner(root, !jail)", error, 10795060Sjmallett 0, 0); 10895060Sjmallett if (!asroot && injail) 109228063Sbapt expect("priv_vfs_stickyfile_dir_fowner(!root, jail)", error, 11095060Sjmallett 0, 0); 11195060Sjmallett if (!asroot && !injail) 11295060Sjmallett expect("priv_vfs_stickyfile_dir_fowner(!root, !jail)", error, 11395060Sjmallett 0, 0); 11495060Sjmallett} 11595060Sjmallett 11695060Sjmallettvoid 1171590Srgrimespriv_vfs_stickyfile_dir_fother(int asroot, int injail, struct test *test) 11895060Sjmallett{ 11995060Sjmallett int error; 12095060Sjmallett 12195060Sjmallett error = chmod(dpath, 0700 | S_ISTXT); 12295060Sjmallett if (asroot && injail) 12395060Sjmallett expect("priv_vfs_stickyfile_dir_fother(root, jail)", error, 12495060Sjmallett 0, 0); 12595060Sjmallett if (asroot && !injail) 12695060Sjmallett expect("priv_vfs_stickyfile_dir_fother(root, !jail)", error, 127228063Sbapt 0, 0); 12895060Sjmallett if (!asroot && injail) 12995060Sjmallett expect("priv_vfs_stickyfile_dir_fother(!root, jail)", error, 13095060Sjmallett -1, EPERM); 13195060Sjmallett if (!asroot && !injail) 13295060Sjmallett expect("priv_vfs_stickyfile_dir_fother(!root, !jail)", error, 13395060Sjmallett -1, EPERM); 13495060Sjmallett} 1351590Srgrimes 136100014Sjmallettvoid 13795060Sjmallettpriv_vfs_stickyfile_file_fowner(int asroot, int injail, struct test *test) 1381590Srgrimes{ 1391590Srgrimes int error; 14095060Sjmallett 1411590Srgrimes error = chmod(fpath, 0600 | S_ISTXT); 1421590Srgrimes if (asroot && injail) 1431590Srgrimes expect("priv_vfs_stickyfile_file_fowner(root, jail)", error, 1441590Srgrimes 0, 0); 1451590Srgrimes if (asroot && !injail) 1461590Srgrimes expect("priv_vfs_stickyfile_file_fowner(root, !jail)", error, 14795060Sjmallett 0, 0); 14895060Sjmallett if (!asroot && injail) 14995060Sjmallett expect("priv_vfs_stickyfile_file_fowner(!root, jail)", error, 15095060Sjmallett -1, EFTYPE); 15195060Sjmallett if (!asroot && !injail) 15295060Sjmallett expect("priv_vfs_stickyfile_file_fowner(!root, !jail)", error, 15395060Sjmallett -1, EFTYPE); 15495060Sjmallett} 15595060Sjmallett 15695060Sjmallettvoid 15795060Sjmallettpriv_vfs_stickyfile_file_fother(int asroot, int injail, struct test *test) 15895060Sjmallett{ 15995060Sjmallett int error; 160228063Sbapt 161228063Sbapt error = chmod(fpath, 0600 | S_ISTXT); 16295060Sjmallett if (asroot && injail) 16395060Sjmallett expect("priv_vfs_stickyfile_file_fother(root, jail)", error, 16495060Sjmallett 0, 0); 165228063Sbapt if (asroot && !injail) 166228063Sbapt expect("priv_vfs_stickyfile_file_fother(root, !jail)", error, 167234310Sbapt 0, 0); 168234310Sbapt if (!asroot && injail) 1691590Srgrimes expect("priv_vfs_stickyfile_file_fother(!root, jail)", error, 17095887Sjmallett -1, EPERM); 1711590Srgrimes if (!asroot && !injail) 17295060Sjmallett expect("priv_vfs_stickyfile_file_fother(!root, !jail)", error, 17395060Sjmallett -1, EPERM); 1741590Srgrimes} 1751590Srgrimes 1761590Srgrimesvoid 1771590Srgrimespriv_vfs_stickyfile_dir_cleanup(int asroot, int injail, struct test *test) 1781590Srgrimes{ 179228063Sbapt 18095060Sjmallett if (dpath_initialized) { 18195060Sjmallett (void)rmdir(dpath); 1821590Srgrimes dpath_initialized = 0; 183228063Sbapt } 184228063Sbapt} 18595060Sjmallett 18695060Sjmallettvoid 18795060Sjmallettpriv_vfs_stickyfile_file_cleanup(int asroot, int injail, struct test *test) 18895060Sjmallett{ 18995060Sjmallett 190228063Sbapt if (fpath_initialized) { 1911590Srgrimes (void)unlink(fpath); 192228063Sbapt fpath_initialized = 0; 1931590Srgrimes } 1941590Srgrimes} 1951590Srgrimes