166
167
} /* splat_cred_test2() */
169
* On most/all systems it can be expected that a task with root
170
* permissions also is a member of the root group, Since the
171
* test suite is always run as root we check first that CRED() is
172
* a member of the root group, and secondly that it is not a member
173
* of our fake group. This test will break is someone happens to
174
* create group number NGROUPS_MAX-1 and then added root to it.
170
* Verify the groupmember() works correctly by constructing an interesting
171
* CRED() and checking that the expected gids are part of it.
177
174
splat_cred_test3(struct file *file, void *arg)
179
gid_t root_gid, fake_gid;
183
fake_gid = NGROUPS_MAX-1;
185
rc = groupmember(root_gid, CRED());
176
gid_t known_gid, missing_gid, tmp_gid;
178
struct group_info *gi;
181
get_random_bytes((void *)&rnd, 1);
182
known_gid = (rnd > 0) ? rnd : 1;
186
* Create an interesting known set of gids for test purposes. The
187
* gids are pseudo randomly selected are will be in the range of
188
* 1:(NGROUPS_MAX-1). Gid 0 is explicitly avoided so we can reliably
189
* test for its absence in the test cases.
191
gi = groups_alloc(NGROUPS_SMALL);
193
splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Failed create "
194
"group_info for known gids: %d\n", -ENOMEM);
199
for (i = 0, tmp_gid = known_gid; i < NGROUPS_SMALL; i++) {
200
splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Adding gid %d "
201
"to current CRED() (%d/%d)\n", tmp_gid, i, gi->ngroups);
202
#ifdef HAVE_KUIDGID_T
203
GROUP_AT(gi, i) = make_kgid(current_user_ns(), tmp_gid);
205
GROUP_AT(gi, i) = tmp_gid;
206
#endif /* HAVE_KUIDGID_T */
207
tmp_gid = ((tmp_gid * 17) % (NGROUPS_MAX - 1)) + 1;
210
/* Set the new groups in the CRED() and release our reference. */
211
rc = set_current_groups(gi);
215
splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Failed to add "
216
"gid %d to current group: %d\n", known_gid, rc);
220
/* Verify groupmember() finds the known_gid in the CRED() */
221
rc = groupmember(known_gid, CRED());
187
splat_vprint(file, SPLAT_CRED_TEST3_NAME,
188
"Failed root git %d expected to be member "
189
"of CRED() groups: %d\n", root_gid, rc);
193
rc = groupmember(fake_gid, CRED());
195
splat_vprint(file, SPLAT_CRED_TEST3_NAME,
196
"Failed fake git %d expected not to be member "
197
"of CRED() groups: %d\n", fake_gid, rc);
201
splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Success root gid "
202
"is a member of the expected groups: %d\n", rc);
223
splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Failed to find "
224
"known gid %d in CRED()'s groups.\n", known_gid);
229
/* Verify groupmember() does NOT finds the missing gid in the CRED() */
230
rc = groupmember(missing_gid, CRED());
232
splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Failed missing "
233
"gid %d was found in CRED()'s groups.\n", missing_gid);
238
splat_vprint(file, SPLAT_CRED_TEST3_NAME, "Success groupmember() "
239
"correctly detects expected gids in CRED(): %d\n", rc);
243
int i, grps = crgetngroups(CRED());
245
splat_vprint(file, SPLAT_CRED_TEST3_NAME, "%d groups: ", grps);
246
for (i = 0; i < grps; i++)
247
splat_print(file, "%d ", crgetgroups(CRED())[i]);
248
splat_print(file, "%s", "\n");
205
253
} /* splat_cred_test3() */
207
255
splat_subsystem_t *