/* * * Copyright (c) International Business Machines Corp., 2004 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See * the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ /* * Test Name: bind02 * * Test Description: * Make sure bind() gives EACCESS error for (non-root) users. * * Usage: <for command-line> * bind01 [-c n] [-e] [-i n] [-I x] [-P x] [-t] * where, -c n : Run n copies concurrently. * -e : Turn on errno logging. * -i n : Execute test n times. * -I x : Execute test for x seconds. * -P x : Pause for x seconds between iterations. * -t : Turn on syscall timing. * * HISTORY * 07/2004 Written by Dan Jones * 07/2004 Ported to LTP format by Robbie Williamson * * RESTRICTIONS: * None. * */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <errno.h> #include <fcntl.h> #include <pwd.h> #include <grp.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/un.h> #include <netinet/in.h> #include "test.h" char *TCID = "bind02"; int testno; int TST_TOTAL = 1; /* This port needs to be a Privledged port */ #define TCP_PRIVLEGED_COM_PORT 463 struct passwd *pw; struct group *gr; uid_t uid; gid_t gid; int rc; void try_bind(void) { struct sockaddr_in servaddr; int sockfd, r_value; // Set effective user/group if ((rc = setegid(gid)) == -1) { tst_brkm(TBROK | TERRNO, 0, "setegid(%u) failed", gid); } if ((rc = seteuid(uid)) == -1) { tst_brkm(TBROK | TERRNO, 0, "seteuid(%u) failed", uid); } if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { tst_brkm(TBROK | TERRNO, 0, "socket() failed"); } memset(&servaddr, 0, sizeof(servaddr)); servaddr.sin_family = AF_INET; servaddr.sin_port = htons(TCP_PRIVLEGED_COM_PORT); servaddr.sin_addr.s_addr = htonl(INADDR_ANY); r_value = bind(sockfd, (struct sockaddr *)&servaddr, sizeof(servaddr)); if (r_value) { if (errno == EACCES) { tst_resm(TPASS, "correct error"); } else { tst_resm(TFAIL, "incorrect error, %d", r_value); } } else { tst_resm(TFAIL, "user was able to bind successfully"); } close(sockfd); // Set effective user/group if ((rc = setegid(0)) == -1) { tst_brkm(TBROK | TERRNO, 0, "setegid(0) reset failed"); } if ((rc = seteuid(uid)) == -1) { /* XXX: is this seteuid() correct !? it isnt a reset if we * made the same exact call above ... */ tst_brkm(TBROK | TERRNO, 0, "seteuid(%u) reset failed", uid); } } int main(int argc, char *argv[]) { char *username = "nobody"; tst_parse_opts(argc, argv, NULL, NULL); tst_require_root(); if ((pw = getpwnam(username)) == NULL) { tst_brkm(TBROK, 0, "Username - %s - not found", username); } if ((gr = getgrgid(pw->pw_gid)) == NULL) { tst_brkm(TBROK | TERRNO, 0, "getgrgid(%u) failed", pw->pw_gid); } uid = pw->pw_uid; gid = gr->gr_gid; tst_resm(TINFO, "Socket will try to be bind by user: %s, group: %s", pw->pw_name, gr->gr_name); try_bind(); tst_exit(); }