#include <sys/stat.h>
#include <sys/types.h>
#include <vector>
+#include <grp.h>
+#include <pwd.h>
#include <libprivilege-control_test_common.h>
#include <tests_common.h>
fclose(f);
}
-void check_groups(const char *dac_file)
+void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
{
- std::set<unsigned> groups_check;
- read_gids(groups_check, dac_file);
+ int ret;
+
+ struct passwd *pw = getpwuid(user_id);
+ RUNNER_ASSERT_MSG_BT(pw != NULL, "getpwuid() failed.");
+
+ int groups_cnt = 0;
+ gid_t *groups_list = NULL;
+ ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
+ RUNNER_ASSERT_MSG_BT(ret == -1, "getgrouplist() failed.");
+ if (groups_cnt == 0)
+ return;
+ groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
+ RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed.");
+
+ ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
+ if (ret == -1) {
+ free(groups_list);
+ RUNNER_ASSERT_MSG_BT(false, "getgrouplist() failed.");
+ }
+ for (int i = 0; i < groups_cnt; ++i) {
+ set.insert(groups_list[i]);
+ }
+ free(groups_list);
+}
+
+void read_current_gids(std::set<unsigned> &set)
+{
int groups_cnt = getgroups(0, NULL);
- RUNNER_ASSERT_MSG_BT(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
+ RUNNER_ASSERT_MSG_BT(groups_cnt > 0, "Wrong number of supplementary groups.");
gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed");
- RUNNER_ASSERT_BT(-1 != getgroups(groups_cnt, groups_list));
+ RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed.");
+ if (getgroups(groups_cnt, groups_list) == -1){
+ free(groups_list);
+ RUNNER_ASSERT_MSG_BT(false, "getgroups failed.");
+ }
for (int i = 0; i < groups_cnt; ++i) {
- //getgroups() can return multiple number of the same group
- //they are returned in sequence, so we will given number when last
- //element of this number is reached
- if ((i < groups_cnt - 1) && (groups_list[i + 1] == groups_list[i]))
- continue;
- if (groups_check.erase(groups_list[i]) == 0) {
- // getgroups() may also return process' main group
- if (groups_list[i] != getgid())
- RUNNER_ASSERT_MSG_BT(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
- }
+ set.insert(groups_list[i]);
}
free(groups_list);
+}
+
+void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
+{
+ std::set<unsigned> groups_check;
+ std::set<unsigned> groups_current;
+ if(dac_file != NULL)
+ read_gids(groups_check, dac_file);
+ read_current_gids(groups_current);
+
std::string groups_left;
- for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
+ for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
+ {
+ (void)groups_check.erase(*it);
+ if(groups_current.erase(*it) == 0)
+ groups_left.append(std::to_string(*it)).append(" ");
+ }
+ RUNNER_ASSERT_MSG_BT(groups_left.empty(),
+ "Application lost some groups: " << groups_left);
+
+ for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
+ {
+ if(groups_current.erase(*it) == 0)
+ groups_left.append(std::to_string(*it)).append(" ");
+ }
+ RUNNER_ASSERT_MSG_BT(groups_left.empty(),
+ "Application doesn't belong to some required groups: " << groups_left);
+
+ for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
+ {
groups_left.append(std::to_string(*it)).append(" ");
}
- RUNNER_ASSERT_MSG_BT(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
+ RUNNER_ASSERT_MSG_BT(groups_left.empty(),
+ "Application belongs to groups it should't belong to: " << groups_left);
}
int file_exists(const char *path)
projects / platform / core / test / security-tests.git / blobdiff