RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2);
}
+int apply_smack_rule(const char *subject, const char *object, const char *rule)
+{
+ struct smack_accesses *ruleHandler = NULL;
+ if (smack_accesses_new(&ruleHandler) != 0)
+ goto error;
+ if (smack_accesses_add(ruleHandler, subject, object, rule) != 0)
+ goto error;
+ if (smack_accesses_apply(ruleHandler) != 0)
+ goto error;
+
+ smack_accesses_free(ruleHandler);
+ return 0;
+
+error:
+ smack_accesses_free(ruleHandler);
+ return -1;
+}
+
+RUNNER_TEST(tc01_security_server_get_uid_by_cookie)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //checking function
+ uid_t cookieUid, realUid;
+ realUid = getuid();
+ retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
+ RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
+
+ //checking for input parameters
+ retval = security_server_get_uid_by_cookie(NULL, &cookieUid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "Error in checking input parameters by function");
+ retval = security_server_get_uid_by_cookie(&cookie[0], NULL);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "Error in checking input parameters by function");
+}
+
+RUNNER_CHILD_TEST(tc01a_security_server_get_uid_by_cookie)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //preapare SMACK environment
+ RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
+ RUNNER_ASSERT_MSG(smack_revoke_subject("BialyMis") == 0, "Error in smack_revoke_subject");
+ //drop privileges
+ RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+
+ //checking function
+ uid_t cookieUid, realUid;
+ realUid = getuid();
+ retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_SOCKET, "Socket not protected by smack");
+}
+
+RUNNER_CHILD_TEST(tc01b_security_server_get_uid_by_cookie)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //preapare SMACK environment
+ RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
+ RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
+ //drop privileges
+ RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+
+ //checking function
+ uid_t cookieUid, realUid;
+ realUid = getuid();
+ retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
+ RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
+}
+
+
+
+RUNNER_TEST(tc02_security_server_get_gid_by_cookie)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //checking function
+ gid_t cookieGid, realGid;
+ realGid = getgid();
+ retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
+ RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID");
+
+ //checking for input parameters
+ retval = security_server_get_gid_by_cookie(NULL, &cookieGid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "Error in checking input parameters by function");
+ retval = security_server_get_gid_by_cookie(&cookie[0], NULL);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "Error in checking input parameters by function");
+
+}
+
+RUNNER_CHILD_TEST(tc02a_security_server_get_gid_by_cookie)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //preapare SMACK environment
+ RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
+ RUNNER_ASSERT_MSG(smack_revoke_subject("BialyMis") == 0, "Error in smack_revoke_subject");
+ //drop privileges
+ RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+
+ //checking function
+ gid_t cookieGid, realGid;
+ realGid = getgid();
+ retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_SOCKET, "Socket not protected by smack");
+}
+
+RUNNER_CHILD_TEST(tc02b_security_server_get_gid_by_cookie)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //preapare SMACK environment
+ RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
+ RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
+ //drop privileges
+ RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+
+ //checking function
+ gid_t cookieGid, realGid;
+ realGid = getgid();
+ retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
+ RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID");
+}
+
+
////////////////////
/////MAIN///////////
////////////////////