tests/posix_spawn_posix_cred.c

   1 #include <darwintest.h>
   2
   3 #include <errno.h>
   4 #include <libproc.h>
   5 #include <signal.h>
   6 #include <spawn.h>
   7 #include <spawn_private.h>
   8 #include <stdbool.h>
   9 #include <stdint.h>
  10 #include <stdio.h>
  11 #include <stdlib.h>
  12 #include <string.h>
  13 #include <sys/kauth.h>
  14 #include <sys/proc_info.h>
  15 #include <sys/spawn_internal.h>
  16 #include <sys/sysctl.h>
  17 #include <sysexits.h>
  18 #include <unistd.h>
  19
  20 T_GLOBAL_META(T_META_RUN_CONCURRENTLY(true));
  21
  22 T_DECL(posix_spawn_posix_cred, "Check posix_spawnattr for POSIX creds",
  23     T_META_ASROOT(true))
  24 {
  25         posix_spawnattr_t attr;
  26         int ret;
  27
  28         ret = posix_spawnattr_init(&attr);
  29         T_QUIET;
  30         T_ASSERT_POSIX_SUCCESS(ret, "posix_spawnattr_init");
  31
  32         ret = posix_spawnattr_setflags(&attr, POSIX_SPAWN_START_SUSPENDED);
  33         T_QUIET;
  34         T_ASSERT_POSIX_SUCCESS(ret, "posix_spawnattr_setflags");
  35
  36         ret = posix_spawnattr_setflags(&attr, POSIX_SPAWN_SETSID);
  37         T_ASSERT_POSIX_SUCCESS(ret, "posix_spawnattr_setflags(POSIX_SPAWN_SETSID)");
  38
  39         ret = posix_spawnattr_set_uid_np(&attr, 502);
  40         T_ASSERT_POSIX_SUCCESS(ret, "posix_spawnattr_set_uid_np");
  41
  42         ret = posix_spawnattr_set_gid_np(&attr, 501);
  43         T_ASSERT_POSIX_SUCCESS(ret, "posix_spawnattr_set_gid_np");
  44
  45         gid_t groups[3] = { 501, 250, 299 };
  46         ret = posix_spawnattr_set_groups_np(&attr, 3, &groups, KAUTH_UID_NONE);
  47         T_ASSERT_POSIX_SUCCESS(ret, "posix_spawnattr_set_groups_np");
  48
  49         ret = posix_spawnattr_set_login_np(&attr, "fake-name");
  50         T_ASSERT_POSIX_SUCCESS(ret, "posix_spawnattr_set_login_np");
  51
  52         char * const    prog = "/bin/sh";
  53         char * const    argv_child[] = { prog,
  54                                          "-c",
  55                                          "test $(logname) = \"fake-name\" -a \"$(id -G)\" = \"501 250 299\"",
  56                                          NULL, };
  57         pid_t           child_pid;
  58         extern char   **environ;
  59
  60         ret = posix_spawn(&child_pid, prog, NULL, &attr, argv_child, environ);
  61         T_ASSERT_POSIX_SUCCESS(ret, "posix_spawn");
  62
  63         T_LOG("parent: spawned child with pid %d\n", child_pid);
  64
  65         ret = posix_spawnattr_destroy(&attr);
  66         T_QUIET;
  67         T_ASSERT_POSIX_SUCCESS(ret, "posix_spawnattr_destroy");
  68
  69         struct proc_bsdinfo info;
  70
  71         ret = proc_pidinfo(child_pid, PROC_PIDTBSDINFO, 1, &info, sizeof(info));
  72         T_QUIET;
  73         T_ASSERT_EQ(ret, (int)sizeof(info), "proc_pidinfo(PROC_PIDTBSDINFO)");
  74
  75         T_EXPECT_TRUE((bool)(info.pbi_flags & PROC_FLAG_SLEADER),
  76             "check setsid happened");
  77         T_EXPECT_EQ(info.pbi_uid, 502, "UID was set");
  78         T_EXPECT_EQ(info.pbi_gid, 501, "GID was set");
  79
  80         ret = kill(child_pid, SIGCONT);
  81         T_ASSERT_POSIX_SUCCESS(ret, "kill(signal)");
  82
  83         T_LOG("parent: waiting for child process\n");
  84
  85         int status = 0;
  86         int waitpid_result = waitpid(child_pid, &status, 0);
  87         T_ASSERT_POSIX_SUCCESS(waitpid_result, "waitpid");
  88         T_ASSERT_EQ(waitpid_result, child_pid, "waitpid should return child we spawned");
  89         T_ASSERT_EQ(WIFEXITED(status), 1, "child should have exited normally");
  90         T_ASSERT_EQ(WEXITSTATUS(status), EX_OK, "child should have exited with success");
  91 }