testcases/audit-test/libpam/tests/test_namespace.bash

   1 #!/bin/bash
   2 ###############################################################################
   3 # (c) Copyright Hewlett-Packard Development Company, L.P., 2006
   4 #
   5 #   This program is free software: you can redistribute it and/or modify
   6 #   it under the terms of version 2 the GNU General Public License as
   7 #   published by the Free Software Foundation.
   8 #
   9 #   This program is distributed in the hope that it will be useful,
  10 #   but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 #   GNU General Public License for more details.
  13 #
  14 #   You should have received a copy of the GNU General Public License
  15 #   along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 ###############################################################################
  17 #
  18 # PURPOSE:
  19 # Verify that with polyinstantiation enabled and configured for /tmp, users
  20 # get separate /tmp directories for each level that they log in as.
  21 # Procedure:
  22 # - Use semanage to configure the test user for s0-s2
  23 # - Setup the PAM namespace configuration for /tmp
  24 # - Cleanup any old /tmp files for the test user
  25 # - Audit open syscalls by the test user
  26 # - Log in as the test user at s0, create a file in /tmp, write the
  27 #   user's security context into it and log out.
  28 # - Verify the information in the audit record from creating the file.
  29 #   The name should be relative to the namespace.
  30 # - Log in as the test user at s2, create a file with the same name in /tmp,
  31 #   write the user's security context into it and log out.
  32 # - Verify the information in the audit record from creating the file.
  33 #   The name should be relative to the namespace.
  34 # - From the test harness, verify that the two files are found in
  35 #   the instance directories and  are different.
  36
  37 source pam_functions.bash || exit 2
  38
  39 # if in LSPP mode, map the TEST_USER to staff_u and give it a range
  40 if [[ $PPROFILE == "lspp" ]]; then
  41         semanage login -d $TEST_USER
  42         semanage login -a -s staff_u -r s0-s2 $TEST_USER
  43         # XXX should compute the context from the policy
  44         s0_context=staff_u:sysadm_r:sysadm_t:SystemLow
  45         s2_context=staff_u:sysadm_r:sysadm_t:Secret
  46         s0_obj=staff_u:object_r:sysadm_tmp_t:s0
  47         s2_obj=staff_u:object_r:sysadm_tmp_t:s2
  48         auid=$(id -u "$TEST_USER")
  49 else
  50         exit_error "Not in lspp mode"
  51 fi
  52
  53 # calling login in this manner leaves an entry in /var/run/utmp
  54 # use backup (and automatic restore) to work around this
  55 backup /var/run/utmp
  56
  57 # backup namespace.conf and configured it for the test case
  58 backup /etc/security/namespace.conf
  59 echo "/tmp /tmp-inst/ level root,adm" > /etc/security/namespace.conf
  60
  61 tmpinstdir=/tmp-inst
  62 tmpnewfile=/tmp/newfile
  63
  64 # cleanup old /tmp files
  65 rm -rf $tmpinstdir/*_$TEST_USER
  66
  67 # Force the audit log to rotate; add our rule.
  68 rotate_audit_logs || exit_error "log rotate failed"
  69 prepend_cleanup "auditctl -D"
  70 auditctl -a entry,always ${MODE:+-F arch=b$MODE} -S open -F uid=$auid || \
  71         exit_error "audit rule failed"
  72
  73 # Login as s0 and write the user's context to a file in /tmp.
  74 (
  75     export tmpnewfile
  76     expect -c '
  77         spawn login
  78         expect -nocase {login: $} {send "$env(TEST_USER)\r"}
  79         expect -nocase {password: $} {send "$env(TEST_USER_PASSWD)\r"}
  80         expect -nocase {level} {send "Y\r"}
  81         expect -nocase {role:} {send "\r"}
  82         expect -nocase {level:} {send "s0\r"}
  83         send "PS1=:\\::\r"
  84         expect {:::$} {send "id -Z > $env(tmpnewfile)\r"}
  85         expect {:::$} {close; wait}'
  86 )
  87 # Check the path and context in the audit record.
  88 augrok type==SYSCALL \
  89         subj=$s0_context auid=$auid success=yes \
  90         name=$tmpnewfile obj=$s0_obj\
  91         || exit_fail "missing audit record"
  92
  93 log_mark=$(stat -c %s $audit_log)
  94 # Login at s2 and write the user's context to a file in /tmp
  95 # Also write the user's context into localtmp.
  96 (
  97     export tmpnewfile
  98     expect -c '
  99         spawn login
 100         expect -nocase {login: $} {send "$env(TEST_USER)\r"}
 101         expect -nocase {password: $} {send "$env(TEST_USER_PASSWD)\r"}
 102         expect -nocase {level} {send "Y\r"}
 103         expect -nocase {role:} {send "\r"}
 104         expect -nocase {level:} {send "s2\r"}
 105         send "PS1=:\\::\r"
 106         expect {:::$} {send "id -Z > $env(tmpnewfile)\r"}
 107         expect {:::$} {close; wait}'
 108 )
 109
 110 # Check the path and context in the audit record.
 111 augrok --seek=$log_mark type==SYSCALL \
 112         subj=$s2_context auid=$auid success=yes \
 113         name=$tmpnewfile obj=$s2_obj\
 114         || exit_fail "missing audit record"
 115
 116 # verify that the files created by each login are different
 117 diff $tmpinstdir/*s0_$TEST_USER/newfile $tmpinstdir/*s2_$TEST_USER/newfile
 118 [[ $? == 0 ]] && exit_fail "Files match unexpectedly"
 119
 120 exit_pass