procyberian/WSL
2
0
Fork 0
mirror of https://github.com/microsoft/WSL.git synced 2025-07-04 07:43:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
WSL/test/linux/unit_tests/keymgmt.c

517 lines
16 KiB
C
Raw Permalink Normal View History

Initial open source commit for WSL. Many Microsoft employees have contributed to the Windows Subsystem for Linux, this commit is the result of their work since 2016. The entire history of the Windows Subsystem for Linux can't be shared here, but here's an overview of WSL's history after it moved to it own repository in 2021: Number of commits on the main branch: 2930 Number of contributors: 31 Head over https://github.com/microsoft/WSL/releases for a more detailed history of the features added to WSL since 2021.
2025-05-15 12:09:45 -07:00
/*++
Copyright (c) Microsoft. All rights reserved.
Module Name:
Keymgmt.c
Abstract:
This file is a keymgmt test.
--*/
#include "lxtcommon.h"
#include "unittests.h"
#include <linux/keyctl.h>
#define LXT_NAME "Keymgmt"
#define LXT_KEYMGMT_DESCRIBE_LENGTH 128
#define LxtKeyCtl(_Cmd, _Arg2, _Arg3, _Arg4, _Arg5) syscall(SYS_keyctl, (_Cmd), (_Arg2), (_Arg3), (_Arg4), (_Arg5))
#define LxtAdd_Key(_Type, _Desc, _Payload, _Length, _KeyRing) \
syscall(SYS_add_key, (_Type), (_Desc), (_Payload), (_Length), (_KeyRing))
#define LxtRequest_Key(_Type, _Desc, _Info, _KeyRing) syscall(SYS_request_key, (_Type), (_Desc), (_Info), (_KeyRing))
#define KEY_POS_VIEW 0x01000000
#define KEY_POS_READ 0x02000000
#define KEY_POS_WRITE 0x04000000
#define KEY_POS_SEARCH 0x08000000
#define KEY_POS_LINK 0x10000000
#define KEY_POS_SETATTR 0x20000000
#define KEY_POS_ALL 0x3f000000
#define KEY_USR_VIEW 0x00010000
#define KEY_USR_READ 0x00020000
#define KEY_USR_WRITE 0x00040000
#define KEY_USR_SEARCH 0x00080000
#define KEY_USR_LINK 0x00100000
#define KEY_USR_SETATTR 0x00200000
#define KEY_USR_ALL 0x003f0000
#define KEY_GRP_VIEW 0x00000100
#define KEY_GRP_READ 0x00000200
#define KEY_GRP_WRITE 0x00000400
#define KEY_GRP_SEARCH 0x00000800
#define KEY_GRP_LINK 0x00001000
#define KEY_GRP_SETATTR 0x00002000
#define KEY_GRP_ALL 0x00003f00
#define KEY_OTH_VIEW 0x00000001
#define KEY_OTH_READ 0x00000002
#define KEY_OTH_WRITE 0x00000004
#define KEY_OTH_SEARCH 0x00000008
#define KEY_OTH_LINK 0x00000010
#define KEY_OTH_SETATTR 0x00000020
#define KEY_OTH_ALL 0x0000003f
#define KEY_INVALID -1
#define LXT_KEYMGMT_ALLPERMS (KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)
#define LXT_KEYMGMT_DEFAULTPERMS (0x3f130000)
#define LXT_KEYMGMT_DEFAULTPERMS_STRING "3f130000"
#define LXT_KEYMGMT_NEWPERMS (0x3f3f0000)
#define LXT_KEYMGMT_NEWPERMS_STRING "3f3f0000"
#define LXT_KEYMGMT_SESIONKEYRING_NAME "sessionkeyring"
#define LXT_KEYMGMT_SESIONKEYRING_DEFAULTPERMS "keyring;0;0;" LXT_KEYMGMT_DEFAULTPERMS_STRING ";" LXT_KEYMGMT_SESIONKEYRING_NAME
#define LXT_KEYMGMT_SESIONKEYRING_NEWPERMS "keyring;0;0;" LXT_KEYMGMT_NEWPERMS_STRING ";" LXT_KEYMGMT_SESIONKEYRING_NAME
#define LXT_KEYMGMT_SESIONKEYRING2_NAME "sessionkeyring2"
#define LXT_KEYMGMT_SESIONKEYRING2_DEFAULTPERMS "keyring;0;0;" LXT_KEYMGMT_DEFAULTPERMS_STRING ";" LXT_KEYMGMT_SESIONKEYRING2_NAME
#define LX_KEYMGMT_LONG_NAME_SIZE (4096 + 1)
LXT_VARIATION_HANDLER KeymgmtSessionKeyringAssociation;
LXT_VARIATION_HANDLER KeymgmtJoinSessionKeyring;
LXT_VARIATION_HANDLER KeymgmtDescribe;
LXT_VARIATION_HANDLER KeymgmtSetPerm;
//
// Global constants
//
//
// TODO_LX: Enable KeymgmtSessionKeyringAssociation when supported.
//
static const LXT_VARIATION g_LxtVariations[] = {
{"Keymgmt - KEYCTL_JOIN_SESSION_KEYRING", KeymgmtJoinSessionKeyring},
{"Keymgmt - KEYCTL_DESCRIBE", KeymgmtDescribe},
{"Keymgmt - KEYCTL_SETPERM", KeymgmtSetPerm},
/*{"Keymgmt session keyring association", KeymgmtSessionKeyringAssociation}*/};
int KeymgmtTestEntry(int Argc, char* Argv[])
/*++
--*/
{
LXT_ARGS Args;
int Result;
LxtCheckResult(LxtInitialize(Argc, Argv, &Args, LXT_NAME));
LxtCheckResult(LxtRunVariations(&Args, g_LxtVariations, LXT_COUNT_OF(g_LxtVariations)));
ErrorExit:
LxtUninitialize();
return !LXT_SUCCESS(Result);
}
void* KeymgmtSessionKeyringAssociationThread(void* Args)
{
char KeyBufferNew[LXT_KEYMGMT_DESCRIBE_LENGTH];
int32_t* KeySerial;
int32_t KeySerialNew;
int KeyType;
int Result;
KeyType = KEY_SPEC_SESSION_KEYRING;
//
// Check that the session keyring id didn't change.
//
KeySerial = Args;
LxtCheckErrno(KeySerialNew = LxtKeyCtl(KEYCTL_GET_KEYRING_ID, KeyType, 0, 0, 0));
LxtCheckEqual(*KeySerial, KeySerialNew, "%d");
LxtCheckErrno(LxtKeyCtl(KEYCTL_SETPERM, KeySerialNew, LXT_KEYMGMT_ALLPERMS, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerialNew, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringNotEqual(LXT_KEYMGMT_SESIONKEYRING_DEFAULTPERMS, KeyBufferNew);
ErrorExit:
pthread_exit(&Result);
}
int KeymgmtSessionKeyringAssociation(PLXT_ARGS Args)
/*++
--*/
{
pid_t ChildPid;
char KeyBuffer[LXT_KEYMGMT_DESCRIBE_LENGTH];
char KeyBufferNew[LXT_KEYMGMT_DESCRIBE_LENGTH];
int32_t KeySerial;
int32_t KeySerialNew;
int32_t KeySerialOriginal;
int KeyType;
int Result;
pthread_t Thread = {0};
ChildPid = -1;
KeyType = KEY_SPEC_SESSION_KEYRING;
//
// This test checks to see where the session keyring is assocaited. The
// documentation is unclear if it is the threadgroup, thread, or user
// namespace. The test below validates that the session keyring is
// associated to the threadgroup and inherited across fork.
//
//
// Get the current session keyring and check that is changes when a new
// session keyring is created.
//
KeySerialOriginal = LxtKeyCtl(KEYCTL_GET_KEYRING_ID, KeyType, 0, 0, 0);
if (KeySerialOriginal == -1)
{
KeySerialOriginal = 0;
}
LxtCheckErrno(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, LXT_KEYMGMT_SESIONKEYRING_NAME, 0, 0, 0));
LxtCheckNotEqual(KeySerialOriginal, KeySerial, "%d");
LxtLogInfo("Key %d", KeySerial);
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBuffer, sizeof(KeyBuffer), 0));
LxtCheckStringEqual(KeyBuffer, LXT_KEYMGMT_SESIONKEYRING_DEFAULTPERMS);
LxtCheckErrno(LxtKeyCtl(KEYCTL_SETPERM, KeySerial, LXT_KEYMGMT_ALLPERMS, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringNotEqual(KeyBuffer, KeyBufferNew);
LxtCheckErrno(LxtKeyCtl(KEYCTL_SETPERM, KeySerial, LXT_KEYMGMT_DEFAULTPERMS, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringEqual(KeyBuffer, KeyBufferNew);
//
// Create a child process and thread, checking that the session keyring id
// continues to be assocaited.
//
LxtCheckErrno(ChildPid = fork());
if (ChildPid == 0)
{
LxtCheckErrno(KeySerialNew = LxtKeyCtl(KEYCTL_GET_KEYRING_ID, KeyType, 0, 0, 0));
LxtCheckEqual(KeySerial, KeySerialNew, "%d");
LxtCheckErrno(LxtKeyCtl(KEYCTL_SETPERM, KeySerial, LXT_KEYMGMT_ALLPERMS, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringNotEqual(KeyBuffer, KeyBufferNew);
_exit(LXT_RESULT_SUCCESS);
}
LxtCheckResult(LxtWaitPidPoll(ChildPid, LXT_RESULT_SUCCESS));
//
// The changes from the child threadgroup should reflect into the parent.
//
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringNotEqual(KeyBuffer, KeyBufferNew);
LxtCheckErrno(LxtKeyCtl(KEYCTL_SETPERM, KeySerial, LXT_KEYMGMT_DEFAULTPERMS, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringEqual(KeyBuffer, KeyBufferNew);
//
// Repeat the scenario with a thread.
//
LxtCheckErrno(pthread_create(&Thread, NULL, KeymgmtSessionKeyringAssociationThread, &KeySerial));
pthread_join(Thread, NULL);
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringNotEqual(KeyBuffer, KeyBufferNew);
LxtCheckErrno(LxtKeyCtl(KEYCTL_SETPERM, KeySerial, LXT_KEYMGMT_DEFAULTPERMS, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringEqual(KeyBuffer, KeyBufferNew);
//
// Create a user namespace and check that the session keyring id continues
// to be assocaited.
//
LxtCheckErrno(ChildPid = fork());
if (ChildPid == 0)
{
LxtCheckErrno(KeySerialNew = LxtKeyCtl(KEYCTL_GET_KEYRING_ID, KeyType, 0, 0, 0));
LxtCheckEqual(KeySerial, KeySerialNew, "%d");
LxtCheckErrno(unshare(CLONE_NEWUSER));
LxtCheckErrno(KeySerialNew = LxtKeyCtl(KEYCTL_GET_KEYRING_ID, KeyType, 0, 0, 0));
LxtCheckEqual(KeySerial, KeySerialNew, "%d");
LxtCheckErrno(LxtKeyCtl(KEYCTL_SETPERM, KeySerial, LXT_KEYMGMT_ALLPERMS, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringNotEqual(KeyBuffer, KeyBufferNew);
_exit(LXT_RESULT_SUCCESS);
}
LxtCheckResult(LxtWaitPidPoll(ChildPid, LXT_RESULT_SUCCESS));
//
// The changes from the child threadgroup should reflect into the parent.
//
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringNotEqual(KeyBuffer, KeyBufferNew);
LxtCheckErrno(LxtKeyCtl(KEYCTL_SETPERM, KeySerial, LXT_KEYMGMT_DEFAULTPERMS, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBufferNew, sizeof(KeyBufferNew), 0));
LxtCheckStringEqual(KeyBuffer, KeyBufferNew);
Result = LXT_RESULT_SUCCESS;
ErrorExit:
if (ChildPid == 0)
{
_exit(Result);
}
return Result;
}
int KeymgmtJoinSessionKeyring(PLXT_ARGS Args)
/*++
--*/
{
pid_t ChildPid = -1;
int Index;
char* LongName = NULL;
char KeyBuffer[LXT_KEYMGMT_DESCRIBE_LENGTH];
int32_t KeySerial;
int32_t KeySerial2;
LXT_PIPE Pipe = {-1, -1};
int Result;
char* ValidNames[] = {"1", "a", "1a", ";", "name with a space ", "name with a tab\t", "name with a new line\n"};
//
// This test checks how KEYCTL_JOIN_SESSION_KEYRING handles keyrings.
//
//
// Check for valid names.
//
for (Index = 0; Index < LXT_COUNT_OF(ValidNames); ++Index)
{
LxtCheckErrno(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, ValidNames[Index], 0, 0, 0));
}
//
// Check for a really long name.
//
LongName = LxtAlloc(LX_KEYMGMT_LONG_NAME_SIZE);
if (LongName == 0)
{
Result = LXT_RESULT_FAILURE;
goto ErrorExit;
}
memset(LongName, 'a', LX_KEYMGMT_LONG_NAME_SIZE);
LongName[LX_KEYMGMT_LONG_NAME_SIZE - 1] = 0;
LxtCheckErrnoFailure(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, LongName, 0, 0, 0), EINVAL);
LongName[LX_KEYMGMT_LONG_NAME_SIZE - 2] = 0;
LxtCheckErrno(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, LongName, 0, 0, 0));
//
// TODO_LX: Add support for NULL name when supported.
//
//
// Invalid parameters.
//
LxtCheckErrnoFailure(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, (void*)0x1, 0, 0, 0), EFAULT);
//
// Check for lifetime.
//
LxtCheckResult(LxtCreatePipe(&Pipe));
LxtCheckResult(ChildPid = fork());
if (ChildPid == 0)
{
LxtCheckErrno(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, LXT_KEYMGMT_SESIONKEYRING_NAME, 0, 0, 0));
LxtCheckErrno(write(Pipe.Write, &KeySerial, sizeof(KeySerial)));
_exit(0);
}
LxtCheckErrno(read(Pipe.Read, &KeySerial, sizeof(KeySerial)));
LxtCheckResult(LxtWaitPidPoll(ChildPid, 0));
sleep(1);
LxtCheckErrnoFailure(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBuffer, sizeof(KeyBuffer), 0), ENOKEY);
LxtCheckResult(ChildPid = fork());
if (ChildPid == 0)
{
LxtCheckErrno(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, LXT_KEYMGMT_SESIONKEYRING_NAME, 0, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBuffer, sizeof(KeyBuffer), 0));
LxtCheckStringEqual(KeyBuffer, LXT_KEYMGMT_SESIONKEYRING_DEFAULTPERMS);
LxtCheckErrno(KeySerial2 = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, LXT_KEYMGMT_SESIONKEYRING2_NAME, 0, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial2, KeyBuffer, sizeof(KeyBuffer), 0));
LxtCheckStringEqual(KeyBuffer, LXT_KEYMGMT_SESIONKEYRING2_DEFAULTPERMS);
sleep(1);
LxtCheckErrnoFailure(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBuffer, sizeof(KeyBuffer), 0), ENOKEY);
_exit(0);
}
LxtCheckResult(LxtWaitPidPoll(ChildPid, 0));
Result = LXT_RESULT_SUCCESS;
ErrorExit:
if (ChildPid == 0)
{
_exit(Result);
}
if (LongName != NULL)
{
LxtFree(LongName);
}
LxtClosePipe(&Pipe);
return Result;
}
int KeymgmtDescribe(PLXT_ARGS Args)
/*++
--*/
{
pid_t ChildPid = -1;
int BytesRequired;
char KeyBuffer[LXT_KEYMGMT_DESCRIBE_LENGTH];
int32_t KeySerial;
int Result;
//
// This test checks how KEYCTL_DESCRIBE handles parameters.
//
//
// Check for the default values.
//
LxtCheckResult(ChildPid = fork());
if (ChildPid == 0)
{
LxtCheckErrno(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, LXT_KEYMGMT_SESIONKEYRING_NAME, 0, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBuffer, sizeof(KeyBuffer), 0));
LxtCheckStringEqual(KeyBuffer, LXT_KEYMGMT_SESIONKEYRING_DEFAULTPERMS);
LxtCheckErrno(BytesRequired = LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, NULL, 0, 0));
LxtCheckEqual(BytesRequired, sizeof(LXT_KEYMGMT_SESIONKEYRING_DEFAULTPERMS), "%d");
LxtCheckErrno(BytesRequired = LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, (void*)0x1, 1, 0));
LxtCheckEqual(BytesRequired, sizeof(LXT_KEYMGMT_SESIONKEYRING_DEFAULTPERMS), "%d");
_exit(0);
}
LxtWaitPidPoll(ChildPid, 0);
//
// TODO_LX: Add support for NULL name when supported.
//
//
// Invalid parameters.
//
LxtCheckResult(ChildPid = fork());
if (ChildPid == 0)
{
LxtCheckErrno(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, LXT_KEYMGMT_SESIONKEYRING_NAME, 0, 0, 0));
LxtCheckErrnoFailure(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, (void*)0x1, sizeof(KeyBuffer), 0), EFAULT);
LxtCheckErrnoFailure(LxtKeyCtl(KEYCTL_DESCRIBE, KEY_INVALID, KeyBuffer, sizeof(KeyBuffer), 0), ENOKEY);
_exit(0);
}
LxtWaitPidPoll(ChildPid, 0);
Result = LXT_RESULT_SUCCESS;
ErrorExit:
if (ChildPid == 0)
{
_exit(Result);
}
return Result;
}
int KeymgmtSetPerm(PLXT_ARGS Args)
/*++
--*/
{
pid_t ChildPid = -1;
int BytesRequired;
char KeyBuffer[LXT_KEYMGMT_DESCRIBE_LENGTH];
int32_t KeySerial;
int Result;
//
// This test checks how KEYCTL_SETPERM handles parameters.
//
//
// Check for the default values.
//
LxtCheckResult(ChildPid = fork());
if (ChildPid == 0)
{
LxtCheckErrno(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, LXT_KEYMGMT_SESIONKEYRING_NAME, 0, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBuffer, sizeof(KeyBuffer), 0));
LxtCheckStringEqual(KeyBuffer, LXT_KEYMGMT_SESIONKEYRING_DEFAULTPERMS);
LxtCheckErrno(LxtKeyCtl(KEYCTL_SETPERM, KeySerial, LXT_KEYMGMT_DEFAULTPERMS, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBuffer, sizeof(KeyBuffer), 0));
LxtCheckStringEqual(KeyBuffer, LXT_KEYMGMT_SESIONKEYRING_DEFAULTPERMS);
LxtCheckErrno(LxtKeyCtl(KEYCTL_SETPERM, KeySerial, LXT_KEYMGMT_NEWPERMS, 0, 0));
LxtCheckErrno(LxtKeyCtl(KEYCTL_DESCRIBE, KeySerial, KeyBuffer, sizeof(KeyBuffer), 0));
LxtCheckStringEqual(KeyBuffer, LXT_KEYMGMT_SESIONKEYRING_NEWPERMS);
_exit(0);
}
LxtWaitPidPoll(ChildPid, 0);
//
// TODO_LX: Add support for NULL name when supported.
//
//
// Invalid parameters.
//
LxtCheckResult(ChildPid = fork());
if (ChildPid == 0)
{
LxtCheckErrno(KeySerial = LxtKeyCtl(KEYCTL_JOIN_SESSION_KEYRING, LXT_KEYMGMT_SESIONKEYRING_NAME, 0, 0, 0));
LxtCheckErrnoFailure(LxtKeyCtl(KEYCTL_SETPERM, 0, LXT_KEYMGMT_DEFAULTPERMS, 0, 0), EINVAL);
LxtCheckErrnoFailure(LxtKeyCtl(KEYCTL_SETPERM, KeySerial, -1, 0, 0), EINVAL);
_exit(0);
}
LxtWaitPidPoll(ChildPid, 0);
Result = LXT_RESULT_SUCCESS;
ErrorExit:
if (ChildPid == 0)
{
_exit(Result);
}
return Result;
}
Reference in a new issue Copy permalink