CoCalc -- bindat_connectat.c

GitHub Repository: freebsd/freebsd-src
Path: blob/main/tests/sys/capsicum/bindat_connectat.c
³⁹⁴⁸² views
1
/*
2
 * Copyright (c) 2017 Jan Kokemüller
3
 *
4
 * Redistribution and use in source and binary forms, with or without
5
 * modification, are permitted provided that the following conditions
6
 * are met:
7
 * 1. Redistributions of source code must retain the above copyright
8
 *    notice, this list of conditions and the following disclaimer.
9
 * 2. Redistributions in binary form must reproduce the above copyright
10
 *    notice, this list of conditions and the following disclaimer in the
11
 *    documentation and/or other materials provided with the distribution.
12
 *
13
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23
 * SUCH DAMAGE.
24
 */
25

26
#include <sys/param.h>
27
#include <sys/capsicum.h>
28
#include <sys/socket.h>
29
#include <sys/sysctl.h>
30
#include <sys/stat.h>
31

32
#include <netinet/in.h>
33
#include <arpa/inet.h>
34

35
#include <atf-c.h>
36
#include <dlfcn.h>
37
#include <errno.h>
38
#include <stdarg.h>
39
#include <stdlib.h>
40
#include <string.h>
41

42
#include "freebsd_test_suite/macros.h"
43

44
static int rootfd = -1;
45

46
/* circumvent bug 215690 */
47
int
48
open(const char *path, int flags, ...)
49
{
50
	mode_t mode = 0;
51

52
	if (flags & O_CREAT) {
53
		va_list ap;
54
		va_start(ap, flags);
55
		mode = (mode_t) va_arg(ap, int);
56
		va_end(ap);
57
	}
58

59
	if (path && path[0] == '/' && rootfd >= 0) {
60
		return (openat(rootfd, path + 1, flags, mode));
61
	} else {
62
		return (openat(AT_FDCWD, path, flags, mode));
63
	}
64
}
65

66
static void
67
check_capsicum(void)
68
{
69
	ATF_REQUIRE_FEATURE("security_capabilities");
70
	ATF_REQUIRE_FEATURE("security_capability_mode");
71

72
	ATF_REQUIRE((rootfd = open("/", O_EXEC | O_CLOEXEC)) >= 0);
73
}
74

75
typedef int (*socket_fun)(int, const struct sockaddr *, socklen_t);
76

77
static int
78
connectat_fdcwd(int s, const struct sockaddr *name, socklen_t namelen)
79
{
80

81
	return (connectat(AT_FDCWD, s, name, namelen));
82
}
83

84
static int
85
bindat_fdcwd(int s, const struct sockaddr *name, socklen_t namelen)
86
{
87

88
	return (bindat(AT_FDCWD, s, name, namelen));
89
}
90

91

92
ATF_TC(bindat_connectat_1);
93
ATF_TC_HEAD(bindat_connectat_1, tc)
94
{
95
	atf_tc_set_md_var(tc, "descr",
96
	    "Verify that connect/bind work in normal case");
97
}
98

99
static void
100
check_1(socket_fun f, int s, const struct sockaddr_in *name)
101
{
102

103
	ATF_REQUIRE((s = socket(AF_INET, SOCK_STREAM, 0)) >= 0);
104
	ATF_REQUIRE_ERRNO(EAFNOSUPPORT,
105
	    f(s, (const struct sockaddr *)(name),
106
	        sizeof(struct sockaddr_in)) < 0);
107
}
108

109
ATF_TC_BODY(bindat_connectat_1, tc)
110
{
111
	struct sockaddr_in sin;
112

113
	memset(&sin, 0, sizeof(sin));
114
	sin.sin_family = AF_INET;
115
	sin.sin_port = htons(0);
116
	sin.sin_addr.s_addr = htonl(0xE0000000);
117

118
	check_1(bindat_fdcwd, 0, &sin);
119
	check_1(bind, 0, &sin);
120
	check_1(connectat_fdcwd, 0, &sin);
121
	check_1(connect, 0, &sin);
122
}
123

124

125
ATF_TC(bindat_connectat_2);
126
ATF_TC_HEAD(bindat_connectat_2, tc)
127
{
128
	atf_tc_set_md_var(tc, "descr",
129
	    "Verify that connect/bind are disabled in cap-mode");
130
}
131

132
static void
133
check_2(socket_fun f, int s, const struct sockaddr_in *name)
134
{
135

136
	ATF_REQUIRE_ERRNO(ECAPMODE,
137
	    f(s, (const struct sockaddr *)name,
138
	        sizeof(struct sockaddr_in)) < 0);
139
}
140

141
ATF_TC_BODY(bindat_connectat_2, tc)
142
{
143
	int sock;
144
	struct sockaddr_in sin;
145

146
	check_capsicum();
147

148
	ATF_REQUIRE(cap_enter() >= 0);
149

150
	/* note: sock is created _after_ cap_enter() and contains all rights */
151
	ATF_REQUIRE((sock = socket(AF_INET, SOCK_STREAM, 0)) >= 0);
152

153
	memset(&sin, 0, sizeof(sin));
154
	sin.sin_family = AF_INET;
155
	/* dummy port and multicast address (224.0.0.0) to distinguish two
156
	 * cases:
157
	 *  - ECAPMODE/ENOTCAPABLE --> call blocked by capsicum
158
	 *  - EAFNOSUPPORT --> call went through to protocol layer
159
	 */
160
	sin.sin_port = htons(0);
161
	sin.sin_addr.s_addr = htonl(0xE0000000);
162

163
	check_2(bindat_fdcwd, sock, &sin);
164
	check_2(bind, sock, &sin);
165
	check_2(connectat_fdcwd, sock, &sin);
166
	check_2(connect, sock, &sin);
167
}
168

169

170
ATF_TC(bindat_connectat_3);
171
ATF_TC_HEAD(bindat_connectat_3, tc)
172
{
173
	atf_tc_set_md_var(tc, "descr",
174
	    "Check that taking away CAP_BIND/CAP_CONNECT "
175
	    "sabotages bind/connect");
176
}
177

178
static void
179
check_3(socket_fun f, int s, const struct sockaddr_in *name,
180
    cap_rights_t *rights, cap_rights_t *sub_rights)
181
{
182

183
	ATF_REQUIRE((s = socket(AF_INET, SOCK_STREAM, 0)) >= 0);
184
	ATF_REQUIRE(cap_rights_limit(s, rights) >= 0);
185
	ATF_REQUIRE_ERRNO(EAFNOSUPPORT,
186
	    f(s, (const struct sockaddr *)name,
187
	        sizeof(struct sockaddr_in)) < 0);
188
	ATF_REQUIRE(cap_rights_limit(s,
189
	                cap_rights_remove(rights, sub_rights)) >= 0);
190
	ATF_REQUIRE_ERRNO(ENOTCAPABLE,
191
	    f(s, (const struct sockaddr *)name,
192
	        sizeof(struct sockaddr_in)) < 0);
193
}
194

195
ATF_TC_BODY(bindat_connectat_3, tc)
196
{
197
	struct sockaddr_in sin;
198
	cap_rights_t rights, sub_rights;
199

200
	check_capsicum();
201

202
	memset(&sin, 0, sizeof(sin));
203
	sin.sin_family = AF_INET;
204
	sin.sin_port = htons(0);
205
	sin.sin_addr.s_addr = htonl(0xE0000000);
206

207
	check_3(bindat_fdcwd, 0, &sin,
208
	    cap_rights_init(&rights, CAP_SOCK_SERVER),
209
	    cap_rights_init(&sub_rights, CAP_BIND));
210
	check_3(bind, 0, &sin,
211
	    cap_rights_init(&rights, CAP_SOCK_SERVER),
212
	    cap_rights_init(&sub_rights, CAP_BIND));
213
	check_3(connectat_fdcwd, 0, &sin,
214
	    cap_rights_init(&rights, CAP_SOCK_CLIENT),
215
	    cap_rights_init(&sub_rights, CAP_CONNECT));
216
	check_3(connect, 0, &sin,
217
	    cap_rights_init(&rights, CAP_SOCK_CLIENT),
218
	    cap_rights_init(&sub_rights, CAP_CONNECT));
219
}
220

221

222
ATF_TP_ADD_TCS(tp)
223
{
224

225
	ATF_TP_ADD_TC(tp, bindat_connectat_1);
226
	ATF_TP_ADD_TC(tp, bindat_connectat_2);
227
	ATF_TP_ADD_TC(tp, bindat_connectat_3);
228

229
	return (atf_no_error());
230
}
231

232
Product

Resources

Company
