1 // Tests for socket functionality.
3 #include <sys/socket.h>
5 #include <netinet/in.h>
13 #include "capsicum-test.h"
15 TEST(Socket, UnixDomain) {
16 const char* socketName = TmpFile("capsicum-test.socket");
19 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
21 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
25 // Child process: wait for server setup
29 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
33 int cap_sock_rw = dup(sock);
34 EXPECT_OK(cap_sock_rw);
35 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
36 int cap_sock_all = dup(sock);
37 EXPECT_OK(cap_sock_all);
38 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
39 EXPECT_OK(close(sock));
42 struct sockaddr_un un;
43 memset(&un, 0, sizeof(un));
44 un.sun_family = AF_UNIX;
45 strcpy(un.sun_path, socketName);
46 socklen_t len = sizeof(un);
47 EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&un, len));
48 EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&un, len));
53 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
57 int cap_sock_rw = dup(sock);
58 EXPECT_OK(cap_sock_rw);
59 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
60 int cap_sock_all = dup(sock);
61 EXPECT_OK(cap_sock_all);
62 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
63 EXPECT_OK(close(sock));
65 struct sockaddr_un un;
66 memset(&un, 0, sizeof(un));
67 un.sun_family = AF_UNIX;
68 strcpy(un.sun_path, socketName);
69 socklen_t len = (sizeof(un) - sizeof(un.sun_path) + strlen(un.sun_path));
71 // Can only bind the fully-capable socket.
72 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&un, len));
73 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&un, len));
75 // Can only listen on the fully-capable socket.
76 EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3));
77 EXPECT_OK(listen(cap_sock_all, 3));
79 // Can only do socket operations on the fully-capable socket.
81 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&un, &len));
83 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, sizeof(value)));
85 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, &len));
88 memset(&un, 0, sizeof(un));
89 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&un, &len));
90 EXPECT_EQ(AF_UNIX, un.sun_family);
91 EXPECT_EQ(std::string(socketName), std::string(un.sun_path));
93 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, sizeof(value)));
95 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, &len));
97 // Accept the incoming connection
99 memset(&un, 0, sizeof(un));
100 EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&un, &len));
101 int conn_fd = accept(cap_sock_all, (struct sockaddr *)&un, &len);
104 #ifdef CAP_FROM_ACCEPT
105 // New connection should also be a capability.
107 cap_rights_init(&rights, 0);
108 EXPECT_OK(cap_rights_get(conn_fd, &rights));
109 EXPECT_RIGHTS_IN(&rights, &r_all);
112 // Wait for the child.
114 EXPECT_EQ(child, waitpid(child, &status, 0));
115 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
125 int sock = socket(AF_INET, SOCK_STREAM, 0);
127 if (sock < 0) return;
130 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
132 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
134 int cap_sock_rw = dup(sock);
135 EXPECT_OK(cap_sock_rw);
136 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
137 int cap_sock_all = dup(sock);
138 EXPECT_OK(cap_sock_all);
139 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
142 struct sockaddr_in addr;
143 memset(&addr, 0, sizeof(addr));
144 addr.sin_family = AF_INET;
145 addr.sin_port = htons(0);
146 addr.sin_addr.s_addr = htonl(INADDR_ANY);
147 socklen_t len = sizeof(addr);
149 // Can only bind the fully-capable socket.
150 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len));
151 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len));
153 getsockname(cap_sock_all, (struct sockaddr *)&addr, &len);
154 int port = ntohs(addr.sin_port);
156 // Now we know the port involved, fork off a child.
157 pid_t child = fork();
159 // Child process: wait for server setup
163 int sock = socket(AF_INET, SOCK_STREAM, 0);
165 if (sock < 0) return;
166 int cap_sock_rw = dup(sock);
167 EXPECT_OK(cap_sock_rw);
168 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
169 int cap_sock_all = dup(sock);
170 EXPECT_OK(cap_sock_all);
171 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
175 struct sockaddr_in addr;
176 memset(&addr, 0, sizeof(addr));
177 addr.sin_family = AF_INET;
178 addr.sin_port = htons(port); // Pick unused port
179 addr.sin_addr.s_addr = inet_addr("127.0.0.1");
180 socklen_t len = sizeof(addr);
181 EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&addr, len));
182 EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&addr, len));
187 // Can only listen on the fully-capable socket.
188 EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3));
189 EXPECT_OK(listen(cap_sock_all, 3));
191 // Can only do socket operations on the fully-capable socket.
193 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len));
195 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
197 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len));
200 memset(&addr, 0, sizeof(addr));
201 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len));
202 EXPECT_EQ(AF_INET, addr.sin_family);
203 EXPECT_EQ(htons(port), addr.sin_port);
205 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
207 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len));
209 // Accept the incoming connection
211 memset(&addr, 0, sizeof(addr));
212 EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&addr, &len));
213 int conn_fd = accept(cap_sock_all, (struct sockaddr *)&addr, &len);
216 #ifdef CAP_FROM_ACCEPT
217 // New connection should also be a capability.
219 cap_rights_init(&rights, 0);
220 EXPECT_OK(cap_rights_get(conn_fd, &rights));
221 EXPECT_RIGHTS_IN(&rights, &r_all);
224 // Wait for the child.
226 EXPECT_EQ(child, waitpid(child, &status, 0));
227 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
236 int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
238 if (sock < 0) return;
241 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
243 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
244 cap_rights_t r_connect;
245 cap_rights_init(&r_connect, CAP_READ, CAP_WRITE, CAP_CONNECT);
247 int cap_sock_rw = dup(sock);
248 EXPECT_OK(cap_sock_rw);
249 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
250 int cap_sock_all = dup(sock);
251 EXPECT_OK(cap_sock_all);
252 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
255 struct sockaddr_in addr;
256 memset(&addr, 0, sizeof(addr));
257 addr.sin_family = AF_INET;
258 addr.sin_port = htons(0);
259 addr.sin_addr.s_addr = htonl(INADDR_ANY);
260 socklen_t len = sizeof(addr);
262 // Can only bind the fully-capable socket.
263 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len));
264 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len));
265 getsockname(cap_sock_all, (struct sockaddr *)&addr, &len);
266 int port = ntohs(addr.sin_port);
268 // Can only do socket operations on the fully-capable socket.
270 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len));
272 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
274 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len));
277 memset(&addr, 0, sizeof(addr));
278 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len));
279 EXPECT_EQ(AF_INET, addr.sin_family);
280 EXPECT_EQ(htons(port), addr.sin_port);
282 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
284 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len));
286 pid_t child = fork();
288 int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
290 int cap_sock_rw = dup(sock);
291 EXPECT_OK(cap_sock_rw);
292 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
293 int cap_sock_connect = dup(sock);
294 EXPECT_OK(cap_sock_connect);
295 EXPECT_OK(cap_rights_limit(cap_sock_connect, &r_connect));
298 // Can only sendmsg(2) to an address over a socket with CAP_CONNECT.
299 unsigned char buffer[256];
301 memset(&iov, 0, sizeof(iov));
302 iov.iov_base = buffer;
303 iov.iov_len = sizeof(buffer);
306 memset(&mh, 0, sizeof(mh));
310 struct sockaddr_in addr;
311 memset(&addr, 0, sizeof(addr));
312 addr.sin_family = AF_INET;
313 addr.sin_port = htons(port);
314 addr.sin_addr.s_addr = inet_addr("127.0.0.1");
316 mh.msg_namelen = sizeof(addr);
318 EXPECT_NOTCAPABLE(sendmsg(cap_sock_rw, &mh, 0));
319 EXPECT_OK(sendmsg(cap_sock_connect, &mh, 0));
321 #ifdef HAVE_SEND_RECV_MMSG
323 memset(&mv, 0, sizeof(mv));
324 memcpy(&mv.msg_hdr, &mh, sizeof(struct msghdr));
325 EXPECT_NOTCAPABLE(sendmmsg(cap_sock_rw, &mv, 1, 0));
326 EXPECT_OK(sendmmsg(cap_sock_connect, &mv, 1, 0));
329 close(cap_sock_connect);
332 // Wait for the child.
334 EXPECT_EQ(child, waitpid(child, &status, 0));
335 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;