1 // Tests for socket functionality.
3 #include <sys/socket.h>
5 #include <netinet/in.h>
13 #include "capsicum-test.h"
15 TEST(Socket, UnixDomain) {
16 const char* socketName = TmpFile("capsicum-test.socket");
19 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
21 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
24 EXPECT_EQ(0, pipe(pipefds));
27 // Child process: wait for server setup
29 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_CHILD_SHOULD_RUN);
32 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
36 int cap_sock_rw = dup(sock);
37 EXPECT_OK(cap_sock_rw);
38 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
39 int cap_sock_all = dup(sock);
40 EXPECT_OK(cap_sock_all);
41 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
42 EXPECT_OK(close(sock));
45 struct sockaddr_un un;
46 memset(&un, 0, sizeof(un));
47 un.sun_family = AF_UNIX;
48 strcpy(un.sun_path, socketName);
49 socklen_t len = sizeof(un);
50 EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&un, len));
51 EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&un, len));
56 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
60 int cap_sock_rw = dup(sock);
61 EXPECT_OK(cap_sock_rw);
62 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
63 int cap_sock_all = dup(sock);
64 EXPECT_OK(cap_sock_all);
65 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
66 EXPECT_OK(close(sock));
68 struct sockaddr_un un;
69 memset(&un, 0, sizeof(un));
70 un.sun_family = AF_UNIX;
71 strcpy(un.sun_path, socketName);
72 socklen_t len = (sizeof(un) - sizeof(un.sun_path) + strlen(un.sun_path));
74 // Can only bind the fully-capable socket.
75 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&un, len));
76 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&un, len));
78 // Can only listen on the fully-capable socket.
79 EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3));
80 EXPECT_OK(listen(cap_sock_all, 3));
82 // Can only do socket operations on the fully-capable socket.
84 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&un, &len));
86 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, sizeof(value)));
88 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, &len));
91 memset(&un, 0, sizeof(un));
92 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&un, &len));
93 EXPECT_EQ(AF_UNIX, un.sun_family);
94 EXPECT_EQ(std::string(socketName), std::string(un.sun_path));
96 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, sizeof(value)));
98 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, &len));
100 // Tell the child process that we are ready and accept the incoming connection.
101 EXPECT_OK(close(pipefds[1]));
102 SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_CHILD_SHOULD_RUN);
104 memset(&un, 0, sizeof(un));
105 EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&un, &len));
106 int conn_fd = accept(cap_sock_all, (struct sockaddr *)&un, &len);
109 #ifdef CAP_FROM_ACCEPT
110 // New connection should also be a capability.
112 cap_rights_init(&rights, 0);
113 EXPECT_OK(cap_rights_get(conn_fd, &rights));
114 EXPECT_RIGHTS_IN(&rights, &r_all);
117 // Wait for the child.
119 EXPECT_EQ(child, waitpid(child, &status, 0));
120 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
130 int sock = socket(AF_INET, SOCK_STREAM, 0);
132 if (sock < 0) return;
135 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
137 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
139 int cap_sock_rw = dup(sock);
140 EXPECT_OK(cap_sock_rw);
141 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
142 int cap_sock_all = dup(sock);
143 EXPECT_OK(cap_sock_all);
144 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
147 struct sockaddr_in addr;
148 memset(&addr, 0, sizeof(addr));
149 addr.sin_family = AF_INET;
150 addr.sin_port = htons(0);
151 addr.sin_addr.s_addr = htonl(INADDR_ANY);
152 socklen_t len = sizeof(addr);
154 // Can only bind the fully-capable socket.
155 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len));
156 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len));
158 getsockname(cap_sock_all, (struct sockaddr *)&addr, &len);
159 int port = ntohs(addr.sin_port);
162 EXPECT_EQ(0, pipe(pipefds));
163 // Now we know the port involved, fork off a child.
164 pid_t child = fork();
166 // Child process: wait for server setup
168 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_CHILD_SHOULD_RUN);
171 int sock = socket(AF_INET, SOCK_STREAM, 0);
173 if (sock < 0) return;
174 int cap_sock_rw = dup(sock);
175 EXPECT_OK(cap_sock_rw);
176 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
177 int cap_sock_all = dup(sock);
178 EXPECT_OK(cap_sock_all);
179 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
183 struct sockaddr_in addr;
184 memset(&addr, 0, sizeof(addr));
185 addr.sin_family = AF_INET;
186 addr.sin_port = htons(port); // Pick unused port
187 addr.sin_addr.s_addr = inet_addr("127.0.0.1");
188 socklen_t len = sizeof(addr);
189 EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&addr, len));
190 EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&addr, len));
195 // Can only listen on the fully-capable socket.
196 EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3));
197 EXPECT_OK(listen(cap_sock_all, 3));
199 // Can only do socket operations on the fully-capable socket.
201 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len));
203 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
205 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len));
208 memset(&addr, 0, sizeof(addr));
209 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len));
210 EXPECT_EQ(AF_INET, addr.sin_family);
211 EXPECT_EQ(htons(port), addr.sin_port);
213 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
215 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len));
217 // Tell the child process that we are ready and accept the incoming connection.
218 EXPECT_OK(close(pipefds[1]));
219 SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_CHILD_SHOULD_RUN);
221 memset(&addr, 0, sizeof(addr));
222 EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&addr, &len));
223 int conn_fd = accept(cap_sock_all, (struct sockaddr *)&addr, &len);
226 #ifdef CAP_FROM_ACCEPT
227 // New connection should also be a capability.
229 cap_rights_init(&rights, 0);
230 EXPECT_OK(cap_rights_get(conn_fd, &rights));
231 EXPECT_RIGHTS_IN(&rights, &r_all);
234 // Wait for the child.
236 EXPECT_EQ(child, waitpid(child, &status, 0));
237 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
246 int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
248 if (sock < 0) return;
251 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
253 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
254 cap_rights_t r_connect;
255 cap_rights_init(&r_connect, CAP_READ, CAP_WRITE, CAP_CONNECT);
257 int cap_sock_rw = dup(sock);
258 EXPECT_OK(cap_sock_rw);
259 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
260 int cap_sock_all = dup(sock);
261 EXPECT_OK(cap_sock_all);
262 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
265 struct sockaddr_in addr;
266 memset(&addr, 0, sizeof(addr));
267 addr.sin_family = AF_INET;
268 addr.sin_port = htons(0);
269 addr.sin_addr.s_addr = htonl(INADDR_ANY);
270 socklen_t len = sizeof(addr);
272 // Can only bind the fully-capable socket.
273 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len));
274 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len));
275 getsockname(cap_sock_all, (struct sockaddr *)&addr, &len);
276 int port = ntohs(addr.sin_port);
278 // Can only do socket operations on the fully-capable socket.
280 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len));
282 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
284 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len));
287 memset(&addr, 0, sizeof(addr));
288 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len));
289 EXPECT_EQ(AF_INET, addr.sin_family);
290 EXPECT_EQ(htons(port), addr.sin_port);
292 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
294 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len));
296 pid_t child = fork();
298 int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
300 int cap_sock_rw = dup(sock);
301 EXPECT_OK(cap_sock_rw);
302 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
303 int cap_sock_connect = dup(sock);
304 EXPECT_OK(cap_sock_connect);
305 EXPECT_OK(cap_rights_limit(cap_sock_connect, &r_connect));
308 // Can only sendmsg(2) to an address over a socket with CAP_CONNECT.
309 unsigned char buffer[256];
311 memset(&iov, 0, sizeof(iov));
312 iov.iov_base = buffer;
313 iov.iov_len = sizeof(buffer);
316 memset(&mh, 0, sizeof(mh));
320 struct sockaddr_in addr;
321 memset(&addr, 0, sizeof(addr));
322 addr.sin_family = AF_INET;
323 addr.sin_port = htons(port);
324 addr.sin_addr.s_addr = inet_addr("127.0.0.1");
326 mh.msg_namelen = sizeof(addr);
328 EXPECT_NOTCAPABLE(sendmsg(cap_sock_rw, &mh, 0));
329 EXPECT_OK(sendmsg(cap_sock_connect, &mh, 0));
331 #ifdef HAVE_SEND_RECV_MMSG
333 memset(&mv, 0, sizeof(mv));
334 memcpy(&mv.msg_hdr, &mh, sizeof(struct msghdr));
335 EXPECT_NOTCAPABLE(sendmmsg(cap_sock_rw, &mv, 1, 0));
336 EXPECT_OK(sendmmsg(cap_sock_connect, &mv, 1, 0));
339 close(cap_sock_connect);
342 // Wait for the child.
344 EXPECT_EQ(child, waitpid(child, &status, 0));
345 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;