tools/regression/mac/mac_portacl/misc.sh

   1 #!/bin/sh
   2 # $FreeBSD$
   3
   4 sysctl security.mac.portacl >/dev/null 2>&1
   5 if [ $? -ne 0 ]; then
   6         echo "1..1"
   7         echo "not ok 1 # MAC_PORTACL is unavailable."
   8         exit 0
   9 fi
  10
  11 ntest=1
  12
  13 check_bind() {
  14         idtype=${1}
  15         name=${2}
  16         proto=${3}
  17         port=${4}
  18
  19         [ "${proto}" = "udp" ] && udpflag="-u"
  20
  21         out=`(
  22                 case "${idtype}" in
  23                 uid|gid)
  24                         ( echo -n | su -m ${name} -c "nc ${udpflag} -o -l 127.0.0.1 $port" 2>&1 ) &
  25                         ;;
  26                 jail)
  27                         kill $$
  28                         ;;
  29                 *)
  30                         kill $$
  31                 esac
  32                 sleep 0.3
  33                 echo | nc ${udpflag} -o 127.0.0.1 $port >/dev/null 2>&1
  34                 wait
  35         )`
  36         case "${out}" in
  37         "nc: Permission denied"*|"nc: Operation not permitted"*)
  38                 echo fl
  39                 ;;
  40         "")
  41                 echo ok
  42                 ;;
  43         *)
  44                 echo ${out}
  45                 ;;
  46         esac
  47 }
  48
  49 bind_test() {
  50         expect_without_rule=${1}
  51         expect_with_rule=${2}
  52         idtype=${3}
  53         name=${4}
  54         proto=${5}
  55         port=${6}
  56
  57         sysctl security.mac.portacl.rules= >/dev/null
  58         out=`check_bind ${idtype} ${name} ${proto} ${port}`
  59         if [ "${out}" = "${expect_without_rule}" ]; then
  60                 echo "ok ${ntest}"
  61         elif [ "${out}" = "ok" -o "${out}" = "fl" ]; then
  62                 echo "not ok ${ntest}"
  63         else
  64                 echo "not ok ${ntest} # ${out}"
  65         fi
  66         ntest=$((ntest+1))
  67
  68         if [ "${idtype}" = "uid" ]; then
  69                 idstr=`id -u ${name}`
  70         elif [ "${idtype}" = "gid" ]; then
  71                 idstr=`id -g ${name}`
  72         else
  73                 idstr=${name}
  74         fi
  75         sysctl security.mac.portacl.rules=${idtype}:${idstr}:${proto}:${port} >/dev/null
  76         out=`check_bind ${idtype} ${name} ${proto} ${port}`
  77         if [ "${out}" = "${expect_with_rule}" ]; then
  78                 echo "ok ${ntest}"
  79         elif [ "${out}" = "ok" -o "${out}" = "fl" ]; then
  80                 echo "not ok ${ntest}"
  81         else
  82                 echo "not ok ${ntest} # ${out}"
  83         fi
  84         ntest=$((ntest+1))
  85
  86         sysctl security.mac.portacl.rules= >/dev/null
  87 }
  88
  89 reserved_high=`sysctl -n net.inet.ip.portrange.reservedhigh`
  90 suser_exempt=`sysctl -n security.mac.portacl.suser_exempt`
  91 port_high=`sysctl -n security.mac.portacl.port_high`
  92
  93 restore_settings() {
  94         sysctl -n net.inet.ip.portrange.reservedhigh=${reserved_high} >/dev/null
  95         sysctl -n security.mac.portacl.suser_exempt=${suser_exempt} >/dev/null
  96         sysctl -n security.mac.portacl.port_high=${port_high} >/dev/null
  97 }