1 // Tests for socket functionality.
2 #include <sys/types.h>
3 #include <sys/socket.h>
4 #include <sys/un.h>
5 #include <netinet/in.h>
6 #include <arpa/inet.h>
7 #include <unistd.h>
8
9 #include <string>
10
11 #include "capsicum.h"
12 #include "syscalls.h"
13 #include "capsicum-test.h"
14
TEST(Socket,UnixDomain)15 TEST(Socket, UnixDomain) {
16 const char* socketName = TmpFile("capsicum-test.socket");
17 unlink(socketName);
18 cap_rights_t r_rw;
19 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
20 cap_rights_t r_all;
21 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
22
23 int pipefds[2];
24 EXPECT_EQ(0, pipe(pipefds));
25 pid_t child = fork();
26 if (child == 0) {
27 // Child process: wait for server setup
28 close(pipefds[0]);
29 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_CHILD_SHOULD_RUN);
30
31 // Create sockets
32 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
33 EXPECT_OK(sock);
34 if (sock < 0) return;
35
36 int cap_sock_rw = dup(sock);
37 EXPECT_OK(cap_sock_rw);
38 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
39 int cap_sock_all = dup(sock);
40 EXPECT_OK(cap_sock_all);
41 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
42 EXPECT_OK(close(sock));
43
44 // Connect socket
45 struct sockaddr_un un;
46 memset(&un, 0, sizeof(un));
47 un.sun_family = AF_UNIX;
48 strcpy(un.sun_path, socketName);
49 socklen_t len = sizeof(un);
50 EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&un, len));
51 EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&un, len));
52
53 exit(HasFailure());
54 }
55
56 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
57 EXPECT_OK(sock);
58 if (sock < 0) return;
59
60 int cap_sock_rw = dup(sock);
61 EXPECT_OK(cap_sock_rw);
62 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
63 int cap_sock_all = dup(sock);
64 EXPECT_OK(cap_sock_all);
65 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
66 EXPECT_OK(close(sock));
67
68 struct sockaddr_un un;
69 memset(&un, 0, sizeof(un));
70 un.sun_family = AF_UNIX;
71 strcpy(un.sun_path, socketName);
72 socklen_t len = (sizeof(un) - sizeof(un.sun_path) + strlen(un.sun_path));
73
74 // Can only bind the fully-capable socket.
75 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&un, len));
76 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&un, len));
77
78 // Can only listen on the fully-capable socket.
79 EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3));
80 EXPECT_OK(listen(cap_sock_all, 3));
81
82 // Can only do socket operations on the fully-capable socket.
83 len = sizeof(un);
84 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&un, &len));
85 int value = 0;
86 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, sizeof(value)));
87 len = sizeof(value);
88 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, &len));
89
90 len = sizeof(un);
91 memset(&un, 0, sizeof(un));
92 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&un, &len));
93 EXPECT_EQ(AF_UNIX, un.sun_family);
94 EXPECT_EQ(std::string(socketName), std::string(un.sun_path));
95 value = 0;
96 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, sizeof(value)));
97 len = sizeof(value);
98 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, &len));
99
100 // Tell the child process that we are ready and accept the incoming connection.
101 EXPECT_OK(close(pipefds[1]));
102 SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_CHILD_SHOULD_RUN);
103 len = sizeof(un);
104 memset(&un, 0, sizeof(un));
105 EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&un, &len));
106 int conn_fd = accept(cap_sock_all, (struct sockaddr *)&un, &len);
107 EXPECT_OK(conn_fd);
108
109 #ifdef CAP_FROM_ACCEPT
110 // New connection should also be a capability.
111 cap_rights_t rights;
112 cap_rights_init(&rights, 0);
113 EXPECT_OK(cap_rights_get(conn_fd, &rights));
114 EXPECT_RIGHTS_IN(&rights, &r_all);
115 #endif
116
117 // Wait for the child.
118 int status;
119 EXPECT_EQ(child, waitpid(child, &status, 0));
120 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
121 EXPECT_EQ(0, rc);
122
123 close(conn_fd);
124 close(cap_sock_rw);
125 close(cap_sock_all);
126 unlink(socketName);
127 }
128
TEST(Socket,TCP)129 TEST(Socket, TCP) {
130 int sock = socket(AF_INET, SOCK_STREAM, 0);
131 EXPECT_OK(sock);
132 if (sock < 0) return;
133
134 cap_rights_t r_rw;
135 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
136 cap_rights_t r_all;
137 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
138
139 int cap_sock_rw = dup(sock);
140 EXPECT_OK(cap_sock_rw);
141 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
142 int cap_sock_all = dup(sock);
143 EXPECT_OK(cap_sock_all);
144 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
145 close(sock);
146
147 struct sockaddr_in addr;
148 memset(&addr, 0, sizeof(addr));
149 addr.sin_family = AF_INET;
150 addr.sin_port = htons(0);
151 addr.sin_addr.s_addr = htonl(INADDR_ANY);
152 socklen_t len = sizeof(addr);
153
154 // Can only bind the fully-capable socket.
155 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len));
156 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len));
157
158 getsockname(cap_sock_all, (struct sockaddr *)&addr, &len);
159 int port = ntohs(addr.sin_port);
160
161 int pipefds[2];
162 EXPECT_EQ(0, pipe(pipefds));
163 // Now we know the port involved, fork off a child.
164 pid_t child = fork();
165 if (child == 0) {
166 // Child process: wait for server setup
167 close(pipefds[0]);
168 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_CHILD_SHOULD_RUN);
169
170 // Create sockets
171 int sock = socket(AF_INET, SOCK_STREAM, 0);
172 EXPECT_OK(sock);
173 if (sock < 0) return;
174 int cap_sock_rw = dup(sock);
175 EXPECT_OK(cap_sock_rw);
176 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
177 int cap_sock_all = dup(sock);
178 EXPECT_OK(cap_sock_all);
179 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
180 close(sock);
181
182 // Connect socket
183 struct sockaddr_in addr;
184 memset(&addr, 0, sizeof(addr));
185 addr.sin_family = AF_INET;
186 addr.sin_port = htons(port); // Pick unused port
187 addr.sin_addr.s_addr = inet_addr("127.0.0.1");
188 socklen_t len = sizeof(addr);
189 EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&addr, len));
190 EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&addr, len));
191
192 exit(HasFailure());
193 }
194
195 // Can only listen on the fully-capable socket.
196 EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3));
197 EXPECT_OK(listen(cap_sock_all, 3));
198
199 // Can only do socket operations on the fully-capable socket.
200 len = sizeof(addr);
201 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len));
202 int value = 1;
203 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
204 len = sizeof(value);
205 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len));
206
207 len = sizeof(addr);
208 memset(&addr, 0, sizeof(addr));
209 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len));
210 EXPECT_EQ(AF_INET, addr.sin_family);
211 EXPECT_EQ(htons(port), addr.sin_port);
212 value = 0;
213 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
214 len = sizeof(value);
215 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len));
216
217 // Tell the child process that we are ready and accept the incoming connection.
218 EXPECT_OK(close(pipefds[1]));
219 SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_CHILD_SHOULD_RUN);
220 len = sizeof(addr);
221 memset(&addr, 0, sizeof(addr));
222 EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&addr, &len));
223 int conn_fd = accept(cap_sock_all, (struct sockaddr *)&addr, &len);
224 EXPECT_OK(conn_fd);
225
226 #ifdef CAP_FROM_ACCEPT
227 // New connection should also be a capability.
228 cap_rights_t rights;
229 cap_rights_init(&rights, 0);
230 EXPECT_OK(cap_rights_get(conn_fd, &rights));
231 EXPECT_RIGHTS_IN(&rights, &r_all);
232 #endif
233
234 // Wait for the child.
235 int status;
236 EXPECT_EQ(child, waitpid(child, &status, 0));
237 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
238 EXPECT_EQ(0, rc);
239
240 close(conn_fd);
241 close(cap_sock_rw);
242 close(cap_sock_all);
243 }
244
TEST(Socket,UDP)245 TEST(Socket, UDP) {
246 int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
247 EXPECT_OK(sock);
248 if (sock < 0) return;
249
250 cap_rights_t r_rw;
251 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
252 cap_rights_t r_all;
253 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
254 cap_rights_t r_connect;
255 cap_rights_init(&r_connect, CAP_READ, CAP_WRITE, CAP_CONNECT);
256
257 int cap_sock_rw = dup(sock);
258 EXPECT_OK(cap_sock_rw);
259 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
260 int cap_sock_all = dup(sock);
261 EXPECT_OK(cap_sock_all);
262 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
263 close(sock);
264
265 struct sockaddr_in addr;
266 memset(&addr, 0, sizeof(addr));
267 addr.sin_family = AF_INET;
268 addr.sin_port = htons(0);
269 addr.sin_addr.s_addr = htonl(INADDR_ANY);
270 socklen_t len = sizeof(addr);
271
272 // Can only bind the fully-capable socket.
273 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len));
274 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len));
275 getsockname(cap_sock_all, (struct sockaddr *)&addr, &len);
276 int port = ntohs(addr.sin_port);
277
278 // Can only do socket operations on the fully-capable socket.
279 len = sizeof(addr);
280 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len));
281 int value = 1;
282 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
283 len = sizeof(value);
284 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len));
285
286 len = sizeof(addr);
287 memset(&addr, 0, sizeof(addr));
288 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len));
289 EXPECT_EQ(AF_INET, addr.sin_family);
290 EXPECT_EQ(htons(port), addr.sin_port);
291 value = 1;
292 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
293 len = sizeof(value);
294 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len));
295
296 pid_t child = fork();
297 if (child == 0) {
298 int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
299 EXPECT_OK(sock);
300 int cap_sock_rw = dup(sock);
301 EXPECT_OK(cap_sock_rw);
302 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
303 int cap_sock_connect = dup(sock);
304 EXPECT_OK(cap_sock_connect);
305 EXPECT_OK(cap_rights_limit(cap_sock_connect, &r_connect));
306 close(sock);
307
308 // Can only sendmsg(2) to an address over a socket with CAP_CONNECT.
309 unsigned char buffer[256];
310 struct iovec iov;
311 memset(&iov, 0, sizeof(iov));
312 iov.iov_base = buffer;
313 iov.iov_len = sizeof(buffer);
314
315 struct msghdr mh;
316 memset(&mh, 0, sizeof(mh));
317 mh.msg_iov = &iov;
318 mh.msg_iovlen = 1;
319
320 struct sockaddr_in addr;
321 memset(&addr, 0, sizeof(addr));
322 addr.sin_family = AF_INET;
323 addr.sin_port = htons(port);
324 addr.sin_addr.s_addr = inet_addr("127.0.0.1");
325 mh.msg_name = &addr;
326 mh.msg_namelen = sizeof(addr);
327
328 EXPECT_NOTCAPABLE(sendmsg(cap_sock_rw, &mh, 0));
329 EXPECT_OK(sendmsg(cap_sock_connect, &mh, 0));
330
331 #ifdef HAVE_SEND_RECV_MMSG
332 struct mmsghdr mv;
333 memset(&mv, 0, sizeof(mv));
334 memcpy(&mv.msg_hdr, &mh, sizeof(struct msghdr));
335 EXPECT_NOTCAPABLE(sendmmsg(cap_sock_rw, &mv, 1, 0));
336 EXPECT_OK(sendmmsg(cap_sock_connect, &mv, 1, 0));
337 #endif
338 close(cap_sock_rw);
339 close(cap_sock_connect);
340 exit(HasFailure());
341 }
342 // Wait for the child.
343 int status;
344 EXPECT_EQ(child, waitpid(child, &status, 0));
345 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
346 EXPECT_EQ(0, rc);
347
348 close(cap_sock_rw);
349 close(cap_sock_all);
350 }
351