xref: /freebsd/contrib/capsicum-test/socket.cc (revision 7877fdebeeb35fad1cbbafce22598b1bdf97c786)
1 // Tests for socket functionality.
2 #include <sys/types.h>
3 #include <sys/socket.h>
4 #include <sys/un.h>
5 #include <netinet/in.h>
6 #include <arpa/inet.h>
7 #include <unistd.h>
8 
9 #include <string>
10 
11 #include "capsicum.h"
12 #include "syscalls.h"
13 #include "capsicum-test.h"
14 
15 TEST(Socket, UnixDomain) {
16   const char* socketName = TmpFile("capsicum-test.socket");
17   unlink(socketName);
18   cap_rights_t r_rw;
19   cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
20   cap_rights_t r_all;
21   cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
22 
23   pid_t child = fork();
24   if (child == 0) {
25     // Child process: wait for server setup
26     sleep(1);
27 
28     // Create sockets
29     int sock = socket(AF_UNIX, SOCK_STREAM, 0);
30     EXPECT_OK(sock);
31     if (sock < 0) return;
32 
33     int cap_sock_rw = dup(sock);
34     EXPECT_OK(cap_sock_rw);
35     EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
36     int cap_sock_all = dup(sock);
37     EXPECT_OK(cap_sock_all);
38     EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
39     EXPECT_OK(close(sock));
40 
41     // Connect socket
42     struct sockaddr_un un;
43     memset(&un, 0, sizeof(un));
44     un.sun_family = AF_UNIX;
45     strcpy(un.sun_path, socketName);
46     socklen_t len = sizeof(un);
47     EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&un, len));
48     EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&un, len));
49 
50     exit(HasFailure());
51   }
52 
53   int sock = socket(AF_UNIX, SOCK_STREAM, 0);
54   EXPECT_OK(sock);
55   if (sock < 0) return;
56 
57   int cap_sock_rw = dup(sock);
58   EXPECT_OK(cap_sock_rw);
59   EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
60   int cap_sock_all = dup(sock);
61   EXPECT_OK(cap_sock_all);
62   EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
63   EXPECT_OK(close(sock));
64 
65   struct sockaddr_un un;
66   memset(&un, 0, sizeof(un));
67   un.sun_family = AF_UNIX;
68   strcpy(un.sun_path, socketName);
69   socklen_t len =  (sizeof(un) - sizeof(un.sun_path) + strlen(un.sun_path));
70 
71   // Can only bind the fully-capable socket.
72   EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&un, len));
73   EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&un, len));
74 
75   // Can only listen on the fully-capable socket.
76   EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3));
77   EXPECT_OK(listen(cap_sock_all, 3));
78 
79   // Can only do socket operations on the fully-capable socket.
80   len = sizeof(un);
81   EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&un, &len));
82   int value = 0;
83   EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, sizeof(value)));
84   len = sizeof(value);
85   EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, &len));
86 
87   len = sizeof(un);
88   memset(&un, 0, sizeof(un));
89   EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&un, &len));
90   EXPECT_EQ(AF_UNIX, un.sun_family);
91   EXPECT_EQ(std::string(socketName), std::string(un.sun_path));
92   value = 0;
93   EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, sizeof(value)));
94   len = sizeof(value);
95   EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, &len));
96 
97   // Accept the incoming connection
98   len = sizeof(un);
99   memset(&un, 0, sizeof(un));
100   EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&un, &len));
101   int conn_fd = accept(cap_sock_all, (struct sockaddr *)&un, &len);
102   EXPECT_OK(conn_fd);
103 
104 #ifdef CAP_FROM_ACCEPT
105   // New connection should also be a capability.
106   cap_rights_t rights;
107   cap_rights_init(&rights, 0);
108   EXPECT_OK(cap_rights_get(conn_fd, &rights));
109   EXPECT_RIGHTS_IN(&rights, &r_all);
110 #endif
111 
112   // Wait for the child.
113   int status;
114   EXPECT_EQ(child, waitpid(child, &status, 0));
115   int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
116   EXPECT_EQ(0, rc);
117 
118   close(conn_fd);
119   close(cap_sock_rw);
120   close(cap_sock_all);
121   unlink(socketName);
122 }
123 
124 TEST(Socket, TCP) {
125   int sock = socket(AF_INET, SOCK_STREAM, 0);
126   EXPECT_OK(sock);
127   if (sock < 0) return;
128 
129   cap_rights_t r_rw;
130   cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
131   cap_rights_t r_all;
132   cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
133 
134   int cap_sock_rw = dup(sock);
135   EXPECT_OK(cap_sock_rw);
136   EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
137   int cap_sock_all = dup(sock);
138   EXPECT_OK(cap_sock_all);
139   EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
140   close(sock);
141 
142   struct sockaddr_in addr;
143   memset(&addr, 0, sizeof(addr));
144   addr.sin_family = AF_INET;
145   addr.sin_port = htons(0);
146   addr.sin_addr.s_addr = htonl(INADDR_ANY);
147   socklen_t len = sizeof(addr);
148 
149   // Can only bind the fully-capable socket.
150   EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len));
151   EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len));
152 
153   getsockname(cap_sock_all, (struct sockaddr *)&addr, &len);
154   int port = ntohs(addr.sin_port);
155 
156   // Now we know the port involved, fork off a child.
157   pid_t child = fork();
158   if (child == 0) {
159     // Child process: wait for server setup
160     sleep(1);
161 
162     // Create sockets
163     int sock = socket(AF_INET, SOCK_STREAM, 0);
164     EXPECT_OK(sock);
165     if (sock < 0) return;
166     int cap_sock_rw = dup(sock);
167     EXPECT_OK(cap_sock_rw);
168     EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
169     int cap_sock_all = dup(sock);
170     EXPECT_OK(cap_sock_all);
171     EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
172     close(sock);
173 
174     // Connect socket
175     struct sockaddr_in addr;
176     memset(&addr, 0, sizeof(addr));
177     addr.sin_family = AF_INET;
178     addr.sin_port = htons(port);  // Pick unused port
179     addr.sin_addr.s_addr = inet_addr("127.0.0.1");
180     socklen_t len = sizeof(addr);
181     EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&addr, len));
182     EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&addr, len));
183 
184     exit(HasFailure());
185   }
186 
187   // Can only listen on the fully-capable socket.
188   EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3));
189   EXPECT_OK(listen(cap_sock_all, 3));
190 
191   // Can only do socket operations on the fully-capable socket.
192   len = sizeof(addr);
193   EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len));
194   int value = 1;
195   EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
196   len = sizeof(value);
197   EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len));
198 
199   len = sizeof(addr);
200   memset(&addr, 0, sizeof(addr));
201   EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len));
202   EXPECT_EQ(AF_INET, addr.sin_family);
203   EXPECT_EQ(htons(port), addr.sin_port);
204   value = 0;
205   EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
206   len = sizeof(value);
207   EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len));
208 
209   // Accept the incoming connection
210   len = sizeof(addr);
211   memset(&addr, 0, sizeof(addr));
212   EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&addr, &len));
213   int conn_fd = accept(cap_sock_all, (struct sockaddr *)&addr, &len);
214   EXPECT_OK(conn_fd);
215 
216 #ifdef CAP_FROM_ACCEPT
217   // New connection should also be a capability.
218   cap_rights_t rights;
219   cap_rights_init(&rights, 0);
220   EXPECT_OK(cap_rights_get(conn_fd, &rights));
221   EXPECT_RIGHTS_IN(&rights, &r_all);
222 #endif
223 
224   // Wait for the child.
225   int status;
226   EXPECT_EQ(child, waitpid(child, &status, 0));
227   int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
228   EXPECT_EQ(0, rc);
229 
230   close(conn_fd);
231   close(cap_sock_rw);
232   close(cap_sock_all);
233 }
234 
235 TEST(Socket, UDP) {
236   int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
237   EXPECT_OK(sock);
238   if (sock < 0) return;
239 
240   cap_rights_t r_rw;
241   cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
242   cap_rights_t r_all;
243   cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
244   cap_rights_t r_connect;
245   cap_rights_init(&r_connect, CAP_READ, CAP_WRITE, CAP_CONNECT);
246 
247   int cap_sock_rw = dup(sock);
248   EXPECT_OK(cap_sock_rw);
249   EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
250   int cap_sock_all = dup(sock);
251   EXPECT_OK(cap_sock_all);
252   EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
253   close(sock);
254 
255   struct sockaddr_in addr;
256   memset(&addr, 0, sizeof(addr));
257   addr.sin_family = AF_INET;
258   addr.sin_port = htons(0);
259   addr.sin_addr.s_addr = htonl(INADDR_ANY);
260   socklen_t len = sizeof(addr);
261 
262   // Can only bind the fully-capable socket.
263   EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len));
264   EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len));
265   getsockname(cap_sock_all, (struct sockaddr *)&addr, &len);
266   int port = ntohs(addr.sin_port);
267 
268   // Can only do socket operations on the fully-capable socket.
269   len = sizeof(addr);
270   EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len));
271   int value = 1;
272   EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
273   len = sizeof(value);
274   EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len));
275 
276   len = sizeof(addr);
277   memset(&addr, 0, sizeof(addr));
278   EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len));
279   EXPECT_EQ(AF_INET, addr.sin_family);
280   EXPECT_EQ(htons(port), addr.sin_port);
281   value = 1;
282   EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
283   len = sizeof(value);
284   EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len));
285 
286   pid_t child = fork();
287   if (child == 0) {
288     int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
289     EXPECT_OK(sock);
290     int cap_sock_rw = dup(sock);
291     EXPECT_OK(cap_sock_rw);
292     EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
293     int cap_sock_connect = dup(sock);
294     EXPECT_OK(cap_sock_connect);
295     EXPECT_OK(cap_rights_limit(cap_sock_connect, &r_connect));
296     close(sock);
297 
298     // Can only sendmsg(2) to an address over a socket with CAP_CONNECT.
299     unsigned char buffer[256];
300     struct iovec iov;
301     memset(&iov, 0, sizeof(iov));
302     iov.iov_base = buffer;
303     iov.iov_len = sizeof(buffer);
304 
305     struct msghdr mh;
306     memset(&mh, 0, sizeof(mh));
307     mh.msg_iov = &iov;
308     mh.msg_iovlen = 1;
309 
310     struct sockaddr_in addr;
311     memset(&addr, 0, sizeof(addr));
312     addr.sin_family = AF_INET;
313     addr.sin_port = htons(port);
314     addr.sin_addr.s_addr = inet_addr("127.0.0.1");
315     mh.msg_name = &addr;
316     mh.msg_namelen = sizeof(addr);
317 
318     EXPECT_NOTCAPABLE(sendmsg(cap_sock_rw, &mh, 0));
319     EXPECT_OK(sendmsg(cap_sock_connect, &mh, 0));
320 
321 #ifdef HAVE_SEND_RECV_MMSG
322     struct mmsghdr mv;
323     memset(&mv, 0, sizeof(mv));
324     memcpy(&mv.msg_hdr, &mh, sizeof(struct msghdr));
325     EXPECT_NOTCAPABLE(sendmmsg(cap_sock_rw, &mv, 1, 0));
326     EXPECT_OK(sendmmsg(cap_sock_connect, &mv, 1, 0));
327 #endif
328     close(cap_sock_rw);
329     close(cap_sock_connect);
330     exit(HasFailure());
331   }
332   // Wait for the child.
333   int status;
334   EXPECT_EQ(child, waitpid(child, &status, 0));
335   int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
336   EXPECT_EQ(0, rc);
337 
338   close(cap_sock_rw);
339   close(cap_sock_all);
340 }
341