1 // Tests for socket functionality. 2 #include <sys/types.h> 3 #include <sys/socket.h> 4 #include <sys/un.h> 5 #include <netinet/in.h> 6 #include <arpa/inet.h> 7 #include <unistd.h> 8 9 #include <string> 10 11 #include "capsicum.h" 12 #include "syscalls.h" 13 #include "capsicum-test.h" 14 15 TEST(Socket, UnixDomain) { 16 const char* socketName = TmpFile("capsicum-test.socket"); 17 unlink(socketName); 18 cap_rights_t r_rw; 19 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE); 20 cap_rights_t r_all; 21 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER); 22 23 int pipefds[2]; 24 EXPECT_EQ(0, pipe(pipefds)); 25 pid_t child = fork(); 26 if (child == 0) { 27 // Child process: wait for server setup 28 close(pipefds[0]); 29 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_CHILD_SHOULD_RUN); 30 31 // Create sockets 32 int sock = socket(AF_UNIX, SOCK_STREAM, 0); 33 EXPECT_OK(sock); 34 if (sock < 0) return; 35 36 int cap_sock_rw = dup(sock); 37 EXPECT_OK(cap_sock_rw); 38 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw)); 39 int cap_sock_all = dup(sock); 40 EXPECT_OK(cap_sock_all); 41 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all)); 42 EXPECT_OK(close(sock)); 43 44 // Connect socket 45 struct sockaddr_un un; 46 memset(&un, 0, sizeof(un)); 47 un.sun_family = AF_UNIX; 48 strcpy(un.sun_path, socketName); 49 socklen_t len = sizeof(un); 50 EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&un, len)); 51 EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&un, len)); 52 53 exit(HasFailure()); 54 } 55 56 int sock = socket(AF_UNIX, SOCK_STREAM, 0); 57 EXPECT_OK(sock); 58 if (sock < 0) return; 59 60 int cap_sock_rw = dup(sock); 61 EXPECT_OK(cap_sock_rw); 62 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw)); 63 int cap_sock_all = dup(sock); 64 EXPECT_OK(cap_sock_all); 65 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all)); 66 EXPECT_OK(close(sock)); 67 68 struct sockaddr_un un; 69 memset(&un, 0, sizeof(un)); 70 un.sun_family = AF_UNIX; 71 strcpy(un.sun_path, socketName); 72 socklen_t len = (sizeof(un) - sizeof(un.sun_path) + strlen(un.sun_path)); 73 74 // Can only bind the fully-capable socket. 75 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&un, len)); 76 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&un, len)); 77 78 // Can only listen on the fully-capable socket. 79 EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3)); 80 EXPECT_OK(listen(cap_sock_all, 3)); 81 82 // Can only do socket operations on the fully-capable socket. 83 len = sizeof(un); 84 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&un, &len)); 85 int value = 0; 86 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, sizeof(value))); 87 len = sizeof(value); 88 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, &len)); 89 90 len = sizeof(un); 91 memset(&un, 0, sizeof(un)); 92 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&un, &len)); 93 EXPECT_EQ(AF_UNIX, un.sun_family); 94 EXPECT_EQ(std::string(socketName), std::string(un.sun_path)); 95 value = 0; 96 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, sizeof(value))); 97 len = sizeof(value); 98 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, &len)); 99 100 // Tell the child process that we are ready and accept the incoming connection. 101 EXPECT_OK(close(pipefds[1])); 102 SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_CHILD_SHOULD_RUN); 103 len = sizeof(un); 104 memset(&un, 0, sizeof(un)); 105 EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&un, &len)); 106 int conn_fd = accept(cap_sock_all, (struct sockaddr *)&un, &len); 107 EXPECT_OK(conn_fd); 108 109 // New connection should also be a capability. 110 cap_rights_t rights; 111 cap_rights_init(&rights, 0); 112 EXPECT_OK(cap_rights_get(conn_fd, &rights)); 113 EXPECT_RIGHTS_IN(&rights, &r_all); 114 115 // Wait for the child. 116 int status; 117 EXPECT_EQ(child, waitpid(child, &status, 0)); 118 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1; 119 EXPECT_EQ(0, rc); 120 121 close(conn_fd); 122 close(cap_sock_rw); 123 close(cap_sock_all); 124 unlink(socketName); 125 } 126 127 TEST(Socket, TCP) { 128 int sock = socket(AF_INET, SOCK_STREAM, 0); 129 EXPECT_OK(sock); 130 if (sock < 0) return; 131 132 cap_rights_t r_rw; 133 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE); 134 cap_rights_t r_all; 135 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER); 136 137 int cap_sock_rw = dup(sock); 138 EXPECT_OK(cap_sock_rw); 139 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw)); 140 int cap_sock_all = dup(sock); 141 EXPECT_OK(cap_sock_all); 142 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all)); 143 close(sock); 144 145 struct sockaddr_in addr; 146 memset(&addr, 0, sizeof(addr)); 147 addr.sin_family = AF_INET; 148 addr.sin_port = htons(0); 149 addr.sin_addr.s_addr = htonl(INADDR_ANY); 150 socklen_t len = sizeof(addr); 151 152 // Can only bind the fully-capable socket. 153 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len)); 154 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len)); 155 156 getsockname(cap_sock_all, (struct sockaddr *)&addr, &len); 157 int port = ntohs(addr.sin_port); 158 159 int pipefds[2]; 160 EXPECT_EQ(0, pipe(pipefds)); 161 // Now we know the port involved, fork off a child. 162 pid_t child = fork(); 163 if (child == 0) { 164 // Child process: wait for server setup 165 close(pipefds[0]); 166 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_CHILD_SHOULD_RUN); 167 168 // Create sockets 169 int sock = socket(AF_INET, SOCK_STREAM, 0); 170 EXPECT_OK(sock); 171 if (sock < 0) return; 172 int cap_sock_rw = dup(sock); 173 EXPECT_OK(cap_sock_rw); 174 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw)); 175 int cap_sock_all = dup(sock); 176 EXPECT_OK(cap_sock_all); 177 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all)); 178 close(sock); 179 180 // Connect socket 181 struct sockaddr_in addr; 182 memset(&addr, 0, sizeof(addr)); 183 addr.sin_family = AF_INET; 184 addr.sin_port = htons(port); // Pick unused port 185 addr.sin_addr.s_addr = inet_addr("127.0.0.1"); 186 socklen_t len = sizeof(addr); 187 EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&addr, len)); 188 EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&addr, len)); 189 190 exit(HasFailure()); 191 } 192 193 // Can only listen on the fully-capable socket. 194 EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3)); 195 EXPECT_OK(listen(cap_sock_all, 3)); 196 197 // Can only do socket operations on the fully-capable socket. 198 len = sizeof(addr); 199 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len)); 200 int value = 1; 201 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value))); 202 len = sizeof(value); 203 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len)); 204 205 len = sizeof(addr); 206 memset(&addr, 0, sizeof(addr)); 207 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len)); 208 EXPECT_EQ(AF_INET, addr.sin_family); 209 EXPECT_EQ(htons(port), addr.sin_port); 210 value = 0; 211 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value))); 212 len = sizeof(value); 213 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len)); 214 215 // Tell the child process that we are ready and accept the incoming connection. 216 EXPECT_OK(close(pipefds[1])); 217 SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_CHILD_SHOULD_RUN); 218 len = sizeof(addr); 219 memset(&addr, 0, sizeof(addr)); 220 EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&addr, &len)); 221 int conn_fd = accept(cap_sock_all, (struct sockaddr *)&addr, &len); 222 EXPECT_OK(conn_fd); 223 224 // New connection should also be a capability. 225 cap_rights_t rights; 226 cap_rights_init(&rights, 0); 227 EXPECT_OK(cap_rights_get(conn_fd, &rights)); 228 EXPECT_RIGHTS_IN(&rights, &r_all); 229 230 // Wait for the child. 231 int status; 232 EXPECT_EQ(child, waitpid(child, &status, 0)); 233 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1; 234 EXPECT_EQ(0, rc); 235 236 close(conn_fd); 237 close(cap_sock_rw); 238 close(cap_sock_all); 239 } 240 241 TEST(Socket, UDP) { 242 int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); 243 EXPECT_OK(sock); 244 if (sock < 0) return; 245 246 cap_rights_t r_rw; 247 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE); 248 cap_rights_t r_all; 249 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER); 250 cap_rights_t r_connect; 251 cap_rights_init(&r_connect, CAP_READ, CAP_WRITE, CAP_CONNECT); 252 253 int cap_sock_rw = dup(sock); 254 EXPECT_OK(cap_sock_rw); 255 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw)); 256 int cap_sock_all = dup(sock); 257 EXPECT_OK(cap_sock_all); 258 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all)); 259 close(sock); 260 261 struct sockaddr_in addr; 262 memset(&addr, 0, sizeof(addr)); 263 addr.sin_family = AF_INET; 264 addr.sin_port = htons(0); 265 addr.sin_addr.s_addr = htonl(INADDR_ANY); 266 socklen_t len = sizeof(addr); 267 268 // Can only bind the fully-capable socket. 269 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len)); 270 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len)); 271 getsockname(cap_sock_all, (struct sockaddr *)&addr, &len); 272 int port = ntohs(addr.sin_port); 273 274 // Can only do socket operations on the fully-capable socket. 275 len = sizeof(addr); 276 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len)); 277 int value = 1; 278 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value))); 279 len = sizeof(value); 280 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len)); 281 282 len = sizeof(addr); 283 memset(&addr, 0, sizeof(addr)); 284 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len)); 285 EXPECT_EQ(AF_INET, addr.sin_family); 286 EXPECT_EQ(htons(port), addr.sin_port); 287 value = 1; 288 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value))); 289 len = sizeof(value); 290 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len)); 291 292 pid_t child = fork(); 293 if (child == 0) { 294 int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); 295 EXPECT_OK(sock); 296 int cap_sock_rw = dup(sock); 297 EXPECT_OK(cap_sock_rw); 298 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw)); 299 int cap_sock_connect = dup(sock); 300 EXPECT_OK(cap_sock_connect); 301 EXPECT_OK(cap_rights_limit(cap_sock_connect, &r_connect)); 302 close(sock); 303 304 // Can only sendmsg(2) to an address over a socket with CAP_CONNECT. 305 unsigned char buffer[256]; 306 struct iovec iov; 307 memset(&iov, 0, sizeof(iov)); 308 iov.iov_base = buffer; 309 iov.iov_len = sizeof(buffer); 310 311 struct msghdr mh; 312 memset(&mh, 0, sizeof(mh)); 313 mh.msg_iov = &iov; 314 mh.msg_iovlen = 1; 315 316 struct sockaddr_in addr; 317 memset(&addr, 0, sizeof(addr)); 318 addr.sin_family = AF_INET; 319 addr.sin_port = htons(port); 320 addr.sin_addr.s_addr = inet_addr("127.0.0.1"); 321 mh.msg_name = &addr; 322 mh.msg_namelen = sizeof(addr); 323 324 EXPECT_NOTCAPABLE(sendmsg(cap_sock_rw, &mh, 0)); 325 EXPECT_OK(sendmsg(cap_sock_connect, &mh, 0)); 326 327 #ifdef HAVE_SEND_RECV_MMSG 328 struct mmsghdr mv; 329 memset(&mv, 0, sizeof(mv)); 330 memcpy(&mv.msg_hdr, &mh, sizeof(struct msghdr)); 331 EXPECT_NOTCAPABLE(sendmmsg(cap_sock_rw, &mv, 1, 0)); 332 EXPECT_OK(sendmmsg(cap_sock_connect, &mv, 1, 0)); 333 #endif 334 close(cap_sock_rw); 335 close(cap_sock_connect); 336 exit(HasFailure()); 337 } 338 // Wait for the child. 339 int status; 340 EXPECT_EQ(child, waitpid(child, &status, 0)); 341 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1; 342 EXPECT_EQ(0, rc); 343 344 close(cap_sock_rw); 345 close(cap_sock_all); 346 } 347