1 // Tests for socket functionality.
2 #include <sys/types.h>
3 #include <sys/socket.h>
4 #include <sys/un.h>
5 #include <netinet/in.h>
6 #include <arpa/inet.h>
7 #include <unistd.h>
8
9 #include <string>
10
11 #include "capsicum.h"
12 #include "syscalls.h"
13 #include "capsicum-test.h"
14
TEST(Socket,UnixDomain)15 TEST(Socket, UnixDomain) {
16 const char* socketName = TmpFile("capsicum-test.socket");
17 unlink(socketName);
18 cap_rights_t r_rw;
19 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
20 cap_rights_t r_all;
21 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
22
23 int pipefds[2];
24 EXPECT_EQ(0, pipe(pipefds));
25 pid_t child = fork();
26 if (child == 0) {
27 // Child process: wait for server setup
28 close(pipefds[0]);
29 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_CHILD_SHOULD_RUN);
30
31 // Create sockets
32 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
33 EXPECT_OK(sock);
34 if (sock < 0) return;
35
36 int cap_sock_rw = dup(sock);
37 EXPECT_OK(cap_sock_rw);
38 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
39 int cap_sock_all = dup(sock);
40 EXPECT_OK(cap_sock_all);
41 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
42 EXPECT_OK(close(sock));
43
44 // Connect socket
45 struct sockaddr_un un;
46 memset(&un, 0, sizeof(un));
47 un.sun_family = AF_UNIX;
48 strcpy(un.sun_path, socketName);
49 socklen_t len = sizeof(un);
50 EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&un, len));
51 EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&un, len));
52
53 exit(HasFailure());
54 }
55
56 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
57 EXPECT_OK(sock);
58 if (sock < 0) return;
59
60 int cap_sock_rw = dup(sock);
61 EXPECT_OK(cap_sock_rw);
62 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
63 int cap_sock_all = dup(sock);
64 EXPECT_OK(cap_sock_all);
65 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
66 EXPECT_OK(close(sock));
67
68 struct sockaddr_un un;
69 memset(&un, 0, sizeof(un));
70 un.sun_family = AF_UNIX;
71 strcpy(un.sun_path, socketName);
72 socklen_t len = (sizeof(un) - sizeof(un.sun_path) + strlen(un.sun_path));
73
74 // Can only bind the fully-capable socket.
75 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&un, len));
76 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&un, len));
77
78 // Can only listen on the fully-capable socket.
79 EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3));
80 EXPECT_OK(listen(cap_sock_all, 3));
81
82 // Can only do socket operations on the fully-capable socket.
83 len = sizeof(un);
84 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&un, &len));
85 int value = 0;
86 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, sizeof(value)));
87 len = sizeof(value);
88 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_DEBUG, &value, &len));
89
90 len = sizeof(un);
91 memset(&un, 0, sizeof(un));
92 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&un, &len));
93 EXPECT_EQ(AF_UNIX, un.sun_family);
94 EXPECT_EQ(std::string(socketName), std::string(un.sun_path));
95 value = 0;
96 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, sizeof(value)));
97 len = sizeof(value);
98 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_DEBUG, &value, &len));
99
100 // Tell the child process that we are ready and accept the incoming connection.
101 EXPECT_OK(close(pipefds[1]));
102 SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_CHILD_SHOULD_RUN);
103 len = sizeof(un);
104 memset(&un, 0, sizeof(un));
105 EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&un, &len));
106 int conn_fd = accept(cap_sock_all, (struct sockaddr *)&un, &len);
107 EXPECT_OK(conn_fd);
108
109 // New connection should also be a capability.
110 cap_rights_t rights;
111 cap_rights_init(&rights, 0);
112 EXPECT_OK(cap_rights_get(conn_fd, &rights));
113 EXPECT_RIGHTS_IN(&rights, &r_all);
114
115 // Wait for the child.
116 int status;
117 EXPECT_EQ(child, waitpid(child, &status, 0));
118 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
119 EXPECT_EQ(0, rc);
120
121 close(conn_fd);
122 close(cap_sock_rw);
123 close(cap_sock_all);
124 unlink(socketName);
125 }
126
TEST(Socket,TCP)127 TEST(Socket, TCP) {
128 int sock = socket(AF_INET, SOCK_STREAM, 0);
129 EXPECT_OK(sock);
130 if (sock < 0) return;
131
132 cap_rights_t r_rw;
133 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
134 cap_rights_t r_all;
135 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
136
137 int cap_sock_rw = dup(sock);
138 EXPECT_OK(cap_sock_rw);
139 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
140 int cap_sock_all = dup(sock);
141 EXPECT_OK(cap_sock_all);
142 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
143 close(sock);
144
145 struct sockaddr_in addr;
146 memset(&addr, 0, sizeof(addr));
147 addr.sin_family = AF_INET;
148 addr.sin_port = htons(0);
149 addr.sin_addr.s_addr = htonl(INADDR_ANY);
150 socklen_t len = sizeof(addr);
151
152 // Can only bind the fully-capable socket.
153 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len));
154 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len));
155
156 getsockname(cap_sock_all, (struct sockaddr *)&addr, &len);
157 int port = ntohs(addr.sin_port);
158
159 int pipefds[2];
160 EXPECT_EQ(0, pipe(pipefds));
161 // Now we know the port involved, fork off a child.
162 pid_t child = fork();
163 if (child == 0) {
164 // Child process: wait for server setup
165 close(pipefds[0]);
166 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_CHILD_SHOULD_RUN);
167
168 // Create sockets
169 int sock = socket(AF_INET, SOCK_STREAM, 0);
170 EXPECT_OK(sock);
171 if (sock < 0) return;
172 int cap_sock_rw = dup(sock);
173 EXPECT_OK(cap_sock_rw);
174 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
175 int cap_sock_all = dup(sock);
176 EXPECT_OK(cap_sock_all);
177 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
178 close(sock);
179
180 // Connect socket
181 struct sockaddr_in addr;
182 memset(&addr, 0, sizeof(addr));
183 addr.sin_family = AF_INET;
184 addr.sin_port = htons(port); // Pick unused port
185 addr.sin_addr.s_addr = inet_addr("127.0.0.1");
186 socklen_t len = sizeof(addr);
187 EXPECT_NOTCAPABLE(connect_(cap_sock_rw, (struct sockaddr *)&addr, len));
188 EXPECT_OK(connect_(cap_sock_all, (struct sockaddr *)&addr, len));
189
190 exit(HasFailure());
191 }
192
193 // Can only listen on the fully-capable socket.
194 EXPECT_NOTCAPABLE(listen(cap_sock_rw, 3));
195 EXPECT_OK(listen(cap_sock_all, 3));
196
197 // Can only do socket operations on the fully-capable socket.
198 len = sizeof(addr);
199 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len));
200 int value = 1;
201 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
202 len = sizeof(value);
203 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len));
204
205 len = sizeof(addr);
206 memset(&addr, 0, sizeof(addr));
207 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len));
208 EXPECT_EQ(AF_INET, addr.sin_family);
209 EXPECT_EQ(htons(port), addr.sin_port);
210 value = 0;
211 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
212 len = sizeof(value);
213 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len));
214
215 // Tell the child process that we are ready and accept the incoming connection.
216 EXPECT_OK(close(pipefds[1]));
217 SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_CHILD_SHOULD_RUN);
218 len = sizeof(addr);
219 memset(&addr, 0, sizeof(addr));
220 EXPECT_NOTCAPABLE(accept(cap_sock_rw, (struct sockaddr *)&addr, &len));
221 int conn_fd = accept(cap_sock_all, (struct sockaddr *)&addr, &len);
222 EXPECT_OK(conn_fd);
223
224 // New connection should also be a capability.
225 cap_rights_t rights;
226 cap_rights_init(&rights, 0);
227 EXPECT_OK(cap_rights_get(conn_fd, &rights));
228 EXPECT_RIGHTS_IN(&rights, &r_all);
229
230 // Wait for the child.
231 int status;
232 EXPECT_EQ(child, waitpid(child, &status, 0));
233 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
234 EXPECT_EQ(0, rc);
235
236 close(conn_fd);
237 close(cap_sock_rw);
238 close(cap_sock_all);
239 }
240
TEST(Socket,UDP)241 TEST(Socket, UDP) {
242 int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
243 EXPECT_OK(sock);
244 if (sock < 0) return;
245
246 cap_rights_t r_rw;
247 cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
248 cap_rights_t r_all;
249 cap_rights_init(&r_all, CAP_READ, CAP_WRITE, CAP_SOCK_CLIENT, CAP_SOCK_SERVER);
250 cap_rights_t r_connect;
251 cap_rights_init(&r_connect, CAP_READ, CAP_WRITE, CAP_CONNECT);
252
253 int cap_sock_rw = dup(sock);
254 EXPECT_OK(cap_sock_rw);
255 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
256 int cap_sock_all = dup(sock);
257 EXPECT_OK(cap_sock_all);
258 EXPECT_OK(cap_rights_limit(cap_sock_all, &r_all));
259 close(sock);
260
261 struct sockaddr_in addr;
262 memset(&addr, 0, sizeof(addr));
263 addr.sin_family = AF_INET;
264 addr.sin_port = htons(0);
265 addr.sin_addr.s_addr = htonl(INADDR_ANY);
266 socklen_t len = sizeof(addr);
267
268 // Can only bind the fully-capable socket.
269 EXPECT_NOTCAPABLE(bind_(cap_sock_rw, (struct sockaddr *)&addr, len));
270 EXPECT_OK(bind_(cap_sock_all, (struct sockaddr *)&addr, len));
271 getsockname(cap_sock_all, (struct sockaddr *)&addr, &len);
272 int port = ntohs(addr.sin_port);
273
274 // Can only do socket operations on the fully-capable socket.
275 len = sizeof(addr);
276 EXPECT_NOTCAPABLE(getsockname(cap_sock_rw, (struct sockaddr*)&addr, &len));
277 int value = 1;
278 EXPECT_NOTCAPABLE(setsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
279 len = sizeof(value);
280 EXPECT_NOTCAPABLE(getsockopt(cap_sock_rw, SOL_SOCKET, SO_REUSEPORT, &value, &len));
281
282 len = sizeof(addr);
283 memset(&addr, 0, sizeof(addr));
284 EXPECT_OK(getsockname(cap_sock_all, (struct sockaddr*)&addr, &len));
285 EXPECT_EQ(AF_INET, addr.sin_family);
286 EXPECT_EQ(htons(port), addr.sin_port);
287 value = 1;
288 EXPECT_OK(setsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value)));
289 len = sizeof(value);
290 EXPECT_OK(getsockopt(cap_sock_all, SOL_SOCKET, SO_REUSEPORT, &value, &len));
291
292 pid_t child = fork();
293 if (child == 0) {
294 int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
295 EXPECT_OK(sock);
296 int cap_sock_rw = dup(sock);
297 EXPECT_OK(cap_sock_rw);
298 EXPECT_OK(cap_rights_limit(cap_sock_rw, &r_rw));
299 int cap_sock_connect = dup(sock);
300 EXPECT_OK(cap_sock_connect);
301 EXPECT_OK(cap_rights_limit(cap_sock_connect, &r_connect));
302 close(sock);
303
304 // Can only sendmsg(2) to an address over a socket with CAP_CONNECT.
305 unsigned char buffer[256];
306 struct iovec iov;
307 memset(&iov, 0, sizeof(iov));
308 iov.iov_base = buffer;
309 iov.iov_len = sizeof(buffer);
310
311 struct msghdr mh;
312 memset(&mh, 0, sizeof(mh));
313 mh.msg_iov = &iov;
314 mh.msg_iovlen = 1;
315
316 struct sockaddr_in addr;
317 memset(&addr, 0, sizeof(addr));
318 addr.sin_family = AF_INET;
319 addr.sin_port = htons(port);
320 addr.sin_addr.s_addr = inet_addr("127.0.0.1");
321 mh.msg_name = &addr;
322 mh.msg_namelen = sizeof(addr);
323
324 EXPECT_NOTCAPABLE(sendmsg(cap_sock_rw, &mh, 0));
325 EXPECT_OK(sendmsg(cap_sock_connect, &mh, 0));
326
327 #ifdef HAVE_SEND_RECV_MMSG
328 struct mmsghdr mv;
329 memset(&mv, 0, sizeof(mv));
330 memcpy(&mv.msg_hdr, &mh, sizeof(struct msghdr));
331 EXPECT_NOTCAPABLE(sendmmsg(cap_sock_rw, &mv, 1, 0));
332 EXPECT_OK(sendmmsg(cap_sock_connect, &mv, 1, 0));
333 #endif
334 close(cap_sock_rw);
335 close(cap_sock_connect);
336 exit(HasFailure());
337 }
338 // Wait for the child.
339 int status;
340 EXPECT_EQ(child, waitpid(child, &status, 0));
341 int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
342 EXPECT_EQ(0, rc);
343
344 close(cap_sock_rw);
345 close(cap_sock_all);
346 }
347