Google Git
Sign in
go / go / 490035b0b9dd27e8868ccc5dced45a29e9b21227 / . / src / syscall / creds_test.go
blob: 524689ae2d233902018914c4bbb510ba08aa0105 [file] [log] [blame]
Brad Fitzpatrick51947442016-03-01 22:57:46 +0000[diff] [blame]1// Copyright 2012 The Go Authors. All rights reserved.
Albert Strasheim412c60f2012-09-07 10:31:17 -0700[diff] [blame]2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5// +build linux
6
7package syscall_test
8
9import (
10 "bytes"
11 "net"
12 "os"
13 "syscall"
14 "testing"
15)
16
17// TestSCMCredentials tests the sending and receiving of credentials
18// (PID, UID, GID) in an ancillary message between two UNIX
19// sockets. The SO_PASSCRED socket option is enabled on the sending
20// socket for this to work.
21func TestSCMCredentials(t *testing.T) {
Luca Bruno93da0b62017-06-15 11:35:43 +0000[diff] [blame]22 socketTypeTests := []struct {
23 socketType int
24 dataLen int
25 }{
26 {
27 syscall.SOCK_STREAM,
28 1,
29 }, {
30 syscall.SOCK_DGRAM,
31 0,
32 },
Albert Strasheim412c60f2012-09-07 10:31:17 -0700[diff] [blame]33 }
34
Luca Bruno93da0b62017-06-15 11:35:43 +0000[diff] [blame]35 for _, tt := range socketTypeTests {
36 fds, err := syscall.Socketpair(syscall.AF_LOCAL, tt.socketType, 0)
37 if err != nil {
38 t.Fatalf("Socketpair: %v", err)
39 }
40 defer syscall.Close(fds[0])
41 defer syscall.Close(fds[1])
Albert Strasheim412c60f2012-09-07 10:31:17 -0700[diff] [blame]42
Luca Bruno93da0b62017-06-15 11:35:43 +0000[diff] [blame]43 err = syscall.SetsockoptInt(fds[0], syscall.SOL_SOCKET, syscall.SO_PASSCRED, 1)
44 if err != nil {
45 t.Fatalf("SetsockoptInt: %v", err)
46 }
Albert Strasheim412c60f2012-09-07 10:31:17 -0700[diff] [blame]47
Luca Bruno93da0b62017-06-15 11:35:43 +0000[diff] [blame]48 srvFile := os.NewFile(uintptr(fds[0]), "server")
49 defer srvFile.Close()
50 srv, err := net.FileConn(srvFile)
51 if err != nil {
52 t.Errorf("FileConn: %v", err)
53 return
54 }
55 defer srv.Close()
56
57 cliFile := os.NewFile(uintptr(fds[1]), "client")
58 defer cliFile.Close()
59 cli, err := net.FileConn(cliFile)
60 if err != nil {
61 t.Errorf("FileConn: %v", err)
62 return
63 }
64 defer cli.Close()
65
66 var ucred syscall.Ucred
67 if os.Getuid() != 0 {
68 ucred.Pid = int32(os.Getpid())
69 ucred.Uid = 0
70 ucred.Gid = 0
71 oob := syscall.UnixCredentials(&ucred)
72 _, _, err := cli.(*net.UnixConn).WriteMsgUnix(nil, oob, nil)
73 if op, ok := err.(*net.OpError); ok {
74 err = op.Err
75 }
76 if sys, ok := err.(*os.SyscallError); ok {
77 err = sys.Err
78 }
79 if err != syscall.EPERM {
80 t.Fatalf("WriteMsgUnix failed with %v, want EPERM", err)
81 }
82 }
83
Albert Strasheim412c60f2012-09-07 10:31:17 -0700[diff] [blame]84 ucred.Pid = int32(os.Getpid())
Luca Bruno93da0b62017-06-15 11:35:43 +0000[diff] [blame]85 ucred.Uid = uint32(os.Getuid())
86 ucred.Gid = uint32(os.Getgid())
Albert Strasheim412c60f2012-09-07 10:31:17 -0700[diff] [blame]87 oob := syscall.UnixCredentials(&ucred)
Luca Bruno93da0b62017-06-15 11:35:43 +0000[diff] [blame]88
89 // On SOCK_STREAM, this is internally going to send a dummy byte
90 n, oobn, err := cli.(*net.UnixConn).WriteMsgUnix(nil, oob, nil)
91 if err != nil {
92 t.Fatalf("WriteMsgUnix: %v", err)
Mikio Harafe3446b2015-05-06 00:02:30 +0900[diff] [blame]93 }
Luca Bruno93da0b62017-06-15 11:35:43 +0000[diff] [blame]94 if n != 0 {
95 t.Fatalf("WriteMsgUnix n = %d, want 0", n)
Mikio Harafe3446b2015-05-06 00:02:30 +0900[diff] [blame]96 }
Luca Bruno93da0b62017-06-15 11:35:43 +0000[diff] [blame]97 if oobn != len(oob) {
98 t.Fatalf("WriteMsgUnix oobn = %d, want %d", oobn, len(oob))
Albert Strasheim412c60f2012-09-07 10:31:17 -0700[diff] [blame]99 }
Albert Strasheim412c60f2012-09-07 10:31:17 -0700[diff] [blame]100
Luca Bruno93da0b62017-06-15 11:35:43 +0000[diff] [blame]101 oob2 := make([]byte, 10*len(oob))
102 n, oobn2, flags, _, err := srv.(*net.UnixConn).ReadMsgUnix(nil, oob2)
103 if err != nil {
104 t.Fatalf("ReadMsgUnix: %v", err)
105 }
106 if flags != 0 {
107 t.Fatalf("ReadMsgUnix flags = 0x%x, want 0", flags)
108 }
109 if n != tt.dataLen {
110 t.Fatalf("ReadMsgUnix n = %d, want %d", n, tt.dataLen)
111 }
112 if oobn2 != oobn {
113 // without SO_PASSCRED set on the socket, ReadMsgUnix will
114 // return zero oob bytes
115 t.Fatalf("ReadMsgUnix oobn = %d, want %d", oobn2, oobn)
116 }
117 oob2 = oob2[:oobn2]
118 if !bytes.Equal(oob, oob2) {
119 t.Fatal("ReadMsgUnix oob bytes don't match")
120 }
Albert Strasheim412c60f2012-09-07 10:31:17 -0700[diff] [blame]121
Luca Bruno93da0b62017-06-15 11:35:43 +0000[diff] [blame]122 scm, err := syscall.ParseSocketControlMessage(oob2)
123 if err != nil {
124 t.Fatalf("ParseSocketControlMessage: %v", err)
125 }
126 newUcred, err := syscall.ParseUnixCredentials(&scm[0])
127 if err != nil {
128 t.Fatalf("ParseUnixCredentials: %v", err)
129 }
130 if *newUcred != ucred {
131 t.Fatalf("ParseUnixCredentials = %+v, want %+v", newUcred, ucred)
132 }
Albert Strasheim412c60f2012-09-07 10:31:17 -0700[diff] [blame]133 }
134}