blob: cbe3d366968aef3ae05caaca34896a039f6baa84 [file] [log] [blame]
// Copyright 2014 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build freebsd
package unix_test
import (
"flag"
"fmt"
"net"
"os"
"os/exec"
"path/filepath"
"runtime"
"testing"
"golang.org/x/sys/unix"
)
func TestSysctlUint64(t *testing.T) {
_, err := unix.SysctlUint64("vm.swap_total")
if err != nil {
t.Fatal(err)
}
}
// FIXME: Infrastructure for launching tests in subprocesses stolen from openbsd_test.go - refactor?
// testCmd generates a proper command that, when executed, runs the test
// corresponding to the given key.
type testProc struct {
fn func() // should always exit instead of returning
success bool // whether zero-exit means success or failure
}
var (
testProcs = map[string]testProc{}
procName = ""
procArg = ""
)
const (
optName = "sys-unix-internal-procname"
optArg = "sys-unix-internal-arg"
)
func init() {
flag.StringVar(&procName, optName, "", "internal use only")
flag.StringVar(&procArg, optArg, "", "internal use only")
}
func testCmd(procName string, procArg string) (*exec.Cmd, error) {
exe, err := filepath.Abs(os.Args[0])
if err != nil {
return nil, err
}
cmd := exec.Command(exe, "-"+optName+"="+procName, "-"+optArg+"="+procArg)
cmd.Stdout, cmd.Stderr = os.Stdout, os.Stderr
return cmd, nil
}
// ExitsCorrectly is a comprehensive, one-line-of-use wrapper for testing
// a testProc with a key.
func ExitsCorrectly(t *testing.T, procName string) {
s := testProcs[procName]
c, err := testCmd(procName, t.TempDir())
if err != nil {
t.Fatalf("Failed to construct command for %s", procName)
}
if (c.Run() == nil) != s.success {
result := "succeed"
if !s.success {
result = "fail"
}
t.Fatalf("Process did not %s when it was supposed to", result)
}
}
func TestMain(m *testing.M) {
flag.Parse()
if procName != "" {
t := testProcs[procName]
t.fn()
os.Stderr.WriteString("test function did not exit\n")
if t.success {
os.Exit(1)
} else {
os.Exit(0)
}
}
os.Exit(m.Run())
}
// end of infrastructure
const testfile = "gocapmodetest"
const testfile2 = testfile + "2"
func CapEnterTest() {
_, err := os.OpenFile(filepath.Join(procArg, testfile), os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
panic(fmt.Sprintf("OpenFile: %s", err))
}
err = unix.CapEnter()
if err != nil {
panic(fmt.Sprintf("CapEnter: %s", err))
}
_, err = os.OpenFile(filepath.Join(procArg, testfile2), os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err == nil {
panic("OpenFile works!")
}
if err.(*os.PathError).Err != unix.ECAPMODE {
panic(fmt.Sprintf("OpenFile failed wrong: %s %#v", err, err))
}
os.Exit(0)
}
func init() {
testProcs["cap_enter"] = testProc{
CapEnterTest,
true,
}
}
func TestCapEnter(t *testing.T) {
if runtime.GOARCH != "amd64" {
t.Skipf("skipping test on %s", runtime.GOARCH)
}
ExitsCorrectly(t, "cap_enter")
}
func OpenatTest() {
f, err := os.Open(procArg)
if err != nil {
panic(err)
}
err = unix.CapEnter()
if err != nil {
panic(fmt.Sprintf("CapEnter: %s", err))
}
fxx, err := unix.Openat(int(f.Fd()), "xx", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
panic(err)
}
unix.Close(fxx)
// The right to open BASE/xx is not ambient
_, err = os.OpenFile(procArg+"/xx", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err == nil {
panic("OpenFile succeeded")
}
if err.(*os.PathError).Err != unix.ECAPMODE {
panic(fmt.Sprintf("OpenFile failed wrong: %s %#v", err, err))
}
// Can't make a new directory either
err = os.Mkdir(procArg+"2", 0777)
if err == nil {
panic("MKdir succeeded")
}
if err.(*os.PathError).Err != unix.ECAPMODE {
panic(fmt.Sprintf("Mkdir failed wrong: %s %#v", err, err))
}
// Remove all caps except read and lookup.
r, err := unix.CapRightsInit([]uint64{unix.CAP_READ, unix.CAP_LOOKUP})
if err != nil {
panic(fmt.Sprintf("CapRightsInit failed: %s %#v", err, err))
}
err = unix.CapRightsLimit(f.Fd(), r)
if err != nil {
panic(fmt.Sprintf("CapRightsLimit failed: %s %#v", err, err))
}
// Check we can get the rights back again
r, err = unix.CapRightsGet(f.Fd())
if err != nil {
panic(fmt.Sprintf("CapRightsGet failed: %s %#v", err, err))
}
b, err := unix.CapRightsIsSet(r, []uint64{unix.CAP_READ, unix.CAP_LOOKUP})
if err != nil {
panic(fmt.Sprintf("CapRightsIsSet failed: %s %#v", err, err))
}
if !b {
panic("Unexpected rights")
}
b, err = unix.CapRightsIsSet(r, []uint64{unix.CAP_READ, unix.CAP_LOOKUP, unix.CAP_WRITE})
if err != nil {
panic(fmt.Sprintf("CapRightsIsSet failed: %s %#v", err, err))
}
if b {
panic("Unexpected rights (2)")
}
// Can no longer create a file
_, err = unix.Openat(int(f.Fd()), "xx2", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err == nil {
panic("Openat succeeded")
}
if err != unix.ENOTCAPABLE {
panic(fmt.Sprintf("OpenFileAt failed wrong: %s %#v", err, err))
}
// But can read an existing one
_, err = unix.Openat(int(f.Fd()), "xx", os.O_RDONLY, 0666)
if err != nil {
panic(fmt.Sprintf("Openat failed: %s %#v", err, err))
}
os.Exit(0)
}
func init() {
testProcs["openat"] = testProc{
OpenatTest,
true,
}
}
func TestOpenat(t *testing.T) {
if runtime.GOARCH != "amd64" {
t.Skipf("skipping test on %s", runtime.GOARCH)
}
ExitsCorrectly(t, "openat")
}
func TestCapRightsSetAndClear(t *testing.T) {
r, err := unix.CapRightsInit([]uint64{unix.CAP_READ, unix.CAP_WRITE, unix.CAP_PDWAIT})
if err != nil {
t.Fatalf("CapRightsInit failed: %s", err)
}
err = unix.CapRightsSet(r, []uint64{unix.CAP_EVENT, unix.CAP_LISTEN})
if err != nil {
t.Fatalf("CapRightsSet failed: %s", err)
}
b, err := unix.CapRightsIsSet(r, []uint64{unix.CAP_READ, unix.CAP_WRITE, unix.CAP_PDWAIT, unix.CAP_EVENT, unix.CAP_LISTEN})
if err != nil {
t.Fatalf("CapRightsIsSet failed: %s", err)
}
if !b {
t.Fatalf("Wrong rights set")
}
err = unix.CapRightsClear(r, []uint64{unix.CAP_READ, unix.CAP_PDWAIT})
if err != nil {
t.Fatalf("CapRightsClear failed: %s", err)
}
b, err = unix.CapRightsIsSet(r, []uint64{unix.CAP_WRITE, unix.CAP_EVENT, unix.CAP_LISTEN})
if err != nil {
t.Fatalf("CapRightsIsSet failed: %s", err)
}
if !b {
t.Fatalf("Wrong rights set")
}
}
func TestGetsockoptXucred(t *testing.T) {
fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_STREAM, 0)
if err != nil {
t.Fatalf("Socketpair: %v", err)
}
srvFile := os.NewFile(uintptr(fds[0]), "server")
cliFile := os.NewFile(uintptr(fds[1]), "client")
defer srvFile.Close()
defer cliFile.Close()
srv, err := net.FileConn(srvFile)
if err != nil {
t.Fatalf("FileConn: %v", err)
}
defer srv.Close()
cli, err := net.FileConn(cliFile)
if err != nil {
t.Fatalf("FileConn: %v", err)
}
defer cli.Close()
cred, err := unix.GetsockoptXucred(fds[1], unix.SOL_LOCAL, unix.LOCAL_PEERCRED)
if err == unix.ENOTCONN {
t.Skip("GetsockoptXucred not supported with Socketpair on FreeBSD 11 and earlier")
} else if err != nil {
t.Fatal(err)
}
t.Logf("got: %+v", cred)
if got, want := cred.Uid, os.Getuid(); int(got) != int(want) {
t.Errorf("uid = %v; want %v", got, want)
}
}
// stringsFromByteSlice converts a sequence of attributes to a []string.
// On FreeBSD, each entry consists of a single byte containing the length
// of the attribute name, followed by the attribute name.
// The name is _not_ NULL-terminated.
func stringsFromByteSlice(buf []byte) []string {
var result []string
i := 0
for i < len(buf) {
next := i + 1 + int(buf[i])
result = append(result, string(buf[i+1:next]))
i = next
}
return result
}