mac_portacl tests: rewrite the test program and test unspecific family.

Reviewed by: imp,emaste
Pull Request: https://github.com/freebsd/freebsd-src/pull/1659
This commit is contained in:
K Rin
2025-04-12 11:05:47 +08:00
committed by Warner Losh
parent 6b61852b4f
commit ce08af6378
3 changed files with 94 additions and 23 deletions
+2
View File
@@ -1,9 +1,11 @@
PACKAGE= tests
TESTSDIR= ${TESTSBASE}/sys/mac/portacl
BINDIR= ${TESTSDIR}
${PACKAGE}FILES+= misc.sh
PROGS+= bind
TAP_TESTS_SH+= nobody_test
TAP_TESTS_SH+= root_test
+60
View File
@@ -0,0 +1,60 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
int main(int argc, char *argv[])
{
if (argc < 5) {
fprintf(stderr, "Usage: %s family host protocol port\n", argv[0]);
return 1;
}
int family = atoi(argv[1]);
const char *host = argv[2];
const char *protocol = argv[3];
const char *port = argv[4];
int sock_type;
if (strcmp(protocol, "tcp") == 0)
sock_type = SOCK_STREAM;
else if (strcmp(protocol, "udp") == 0)
sock_type = SOCK_DGRAM;
else {
fprintf(stderr, "Unsupported protocol: %s\n", protocol);
return 1;
}
struct addrinfo hints, *res;
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = sock_type;
hints.ai_flags = AI_PASSIVE;
int err = getaddrinfo(host, port, &hints, &res);
if (err != 0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(err));
return 1;
}
int sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (sock < 0) {
freeaddrinfo(res);
return 1;
}
int opt = 1;
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
if (errno == EACCES || errno == EPERM)
printf("bind_error: permission denied.\n");
else
printf("bind error: %s\n", strerror(errno));
close(sock);
freeaddrinfo(res);
return 1;
}
printf("ok\n");
close(sock);
freeaddrinfo(res);
return 0;
}
+32 -23
View File
@@ -1,5 +1,17 @@
#!/bin/sh
dir=`dirname $0`
sysctl security.mac.portacl >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "1..0 # SKIP MAC_PORTACL is unavailable."
exit 0
fi
if [ $(id -u) -ne 0 ]; then
echo "1..0 # SKIP testcases must be run as root"
exit 0
fi
ntest=1
check_bind() {
@@ -15,32 +27,29 @@ check_bind() {
[ "${proto}" = "udp" ] && udpflag="-u"
out=$(
case "${idtype}" in
uid|gid)
( echo -n | su -m ${name} -c "nc ${udpflag} -l -w ${timeout} $host $port" 2>&1 ) &
;;
jail)
kill $$
;;
*)
kill $$
esac
sleep 0.3
echo | nc ${udpflag} -w ${timeout} $host $port >/dev/null 2>&1
wait
)
case "${out}" in
"nc: Permission denied"*|"nc: Operation not permitted"*)
echo fl
case "${idtype}" in
uid|gid)
su -m ${name} -c "${dir}/bind 0 ${host} ${proto} ${port}" > /dev/null # unspec
retval1=$?
su -m ${name} -c "${dir}/bind 2 ${host} ${proto} ${port}" > /dev/null # inet
retval2=$?
if [ $retval1 -ne $retval2 ]; then
echo inconsistent
return
fi
if [ $retval1 -ne 0 ]; then
echo fl
return
fi
;;
"")
echo ok
jail)
kill $$
;;
*)
echo ${out}
;;
kill $$
esac
echo ok
}
bind_test() {
@@ -57,7 +66,7 @@ bind_test() {
out=$(check_bind ${idtype} ${name} ${proto} ${port})
if [ "${out}" = "${expect_without_rule}" ]; then
echo "ok ${ntest}"
elif [ "${out}" = "ok" -o "${out}" = "fl" ]; then
elif [ "${out}" = "ok" -o "${out}" = "fl" -o "${out}" = "inconsistent" ]; then
echo "not ok ${ntest} # '${out}' != '${expect_without_rule}'"
else
echo "not ok ${ntest} # unexpected output: '${out}'"