// Copyright 2014 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. //go:build freebsd package unix_test import ( "flag" "fmt" "net" "os" "os/exec" "path/filepath" "runtime" "testing" "golang.org/x/sys/unix" ) func TestSysctlUint64(t *testing.T) { _, err := unix.SysctlUint64("vm.swap_total") if err != nil { t.Fatal(err) } } // FIXME: Infrastructure for launching tests in subprocesses stolen from openbsd_test.go - refactor? // testCmd generates a proper command that, when executed, runs the test // corresponding to the given key. type testProc struct { fn func() // should always exit instead of returning success bool // whether zero-exit means success or failure } var ( testProcs = map[string]testProc{} procName = "" procArg = "" ) const ( optName = "sys-unix-internal-procname" optArg = "sys-unix-internal-arg" ) func init() { flag.StringVar(&procName, optName, "", "internal use only") flag.StringVar(&procArg, optArg, "", "internal use only") } func testCmd(procName string, procArg string) (*exec.Cmd, error) { exe, err := filepath.Abs(os.Args[0]) if err != nil { return nil, err } cmd := exec.Command(exe, "-"+optName+"="+procName, "-"+optArg+"="+procArg) cmd.Stdout, cmd.Stderr = os.Stdout, os.Stderr return cmd, nil } // ExitsCorrectly is a comprehensive, one-line-of-use wrapper for testing // a testProc with a key. func ExitsCorrectly(t *testing.T, procName string) { s := testProcs[procName] c, err := testCmd(procName, t.TempDir()) if err != nil { t.Fatalf("Failed to construct command for %s", procName) } if (c.Run() == nil) != s.success { result := "succeed" if !s.success { result = "fail" } t.Fatalf("Process did not %s when it was supposed to", result) } } func TestMain(m *testing.M) { flag.Parse() if procName != "" { t := testProcs[procName] t.fn() os.Stderr.WriteString("test function did not exit\n") if t.success { os.Exit(1) } else { os.Exit(0) } } os.Exit(m.Run()) } // end of infrastructure const testfile = "gocapmodetest" const testfile2 = testfile + "2" func CapEnterTest() { _, err := os.OpenFile(filepath.Join(procArg, testfile), os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666) if err != nil { panic(fmt.Sprintf("OpenFile: %s", err)) } err = unix.CapEnter() if err != nil { panic(fmt.Sprintf("CapEnter: %s", err)) } _, err = os.OpenFile(filepath.Join(procArg, testfile2), os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666) if err == nil { panic("OpenFile works!") } if err.(*os.PathError).Err != unix.ECAPMODE { panic(fmt.Sprintf("OpenFile failed wrong: %s %#v", err, err)) } os.Exit(0) } func init() { testProcs["cap_enter"] = testProc{ CapEnterTest, true, } } func TestCapEnter(t *testing.T) { if runtime.GOARCH != "amd64" { t.Skipf("skipping test on %s", runtime.GOARCH) } ExitsCorrectly(t, "cap_enter") } func OpenatTest() { f, err := os.Open(procArg) if err != nil { panic(err) } err = unix.CapEnter() if err != nil { panic(fmt.Sprintf("CapEnter: %s", err)) } fxx, err := unix.Openat(int(f.Fd()), "xx", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666) if err != nil { panic(err) } unix.Close(fxx) // The right to open BASE/xx is not ambient _, err = os.OpenFile(procArg+"/xx", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666) if err == nil { panic("OpenFile succeeded") } if err.(*os.PathError).Err != unix.ECAPMODE { panic(fmt.Sprintf("OpenFile failed wrong: %s %#v", err, err)) } // Can't make a new directory either err = os.Mkdir(procArg+"2", 0777) if err == nil { panic("MKdir succeeded") } if err.(*os.PathError).Err != unix.ECAPMODE { panic(fmt.Sprintf("Mkdir failed wrong: %s %#v", err, err)) } // Remove all caps except read and lookup. r, err := unix.CapRightsInit([]uint64{unix.CAP_READ, unix.CAP_LOOKUP}) if err != nil { panic(fmt.Sprintf("CapRightsInit failed: %s %#v", err, err)) } err = unix.CapRightsLimit(f.Fd(), r) if err != nil { panic(fmt.Sprintf("CapRightsLimit failed: %s %#v", err, err)) } // Check we can get the rights back again r, err = unix.CapRightsGet(f.Fd()) if err != nil { panic(fmt.Sprintf("CapRightsGet failed: %s %#v", err, err)) } b, err := unix.CapRightsIsSet(r, []uint64{unix.CAP_READ, unix.CAP_LOOKUP}) if err != nil { panic(fmt.Sprintf("CapRightsIsSet failed: %s %#v", err, err)) } if !b { panic("Unexpected rights") } b, err = unix.CapRightsIsSet(r, []uint64{unix.CAP_READ, unix.CAP_LOOKUP, unix.CAP_WRITE}) if err != nil { panic(fmt.Sprintf("CapRightsIsSet failed: %s %#v", err, err)) } if b { panic("Unexpected rights (2)") } // Can no longer create a file _, err = unix.Openat(int(f.Fd()), "xx2", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666) if err == nil { panic("Openat succeeded") } if err != unix.ENOTCAPABLE { panic(fmt.Sprintf("OpenFileAt failed wrong: %s %#v", err, err)) } // But can read an existing one _, err = unix.Openat(int(f.Fd()), "xx", os.O_RDONLY, 0666) if err != nil { panic(fmt.Sprintf("Openat failed: %s %#v", err, err)) } os.Exit(0) } func init() { testProcs["openat"] = testProc{ OpenatTest, true, } } func TestOpenat(t *testing.T) { if runtime.GOARCH != "amd64" { t.Skipf("skipping test on %s", runtime.GOARCH) } ExitsCorrectly(t, "openat") } func TestCapRightsSetAndClear(t *testing.T) { r, err := unix.CapRightsInit([]uint64{unix.CAP_READ, unix.CAP_WRITE, unix.CAP_PDWAIT}) if err != nil { t.Fatalf("CapRightsInit failed: %s", err) } err = unix.CapRightsSet(r, []uint64{unix.CAP_EVENT, unix.CAP_LISTEN}) if err != nil { t.Fatalf("CapRightsSet failed: %s", err) } b, err := unix.CapRightsIsSet(r, []uint64{unix.CAP_READ, unix.CAP_WRITE, unix.CAP_PDWAIT, unix.CAP_EVENT, unix.CAP_LISTEN}) if err != nil { t.Fatalf("CapRightsIsSet failed: %s", err) } if !b { t.Fatalf("Wrong rights set") } err = unix.CapRightsClear(r, []uint64{unix.CAP_READ, unix.CAP_PDWAIT}) if err != nil { t.Fatalf("CapRightsClear failed: %s", err) } b, err = unix.CapRightsIsSet(r, []uint64{unix.CAP_WRITE, unix.CAP_EVENT, unix.CAP_LISTEN}) if err != nil { t.Fatalf("CapRightsIsSet failed: %s", err) } if !b { t.Fatalf("Wrong rights set") } } func TestGetsockoptXucred(t *testing.T) { fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_STREAM, 0) if err != nil { t.Fatalf("Socketpair: %v", err) } srvFile := os.NewFile(uintptr(fds[0]), "server") cliFile := os.NewFile(uintptr(fds[1]), "client") defer srvFile.Close() defer cliFile.Close() srv, err := net.FileConn(srvFile) if err != nil { t.Fatalf("FileConn: %v", err) } defer srv.Close() cli, err := net.FileConn(cliFile) if err != nil { t.Fatalf("FileConn: %v", err) } defer cli.Close() cred, err := unix.GetsockoptXucred(fds[1], unix.SOL_LOCAL, unix.LOCAL_PEERCRED) if err == unix.ENOTCONN { t.Skip("GetsockoptXucred not supported with Socketpair on FreeBSD 11 and earlier") } else if err != nil { t.Fatal(err) } t.Logf("got: %+v", cred) if got, want := cred.Uid, os.Getuid(); int(got) != int(want) { t.Errorf("uid = %v; want %v", got, want) } } // stringsFromByteSlice converts a sequence of attributes to a []string. // On FreeBSD, each entry consists of a single byte containing the length // of the attribute name, followed by the attribute name. // The name is _not_ NULL-terminated. func stringsFromByteSlice(buf []byte) []string { var result []string i := 0 for i < len(buf) { next := i + 1 + int(buf[i]) result = append(result, string(buf[i+1:next])) i = next } return result }