diff options
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/regression/priv/Makefile | 1 | ||||
| -rw-r--r-- | tools/regression/priv/main.c | 3 | ||||
| -rw-r--r-- | tools/regression/priv/main.h | 4 | ||||
| -rw-r--r-- | tools/regression/priv/priv_netinet_ipsec.c | 85 |
4 files changed, 93 insertions, 0 deletions
diff --git a/tools/regression/priv/Makefile b/tools/regression/priv/Makefile index 2a63ecc..1377513 100644 --- a/tools/regression/priv/Makefile +++ b/tools/regression/priv/Makefile @@ -16,6 +16,7 @@ SRCS= main.c \ priv_kenv_set.c \ priv_kenv_unset.c \ priv_msgbuf.c \ + priv_netinet_ipsec.c \ priv_netinet_raw.c \ priv_proc_setlogin.c \ priv_proc_setrlimit.c \ diff --git a/tools/regression/priv/main.c b/tools/regression/priv/main.c index a9faa98..11f9249 100644 --- a/tools/regression/priv/main.c +++ b/tools/regression/priv/main.c @@ -135,6 +135,9 @@ static struct test tests[] = { { "priv_msgbuf_unprivok", priv_msgbuf_unprivok_setup, priv_msgbuf_unprivok, priv_msgbuf_cleanup }, + { "priv_netinet_ipsec_pfkey", priv_netinet_ipsec_pfkey_setup, + priv_netinet_ipsec_pfkey, priv_netinet_ipsec_pfkey_cleanup }, + { "priv_netinet_raw", priv_netinet_raw_setup, priv_netinet_raw, priv_netinet_raw_cleanup }, diff --git a/tools/regression/priv/main.h b/tools/regression/priv/main.h index d863feb..04c992e 100644 --- a/tools/regression/priv/main.h +++ b/tools/regression/priv/main.h @@ -138,6 +138,10 @@ void priv_msgbuf_unprivok(int, int, struct test *); void priv_msgbuf_cleanup(int, int, struct test *); +int priv_netinet_ipsec_pfkey_setup(int, int, struct test *); +void priv_netinet_ipsec_pfkey(int, int, struct test *); +void priv_netinet_ipsec_pfkey_cleanup(int, int, struct test *); + int priv_netinet_raw_setup(int, int, struct test *); void priv_netinet_raw(int, int, struct test *); void priv_netinet_raw_cleanup(int, int, struct test *); diff --git a/tools/regression/priv/priv_netinet_ipsec.c b/tools/regression/priv/priv_netinet_ipsec.c new file mode 100644 index 0000000..e3729c6 --- /dev/null +++ b/tools/regression/priv/priv_netinet_ipsec.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2007 Bjoern A. Zeeb + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, + * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* + * Confirm that privilege is required to open a pfkey socket, and that this + * is not allowed in jail. + */ + +#include <sys/types.h> +#include <sys/socket.h> +#include <net/pfkeyv2.h> + +#include <errno.h> +#include <unistd.h> + +#include "main.h" + +int +priv_netinet_ipsec_pfkey_setup(int asroot, int injail, struct test *test) +{ + + return (0); +} + +void +priv_netinet_ipsec_pfkey(int asroot, int injail, struct test *test) +{ + int error, fd; + + fd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); + if (fd < 0) + error = -1; + else + error = 0; + /* + * The injail checks are not really priv checks but making sure + * sys/kern/uipc_socket.c:socreate cred checks are working correctly. + */ + if (asroot && injail) + expect("priv_netinet_ipsec_pfkey(asroot, injail)", error, + -1, EPROTONOSUPPORT); + if (asroot && !injail) + expect("priv_netinet_ipsec_pfkey(asroot, !injail)", error, + 0, 0); + if (!asroot && injail) + expect("priv_netinet_ipsec_pfkey(!asroot, injail)", error, + -1, EPROTONOSUPPORT); + if (!asroot && !injail) + expect("priv_netinet_ipsec_pfkey(!asroot, !injail)", error, + -1, EPERM); + if (fd >= 0) + (void)close(fd); +} + +void +priv_netinet_ipsec_pfkey_cleanup(int asroot, int injail, struct test *test) +{ + +} + |
