Date: Wed, 10 Jun 2026 12:36:07 +0000 From: Warner Losh <imp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Cc: K Rin <rin@sandb0x.tw> Subject: git: ce08af63788d - main - mac_portacl tests: rewrite the test program and test unspecific family. Message-ID: <6a295a37.3c925.67cb7b66@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=ce08af63788da219c0c5826fc3f2345fb2ce29f4 commit ce08af63788da219c0c5826fc3f2345fb2ce29f4 Author: K Rin <rin@sandb0x.tw> AuthorDate: 2025-04-12 03:05:47 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2026-06-10 12:35:03 +0000 mac_portacl tests: rewrite the test program and test unspecific family. Reviewed by: imp,emaste Pull Request: https://github.com/freebsd/freebsd-src/pull/1659 --- tests/sys/mac/portacl/Makefile | 2 ++ tests/sys/mac/portacl/bind.c | 60 ++++++++++++++++++++++++++++++++++++++++++ tests/sys/mac/portacl/misc.sh | 55 ++++++++++++++++++++++---------------- 3 files changed, 94 insertions(+), 23 deletions(-) diff --git a/tests/sys/mac/portacl/Makefile b/tests/sys/mac/portacl/Makefile index 2b0f4634c802..2ae55d30f7fc 100644 --- a/tests/sys/mac/portacl/Makefile +++ b/tests/sys/mac/portacl/Makefile @@ -1,9 +1,11 @@ PACKAGE= tests TESTSDIR= ${TESTSBASE}/sys/mac/portacl +BINDIR= ${TESTSDIR} ${PACKAGE}FILES+= misc.sh +PROGS+= bind TAP_TESTS_SH+= nobody_test TAP_TESTS_SH+= root_test diff --git a/tests/sys/mac/portacl/bind.c b/tests/sys/mac/portacl/bind.c new file mode 100644 index 000000000000..1cb64ba23b81 --- /dev/null +++ b/tests/sys/mac/portacl/bind.c @@ -0,0 +1,60 @@ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netdb.h> + +int main(int argc, char *argv[]) +{ + if (argc < 5) { + fprintf(stderr, "Usage: %s family host protocol port\n", argv[0]); + return 1; + } + int family = atoi(argv[1]); + const char *host = argv[2]; + const char *protocol = argv[3]; + const char *port = argv[4]; + int sock_type; + if (strcmp(protocol, "tcp") == 0) + sock_type = SOCK_STREAM; + else if (strcmp(protocol, "udp") == 0) + sock_type = SOCK_DGRAM; + else { + fprintf(stderr, "Unsupported protocol: %s\n", protocol); + return 1; + } + struct addrinfo hints, *res; + memset(&hints, 0, sizeof(hints)); + hints.ai_family = family; + hints.ai_socktype = sock_type; + hints.ai_flags = AI_PASSIVE; + int err = getaddrinfo(host, port, &hints, &res); + if (err != 0) { + fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(err)); + return 1; + } + int sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol); + if (sock < 0) { + freeaddrinfo(res); + return 1; + } + int opt = 1; + setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); + if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { + if (errno == EACCES || errno == EPERM) + printf("bind_error: permission denied.\n"); + else + printf("bind error: %s\n", strerror(errno)); + close(sock); + freeaddrinfo(res); + return 1; + } + printf("ok\n"); + close(sock); + freeaddrinfo(res); + return 0; +} + diff --git a/tests/sys/mac/portacl/misc.sh b/tests/sys/mac/portacl/misc.sh index 4d3f18fce1c1..da022556a854 100644 --- a/tests/sys/mac/portacl/misc.sh +++ b/tests/sys/mac/portacl/misc.sh @@ -1,5 +1,17 @@ #!/bin/sh +dir=`dirname $0` + +sysctl security.mac.portacl >/dev/null 2>&1 +if [ $? -ne 0 ]; then + echo "1..0 # SKIP MAC_PORTACL is unavailable." + exit 0 +fi +if [ $(id -u) -ne 0 ]; then + echo "1..0 # SKIP testcases must be run as root" + exit 0 +fi + ntest=1 check_bind() { @@ -15,32 +27,29 @@ check_bind() { [ "${proto}" = "udp" ] && udpflag="-u" - out=$( - case "${idtype}" in - uid|gid) - ( echo -n | su -m ${name} -c "nc ${udpflag} -l -w ${timeout} $host $port" 2>&1 ) & - ;; - jail) - kill $$ - ;; - *) - kill $$ - esac - sleep 0.3 - echo | nc ${udpflag} -w ${timeout} $host $port >/dev/null 2>&1 - wait - ) - case "${out}" in - "nc: Permission denied"*|"nc: Operation not permitted"*) - echo fl + case "${idtype}" in + uid|gid) + su -m ${name} -c "${dir}/bind 0 ${host} ${proto} ${port}" > /dev/null # unspec + retval1=$? + su -m ${name} -c "${dir}/bind 2 ${host} ${proto} ${port}" > /dev/null # inet + retval2=$? + if [ $retval1 -ne $retval2 ]; then + echo inconsistent + return + fi + if [ $retval1 -ne 0 ]; then + echo fl + return + fi ;; - "") - echo ok + jail) + kill $$ ;; *) - echo ${out} - ;; + kill $$ esac + + echo ok } bind_test() { @@ -57,7 +66,7 @@ bind_test() { out=$(check_bind ${idtype} ${name} ${proto} ${port}) if [ "${out}" = "${expect_without_rule}" ]; then echo "ok ${ntest}" - elif [ "${out}" = "ok" -o "${out}" = "fl" ]; then + elif [ "${out}" = "ok" -o "${out}" = "fl" -o "${out}" = "inconsistent" ]; then echo "not ok ${ntest} # '${out}' != '${expect_without_rule}'" else echo "not ok ${ntest} # unexpected output: '${out}'"home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a295a37.3c925.67cb7b66>