10Sstevel@tonic-gate# 2*12388SJohn.Sonnenschein@Sun.COM# Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. 30Sstevel@tonic-gate# 4*12388SJohn.Sonnenschein@Sun.COM 50Sstevel@tonic-gate# 60Sstevel@tonic-gate# test script for Sun::Solaris::Ucred 70Sstevel@tonic-gate# 80Sstevel@tonic-gate 90Sstevel@tonic-gate$^W = 1; 100Sstevel@tonic-gateuse strict; 110Sstevel@tonic-gateuse Data::Dumper; 120Sstevel@tonic-gateuse English; 130Sstevel@tonic-gate$Data::Dumper::Terse = 1; 140Sstevel@tonic-gate$Data::Dumper::Indent = 0; 150Sstevel@tonic-gate 160Sstevel@tonic-gate 170Sstevel@tonic-gateuse Sun::Solaris::Privilege qw(:ALL); 180Sstevel@tonic-gateuse Sun::Solaris::Project qw(:ALL); 190Sstevel@tonic-gate 200Sstevel@tonic-gate# 210Sstevel@tonic-gate# Status reporting utils 220Sstevel@tonic-gate# 230Sstevel@tonic-gate 240Sstevel@tonic-gateuse vars qw($test); 250Sstevel@tonic-gate$test = 1; 260Sstevel@tonic-gate 270Sstevel@tonic-gatesub pass 280Sstevel@tonic-gate{ 290Sstevel@tonic-gate print("ok $test $@\n"); 300Sstevel@tonic-gate $test++; 310Sstevel@tonic-gate} 320Sstevel@tonic-gate 330Sstevel@tonic-gatesub fail 340Sstevel@tonic-gate{ 350Sstevel@tonic-gate print("not ok $test $@\n"); 360Sstevel@tonic-gate $test++; 370Sstevel@tonic-gate} 380Sstevel@tonic-gate 390Sstevel@tonic-gatesub fatal 400Sstevel@tonic-gate{ 410Sstevel@tonic-gate print("not ok $test $@\n"); 420Sstevel@tonic-gate exit(1); 430Sstevel@tonic-gate} 440Sstevel@tonic-gate 450Sstevel@tonic-gatemy $errs; 460Sstevel@tonic-gate 470Sstevel@tonic-gatesub report 480Sstevel@tonic-gate{ 490Sstevel@tonic-gate if ($errs) { 500Sstevel@tonic-gate fail(); 510Sstevel@tonic-gate } else { 520Sstevel@tonic-gate pass(); 530Sstevel@tonic-gate } 540Sstevel@tonic-gate $errs = 0; 550Sstevel@tonic-gate} 560Sstevel@tonic-gate 570Sstevel@tonic-gatesub ucred_verify 580Sstevel@tonic-gate{ 590Sstevel@tonic-gate my ($ucred) = @_; 600Sstevel@tonic-gate 610Sstevel@tonic-gate my $pid = ucred_getpid($ucred); 620Sstevel@tonic-gate 630Sstevel@tonic-gate $errs++ unless (!defined $pid || $pid == $$); 640Sstevel@tonic-gate $errs++ unless (ucred_geteuid($ucred) == $EUID); 650Sstevel@tonic-gate $errs++ unless (ucred_getruid($ucred) == $UID); 660Sstevel@tonic-gate $errs++ unless (ucred_getegid($ucred) == $EGID); 670Sstevel@tonic-gate $errs++ unless (ucred_getrgid($ucred) == $GID); 680Sstevel@tonic-gate $errs++ unless (ucred_getprojid($ucred) == getprojid()); 690Sstevel@tonic-gate foreach my $f (PRIV_AWARE, PRIV_DEBUG) { 700Sstevel@tonic-gate $errs++ unless (ucred_getpflags($ucred, $f) == getpflags($f)); 710Sstevel@tonic-gate } 720Sstevel@tonic-gate 730Sstevel@tonic-gate # Get a sorted list of groups; the real gid is first and we need 740Sstevel@tonic-gate # to shift that one out of the way first. 750Sstevel@tonic-gate my @gr = split(/\s+/, $(); 760Sstevel@tonic-gate shift @gr; 770Sstevel@tonic-gate @gr = sort {$a <=> $b} (@gr); 780Sstevel@tonic-gate my @ucgr = sort {$a <=> $b} ucred_getgroups($ucred); 790Sstevel@tonic-gate 800Sstevel@tonic-gate $errs++ unless ("@gr" eq "@ucgr"); 810Sstevel@tonic-gate 820Sstevel@tonic-gate foreach my $s (keys %PRIVSETS) { 830Sstevel@tonic-gate my $set = ucred_getprivset($ucred, $s); 840Sstevel@tonic-gate $errs++ unless priv_isequalset($set, getppriv($s)); 850Sstevel@tonic-gate } 860Sstevel@tonic-gate} 870Sstevel@tonic-gate 880Sstevel@tonic-gate# 890Sstevel@tonic-gate# Main body of tests starts here 900Sstevel@tonic-gate# 910Sstevel@tonic-gate 920Sstevel@tonic-gatemy ($loaded, $line) = (1, 0); 930Sstevel@tonic-gatemy $fh = do { local *FH; *FH; }; 940Sstevel@tonic-gate 950Sstevel@tonic-gate# 960Sstevel@tonic-gate# 1. Check the module loads 970Sstevel@tonic-gate# 980Sstevel@tonic-gateBEGIN { $| = 1; print "1..5\n"; } 990Sstevel@tonic-gateEND { print "not ok 1\n" unless $loaded; } 1000Sstevel@tonic-gateuse Sun::Solaris::Ucred qw(:ALL); 1010Sstevel@tonic-gate$loaded = 1; 1020Sstevel@tonic-gatepass(); 1030Sstevel@tonic-gate 1040Sstevel@tonic-gate# 1050Sstevel@tonic-gate# 2. ucred_get works. 1060Sstevel@tonic-gate# 1070Sstevel@tonic-gate 1080Sstevel@tonic-gatemy $ucred = ucred_get($$); 1090Sstevel@tonic-gate 1100Sstevel@tonic-gate$errs++ unless defined $ucred; 1110Sstevel@tonic-gate 1120Sstevel@tonic-gatereport(); 1130Sstevel@tonic-gate 1140Sstevel@tonic-gate# 1150Sstevel@tonic-gate# 3. Returned ucred matches perl's idea of the process' credentials. 1160Sstevel@tonic-gate# 1170Sstevel@tonic-gateif (defined $ucred) { 1180Sstevel@tonic-gate ucred_verify($ucred); 1190Sstevel@tonic-gate} 1200Sstevel@tonic-gatereport(); 1210Sstevel@tonic-gate 1220Sstevel@tonic-gate# 1230Sstevel@tonic-gate# 4. Create a socketpair; make sure that the ucred returned 1240Sstevel@tonic-gate# is mine. 1250Sstevel@tonic-gate# 1260Sstevel@tonic-gate 1270Sstevel@tonic-gateuse IO::Socket::UNIX; 1280Sstevel@tonic-gate 1290Sstevel@tonic-gatemy ($unix) = new IO::Socket::UNIX; 1300Sstevel@tonic-gatemy ($s1, $s2) = $unix->socketpair(AF_UNIX, SOCK_STREAM, 0); 1310Sstevel@tonic-gate 1320Sstevel@tonic-gateif ($ucred = getpeerucred(fileno($s1))) { 1330Sstevel@tonic-gate ucred_verify($ucred); 1340Sstevel@tonic-gate} else { 1350Sstevel@tonic-gate $errs++; 1360Sstevel@tonic-gate} 1370Sstevel@tonic-gateclose($s1); 1380Sstevel@tonic-gateclose($s2); 1390Sstevel@tonic-gate 1400Sstevel@tonic-gate($s1, $s2) = $unix->socketpair(AF_UNIX, SOCK_SEQPACKET, 0); 1410Sstevel@tonic-gate 1420Sstevel@tonic-gateif ($ucred = getpeerucred(fileno($s1))) { 1430Sstevel@tonic-gate ucred_verify($ucred); 1440Sstevel@tonic-gate} else { 1450Sstevel@tonic-gate $errs++; 1460Sstevel@tonic-gate} 1470Sstevel@tonic-gateclose($s1); 1480Sstevel@tonic-gateclose($s2); 1490Sstevel@tonic-gatereport(); 1500Sstevel@tonic-gate 1510Sstevel@tonic-gate# 1520Sstevel@tonic-gate# 5. Create a AF_INET loopback connected socket and call getpeerucred(). 1530Sstevel@tonic-gate# 1540Sstevel@tonic-gateuse IO::Socket::INET; 1550Sstevel@tonic-gate 1560Sstevel@tonic-gatemy $inet = new IO::Socket::INET; 1570Sstevel@tonic-gate 1580Sstevel@tonic-gate$s1 = $inet->socket(AF_INET, SOCK_STREAM, 0); 1590Sstevel@tonic-gate$inet = new IO::Socket::INET; 1600Sstevel@tonic-gate$s2 = $inet->socket(AF_INET, SOCK_STREAM, 0); 1610Sstevel@tonic-gate 1620Sstevel@tonic-gate$s1->bind(0, inet_aton("localhost")); 1630Sstevel@tonic-gate$s1->listen(0); 1640Sstevel@tonic-gate 1650Sstevel@tonic-gate$s2->connect($s1->sockname); 1660Sstevel@tonic-gatemy $s3 = $s1->accept(); 1670Sstevel@tonic-gate 1680Sstevel@tonic-gate# getpeerucred on the accepter should fail 1690Sstevel@tonic-gate$errs++ if getpeerucred(fileno($s1)); 1700Sstevel@tonic-gate# but on the other two it should succeed. 1710Sstevel@tonic-gate 1720Sstevel@tonic-gateforeach my $s ($s2, $s3) { 1730Sstevel@tonic-gate if ($ucred = getpeerucred(fileno($s))) { 1740Sstevel@tonic-gate ucred_verify($ucred); 1750Sstevel@tonic-gate } else { 1760Sstevel@tonic-gate $errs++; 1770Sstevel@tonic-gate } 1780Sstevel@tonic-gate} 1790Sstevel@tonic-gatereport(); 180