PERFORCE change 163894 for review

Tue Jun 9 14:06:53 UTC 2009

http://perforce.freebsd.org/chv.cgi?CH=163894

Change 163894 by rwatson at rwatson_freebsd_capabilities on 2009/06/09 14:06:35

	Add additional syscalls to regression tests for capability mode:
	bind(), connect(), sendto() with and without address arguments.
	fork() is now OK, but waitpid() is not.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/tools/regression/security/cap_test/cap_test_syscalls.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/tools/regression/security/cap_test/cap_test_syscalls.c#5 (text+ko) ====

@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/tools/regression/security/cap_test/cap_test_syscalls.c#4 $");
+__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/tools/regression/security/cap_test/cap_test_syscalls.c#5 $");
 
 #include <sys/param.h>
 #include <sys/capability.h>
@@ -43,6 +43,8 @@
 #include <sys/stat.h>
 #include <sys/wait.h>
 
+#include <netinet/in.h>
+
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -55,6 +57,7 @@
 void
 test_syscalls(void)
 {
+	struct sockaddr_in sin;
 	struct statfs statfs;
 	struct pollfd pollfd;
 	struct stat sb;
@@ -96,6 +99,11 @@
 	if (cap_enter() < 0)
 		err(-1, "test_syscalls:prep: cap_enter");
 
+
+	bzero(&sin, sizeof(sin));
+	sin.sin_len = sizeof(sin);
+	sin.sin_family = AF_INET;
+
 	/*
 	 * Here begin the tests, sorted roughly alphabetically by system call
 	 * name.
@@ -121,6 +129,12 @@
 	} else
 		warnx("test_syscalls:acct succeeded");
 
+	if (bind(PF_INET, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
+		if (errno != ENOSYS)
+			warnx("test_syscall:bind %d", errno);
+	} else
+		warnx("test_syscall:bind succeeded");
+
 	if (chdir("/tmp/cap_test_syscalls_chdir") < 0) {
 		if (errno != ENOSYS)
 			warnx("test_syscalls:chdir %d", errno);
@@ -158,6 +172,12 @@
 			warnx("test_syscalls:close %d", errno);
 	}
 
+	if (connect(PF_INET, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
+		if (errno != ENOSYS)
+			warnx("test_syscall:connect %d", errno);
+	} else
+		warnx("test_syscall:connect succeeded");
+
 	fd = creat("/tmp/cap_test_syscalls_creat", 0644);
 	if (fd >= 0) {
 		warnx("test_syscalls:creat succeeded");
@@ -188,17 +208,15 @@
 		if (pid == 0) {
 			exit(0);
 		} else if (pid > 0) {
-			warnx("test_syscalls:fork succeeded");
 			wpid = waitpid(pid, NULL, 0);
 			if (wpid < 0) {
-				if (errno == ENOSYS)
-					warnx("test_syscalls:waitpid ENOSYS");
-				else
+				if (errno != ENOSYS)
 					warnx("test_syscalls:waitpid %d",
 					    errno);
-			}
+			} else
+				warnx("test_syscalls:waitpid succeeded");
 		}
-	} else if (errno != ENOSYS)
+	} else
 		warnx("test_syscalls:fork %d", errno);
 
 	if (fstat(fd_file, &sb) < 0) {
@@ -379,6 +397,15 @@
 	if (len < 0 && errno == ENOSYS)
 		warnx("test_syscalls:sendmsg ENOSYS");
 
+	len = sendto(fd_socket, NULL, 0, 0, NULL, 0);
+	if (len < 0 && errno == ENOSYS)
+		warnx("test_syscalls:sendmesg %d", errno);
+
+	len = sendto(fd_socket, NULL, 0, 0, (struct sockaddr *)&sin,
+	    sizeof(sin));
+	if (len < 0 && errno != ENOSYS)
+		warnx("test_syscalls:sendmesg %d", errno);
+
 	if (setuid(getuid()) < 0) {
 		if (errno == ENOSYS)
 			warnx("test_syscalls:setuid ENOSYS");
