vendor/golang.org/x/sys/unix/creds_test.go

   1 // Copyright 2012 The Go Authors.  All rights reserved.
   2 // Use of this source code is governed by a BSD-style
   3 // license that can be found in the LICENSE file.
   4
   5 // +build linux
   6
   7 package unix_test
   8
   9 import (
  10         "bytes"
  11         "net"
  12         "os"
  13         "syscall"
  14         "testing"
  15
  16         "golang.org/x/sys/unix"
  17 )
  18
  19 // TestSCMCredentials tests the sending and receiving of credentials
  20 // (PID, UID, GID) in an ancillary message between two UNIX
  21 // sockets. The SO_PASSCRED socket option is enabled on the sending
  22 // socket for this to work.
  23 func TestSCMCredentials(t *testing.T) {
  24         socketTypeTests := []struct {
  25                 socketType int
  26                 dataLen    int
  27         }{
  28                 {
  29                         unix.SOCK_STREAM,
  30                         1,
  31                 }, {
  32                         unix.SOCK_DGRAM,
  33                         0,
  34                 },
  35         }
  36
  37         for _, tt := range socketTypeTests {
  38                 fds, err := unix.Socketpair(unix.AF_LOCAL, tt.socketType, 0)
  39                 if err != nil {
  40                         t.Fatalf("Socketpair: %v", err)
  41                 }
  42                 defer unix.Close(fds[0])
  43                 defer unix.Close(fds[1])
  44
  45                 err = unix.SetsockoptInt(fds[0], unix.SOL_SOCKET, unix.SO_PASSCRED, 1)
  46                 if err != nil {
  47                         t.Fatalf("SetsockoptInt: %v", err)
  48                 }
  49
  50                 srvFile := os.NewFile(uintptr(fds[0]), "server")
  51                 defer srvFile.Close()
  52                 srv, err := net.FileConn(srvFile)
  53                 if err != nil {
  54                         t.Errorf("FileConn: %v", err)
  55                         return
  56                 }
  57                 defer srv.Close()
  58
  59                 cliFile := os.NewFile(uintptr(fds[1]), "client")
  60                 defer cliFile.Close()
  61                 cli, err := net.FileConn(cliFile)
  62                 if err != nil {
  63                         t.Errorf("FileConn: %v", err)
  64                         return
  65                 }
  66                 defer cli.Close()
  67
  68                 var ucred unix.Ucred
  69                 if os.Getuid() != 0 {
  70                         ucred.Pid = int32(os.Getpid())
  71                         ucred.Uid = 0
  72                         ucred.Gid = 0
  73                         oob := unix.UnixCredentials(&ucred)
  74                         _, _, err := cli.(*net.UnixConn).WriteMsgUnix(nil, oob, nil)
  75                         if op, ok := err.(*net.OpError); ok {
  76                                 err = op.Err
  77                         }
  78                         if sys, ok := err.(*os.SyscallError); ok {
  79                                 err = sys.Err
  80                         }
  81                         if err != syscall.EPERM {
  82                                 t.Fatalf("WriteMsgUnix failed with %v, want EPERM", err)
  83                         }
  84                 }
  85
  86                 ucred.Pid = int32(os.Getpid())
  87                 ucred.Uid = uint32(os.Getuid())
  88                 ucred.Gid = uint32(os.Getgid())
  89                 oob := unix.UnixCredentials(&ucred)
  90
  91                 // On SOCK_STREAM, this is internally going to send a dummy byte
  92                 n, oobn, err := cli.(*net.UnixConn).WriteMsgUnix(nil, oob, nil)
  93                 if err != nil {
  94                         t.Fatalf("WriteMsgUnix: %v", err)
  95                 }
  96                 if n != 0 {
  97                         t.Fatalf("WriteMsgUnix n = %d, want 0", n)
  98                 }
  99                 if oobn != len(oob) {
 100                         t.Fatalf("WriteMsgUnix oobn = %d, want %d", oobn, len(oob))
 101                 }
 102
 103                 oob2 := make([]byte, 10*len(oob))
 104                 n, oobn2, flags, _, err := srv.(*net.UnixConn).ReadMsgUnix(nil, oob2)
 105                 if err != nil {
 106                         t.Fatalf("ReadMsgUnix: %v", err)
 107                 }
 108                 if flags != 0 {
 109                         t.Fatalf("ReadMsgUnix flags = 0x%x, want 0", flags)
 110                 }
 111                 if n != tt.dataLen {
 112                         t.Fatalf("ReadMsgUnix n = %d, want %d", n, tt.dataLen)
 113                 }
 114                 if oobn2 != oobn {
 115                         // without SO_PASSCRED set on the socket, ReadMsgUnix will
 116                         // return zero oob bytes
 117                         t.Fatalf("ReadMsgUnix oobn = %d, want %d", oobn2, oobn)
 118                 }
 119                 oob2 = oob2[:oobn2]
 120                 if !bytes.Equal(oob, oob2) {
 121                         t.Fatal("ReadMsgUnix oob bytes don't match")
 122                 }
 123
 124                 scm, err := unix.ParseSocketControlMessage(oob2)
 125                 if err != nil {
 126                         t.Fatalf("ParseSocketControlMessage: %v", err)
 127                 }
 128                 newUcred, err := unix.ParseUnixCredentials(&scm[0])
 129                 if err != nil {
 130                         t.Fatalf("ParseUnixCredentials: %v", err)
 131                 }
 132                 if *newUcred != ucred {
 133                         t.Fatalf("ParseUnixCredentials = %+v, want %+v", newUcred, ucred)
 134                 }
 135         }
 136 }