priv_netinet_ipsec.c revision 173578
1/*- 2 * Copyright (c) 2007 Bjoern A. Zeeb 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 18 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 20 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 22 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 23 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 24 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * 26 * $FreeBSD: head/tools/regression/priv/priv_netinet_ipsec.c 173578 2007-11-13 08:59:29Z bz $ 27 */ 28 29/* 30 * Confirm that privilege is required to open a pfkey socket, and that this 31 * is not allowed in jail. 32 */ 33 34#include <sys/types.h> 35#include <sys/socket.h> 36#include <net/pfkeyv2.h> 37 38#include <errno.h> 39#include <unistd.h> 40 41#include "main.h" 42 43int 44priv_netinet_ipsec_pfkey_setup(int asroot, int injail, struct test *test) 45{ 46 47 return (0); 48} 49 50void 51priv_netinet_ipsec_pfkey(int asroot, int injail, struct test *test) 52{ 53 int error, fd; 54 55 fd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); 56 if (fd < 0) 57 error = -1; 58 else 59 error = 0; 60 /* 61 * The injail checks are not really priv checks but making sure 62 * sys/kern/uipc_socket.c:socreate cred checks are working correctly. 63 */ 64 if (asroot && injail) 65 expect("priv_netinet_ipsec_pfkey(asroot, injail)", error, 66 -1, EPROTONOSUPPORT); 67 if (asroot && !injail) 68 expect("priv_netinet_ipsec_pfkey(asroot, !injail)", error, 69 0, 0); 70 if (!asroot && injail) 71 expect("priv_netinet_ipsec_pfkey(!asroot, injail)", error, 72 -1, EPROTONOSUPPORT); 73 if (!asroot && !injail) 74 expect("priv_netinet_ipsec_pfkey(!asroot, !injail)", error, 75 -1, EPERM); 76 if (fd >= 0) 77 (void)close(fd); 78} 79 80void 81priv_netinet_ipsec_pfkey_cleanup(int asroot, int injail, struct test *test) 82{ 83 84} 85 86