misc.sh revision 292251
1#!/bin/sh 2# $FreeBSD: stable/10/tools/regression/mac/mac_portacl/misc.sh 292251 2015-12-15 05:47:05Z ngie $ 3 4sysctl security.mac.portacl >/dev/null 2>&1 5if [ $? -ne 0 ]; then 6 echo "1..0 # SKIP MAC_PORTACL is unavailable." 7 exit 0 8fi 9 10ntest=1 11 12check_bind() { 13 idtype=${1} 14 name=${2} 15 proto=${3} 16 port=${4} 17 18 [ "${proto}" = "udp" ] && udpflag="-u" 19 20 out=`( 21 case "${idtype}" in 22 uid|gid) 23 ( echo -n | su -m ${name} -c "nc ${udpflag} -o -l 127.0.0.1 $port" 2>&1 ) & 24 ;; 25 jail) 26 kill $$ 27 ;; 28 *) 29 kill $$ 30 esac 31 sleep 0.3 32 echo | nc ${udpflag} -o 127.0.0.1 $port >/dev/null 2>&1 33 wait 34 )` 35 case "${out}" in 36 "nc: Permission denied"*|"nc: Operation not permitted"*) 37 echo fl 38 ;; 39 "") 40 echo ok 41 ;; 42 *) 43 echo ${out} 44 ;; 45 esac 46} 47 48bind_test() { 49 expect_without_rule=${1} 50 expect_with_rule=${2} 51 idtype=${3} 52 name=${4} 53 proto=${5} 54 port=${6} 55 56 sysctl security.mac.portacl.rules= >/dev/null 57 out=`check_bind ${idtype} ${name} ${proto} ${port}` 58 if [ "${out}" = "${expect_without_rule}" ]; then 59 echo "ok ${ntest}" 60 elif [ "${out}" = "ok" -o "${out}" = "fl" ]; then 61 echo "not ok ${ntest}" 62 else 63 echo "not ok ${ntest} # ${out}" 64 fi 65 ntest=$((ntest+1)) 66 67 if [ "${idtype}" = "uid" ]; then 68 idstr=`id -u ${name}` 69 elif [ "${idtype}" = "gid" ]; then 70 idstr=`id -g ${name}` 71 else 72 idstr=${name} 73 fi 74 sysctl security.mac.portacl.rules=${idtype}:${idstr}:${proto}:${port} >/dev/null 75 out=`check_bind ${idtype} ${name} ${proto} ${port}` 76 if [ "${out}" = "${expect_with_rule}" ]; then 77 echo "ok ${ntest}" 78 elif [ "${out}" = "ok" -o "${out}" = "fl" ]; then 79 echo "not ok ${ntest}" 80 else 81 echo "not ok ${ntest} # ${out}" 82 fi 83 ntest=$((ntest+1)) 84 85 sysctl security.mac.portacl.rules= >/dev/null 86} 87 88reserved_high=`sysctl -n net.inet.ip.portrange.reservedhigh` 89suser_exempt=`sysctl -n security.mac.portacl.suser_exempt` 90port_high=`sysctl -n security.mac.portacl.port_high` 91 92restore_settings() { 93 sysctl -n net.inet.ip.portrange.reservedhigh=${reserved_high} >/dev/null 94 sysctl -n security.mac.portacl.suser_exempt=${suser_exempt} >/dev/null 95 sysctl -n security.mac.portacl.port_high=${port_high} >/dev/null 96} 97