From 40c557c9c8c8fe3b7bb00db663de6581f9595ae9 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 1 Nov 2021 15:06:57 +0100
Subject: [PATCH 315/325] ggated: Add undocumented -j option to test jailing

Obtained from: ElectroBSD
---
 sbin/ggate/ggated/ggated.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/sbin/ggate/ggated/ggated.c b/sbin/ggate/ggated/ggated.c
index 2627b757d635..9a4e7838d0e4 100644
--- a/sbin/ggate/ggated/ggated.c
+++ b/sbin/ggate/ggated/ggated.c
@@ -1078,10 +1078,11 @@ main(int argc, char *argv[])
 	pid_t otherpid;
 	int ch, sfd, tmpsfd;
 	unsigned port;
+	int g_gate_jail_test = 0;
 
 	bindaddr = htonl(INADDR_ANY);
 	port = G_GATE_PORT;
-	while ((ch = getopt(argc, argv, "a:hnp:F:R:S:v")) != -1) {
+	while ((ch = getopt(argc, argv, "a:hnjp:F:R:S:v")) != -1) {
 		switch (ch) {
 		case 'a':
 			bindaddr = g_gate_str2ip(optarg);
@@ -1093,6 +1094,9 @@ main(int argc, char *argv[])
 		case 'F':
 			ggated_pidfile = optarg;
 			break;
+		case 'j':
+			g_gate_jail_test = 1;
+			break;
 		case 'n':
 			nagle = 0;
 			break;
@@ -1127,7 +1131,8 @@ main(int argc, char *argv[])
 
 	if (argv[0] != NULL)
 		exports_file = argv[0];
-	exports_get();
+	if (!g_gate_jail_test)
+		exports_get();
 
 	pfh = pidfile_open(ggated_pidfile, 0600, &otherpid);
 	if (pfh == NULL) {
@@ -1168,6 +1173,13 @@ main(int argc, char *argv[])
 
 	signal(SIGHUP, huphandler);
 
+	if (g_gate_jail_test) {
+		pidfile_close(pfh);
+		g_gate_drop_privs("ggated", bindaddr);
+		pidfile_remove(pfh);
+		exit(EXIT_SUCCESS);
+	}
+
 	for (;;) {
 		fromlen = sizeof(from);
 		tmpsfd = accept(sfd, &from, &fromlen);
-- 
2.32.0