Date: Thu, 25 Jun 2009 07:21:56 GMT From: Jonathan Anderson <jona@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 165133 for review Message-ID: <200906250721.n5P7LuOr044971@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=165133 Change 165133 by jona@jona-trustedbsd-belle-vmware on 2009/06/25 07:21:41 Added ua_find() to libuserangel Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.h#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/Makefile#8 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#11 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.c#2 (text+ko) ==== @@ -33,6 +33,7 @@ #include <sys/capability.h> #include <sys/socket.h> +#include <sys/un.h> #include <libcapability.h> @@ -55,6 +56,43 @@ const char* ua_protocol_error(void) { return errmsg; } +int ua_find(void) +{ + char *homedir = getenv("HOME"); + + if(strlen(homedir) > 200) + { + sprintf(errmsg, "Obscenely long $HOME variable (%i chars)", + strlen(homedir)); + return -1; + } + + char control_socket_name[256] = ""; + + sprintf(control_socket_name, "%s/.user-angel", homedir); + + struct sockaddr_un addr; + addr.sun_family = AF_UNIX; + strcpy(addr.sun_path, control_socket_name); + + int angel = socket(AF_UNIX, SOCK_STREAM, 0); + if(connect(angel, (struct sockaddr*) &addr, sizeof(addr))) + { + sprintf(errmsg, "Error connecting to angel at '%s'", addr.sun_path); + return -1; + } + + if(lc_limitfd(angel, CAP_READ | CAP_WRITE) < 0) + { + sprintf(errmsg, "Error creating user angel capability: %i (%s)", + errno, strerror(errno)); + return -1; + } + + return angel; +} + + int ua_send(int sock, datum *d, int32_t fds[], int32_t fdlen) { ==== //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.h#2 (text+ko) ==== @@ -37,9 +37,16 @@ #include <libuserangel-powerbox.h> +/* High-level API */ + /** The last angel/sandbox protocol error */ const char* ua_protocol_error(void); +/** Find the user angel (at $HOME/.user-angel or the like) */ +int ua_find(void); + + +/* Low-level API */ /** Requests that clients can make */ enum ua_request_t { UA_NO_OP = 0, UA_OPEN_PATH, UA_LOAD_LIBRARY, UA_POWERBOX }; ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/Makefile#8 (text+ko) ==== @@ -7,7 +7,7 @@ CFLAGS=--std=c99 ${DEBUG} ${WARNINGS} ${INCLUDE} -DVERSION='"${VERSION}"' CXXFLAGS=${DEBUG} -Wall ${QDBUS_INCLUDE} -DVERSION='"${VERSION}"' -LIBS=-luserangel +LIBS=-lcapability -luserangel -lsbuf BIN=user_angel test_client AGENT_OBJ = user_angel.o server.o cap.o powerbox.o dbus.o ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#11 (text+ko) ==== @@ -14,7 +14,6 @@ #include <unistd.h> -int connect_to_user_angel(void); void open_file(int fd_angel, const char *path, int flags, cap_rights_t rights); void open_powerbox(int fd_angel, const char *path, const char *filter, int parent); void test_fd(int fd, char *name); @@ -22,11 +21,9 @@ int main(int argc, char *argv[]) { - int fd_angel = connect_to_user_angel(); - printf("angel FD: %i\n", fd_angel); - - fd_angel = cap_new(fd_angel, CAP_CONNECT | CAP_READ | CAP_WRITE); - printf("angel cap: %i\n", fd_angel); + int fd_angel = ua_find(); + if(fd_angel < 0) err(EX_SOFTWARE, "Error finding user angel"); + printf("Conntected to user angel via FD %i\n", fd_angel); int proc; pid_t pid = pdfork(&proc); @@ -69,30 +66,6 @@ } -int connect_to_user_angel(void) -{ - char *homedir = getenv("HOME"); - - if(strlen(homedir) >= 80) - err(EX_DATAERR, "Obscenely long $HOME variable: %s", homedir); - - char control_socket_name[256] = ""; - - sprintf(control_socket_name, "%s/.user-angel", homedir); - printf("Connecting to control socket at '%s'...\n", control_socket_name); - - struct sockaddr_un addr; - addr.sun_family = AF_UNIX; - strcpy(addr.sun_path, control_socket_name); - - int fd_angel = socket(AF_UNIX, SOCK_STREAM, 0); - if(connect(fd_angel, (struct sockaddr*) &addr, sizeof(addr))) - err(EX_IOERR, "Error connecting to angel at '%s'", addr.sun_path); - - return fd_angel; -} - - void open_file(int fd_angel, const char *path, int flags, cap_rights_t rights) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906250721.n5P7LuOr044971>