From owner-p4-projects@FreeBSD.ORG  Thu Jun 25 18:41:45 2009
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id B994C10656A7; Thu, 25 Jun 2009 18:41:45 +0000 (UTC)
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 73A6910656A4
	for <perforce@FreeBSD.org>; Thu, 25 Jun 2009 18:41:45 +0000 (UTC)
	(envelope-from jona@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 5653A8FC18
	for <perforce@FreeBSD.org>; Thu, 25 Jun 2009 18:41:45 +0000 (UTC)
	(envelope-from jona@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5PIfjDm068509
	for <perforce@FreeBSD.org>; Thu, 25 Jun 2009 18:41:45 GMT
	(envelope-from jona@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5PIfjcD068507
	for perforce@freebsd.org; Thu, 25 Jun 2009 18:41:45 GMT
	(envelope-from jona@FreeBSD.org)
Date: Thu, 25 Jun 2009 18:41:45 GMT
Message-Id: <200906251841.n5PIfjcD068507@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	jona@FreeBSD.org using -f
From: Jonathan Anderson <jona@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 165190 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jun 2009 18:41:47 -0000

http://perforce.freebsd.org/chv.cgi?CH=165190

Change 165190 by jona@jona-trustedbsd-belle-vmware on 2009/06/25 18:41:04

	Added (and used and tested) ua_open()

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.c#5 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.h#4 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#13 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.c#5 (text+ko) ====

@@ -38,6 +38,7 @@
 #include <libcapability.h>
 
 #include <errno.h>
+#include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -116,9 +117,7 @@
 		angel = -1;
 		return -1;
 	}
-
 	free(hello_datum);
-	printf("Got server hello: \"%s\"\n", hello);
 
 	// validate server 'hello' message
 	if(strncmp(hello, "user_angel", 10))
@@ -151,6 +150,89 @@
 
 
 
+int ua_open(const char *path, int flags)
+{
+	if(angel < 0) angel = ua_find();
+	if(angel < 0) return -1;
+
+	cap_rights_t rights = CAP_SEEK | CAP_FSYNC;
+
+	if((flags & O_RDONLY) || (flags & O_RDWR)) rights |= CAP_READ;
+	if((flags & O_WRONLY) || (flags & O_RDWR))
+		rights |= CAP_WRITE | CAP_FTRUNCATE;
+
+	if(flags & O_EXEC) rights |= CAP_FEXECVE;
+
+
+	struct ua_datum *data[4];
+	data[0] = ua_marshall_int(UA_OPEN_PATH);
+	data[1] = ua_marshall_string(path, strlen(path));
+	data[2] = ua_marshall_int(flags);
+	data[3] = ua_marshall_int(rights);
+
+
+	for(int i = 0; i < 4; i++)
+		if(ua_send(angel, data[i], NULL, 0) < 0)
+		{
+			sprintf(errmsg, "Error sending request message: %s",
+		        ua_protocol_error());
+			return -1;
+		}
+
+	free(data[0]);
+	free(data[1]);
+	free(data[2]);
+	free(data[3]);
+
+
+
+	// retrieve the file descriptor(s)
+	struct ua_datum *fdcountd = ua_recv(angel, NULL, NULL);
+	if(!fdcountd)
+	{
+		sprintf(errmsg, "Error receiving FD count: %s",
+		        ua_protocol_error());
+		return -1;
+	}
+
+	int fdcount;
+	if(ua_unmarshall_int(fdcountd, &fdcount) < 0)
+	{
+		fprintf(stderr, "Error unmarshalling FD count: %s\n",
+		                 ua_protocol_error());
+		return -1;
+	}
+
+	if(fdcount != 1)
+	{
+		sprintf(errmsg, "Receiving %i FDs, only asked for 1", fdcount);
+		return -1;
+	}
+
+	int32_t fd;
+	unsigned int fdlen = 1;
+	struct ua_datum *fd_datum = ua_recv(angel, &fd, &fdlen);
+	if(!fd_datum)
+	{
+		sprintf(errmsg, "Error receiving FD: %s",
+		        ua_protocol_error());
+		return -1;
+	}
+
+	unsigned int namelen = 80;
+	char name[namelen];
+	if(ua_unmarshall_string(fd_datum, name, &namelen) < 0)
+	{
+		sprintf(errmsg, "Error unmarshalling FD name: %s",
+		        ua_protocol_error());
+		return -1;
+	}
+
+	return fd;
+}
+
+
+
 int ua_send(int sock, datum *d, int32_t fds[], int32_t fdlen)
 {
 	// the datum is the I/O vector

==== //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.h#4 (text+ko) ====

@@ -45,6 +45,9 @@
 /** The last angel/sandbox protocol error */
 const char* ua_protocol_error(void);
 
+/** Open a file via the User Angel */
+int ua_open(const char *path, int flags);
+
 /** Find the user angel (at $HOME/.user-angel or the like) */
 int ua_find(void);
 

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#13 (text+ko) ====

@@ -16,7 +16,7 @@
 
 void open_file(int fd_angel, const char *path, int flags, cap_rights_t rights);
 void open_powerbox(int fd_angel, const char *path, const char *filter, int parent);
-void test_fd(int fd, char *name);
+void test_fd(int fd, const char *name);
 
 
 int main(int argc, char *argv[])
@@ -30,13 +30,7 @@
 	}
 	printf("Connected to user angel via FD %i\n", fd_angel);
 
-	int proc;
-	pid_t pid = pdfork(&proc);
-	printf("PID: %i, proc: %i\n", pid, proc);
 
-	if (pid < 0) err(EX_SOFTWARE, "Error in pdfork()");
-	else if(pid == 0) return 0;
-
 	// enter capability mode
 	if(cap_enter()) err(EX_SOFTWARE, "Failed to enter capability mode");
 	else printf("Now operating in capability mode\n");
@@ -49,10 +43,23 @@
 
 
 
+	// try to some files
+	int fd;
+	fd = ua_open("/etc/group", O_RDONLY);
+	test_fd(fd, "/etc/group");
+	close(fd);
+
+	fd = ua_open("/etc/passwd", O_RDONLY);
+	lc_limitfd(fd, CAP_FSTAT | CAP_READ | CAP_WRITE | CAP_SEEK);
+	test_fd(fd, "/etc/passwd");
+	close(fd);
 
+	fd = ua_open("/home/jon/test.txt", O_RDWR);
+	lc_limitfd(fd, CAP_FSTAT | CAP_READ | CAP_SEEK);
+	test_fd(fd, "/home/jon/test.txt");
+	if(write(fd, "OVERWRITING", 12) < 0) perror("Error overwriting file");
+	close(fd);
 
-	open_file(fd_angel, "/etc/group", O_RDONLY, CAP_FSTAT | CAP_READ | CAP_SEEK);
-	open_file(fd_angel, "/etc/passwd", O_RDONLY, CAP_FSTAT | CAP_READ | CAP_WRITE | CAP_SEEK);
 	open_powerbox(fd_angel, "~/Desktop/", "*.txt", 0x2a00003);
 
 	return 0;
@@ -60,63 +67,7 @@
 
 
 
-void open_file(int fd_angel, const char *path, int flags, cap_rights_t rights)
-{
-	// get the user angel to open the file for us
-	struct ua_datum *data[4];
-	data[0] = ua_marshall_int(UA_OPEN_PATH);
-	data[1] = ua_marshall_string(path, strlen(path));
-	data[2] = ua_marshall_int(flags);
-	data[3] = ua_marshall_int(rights);
-
-
-	for(int i = 0; i < 4; i++)
-		if(ua_send(fd_angel, data[i], NULL, 0) < 0)
-			err(EX_IOERR, "Error sending request message");
 
-	free(data[0]);
-	free(data[1]);
-	free(data[2]);
-	free(data[3]);
-
-
-
-	// retrieve the file descriptor(s)
-	struct ua_datum *fdcountd = ua_recv(fd_angel, NULL, NULL);
-	if(!fdcountd) err(EX_IOERR, "Error receiving FD count");
-
-	int fdcount;
-	if(ua_unmarshall_int(fdcountd, &fdcount) < 0)
-	{
-		fprintf(stderr, "Error unmarshalling FD count: %s\n",
-		                 ua_protocol_error());
-		return;
-	}
-
-	for(int i = 0; i < fdcount; i++)
-	{
-		int32_t fd;
-		unsigned int fdlen = 1;
-		struct ua_datum *fd_datum = ua_recv(fd_angel, &fd, &fdlen);
-		if(!fd_datum) err(EX_IOERR, "Error receiving FD %i of %i", i, fdcount);
-
-		unsigned int namelen = 80;
-		char name[namelen];
-		if(ua_unmarshall_string(fd_datum, name, &namelen) < 0)
-			err(EX_SOFTWARE, "Error unmarshalling FD name");
-
-		if(fdlen != 1)
-		{
-			fprintf(stderr, "fdlen is %i, not 1\n", fdlen);
-			return;
-		}
-
-		test_fd(fd, name);
-		close(fd);
-	}
-}
-
-
 void open_powerbox(int fd_angel, const char *path, const char *filter, int parent)
 {
 	struct ua_powerbox_options options;
@@ -187,7 +138,7 @@
 }
 
 
-void test_fd(int fd, char *name)
+void test_fd(int fd, const char *name)
 {
 	printf("FD %i: %s\n", fd, name);