From owner-p4-projects@FreeBSD.ORG Fri Jun 12 11:32:04 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D9B361065670; Fri, 12 Jun 2009 11:32:03 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99DFB1065672 for ; Fri, 12 Jun 2009 11:32:03 +0000 (UTC) (envelope-from jona@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 875998FC14 for ; Fri, 12 Jun 2009 11:32:03 +0000 (UTC) (envelope-from jona@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5CBW37i052813 for ; Fri, 12 Jun 2009 11:32:03 GMT (envelope-from jona@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5CBW3Z3052811 for perforce@freebsd.org; Fri, 12 Jun 2009 11:32:03 GMT (envelope-from jona@FreeBSD.org) Date: Fri, 12 Jun 2009 11:32:03 GMT Message-Id: <200906121132.n5CBW3Z3052811@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to jona@FreeBSD.org using -f From: Jonathan Anderson To: Perforce Change Reviews Cc: Subject: PERFORCE change 164166 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jun 2009 11:32:04 -0000 http://perforce.freebsd.org/chv.cgi?CH=164166 Change 164166 by jona@jona-trustedbsd-belle-vm on 2009/06/12 11:31:15 Sending messages and FDs now works, unless we're in capability mode - problem with the cap stuff in the kernel?) Affected files ... .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdtest.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#5 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.h#5 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdtest.c#2 (text+ko) ==== @@ -25,53 +25,53 @@ else printf("Sockets: { %i, %i }\n", sockets[0], sockets[1]); + int32_t disableSIGPIPE = 1; + if(setsockopt(sockets[0], SOL_SOCKET, SO_NOSIGPIPE, &disableSIGPIPE, 4)) + err(EX_IOERR, "Error in setsockopt()"); + + if(setsockopt(sockets[1], SOL_SOCKET, SO_NOSIGPIPE, &disableSIGPIPE, 4)) + err(EX_IOERR, "Error in setsockopt()"); + int procdesc = -1; - pid_t child = fork();//pdfork(&procdesc); + pid_t child = pdfork(&procdesc); printf("Child PID: %i, proc: %i\n", child, procdesc); + + int fds[2]; + int fdlen = 0; + char *message; + if (child < 0) err(EX_SOFTWARE, "Error in pdfork()"); else if(child == 0) { close(sockets[1]); sock = sockets[0]; - printf("Child: keeping socket %i\n", sock); - int32_t disable = 1; - if(setsockopt(sock, SOL_SOCKET, SO_NOSIGPIPE, &disable, 4)) - err(EX_IOERR, "Error in setsockopt()"); - - int fds[2]; fds[0] = open("/etc/passwd", O_RDONLY); if(fds[0] < 0) err(EX_IOERR, "Error opening file descriptor"); fds[1] = open("/etc/group", O_RDONLY); if(fds[1] < 0) err(EX_IOERR, "Error opening file descriptor"); - - struct cap_wire_datum *d = cap_marshall_string("hello, ", 7); - if(cap_send_fd(sock, "foo", d, fds, 2) < 0) - err(EX_IOERR, "Error sending data/FD"); + fdlen = 2; + message = "hello, "; } else { - sleep(120); - exit(0); - close(sockets[0]); sock = sockets[1]; - printf("Parent: keeping socket %i\n", sock); - - int fd = open("/etc/rc.conf", O_RDONLY); - if(fd < 0) + fds[0] = open("/etc/rc.conf", O_RDONLY); + if(fds[0] < 0) err(EX_IOERR, "Error opening file descriptor"); - struct cap_wire_datum *d = cap_marshall_string("world!", 6); - if(cap_send_fd(sock, "bar", d, &fd, 1) < 0) - err(EX_IOERR, "Error sending data/FD"); + fdlen = 1; + message = "world!"; } -/* + + sock = cap_new(sock, CAP_MASK_VALID); + // enter capability mode if(cap_enter()) err(EX_SOFTWARE, "Failed to enter capability mode"); else printf("Now operating in capability mode\n"); @@ -81,18 +81,29 @@ char *path = "/etc/passwd"; if(open(path, O_RDONLY) < 0) printf("Sandbox is working\n"); else fprintf(stderr, "Was able to open %s directly\n", path); -*/ + + + + struct cap_wire_datum *d = cap_marshall_string(message, 7); + if(cap_send_fd(sock, "message and FDs", d, fds, fdlen) < 0) + err(EX_IOERR, "Error sending data/FD"); + + free(d); - struct cap_wire_datum *d; int fd_array[10]; - int fdlen = 10; + fdlen = 10; char *name; if(cap_recv_fd(sock, &name, &d, fd_array, &fdlen) < 0) err(EX_IOERR, "Error receiving data/FD"); + printf("Received FDs: "); + for(int i = 0; i < fdlen; i++) printf("%i ", fd_array[i]); + printf("\n"); + + return 0; } ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#5 (text+ko) ==== @@ -75,12 +75,9 @@ -#include // TODO: temporary int cap_send_fd(int sock, const char *name, struct cap_wire_datum *d, int32_t fd_array[], int32_t fdlen) { - printf("Sending datum + %i FD(s) over socket %i\n", fdlen, sock); - // the datum is the I/O vector struct iovec iov; iov.iov_base = d; @@ -95,7 +92,8 @@ anc_hdr->cmsg_len = cmsghdrlen; anc_hdr->cmsg_level = SOL_SOCKET; anc_hdr->cmsg_type = SCM_RIGHTS; - memcpy(anc_hdr + sizeof(struct cmsghdr), fd_array, fdlen * sizeof(int32_t)); + memcpy(((void*) anc_hdr) + sizeof(struct cmsghdr), fd_array, + fdlen * sizeof(int32_t)); // sendmsg header @@ -109,15 +107,15 @@ header.msg_flags = 0; + // send! int bytes_sent = sendmsg(sock, &header, 0); -// int bytes_sent = send(sock, d, sizeof(struct cap_wire_datum), 0); if(bytes_sent < 0) { perror("Error sending data and file descriptor(s)"); - sleep(200); return -1; } + free(anc_hdr); return bytes_sent; } @@ -127,14 +125,17 @@ int cap_recv_fd(int sock, char **name, struct cap_wire_datum **d, int32_t *fd_array, int32_t *fdlen) { - printf("cap_recv_fd(%i, char**, datum**, int[], %i)\n", sock, *fdlen); - // how much data is there to receive? struct cap_wire_datum peek; - printf("Peek at first %iB...\n", sizeof(struct cap_wire_datum)); int bytes = recv(sock, &peek, sizeof(struct cap_wire_datum), MSG_PEEK); + if(bytes < 0) + { + perror("Error peeking at socket"); + return -1; + } + int to_receive = sizeof(struct cap_wire_datum) + peek.length; - printf("Total to receive: %iB\n", to_receive); + // make room for it *d = (struct cap_wire_datum*) malloc(to_receive); @@ -142,6 +143,7 @@ iov.iov_base = d; iov.iov_len = to_receive; + // prepare to receive file descriptor(s) int size = sizeof(struct cmsghdr) + *fdlen; struct cmsghdr *anc_hdr = (struct cmsghdr*) malloc(size); @@ -174,17 +176,14 @@ return -1; } - size = sizeof(struct cmsghdr) + *fdlen * sizeof(int32_t); - printf("Received %iB cmsghdr\n", anc_hdr->cmsg_len); int recv_fdlen = (anc_hdr->cmsg_len - sizeof(struct cmsghdr)) / sizeof(int32_t); - printf("Received %i FDs (room for %i)\n", recv_fdlen, *fdlen); if(recv_fdlen < *fdlen) *fdlen = recv_fdlen; - int32_t* recv_fd_array = (int32_t*) anc_hdr + sizeof(anc_hdr); - memcpy(fd_array, recv_fd_array, *fdlen * sizeof(int32_t)); + memcpy(fd_array, ((void*) anc_hdr) + sizeof(struct cmsghdr), + *fdlen * sizeof(int32_t)); return 0; } ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.h#5 (text+ko) ====