Date: Thu, 12 Sep 2013 14:41:20 GMT From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r257236 - in soc2013/dpl/head/lib/libzcap: . test zlibworker Message-ID: <201309121441.r8CEfKBm003583@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dpl Date: Thu Sep 12 14:41:20 2013 New Revision: 257236 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257236 Log: Update. Modified: soc2013/dpl/head/lib/libzcap/capsicum.c soc2013/dpl/head/lib/libzcap/commands.c soc2013/dpl/head/lib/libzcap/commands.h soc2013/dpl/head/lib/libzcap/deflate.c soc2013/dpl/head/lib/libzcap/gzlib.c soc2013/dpl/head/lib/libzcap/test/testlib.sh soc2013/dpl/head/lib/libzcap/test/zcaplibtest.c soc2013/dpl/head/lib/libzcap/zlibworker/commands.c soc2013/dpl/head/lib/libzcap/zlibworker/commands.h soc2013/dpl/head/lib/libzcap/zlibworker/zlibworker.c Modified: soc2013/dpl/head/lib/libzcap/capsicum.c ============================================================================== --- soc2013/dpl/head/lib/libzcap/capsicum.c Thu Sep 12 10:39:38 2013 (r257235) +++ soc2013/dpl/head/lib/libzcap/capsicum.c Thu Sep 12 14:41:20 2013 (r257236) @@ -46,19 +46,6 @@ /* At "debug.h" */ extern int DEBUG_ZCAP; -static void -limitfd(int fd, unsigned long long cap) -{ - cap_rights_t rights; - - cap_rights_init(&rights); - cap_rights_set(&rights, cap); - - if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) - err(1, "Couldn't limit fd: %d\n", fd); -} - - /* * This function should be called only by: * gzopen(), deflateInit(), inflateInit(), @@ -101,13 +88,11 @@ startNullSandbox(void) { struct sandbox *newsandbox; - if (DEBUG_ZCAP) - printf("DEBUG: Starting NULL sandbox\n"); if (!slist_initiated) { SLIST_INIT(&sandboxes); - /* Here we add a sandbox used for non-structure related stuff */ + /* Here we add a sandbox used for not structure-related stuff */ /* This will be the first sandbox always */ if (SLIST_EMPTY(&sandboxes)) { newsandbox = startChild(NULL); @@ -118,9 +103,8 @@ } /* - * Finds the struct sandbox for - * a pointer to the data structure - * the sandbox is related to. + * Finds the struct sandbox for a pointer to the + * data structure the sandbox is related to. */ struct sandbox * findSandbox(void *ptr) @@ -141,7 +125,7 @@ struct sandbox * startChild(void *data) { - int procd, sv[2]; + int procd, pid, sv[2]; struct sandbox *newsandbox; if ((newsandbox = malloc(sizeof (struct sandbox))) == NULL) @@ -149,60 +133,61 @@ sv[0] = sv[1] = 0; if (socketpair(PF_LOCAL, SOCK_STREAM, 0, sv) < 0 ) - perror("zcaplib: socketpair()"); - if (DEBUG_ZCAP) - printf("DEBUG: Called socketpair(): sv[0]: %d, sv[1]: %d\n", sv[0], sv[1]); + err(1, "zcaplib: socketpair()"); - procd = pdfork(&procd, 0); - if (procd == 0 ) { - /* Sandbox the process */ - if (cap_enter() < 0) - err(1, "Couldn't enter capability mode"); - - if (DEBUG_ZCAP) - printf("DEBUG: STDIN_FILENO: %d\n", STDIN_FILENO); - - limitfd(STDIN_FILENO, CAP_READ); - limitfd(STDOUT_FILENO, CAP_WRITE|CAP_FSTAT); - limitfd(STDERR_FILENO, CAP_WRITE); + pid = pdfork(&procd, 0); + if (pid == 0 ) { + cap_rights_t stdin_cap; + cap_rights_t stdout_cap; + cap_rights_t stderr_cap; + cap_rights_t socket_cap; + + cap_rights_init(&stdin_cap, CAP_READ); + cap_rights_init(&stderr_cap, CAP_WRITE, CAP_FSTAT); + cap_rights_init(&stdout_cap, CAP_WRITE); if (dup2(sv[0], 3) != 3) err(1, "Couldn't duplicate fd"); closefrom(4); - limitfd(3, CAP_WRITE|CAP_READ|CAP_POLL_EVENT); + cap_rights_init(&socket_cap, CAP_WRITE, CAP_READ, CAP_POLL_EVENT); + + if (cap_rights_limit(STDIN_FILENO, &stdin_cap) < 0) + err(1, "Couldn't limit stdin"); + if (cap_rights_limit(STDOUT_FILENO, &stdout_cap) < 0) + err(1, "Couldn't limit stdout"); + if (cap_rights_limit(STDERR_FILENO, &stderr_cap) < 0) + err(1, "Couldn't limit stderr"); + if (cap_rights_limit(3, &socket_cap) < 0) + err(1, "Couldn't limit sandbox socket"); /* execl() zlibworker */ if ( execl("/usr/libexec/zlibworker", "zlibworker", NULL) < 0) err(1, "Couldn't find zlibworker."); exit(0); - } else if (procd == -1) { + } else if (pid == -1) { err(1, "Couldn't fork"); } else { - if ( DEBUG_ZCAP ) - printf("DEBUG: Done forking: %d\n", procd); - signal(SIGCHLD, suicide); atexit(killChild); newsandbox->dataptr = data; newsandbox->pd = procd; - newsandbox->socket = sv[0]; - if (DEBUG_ZCAP) + newsandbox->socket = sv[1]; + if (DEBUG_ZCAP) { printf("DEBUG: We have started a new sandbox.\n"); printf("\tpd: %d, socket: %d\n", newsandbox->pd, newsandbox->socket); + } } return (newsandbox); } void killChild(void) { - int pid; struct sandbox *box; /* Kill all sandboxes. */ SLIST_FOREACH(box, &sandboxes, next) - if (pdgetpid(box->pd, &pid) > 0) - kill(SIGKILL, pid); + pdkill(box->pd, SIGKILL); } void suicide(int signal) { kill(getpid(), SIGKILL); @@ -216,11 +201,9 @@ struct sandbox *box; box = findSandbox(ptr); - if (DEBUG_ZCAP) - printf("DEBUG: Sending command to %d sandbox\n", box->pd); if( nvlist_send(box->socket, nvl) != 0 ) - err(1, "zcaplib: nvlist_send() Went wrong"); + err(1, "zcaplib: nvlist_send Error"); if ((new = nvlist_recv(box->socket)) == NULL) err(1, "nvlist_recv(): nvlist_t is NULL"); return (new); Modified: soc2013/dpl/head/lib/libzcap/commands.c ============================================================================== --- soc2013/dpl/head/lib/libzcap/commands.c Thu Sep 12 10:39:38 2013 (r257235) +++ soc2013/dpl/head/lib/libzcap/commands.c Thu Sep 12 14:41:20 2013 (r257236) @@ -6,6 +6,7 @@ #include "commands.h" #include "capsicum.h" +#include <stdlib.h> #include <string.h> #include <err.h> #include <nv.h> @@ -134,15 +135,14 @@ nvlist_add_nvlist(nvl, "args", args); result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); + ret = nvlist_get_number(result, "result"); /* * We get the "good" struct from the worker. - * Here we have the good internal_state. * When we work on the data now, we have to pass * it in buffers, and sync next_in, avail_in, total_in, * next_out, avail_out and total_out. */ - newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); const char *msg = dnvlist_get_string(result, "msg", NULL); if (msg != NULL) @@ -165,8 +165,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); /* Supposing there's already space reserved for z_stream */ memcpy(strm, newstrm, zstreamsize); destroy(); @@ -187,8 +187,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, NULL); if (newstrm != NULL) memcpy(strm, newstrm, zstreamsize); else @@ -218,8 +218,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, NULL); if (newstrm != NULL) memcpy(strm, newstrm, zstreamsize); msg = dnvlist_get_string(result, "msg", NULL); @@ -242,8 +242,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); /* Supposing there's already space reserved for z_stream */ memcpy(strm, newstrm, zstreamsize); destroy(); @@ -264,8 +264,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, NULL); if (newstrm != NULL) memcpy(strm, newstrm, zstreamsize); destroy(); @@ -289,8 +289,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -311,8 +311,8 @@ /* The dest z_streamp is copied at its sandbox. */ result = sendCommand(nvl, dest); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(dest, newstrm, zstreamsize); destroy(); return(ret); @@ -331,9 +331,9 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); + ret = nvlist_get_number(result, "result"); /* Save the reseted strm. */ - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); const char *msg = dnvlist_get_string(result, "msg", NULL); memcpy(strm->msg, msg, strlen(msg)+1); @@ -356,9 +356,9 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); + ret = nvlist_get_number(result, "result"); /* Overwrite the old streamp */ - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -382,8 +382,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -403,8 +403,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -426,8 +426,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -448,8 +448,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -473,8 +473,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -494,8 +494,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -515,8 +515,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -535,8 +535,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -558,8 +558,8 @@ /* XXX - There's a problem with this, we can't copy internat_state */ result = sendCommand(nvl, dest); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(dest, newstrm, zstreamsize); destroy(); return(ret); @@ -578,8 +578,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); const char *msg = dnvlist_get_string(result, "msg", NULL); memcpy(strm->msg, msg, strlen(msg)+1); @@ -601,8 +601,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); const char *msg = dnvlist_get_string(result, "msg", NULL); memcpy(strm->msg, msg, strlen(msg)+1); @@ -625,8 +625,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -645,8 +645,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -667,10 +667,10 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); - gz_headerp newhead = (gz_headerp)dnvlist_get_binary(result, "newhead", gzheadersize, NULL, sizeof(NULL)); + gz_headerp newhead = (gz_headerp)nvlist_get_binary(result, "newhead", gzheadersize); head->done = newhead->done; destroy(); return(ret); @@ -692,8 +692,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); const char *msg = dnvlist_get_string(result, "msg", NULL); memcpy(strm->msg, msg, strlen(msg)+1); @@ -715,8 +715,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -735,8 +735,8 @@ result = sendCommand(nvl, strm); - ret = dnvlist_get_number(result, "result", NULL); - const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL)); + ret = nvlist_get_number(result, "result"); + const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize); memcpy(strm, newstrm, zstreamsize); destroy(); return(ret); @@ -754,7 +754,7 @@ result = sendCommand(nvl, NULL); - ret = dnvlist_get_number(result, "result", NULL); + ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -772,7 +772,7 @@ nvlist_add_nvlist(nvl, "args", args); result = sendCommand(nvl, NULL); - ret = dnvlist_get_number(result, "result", NULL); + ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -781,8 +781,8 @@ gzFile zcapcmd_gzopen(int fd, const char *mode) { - gzFile *fileptr; gzFile file; + const void *ptr; initNvl(); startSandbox(file); @@ -794,12 +794,11 @@ result = sendCommand(nvl, file); - fileptr = (gzFile *)dnvlist_get_binary(result, "result", &gzfilesize, NULL, sizeof(NULL)); - file = *fileptr; + if ((file = malloc(gzfilesize)) == NULL) + err(1, "malloc"); + memcpy(file, ptr, gzfilesize); destroy(); - fprintf(stderr, "zcaplib: after zcapcmd_gzopen: fileptr: %p *fileprt: %p\n", fileptr, *fileptr); - fprintf(stderr, "zcaplib: after zcapcmd_gzopen: file: %p\n", file); - return((gzFile)file); + return(file); } int @@ -815,7 +814,7 @@ result = sendCommand(nvl, file); - int ret = dnvlist_get_number(result, "result", NULL); + int ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -834,7 +833,7 @@ result = sendCommand(nvl, file); - int ret = dnvlist_get_number(result, "result", NULL); + int ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -853,8 +852,8 @@ result = sendCommand(nvl, file); - int ret = dnvlist_get_number(result, "result", NULL); - data = dnvlist_get_binary(result, "data", len, NULL, sizeof(NULL)); + int ret = nvlist_get_number(result, "result"); + data = nvlist_get_binary(result, "data", len); memcpy(buf, data, (size_t)len); destroy(); return(ret); @@ -873,7 +872,7 @@ result = sendCommand(nvl, file); - int ret = dnvlist_get_number(result, "result", NULL); + int ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -890,7 +889,7 @@ result = sendCommand(nvl, file); - int ret = dnvlist_get_number(result, "result", NULL); + int ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -908,7 +907,7 @@ result = sendCommand(nvl, file); - int ret = dnvlist_get_number(result, "result", NULL); + int ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -948,7 +947,7 @@ result = sendCommand(nvl, file); - int ret = dnvlist_get_number(result, "result", NULL); + int ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -966,7 +965,7 @@ result = sendCommand(nvl, file); - int ret = dnvlist_get_number(result, "result", NULL); + int ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -984,7 +983,7 @@ result = sendCommand(nvl, file); - int ret = dnvlist_get_number(result, "result", NULL); + int ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -1003,7 +1002,7 @@ result = sendCommand(nvl, file); - int ret = dnvlist_get_number(result, "result", NULL); + int ret = nvlist_get_number(result, "result"); destroy(); return ((z_off_t)ret); } @@ -1015,7 +1014,6 @@ int zcapcmd_simplecommand(gzFile file, int command) { - initNvl(); nvlist_add_number(nvl, "command", command); @@ -1024,8 +1022,11 @@ nvlist_add_nvlist(nvl, "args", args); result = sendCommand(nvl, file); + if (command == ZCAPCMD_GZCLOSE_W || command == ZCAPCMD_GZCLOSE_R) + /* file is not anymore needed */ + free(file); - int ret = dnvlist_get_number(result, "result", NULL); + int ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -1033,7 +1034,9 @@ const char * zcapcmd_gzerror(gzFile file, int *errnum) { - + const char *ptr; + const char *ret; + initNvl(); nvlist_add_number(nvl, "command", ZCAPCMD_GZPUTC); @@ -1042,9 +1045,11 @@ result = sendCommand(nvl, file); - /* XXX: Should I malloc space for this? */ - const char * ret = dnvlist_get_string(result, "result", NULL); - *errnum = dnvlist_get_number(result, "zerrno", NULL); + ptr = nvlist_get_string(result, "result"); + *errnum = nvlist_get_number(result, "zerrno"); + + ret = malloc(sizeof(*ptr)); + memcpy((void *)ret, (void *)ptr, sizeof(*ptr)); destroy(); return(ret); } @@ -1065,7 +1070,7 @@ result = sendCommand(nvl, NULL); - ret = dnvlist_get_number(result, "result", NULL); + ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -1085,7 +1090,7 @@ result = sendCommand(nvl, NULL); - ret = dnvlist_get_number(result, "result", NULL); + ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -1105,7 +1110,7 @@ result = sendCommand(nvl, NULL); - ret = dnvlist_get_number(result, "result", NULL); + ret = nvlist_get_number(result, "result"); destroy(); return(ret); } @@ -1124,7 +1129,7 @@ nvlist_add_nvlist(nvl, "args", args); result = sendCommand(nvl, NULL); - ret = dnvlist_get_number(result, "result", NULL); + ret = nvlist_get_number(result, "result"); destroy(); return(ret); } \ No newline at end of file Modified: soc2013/dpl/head/lib/libzcap/commands.h ============================================================================== --- soc2013/dpl/head/lib/libzcap/commands.h Thu Sep 12 10:39:38 2013 (r257235) +++ soc2013/dpl/head/lib/libzcap/commands.h Thu Sep 12 14:41:20 2013 (r257236) @@ -69,14 +69,13 @@ #define ZCAPCMD_GZOFFSET 54 #define ZCAPCMD_GZEOF 55 #define ZCAPCMD_GZDIRECT 56 -#define ZCAPCMD_GZCLOSE 57 -#define ZCAPCMD_GZCLOSE_R 58 -#define ZCAPCMD_GZCLOSE_W 59 -#define ZCAPCMD_GZERROR 60 -#define ZCAPCMD_GZCLEARERR 61 +#define ZCAPCMD_GZCLOSE_R 57 +#define ZCAPCMD_GZCLOSE_W 58 +#define ZCAPCMD_GZERROR 59 +#define ZCAPCMD_GZCLEARERR 60 /* checksum functions */ -#define ZCAPCMD_ADLER32 62 -#define ZCAPCMD_ADLER32_COMBINE 63 -#define ZCAPCMD_CRC32 64 -#define ZCAPCMD_CRC32_COMBINE 65 +#define ZCAPCMD_ADLER32 61 +#define ZCAPCMD_ADLER32_COMBINE 62 +#define ZCAPCMD_CRC32 63 +#define ZCAPCMD_CRC32_COMBINE 64 Modified: soc2013/dpl/head/lib/libzcap/deflate.c ============================================================================== --- soc2013/dpl/head/lib/libzcap/deflate.c Thu Sep 12 10:39:38 2013 (r257235) +++ soc2013/dpl/head/lib/libzcap/deflate.c Thu Sep 12 14:41:20 2013 (r257236) @@ -36,7 +36,7 @@ const char *version; int stream_size; { - /* The other process can't use this process functions. */ + /* zlibworker can't use this process functions. */ strm->zalloc = Z_NULL; strm->zfree = Z_NULL; strm->opaque = Z_NULL; Modified: soc2013/dpl/head/lib/libzcap/gzlib.c ============================================================================== --- soc2013/dpl/head/lib/libzcap/gzlib.c Thu Sep 12 10:39:38 2013 (r257235) +++ soc2013/dpl/head/lib/libzcap/gzlib.c Thu Sep 12 14:41:20 2013 (r257236) @@ -7,6 +7,8 @@ #include <sys/capability.h> +#include <err.h> + #include "gzguts.h" #include "zutil.h" #include "commands.h" @@ -30,6 +32,7 @@ int oflag = 0; int fd; char *loopmode; + cap_rights_t rights; strncpy(loopmode, mode, strlen(mode)+1); while(*loopmode) { @@ -65,19 +68,16 @@ ++loopmode; } - if ((fd = open(path, oflag)) < 0) { - perror("zcaplib: Couldn't create gzip file"); - abort(); - } + if ((fd = open(path, oflag)) < 0) + err(1, "zcaplib: Couldn't create gzip file"); + + cap_rights_init(&rights, CAP_READ, CAP_SEEK, CAP_WRITE, CAP_FSTAT, CAP_FCNTL); + if (cap_rights_limit(fd, &rights) < 0) + err(1, "zcaplib: Couldn't limit fd: %d", fd); + + if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0) + err(1, "zcaplib: Couldn't limit fcntls of fd: %d", fd); - if (cap_rights_limit(fd, CAP_READ|CAP_SEEK|CAP_WRITE|CAP_FSTAT|CAP_FCNTL) < 0) { - perror("zcaplib: Couldn't limit fd"); - abort(); - } - if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0) { - perror("zcaplib: Couldn't limit fd"); - abort(); - } return gzdopen(fd, mode); } @@ -104,6 +104,7 @@ gzFile file; unsigned size; { + fprintf(stderr, "Inside gzbuffer, calling zcapcmd_gzbuffer()"); return zcapcmd_gzbuffer(file, size); } Modified: soc2013/dpl/head/lib/libzcap/test/testlib.sh ============================================================================== --- soc2013/dpl/head/lib/libzcap/test/testlib.sh Thu Sep 12 10:39:38 2013 (r257235) +++ soc2013/dpl/head/lib/libzcap/test/testlib.sh Thu Sep 12 14:41:20 2013 (r257236) @@ -8,9 +8,4 @@ echo 'Done compiling library and tester.' echo -if [ $1 = "-k" ] -then - ktrace -i ./zcaplibtest -else - ./zcaplibtest -fi +sudo ktrace -i ./zcaplibtest Modified: soc2013/dpl/head/lib/libzcap/test/zcaplibtest.c ============================================================================== --- soc2013/dpl/head/lib/libzcap/test/zcaplibtest.c Thu Sep 12 10:39:38 2013 (r257235) +++ soc2013/dpl/head/lib/libzcap/test/zcaplibtest.c Thu Sep 12 14:41:20 2013 (r257236) @@ -82,19 +82,23 @@ testzlibVersion(void) { const char *str = NULL; + str = zlibVersion(); if (str == NULL) - printf("zlibversiion(): Error\n"); - + printf("zlibversion(): Error\n"); + printf("zlibVersion: %s\n", str); } /* Basic functions */ void testdeflateInit(z_streamp strm) { - int ret = deflateInit(strm, Z_DEFAULT_COMPRESSION); + int ret; + + ret = deflateInit(strm, Z_DEFAULT_COMPRESSION); if (strm->state == NULL || ret != 0) printf("deflateInit(): Error: %d\n", ret); + printf("deflateInit: %d\n", ret); } void @@ -106,17 +110,23 @@ void testdeflateEnd(z_streamp strm) { - int ret = deflateEnd(strm); - if (strm->state != Z_NULL || ret != 0) + int ret; + + ret = deflateEnd(strm); + if (strm->state != NULL || ret != 0) printf("deflateEnd(): Error: %d\n", ret); + printf("deflateEnd: %d\n", ret); } void testinflateInit(z_streamp strm) { - int ret = inflateInit(strm); + int ret; + + ret = inflateInit(strm); if (strm->state == NULL || ret != 0) printf("inflateInit(): Error: %d\n", ret); + printf("inflateInit: %d\n", ret); } void @@ -129,18 +139,24 @@ void testinflateEnd(z_streamp strm) { - int ret = inflateEnd(strm); + int ret; + + ret = inflateEnd(strm); if (strm->state != Z_NULL || ret != 0) printf("inflateEnd(): Error: %d\n", ret); + printf("inflateEnd: %d\n", ret); } /* Advanced functions */ void testzlibCompileFlags(void) { - uLong ret = zlibCompileFlags(); + uLong ret; + + ret = zlibCompileFlags(); if (ret == 0) printf("zlibCompileFlags(): Error: %lu\n", ret); + printf("zlibCompileFlags: %lu\n", ret); } /* Utility functions */ @@ -150,6 +166,7 @@ uLong ret = compressBound(10L); if (ret != 23) printf("compressBound(): Error: %lu\n", ret); + printf("compressBound: %lu\n", ret); } /* Gzip Functions */ @@ -157,11 +174,10 @@ testgzbasic(void) { gzFile file; - fprintf(stderr, "Starting testgzbasic\n"); - fprintf(stderr, "gzopen()\n"); file = gzopen(filename, "wb"); if (file == NULL) err(1, "Couldn't open %s to write", filename); + printf("gzopen: %p\n", file); fprintf(stderr, "gzbuffer()\n"); int ret = gzbuffer(file, 8192); Modified: soc2013/dpl/head/lib/libzcap/zlibworker/commands.c ============================================================================== --- soc2013/dpl/head/lib/libzcap/zlibworker/commands.c Thu Sep 12 10:39:38 2013 (r257235) +++ soc2013/dpl/head/lib/libzcap/zlibworker/commands.c Thu Sep 12 14:41:20 2013 (r257236) @@ -26,6 +26,7 @@ uLong ret = -1; z_streamp stream; z_streamp zstrmtemp; + /* We save the z_stream into memory. */ if ((stream = calloc(zstreamsize, 1)) == NULL) err(1, "deflateInit: Can't allocate memory"); @@ -249,11 +250,10 @@ * allocated memory to store the gzFile struct, we * only have to pass the pointer to this data. */ - fd = nvlist_get_descriptor(args, "fd"); + fd = nvlist_take_descriptor(args, "fd"); mode = nvlist_get_string(args, "mode"); ret = gzdopen(fd, mode); - fprintf(stderr, "zlibworker: gzopen: ret: %p\n", ret); nvlist_add_binary(result, "result", ret, gzsize); } Modified: soc2013/dpl/head/lib/libzcap/zlibworker/commands.h ============================================================================== --- soc2013/dpl/head/lib/libzcap/zlibworker/commands.h Thu Sep 12 10:39:38 2013 (r257235) +++ soc2013/dpl/head/lib/libzcap/zlibworker/commands.h Thu Sep 12 14:41:20 2013 (r257236) @@ -69,14 +69,13 @@ #define ZCAPCMD_GZOFFSET 54 #define ZCAPCMD_GZEOF 55 #define ZCAPCMD_GZDIRECT 56 -#define ZCAPCMD_GZCLOSE 57 -#define ZCAPCMD_GZCLOSE_R 58 -#define ZCAPCMD_GZCLOSE_W 59 -#define ZCAPCMD_GZERROR 60 -#define ZCAPCMD_GZCLEARERR 61 +#define ZCAPCMD_GZCLOSE_R 57 +#define ZCAPCMD_GZCLOSE_W 58 +#define ZCAPCMD_GZERROR 59 +#define ZCAPCMD_GZCLEARERR 60 /* checksum functions */ -#define ZCAPCMD_ADLER32 62 -#define ZCAPCMD_ADLER32_COMBINE 63 -#define ZCAPCMD_CRC32 64 -#define ZCAPCMD_CRC32_COMBINE 65 +#define ZCAPCMD_ADLER32 61 +#define ZCAPCMD_ADLER32_COMBINE 62 +#define ZCAPCMD_CRC32 63 +#define ZCAPCMD_CRC32_COMBINE 64 Modified: soc2013/dpl/head/lib/libzcap/zlibworker/zlibworker.c ============================================================================== --- soc2013/dpl/head/lib/libzcap/zlibworker/zlibworker.c Thu Sep 12 10:39:38 2013 (r257235) +++ soc2013/dpl/head/lib/libzcap/zlibworker/zlibworker.c Thu Sep 12 14:41:20 2013 (r257236) @@ -103,6 +103,10 @@ { nvlist_t *nvl, *args, *result; + /* Sandbox the process */ + if (cap_enter() < 0) + err(1, "Couldn't enter capability mode"); + if ((data = calloc(5*1024, 1)) == NULL) err(1, "malloc\n"); @@ -110,18 +114,17 @@ if ((result = nvlist_create(0)) == NULL) err(1, "Can't create result.\n"); - if ((nvl = nvlist_recv(SOCKETFILENO)) != NULL) { - if (!nvlist_exists(nvl, "command")) - err(1, "No command.\n"); - - if (!nvlist_exists(nvl, "args")) - err(1, "args doesn't exist in nvlist\n"); - - if ((args = nvlist_take_nvlist(nvl, "args")) == NULL) - err(1, "couldn't take 'args' from nvlist\n"); - } else { + if ((nvl = nvlist_recv(SOCKETFILENO)) == NULL) err(1, "Received nvlist is NULL\n"); - } + + if (!nvlist_exists(nvl, "command")) + err(1, "No command.\n"); + + if (!nvlist_exists(nvl, "args")) + err(1, "args doesn't exist in nvlist\n"); + + if ((args = nvlist_take_nvlist(nvl, "args")) == NULL) + err(1, "couldn't take 'args' from nvlist\n"); // Switch for "command" // Get args, and call the real lib.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309121441.r8CEfKBm003583>