From owner-svn-soc-all@FreeBSD.ORG  Wed Jun 19 19:47:56 2013
Return-Path: <owner-svn-soc-all@FreeBSD.ORG>
Delivered-To: svn-soc-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 53943270
 for <svn-soc-all@FreeBSD.org>; Wed, 19 Jun 2013 19:47:56 +0000 (UTC)
 (envelope-from dpl@FreeBSD.org)
Received: from socsvn.freebsd.org (socsvn.freebsd.org
 [IPv6:2001:1900:2254:206a::16:124])
 by mx1.freebsd.org (Postfix) with ESMTP id 436481B79
 for <svn-soc-all@FreeBSD.org>; Wed, 19 Jun 2013 19:47:56 +0000 (UTC)
Received: from socsvn.freebsd.org ([127.0.1.124])
 by socsvn.freebsd.org (8.14.7/8.14.7) with ESMTP id r5JJluS9092523
 for <svn-soc-all@FreeBSD.org>; Wed, 19 Jun 2013 19:47:56 GMT
 (envelope-from dpl@FreeBSD.org)
Received: (from www@localhost)
 by socsvn.freebsd.org (8.14.7/8.14.6/Submit) id r5JJlupp092521
 for svn-soc-all@FreeBSD.org; Wed, 19 Jun 2013 19:47:56 GMT
 (envelope-from dpl@FreeBSD.org)
Date: Wed, 19 Jun 2013 19:47:56 GMT
Message-Id: <201306191947.r5JJlupp092521@socsvn.freebsd.org>
X-Authentication-Warning: socsvn.freebsd.org: www set sender to
 dpl@FreeBSD.org using -f
From: dpl@FreeBSD.org
To: svn-soc-all@FreeBSD.org
Subject: socsvn commit: r253253 - soc2013/dpl/head/contrib/bzip2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-soc-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for the entire Summer of Code repository
 <svn-soc-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-soc-all>,
 <mailto:svn-soc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-soc-all>
List-Post: <mailto:svn-soc-all@freebsd.org>
List-Help: <mailto:svn-soc-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-soc-all>,
 <mailto:svn-soc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jun 2013 19:47:56 -0000

Author: dpl
Date: Wed Jun 19 19:47:55 2013
New Revision: 253253
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=253253

Log:
  Work with PF_LOCAL sockets and fork to separate the bzip2 main program from the compression/uncompression algorithms.
  

Modified:
  soc2013/dpl/head/contrib/bzip2/bzip2.c

Modified: soc2013/dpl/head/contrib/bzip2/bzip2.c
==============================================================================
--- soc2013/dpl/head/contrib/bzip2/bzip2.c	Wed Jun 19 18:44:55 2013	(r253252)
+++ soc2013/dpl/head/contrib/bzip2/bzip2.c	Wed Jun 19 19:47:55 2013	(r253253)
@@ -93,6 +93,9 @@
 #		if __FreeBSD_version >= 900041
 #			define CAPSICUM
 #			include <sys/capability.h>
+#			include <sys/socket.h>
+#			include <sys/wait.h>
+#			include <sys/un.h>
 #		endif
 #	endif
 
@@ -218,6 +221,12 @@
 FILE    *outputHandleJustInCase;
 Int32   workFactor;
 
+#ifdef CAPSICUM
+int s, s2, len;
+struct sockaddr_un sock, remoteSock;
+char *sockPath = "/tmp/bzip2";
+#endif
+
 static void    panic                 ( const Char* ) NORETURN;
 static void    ioError               ( void )        NORETURN;
 static void    outOfMemory           ( void )        NORETURN;
@@ -971,9 +980,9 @@
    FILE*     fp;
    IntNative fh;
    fh = open(name, O_WRONLY|O_CREAT|O_EXCL, S_IWUSR|S_IRUSR);
-#  ifdef CAPSICUM
-   cap_rights_limit(fh, CAP_WRITE);
-#  endif
+/*#  ifdef CAPSICUM*/
+   /*cap_rights_limit(fh, CAP_WRITE);*/
+/*#  endif*/
    if (fh == -1) return NULL;
    fp = fdopen(fh, mode);
    if (fp == NULL) close(fh);
@@ -1145,7 +1154,7 @@
 {
    FILE  *inStr;
    FILE  *outStr;
-   Int32 n, i, infd;
+   Int32 n, i, forkpid, infd;
    struct MY_STAT statBuf;
 
    deleteOutputOnInterrupt = False;
@@ -1233,6 +1242,17 @@
       saveInputFileMetaInfo ( inName );
    }
 
+   if ( srcMode != SM_I2O ){
+#	ifdef CAPSICUM
+		 infd = open( inName, O_RDONLY );
+		 /*cap_rights_limit(infd, CAP_READ);*/
+         inStr = fdopen ( infd, "rb" );
+#	else
+		 infd = NULL;
+         inStr = fopen ( inName, "rb" );
+#	endif
+   }
+
    switch ( srcMode ) {
 
       case SM_I2O:
@@ -1250,14 +1270,6 @@
          break;
 
       case SM_F2O:
-#	ifdef CAPSICUM
-		 infd = open( inName, O_RDONLY );
-		 cap_rights_limit(infd, CAP_READ);
-         inStr = fdopen ( infd, "rb" );
-#	else
-		 infd = NULL;
-         inStr = fopen ( inName, "rb" );
-#	endif
          outStr = stdout;
          if ( isatty ( fileno ( stdout ) ) ) {
             fprintf ( stderr,
@@ -1278,14 +1290,6 @@
          break;
 
       case SM_F2F:
-#	ifdef CAPSICUM
-		infd = open( inName, O_RDONLY );
-		cap_rights_limit(infd, CAP_READ);
-        inStr = fdopen ( infd, "rb" );
-#	else
-		 infd = NULL;
-         inStr = fopen ( inName, "rb" );
-#	endif
          outStr = fopen_output_safely ( outName, "wb" );
          if ( outStr == NULL) {
             fprintf ( stderr, "%s: Can't create output file %s: %s.\n",
@@ -1314,30 +1318,56 @@
       fflush ( stderr );
    }
 
-#	ifdef CAPSICUM
-	if (cap_enter() < 0) {
-		fprintf ( stderr, "%s: Couldn't enter capability mode.\n", progName );
-		exit(1);
-	}
-#	endif
+#  ifdef CAPSICUM
+   /* Pass the limited file descriptors with a unix domain socket. */
+   switch( forkpid = rfork(RFPROC | RFCFDG) ) {
+      case ( 0 ):
+		if (cap_enter() < 0) {
+		   fprintf ( stderr, "%s: Couldn't enter capability mode: %s.\n", 
+							  progName, strerror(errno) );
+			exit(1);
+		}
 
-   /*--- Now the input and output handles are sane.  Do the Biz. ---*/
-   outputHandleJustInCase = outStr;
-   deleteOutputOnInterrupt = True;
-   compressStream ( inStr, outStr );
-   outputHandleJustInCase = NULL;
+#  endif
+           /*--- Now the input and output handles are sane.  Do the Biz. ---*/
+           outputHandleJustInCase = outStr;
+           deleteOutputOnInterrupt = True;
+           compressStream ( inStr, outStr );
+           outputHandleJustInCase = NULL;
+         
+           /*--- If there was an I/O error, we won't get here. ---*/
+           if ( srcMode == SM_F2F ) {
+              applySavedTimeInfoToOutputFile ( outName );
+              deleteOutputOnInterrupt = False;
+              if ( !keepInputFiles ) {
+                 IntNative retVal = remove ( inName );
+                 ERROR_IF_NOT_ZERO ( retVal );
+              }
+           }
+         
+           deleteOutputOnInterrupt = False;
 
-   /*--- If there was an I/O error, we won't get here. ---*/
-   if ( srcMode == SM_F2F ) {
-      applySavedTimeInfoToOutputFile ( outName );
-      deleteOutputOnInterrupt = False;
-      if ( !keepInputFiles ) {
-         IntNative retVal = remove ( inName );
-         ERROR_IF_NOT_ZERO ( retVal );
-      }
+#  ifdef CAPSICUM
+           break;
+
+	  case ( -1 ):
+         fprintf ( stderr, "%s: Couldn't fork: %s.\n", progName, strerror(errno) );
+         exit(1);
+
+	  default:
+         listen(s, 2);
+		 len = sizeof(struct sockaddr_un);
+		 accept(s, (struct sockaddr *) &remoteSock, &len);
+		 /* Send the two FDs */
+         wait(NULL);
+         if ( -1 == unlink(sock.sun_path) && errno != ENOENT ){
+           fprintf ( stderr, "%s: Can't unlink socket: %s.\n", progName, strerror(errno) );
+      	   exit(1);
+         }
+         return;
    }
+#  endif
 
-   deleteOutputOnInterrupt = False;
 }
 
 
@@ -1440,6 +1470,17 @@
       saveInputFileMetaInfo ( inName );
    }
 
+   if ( srcMode != SM_I2O ){
+#	ifdef CAPSICUM
+		 infd = open( inName, O_RDONLY );
+		 /*cap_rights_limit(infd, CAP_READ);*/
+         inStr = fdopen ( infd, "rb" );
+#	else
+		 infd = NULL;
+         inStr = fopen ( inName, "rb" );
+#	endif
+   }
+
    switch ( srcMode ) {
 
       case SM_I2O:
@@ -1457,14 +1498,6 @@
          break;
 
       case SM_F2O:
-#	ifdef CAPSICUM
-		 infd = open( inName, O_RDONLY );
-		 cap_rights_limit(infd, CAP_READ);
-         inStr = fdopen ( infd, "rb" );
-#	else
-		 infd = NULL;
-         inStr = fopen ( inName, "rb" );
-#	endif
          outStr = stdout;
          if ( inStr == NULL ) {
             fprintf ( stderr, "%s: Can't open input file %s:%s.\n",
@@ -1476,14 +1509,6 @@
          break;
 
       case SM_F2F:
-#	ifdef CAPSICUM
-         infd = open( inName, O_RDONLY );
-         cap_rights_limit(infd, CAP_READ);
-         inStr = fdopen ( infd, "rb" );
-#	else
-		 infd = NULL;
-         inStr = fopen ( inName, "rb" );
-#	endif
          outStr = fopen_output_safely ( outName, "wb" );
          if ( outStr == NULL) {
             fprintf ( stderr, "%s: Can't create output file %s: %s.\n",
@@ -1512,13 +1537,6 @@
       fflush ( stderr );
    }
 
-#	ifdef CAPSICUM
-	if (cap_enter() < 0) {
-		fprintf ( stderr, "%s: Couldn't enter capability mode.\n", progName );
-		exit(1);
-	}
-#	endif
-
    /*--- Now the input and output handles are sane.  Do the Biz. ---*/
    outputHandleJustInCase = outStr;
    deleteOutputOnInterrupt = True;
@@ -2009,6 +2027,35 @@
 #     endif
    }
 
+#  ifdef CAPSICUM
+
+   sock.sun_family = PF_LOCAL;
+   strncpy(sock.sun_path, sockPath, sizeof(sock.sun_path));
+   
+   if ( (s = socket(PF_LOCAL, SOCK_STREAM, 0)) == -1 ){
+      fprintf ( stderr, "%s: Can't create socket: %s.\n", progName, strerror(errno) );
+	  exit(1);
+   }
+
+   if ( -1 == unlink(sock.sun_path) && errno != ENOENT ){
+      fprintf ( stderr, "%s: Can't unlink socket: %s.\n", progName, strerror(errno) );
+      exit(1);
+   }
+
+   if ( (s = bind(s, (struct sockaddr *) &sock, SUN_LEN( &sock ) )) == -1 ){
+	  fprintf ( stderr, "%s: Can't bind socket: %s.\n", progName, strerror(errno) );
+	  exit(1);
+   }
+
+   /* XXX - Factorize code here */
+   /*if (srcMode == SM_I2O) {*/
+      /*if (opMode == OM_Z )*/
+		 /*compress( NULL );*/
+	  /*else if (opMode == OM_UNZ )*/
+		 /*uncompress (NULL);*/
+   /*}*/
+#  endif
+
    if (opMode == OM_Z) {
      if (srcMode == SM_I2O) {
         compress ( NULL );