Date: Mon, 15 Jun 2009 08:15:22 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 164407 for review Message-ID: <200906150815.n5F8FMXX020732@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164407 Change 164407 by rwatson@rwatson_freebsd_capabilities on 2009/06/15 08:14:45 Move IPC-related functions from libcapability_{host,sandbox}.c to libcapability_{host,sandbox}_io.c and hook them up to the build. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#9 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#14 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host_io.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_internal.h#2 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox.c#7 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_io.c#2 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#9 (text+ko) ==== @@ -2,10 +2,12 @@ LIB= capability -SRCS= \ - libcapability.c \ - libcapability_sandbox.c \ - libcapability_host.c +SRCS= \ + libcapability.c \ + libcapability_sandbox.c \ + libcapability_sandbox_io.c \ + libcapability_host.c \ + libcapability_host_io.c INCS= libcapability.h ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#14 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#13 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#14 $ */ #include <sys/param.h> @@ -81,12 +81,6 @@ int closefrom(int lowfd); -struct lc_sandbox { - int lcs_fd_sock; - int lcs_fd_procdesc; - pid_t lcs_pid; -}; - /* * Install an array of file descriptors using the array index of each * descriptor in the array as its destination file descriptor number. All @@ -402,142 +396,3 @@ *fdp = lcsp->lcs_fd_procdesc; return (0); } - -/* - * Simple I/O wrappers for capability sockets. Possibly more keeping an eye - * on the worker should take place here. - */ -ssize_t -lch_send(struct lc_sandbox *lcsp, const void *msg, size_t len, int flags) -{ - - return (_lc_send(lcsp->lcs_fd_sock, msg, len, flags)); -} - -ssize_t -lch_send_rights(struct lc_sandbox *lcsp, const void *msg, size_t len, - int flags, int *fdp, int fdcount) -{ - - return (_lc_send_rights(lcsp->lcs_fd_sock, msg, len, flags, fdp, - fdcount)); -} - -ssize_t -lch_recv(struct lc_sandbox *lcsp, void *buf, size_t len, int flags) -{ - - return (_lc_recv(lcsp->lcs_fd_sock, buf, len, flags)); -} - -ssize_t -lch_recv_rights(struct lc_sandbox *lcsp, void *buf, size_t len, int flags, - int *fdp, int *fdcountp) -{ - - return (_lc_recv_rights(lcsp->lcs_fd_sock, buf, len, flags, fdp, - fdcountp)); -} - -/* - * Simple libcapability RPC facility (lcrpc): send a request, get back a - * reply (up to the size bound of the buffers passed in). The caller is - * responsible for retransmitting if the sandbox fails. - * - * Right now sequence numbers are unimplemented -- that's fine because we - * don't need retransmission, and are synchronous. However, it might not be - * a bad idea to use them anyway. - */ -int -lch_rpc(struct lc_sandbox *lcsp, u_int32_t opno, struct iovec *req, - int reqcount, struct iovec *rep, int repcount, size_t *replenp) -{ - struct lcrpc_request_hdr req_hdr; - struct lcrpc_reply_hdr rep_hdr; - size_t left, off, space, totlen, want; - ssize_t len; - int i; - - bzero(&req_hdr, sizeof(req_hdr)); - req_hdr.lcrpc_reqhdr_magic = LCRPC_REQUEST_HDR_MAGIC; - req_hdr.lcrpc_reqhdr_seqno = 0; - req_hdr.lcrpc_reqhdr_opno = opno; - for (i = 0; i < reqcount; i++) - req_hdr.lcrpc_reqhdr_datalen += req[i].iov_len; - for (i = 0; i < repcount; i++) - req_hdr.lcrpc_reqhdr_maxrepdatalen += rep[i].iov_len; - - /* - * Send our header. - */ - len = lch_send(lcsp, &req_hdr, sizeof(req_hdr), 0); - if (len < 0) - return (-1); - if (len != sizeof(req_hdr)) { - errno = ECHILD; - return (-1); - } - - /* - * Send the user request. - */ - for (i = 0; i < reqcount; i++) { - len = lch_send(lcsp, req[i].iov_base, req[i].iov_len, 0); - if (len < 0) - return (-1); - if ((size_t)len != req[i].iov_len) { - errno = ECHILD; - return (-1); - } - } - - /* - * Receive our header and validate. - */ - len = lch_recv(lcsp, &rep_hdr, sizeof(rep_hdr), MSG_WAITALL); - if (len < 0) - return (-1); - if (len != sizeof(rep_hdr)) { - errno = ECHILD; - return (-1); - } - - if (rep_hdr.lcrpc_rephdr_magic != LCRPC_REPLY_HDR_MAGIC || - rep_hdr.lcrpc_rephdr_seqno != 0 || - rep_hdr.lcrpc_rephdr_opno != opno || - rep_hdr.lcrpc_rephdr_datalen > req_hdr.lcrpc_reqhdr_maxrepdatalen) { - errno = EBADRPC; - return (-1); - } - - /* - * Receive the user data. Notice that we can partially overwrite the - * user buffer but still receive an error. - */ - totlen = 0; - for (i = 0; i < repcount; i++) { - off = 0; - while (totlen < rep_hdr.lcrpc_rephdr_datalen) { - space = rep[i].iov_len - off; - left = rep_hdr.lcrpc_rephdr_datalen - totlen; - want = (space > left) ? space : left; - len = lch_recv(lcsp, - (u_char *)((uintptr_t)rep[i].iov_base + off), - want, MSG_WAITALL); - if (len < 0) - return (-1); - if ((size_t)len != want) { - errno = ECHILD; - return (-1); - } - off += len; - totlen += len; - if (rep[i].iov_len == off) - break; - } - if (totlen == rep_hdr.lcrpc_rephdr_datalen) - break; - } - *replenp = totlen; - return (0); -} ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host_io.c#2 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host_io.c#1 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host_io.c#2 $ */ #include <sys/param.h> @@ -52,357 +52,6 @@ #include "libcapability_internal.h" #include "libcapability_sandbox_api.h" -#define LIBCAPABILITY_CAPMASK_DEVNULL (CAP_EVENT | CAP_READ | CAP_WRITE) -#define LIBCAPABILITY_CAPMASK_SOCK (CAP_EVENT | CAP_READ | CAP_WRITE) -#define LIBCAPABILITY_CAPMASK_BIN (CAP_READ | CAP_EVENT | CAP_FSTAT | \ - CAP_FSTATFS | \ - CAP_FEXECVE | CAP_MMAP | \ - CAP_MAPEXEC) -#define LIBCAPABILITY_CAPMASK_SANDBOX LIBCAPABILITY_CAPMASK_BIN -#define LIBCAPABILITY_CAPMASK_LDSO LIBCAPABILITY_CAPMASK_BIN -#define LIBCAPABILITY_CAPMASK_LIBC LIBCAPABILITY_CAPMASK_BIN -#define LIBCAPABILITY_CAPMASK_LIBCAPABILITYM LIBCAPABILITY_CAPMASK_BIN -#define LIBCAPABILITY_CAPMASK_LIBZ LIBCAPABILITY_CAPMASK_BIN - -#define _PATH_LIB "/lib" -#define _PATH_USR_LIB "/usr/lib" -#define LIBC_SO "libc.so.7" -#define LIBZ_SO "libz.so.4" -#define LIBCAPABILITYM_SO "libcapabilitym.so.1" - -extern char **environ; - -#define LD_ELF_CAP_SO "ld-elf-cap.so.1" -#define PATH_LD_ELF_CAP_SO "/libexec" -char *ldso_argv[] = { - __DECONST(char *, PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO), - NULL, -}; - -int closefrom(int lowfd); - -struct lc_sandbox { - int lcs_fd_sock; - int lcs_fd_procdesc; - pid_t lcs_pid; -}; - -/* - * Install an array of file descriptors using the array index of each - * descriptor in the array as its destination file descriptor number. All - * other existing file descriptors will be closed when this function returns, - * leaving a pristine vector. If calls fail, then we return (-1), but there - * are no guarantees about the state of the file descriptor array for the - * process, so it's a throw-away. - * - * It would be nice not to shuffle descriptors that already have the right - * number. - */ -static int -lch_installfds(u_int fd_count, int *fds) -{ - u_int i; - int highestfd; - - if (fd_count == 0) - return (0); - - /* - * Identify the highest source file descriptor we care about so that - * when we play the dup2() rearranging game, we don't overwrite any - * we care about. - */ - highestfd = fds[0]; - for (i = 1; i < fd_count; i++) { - if (fds[i] > highestfd) - highestfd = fds[i]; - } - highestfd++; /* Don't tread on the highest */ - - /* - * First, move all our descriptors up the range. - */ - for (i = 0; i < fd_count; i++) { - if (dup2(fds[i], highestfd + i) < 0) - return (-1); - } - - /* - * Now put them back. - */ - for (i = 0; i < fd_count; i++) { - if (dup2(highestfd + i, i) < 0) - return (-1); - } - - /* - * Close the descriptors that we moved, as well as any others that - * were left open by the caller. - */ - if (closefrom(fd_count) < 0) - return (-1); - - return (0); -} - -static void -lch_sandbox(int fd_sock, int fd_sandbox, int fd_ldso, int fd_libc, - int fd_libz, int fd_libcapabilitym, int fd_devnull, u_int flags, - const char *binname, char *const argv[]) -{ - char *env_caplibindex, *env_libcapability_sandbox_api; - int fd_array[10]; - - if (lc_limitfd(fd_devnull, LIBCAPABILITY_CAPMASK_DEVNULL) < 0) - return; - if (lc_limitfd(fd_sandbox, LIBCAPABILITY_CAPMASK_SANDBOX) < 0) - return; - if (lc_limitfd(fd_sock, LIBCAPABILITY_CAPMASK_SOCK) < 0) - return; - if (lc_limitfd(fd_ldso, LIBCAPABILITY_CAPMASK_LDSO) < 0) - return; - if (lc_limitfd(fd_libc, LIBCAPABILITY_CAPMASK_LIBC) < 0) - return; - if (lc_limitfd(fd_libz, LIBCAPABILITY_CAPMASK_LIBZ) < 0) - return; - if (lc_limitfd(fd_libcapabilitym, - LIBCAPABILITY_CAPMASK_LIBCAPABILITYM) < 0) - return; - - fd_array[0] = fd_devnull; - fd_array[1] = fd_devnull; - if (flags & LCH_PERMIT_STDERR) { - if (lc_limitfd(STDERR_FILENO, CAP_SEEK | CAP_WRITE) < 0) - return; - fd_array[2] = STDERR_FILENO; - } else - fd_array[2] = fd_devnull; - fd_array[3] = fd_sandbox; - fd_array[4] = fd_sock; - fd_array[5] = fd_ldso; - fd_array[6] = fd_libc; - fd_array[7] = fd_libz; - fd_array[8] = fd_libcapabilitym; - fd_array[9] = fd_devnull; - - if (lch_installfds(10, fd_array) < 0) - return; - - /* - * Pass library list into rtld-elf-cap. - */ - if (asprintf(&env_caplibindex, "%d:%s,%d:%s,%d:%s,%d:%s,%d:%s,%d:%s", - 3, binname, 5, LD_ELF_CAP_SO, 6, LIBC_SO, 7, LIBZ_SO, 8, - LIBCAPABILITYM_SO, 9, _PATH_DEVNULL) == -1) - return; - if (setenv("LD_CAPLIBINDEX", env_caplibindex, 1) == -1) - return; - free(env_caplibindex); - - /* - * Make sure that libcapability in the sandbox knows that its API - * assumptions hold. - */ - if (asprintf(&env_libcapability_sandbox_api, "%s:%d", - LIBCAPABILITY_SANDBOX_API_SOCK, 4) == -1) - return; - if (setenv(LIBCAPABILITY_SANDBOX_API_ENV, - env_libcapability_sandbox_api, 1) == -1) - return; - free(env_libcapability_sandbox_api); - - if (cap_enter() < 0) - return; - - (void)fexecve(5, argv, environ); -} - -int -lch_startfd_flags(int fd_sandbox, const char *binname, char *const argv[], - u_int flags, struct lc_sandbox **lcspp) -{ - struct lc_sandbox *lcsp; - int fd_devnull, fd_ldso, fd_libc, fd_libcapabilitym, fd_libz; - int fd_procdesc, fd_sockpair[2]; - int error, val; - pid_t pid; - - fd_devnull = fd_ldso = fd_libc = fd_libz = fd_libcapabilitym = - fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1; - - lcsp = malloc(sizeof(*lcsp)); - if (lcsp == NULL) - return (-1); - bzero(lcsp, sizeof(*lcsp)); - -#ifdef IN_CAP_MODE - if (ld_caplibindex_lookup(LD_ELF_CAP_SO, &fd_ldso) < 0) - goto out_error; - if (ld_caplibindex_lookup(LIBC_SO, &fd_libc) < 0) - goto out_error; - if (ld_caplibindex_lookup(LIBZ_SO, &fd_libz) < 0) - goto out_error; - if (ld_caplibindex_lookup(LIBCAPABILITYM_SO, &fd_libcapabilitym) < 0) - goto out_error; - if (ld_caplibindex_lookup(_PATH_DEVNULL, &fd_devnull) < 0) - goto out_error; -#else - fd_ldso = open(PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO, O_RDONLY); - if (fd_ldso < 0) - goto out_error; - - fd_libc = open(_PATH_LIB "/" LIBC_SO, O_RDONLY); - if (fd_libc < 0) - goto out_error; - - fd_libz = open(_PATH_LIB "/" LIBZ_SO, O_RDONLY); - if (fd_libz < 0) - goto out_error; - - fd_libcapabilitym = open(_PATH_USR_LIB "/" LIBCAPABILITYM_SO, - O_RDONLY); - if (fd_libcapabilitym < 0) - goto out_error; - - fd_devnull = open(_PATH_DEVNULL, O_RDWR); - if (fd_devnull < 0) - goto out_error; -#endif - - if (socketpair(PF_LOCAL, SOCK_STREAM, 0, fd_sockpair) < 0) - goto out_error; - - val = 1; - if (setsockopt(fd_sockpair[0], SOL_SOCKET, SO_NOSIGPIPE, &val, - sizeof(val)) < 0) { - fd_sockpair[0] = fd_sockpair[1] = -1; - goto out_error; - } - - pid = pdfork(&fd_procdesc); - if (pid < 0) { - fd_procdesc = -1; - goto out_error; - } - if (pid == 0) { - lch_sandbox(fd_sockpair[1], fd_sandbox, fd_ldso, fd_libc, - fd_libz, fd_libcapabilitym, fd_devnull, flags, binname, - argv); - exit(-1); - } -#ifndef IN_CAP_MODE - close(fd_devnull); - close(fd_libcapabilitym); - close(fd_libz); - close(fd_libc); - close(fd_ldso); -#endif - close(fd_sockpair[1]); - - lcsp->lcs_fd_procdesc = fd_procdesc; - lcsp->lcs_fd_sock = fd_sockpair[0]; - lcsp->lcs_pid = pid; - *lcspp = lcsp; - - return (0); - -out_error: - error = errno; - if (fd_sockpair[0] != -1) - close(fd_sockpair[0]); - if (fd_sockpair[1] != -1) - close(fd_sockpair[1]); -#ifndef IN_CAP_MODE - if (fd_devnull != -1) - close(fd_devnull); - if (fd_libcapabilitym != -1) - close(fd_libcapabilitym); - if (fd_libz != -1) - close(fd_libz); - if (fd_libc != -1) - close(fd_libc); - if (fd_ldso != -1) - close(fd_ldso); -#endif - if (lcsp != NULL) - free(lcsp); - errno = error; - return (-1); -} - -int -lch_startfd(int fd_sandbox, const char *binname, char *const argv[], - struct lc_sandbox **lcspp) -{ - - return (lch_startfd_flags(fd_sandbox, binname, argv, 0, lcspp)); -} - -#ifndef IN_CAP_MODE -int -lch_start_flags(const char *sandbox, char *const argv[], u_int flags, - struct lc_sandbox **lcspp) -{ - char binname[MAXPATHLEN]; - int error, fd_sandbox, ret; - - if (basename_r(sandbox, binname) == NULL) - return (-1); - - fd_sandbox = open(sandbox, O_RDONLY); - if (fd_sandbox < 0) - return (-1); - - ret = lch_startfd_flags(fd_sandbox, binname, argv, flags, lcspp); - error = errno; - close(fd_sandbox); - errno = error; - return (ret); -} - -int -lch_start(const char *sandbox, char *const argv[], struct lc_sandbox **lcspp) -{ - - return (lch_start_flags(sandbox, argv, 0, lcspp)); -} -#endif - -void -lch_stop(struct lc_sandbox *lcsp) -{ - - close(lcsp->lcs_fd_sock); - close(lcsp->lcs_fd_procdesc); - lcsp->lcs_fd_sock = -1; - lcsp->lcs_fd_procdesc = -1; - lcsp->lcs_pid = -1; -} - -int -lch_getsock(struct lc_sandbox *lcsp, int *fdp) -{ - - *fdp = lcsp->lcs_fd_sock; - return (0); -} - -int -lch_getpid(struct lc_sandbox *lcsp, pid_t *pidp) -{ - - *pidp = lcsp->lcs_pid; - return (0); -} - -int -lch_getprocdesc(struct lc_sandbox *lcsp, int *fdp) -{ - - *fdp = lcsp->lcs_fd_procdesc; - return (0); -} - /* * Simple I/O wrappers for capability sockets. Possibly more keeping an eye * on the worker should take place here. ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_internal.h#2 (text+ko) ==== @@ -30,12 +30,22 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_internal.h#1 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_internal.h#2 $ */ #ifndef _LIBCAPABILITY_INTERNAL_H_ #define _LIBCAPABILITY_INTERNAL_H_ +struct lc_host { + int lch_fd_sock; +}; + +struct lc_sandbox { + int lcs_fd_sock; + int lcs_fd_procdesc; + pid_t lcs_pid; +}; + struct msghdr; int _lc_receive_rights(struct msghdr *msg, int *fdp, int *fdcountp); ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox.c#7 (text+ko) ==== @@ -48,10 +48,6 @@ #include "libcapability_internal.h" #include "libcapability_sandbox_api.h" -struct lc_host { - int lch_fd_sock; -}; - static int lch_initialized; static struct lc_host lch_global; @@ -110,148 +106,3 @@ *fdp = lchp->lch_fd_sock; return (0); } - -ssize_t -lcs_recv(struct lc_host *lchp, void *buf, size_t len, int flags) -{ - - return (_lc_recv(lchp->lch_fd_sock, buf, len, flags)); -} - -ssize_t -lcs_recv_rights(struct lc_host *lchp, void *buf, size_t len, int flags, - int *fdp, int *fdcountp) -{ - - return (_lc_recv_rights(lchp->lch_fd_sock, buf, len, flags, fdp, - fdcountp)); -} - -ssize_t -lcs_send(struct lc_host *lchp, const void *msg, size_t len, int flags) -{ - - return (_lc_send(lchp->lch_fd_sock, msg, len, flags)); -} - -ssize_t -lcs_send_rights(struct lc_host *lchp, const void *msg, size_t len, - int flags, int *fdp, int fdcount) -{ - - return (_lc_send_rights(lchp->lch_fd_sock, msg, len, flags, fdp, - fdcount)); -} - -/* - * libcapability RPC facility (lcrpc) sandbox routines. Since arguments are - * variable size, space is allocated by the RPC code rather than the caller, - * who is expected to free it with free(3) if desired. - */ -int -lcs_recvrpc(struct lc_host *lchp, u_int32_t *opnop, u_int32_t *seqnop, - u_char **bufferp, size_t *lenp) -{ - struct lcrpc_request_hdr req_hdr; - size_t totlen; - ssize_t len; - u_char *buffer; - int error; - - len = lcs_recv(lchp, &req_hdr, sizeof(req_hdr), MSG_WAITALL); - if (len < 0) - return (-1); - if (len == 0) { - errno = EPIPE; - return (-1); - } - if (len != sizeof(req_hdr)) { - errno = EBADMSG; - return (-1); - } - - if (req_hdr.lcrpc_reqhdr_magic != LCRPC_REQUEST_HDR_MAGIC) { - errno = EBADMSG; - return (-1); - } - - /* - * XXXRW: Should we check that the receive data fits in the address - * space of the sandbox? - * - * XXXRW: If malloc() fails, we should drain the right amount of data - * from the socket so that the next RPC will succeed. Possibly we - * should also reply with an error from this layer to the sender? - * What about if there are other socket errors, such as EINTR? - */ - buffer = malloc(req_hdr.lcrpc_reqhdr_datalen); - if (buffer == NULL) - return (-1); - - /* - * XXXRW: Likewise, how to handle failure at this stage? - */ - totlen = 0; - while (totlen < req_hdr.lcrpc_reqhdr_datalen) { - len = lcs_recv(lchp, buffer + totlen, - req_hdr.lcrpc_reqhdr_datalen - totlen, MSG_WAITALL); - if (len < 0) { - error = errno; - free(buffer); - return (-1); - } - if (len == 0) { - errno = EPIPE; - free(buffer); - return (-1); - } - totlen += len; - } - *bufferp = buffer; - *lenp = totlen; - *opnop = req_hdr.lcrpc_reqhdr_opno; - *seqnop = req_hdr.lcrpc_reqhdr_seqno; - return (0); -} - -int -lcs_sendrpc(struct lc_host *lchp, u_int32_t opno, u_int32_t seqno, - struct iovec *rep, int repcount) -{ - struct lcrpc_reply_hdr rep_hdr; - ssize_t len; - int i; - - bzero(&rep_hdr, sizeof(rep_hdr)); - rep_hdr.lcrpc_rephdr_magic = LCRPC_REPLY_HDR_MAGIC; - rep_hdr.lcrpc_rephdr_seqno = seqno; - rep_hdr.lcrpc_rephdr_opno = opno; - rep_hdr.lcrpc_rephdr_datalen = 0; - for (i = 0; i < repcount; i++) - rep_hdr.lcrpc_rephdr_datalen += rep[i].iov_len; - - /* - * Send our header. - */ - len = lcs_send(lchp, &rep_hdr, sizeof(rep_hdr), 0); - if (len < 0) - return (-1); - if (len != sizeof(rep_hdr)) { - errno = EPIPE; - return (-1); - } - - /* - * Send user data. - */ - for (i = 0; i < repcount; i++) { - len = lcs_send(lchp, rep[i].iov_base, rep[i].iov_len, 0); - if (len < 0) - return (-1); - if ((size_t)len != rep[i].iov_len) { - errno = EPIPE; - return (-1); - } - } - return (0); -} ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_io.c#2 (text+ko) ==== @@ -48,69 +48,6 @@ #include "libcapability_internal.h" #include "libcapability_sandbox_api.h" -struct lc_host { - int lch_fd_sock; -}; - -static int lch_initialized; -static struct lc_host lch_global; - -int -lcs_get(struct lc_host **lchpp) -{ - char *endp, *env, *env_dup, *env_dup_free, *name, *token, *value; - int error, fd_sock; - long long ll; - - if (lch_initialized) { - *lchpp = &lch_global; - return (0); - } - - env = getenv(LIBCAPABILITY_SANDBOX_API_ENV); - if (env == NULL) { - errno = EINVAL; /* XXXRW: Better errno? */ - return (-1); - } - - env_dup = env_dup_free = strdup(env); - if (env_dup == NULL) - return (-1); - - fd_sock = -1; - while ((token = strsep(&env_dup, ",")) != NULL) { - name = strsep(&token, ":"); - if (name == NULL) - continue; - value = token; - if (strcmp(name, LIBCAPABILITY_SANDBOX_API_SOCK) == 0) { - ll = strtoll(value, &endp, 10); - if (*endp != '\0' || ll < 0 || ll > INT_MAX) - continue; - fd_sock = ll; - } - } - if (fd_sock == -1) { - error = errno; - free(env_dup_free); - errno = error; - return (-1); - } - lch_global.lch_fd_sock = fd_sock; - lch_initialized = 1; - *lchpp = &lch_global; - free(env_dup_free); - return (0); -} - -int -lcs_getsock(struct lc_host *lchp, int *fdp) -{ - - *fdp = lchp->lch_fd_sock; - return (0); -} - ssize_t lcs_recv(struct lc_host *lchp, void *buf, size_t len, int flags) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906150815.n5F8FMXX020732>