PERFORCE change 164166 for review
Jonathan Anderson
jona at FreeBSD.org
Fri Jun 12 11:32:04 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164166
Change 164166 by jona at jona-trustedbsd-belle-vm on 2009/06/12 11:31:15
Sending messages and FDs now works, unless we're in capability mode - problem with the cap stuff in the kernel?)
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdtest.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#5 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.h#5 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdtest.c#2 (text+ko) ====
@@ -25,53 +25,53 @@
else
printf("Sockets: { %i, %i }\n", sockets[0], sockets[1]);
+ int32_t disableSIGPIPE = 1;
+ if(setsockopt(sockets[0], SOL_SOCKET, SO_NOSIGPIPE, &disableSIGPIPE, 4))
+ err(EX_IOERR, "Error in setsockopt()");
+
+ if(setsockopt(sockets[1], SOL_SOCKET, SO_NOSIGPIPE, &disableSIGPIPE, 4))
+ err(EX_IOERR, "Error in setsockopt()");
+
int procdesc = -1;
- pid_t child = fork();//pdfork(&procdesc);
+ pid_t child = pdfork(&procdesc);
printf("Child PID: %i, proc: %i\n", child, procdesc);
+
+ int fds[2];
+ int fdlen = 0;
+ char *message;
+
if (child < 0) err(EX_SOFTWARE, "Error in pdfork()");
else if(child == 0)
{
close(sockets[1]);
sock = sockets[0];
- printf("Child: keeping socket %i\n", sock);
- int32_t disable = 1;
- if(setsockopt(sock, SOL_SOCKET, SO_NOSIGPIPE, &disable, 4))
- err(EX_IOERR, "Error in setsockopt()");
-
- int fds[2];
fds[0] = open("/etc/passwd", O_RDONLY);
if(fds[0] < 0) err(EX_IOERR, "Error opening file descriptor");
fds[1] = open("/etc/group", O_RDONLY);
if(fds[1] < 0) err(EX_IOERR, "Error opening file descriptor");
-
- struct cap_wire_datum *d = cap_marshall_string("hello, ", 7);
- if(cap_send_fd(sock, "foo", d, fds, 2) < 0)
- err(EX_IOERR, "Error sending data/FD");
+ fdlen = 2;
+ message = "hello, ";
}
else
{
- sleep(120);
- exit(0);
-
close(sockets[0]);
sock = sockets[1];
- printf("Parent: keeping socket %i\n", sock);
-
- int fd = open("/etc/rc.conf", O_RDONLY);
- if(fd < 0)
+ fds[0] = open("/etc/rc.conf", O_RDONLY);
+ if(fds[0] < 0)
err(EX_IOERR, "Error opening file descriptor");
- struct cap_wire_datum *d = cap_marshall_string("world!", 6);
- if(cap_send_fd(sock, "bar", d, &fd, 1) < 0)
- err(EX_IOERR, "Error sending data/FD");
+ fdlen = 1;
+ message = "world!";
}
-/*
+
+ sock = cap_new(sock, CAP_MASK_VALID);
+
// enter capability mode
if(cap_enter()) err(EX_SOFTWARE, "Failed to enter capability mode");
else printf("Now operating in capability mode\n");
@@ -81,18 +81,29 @@
char *path = "/etc/passwd";
if(open(path, O_RDONLY) < 0) printf("Sandbox is working\n");
else fprintf(stderr, "Was able to open %s directly\n", path);
-*/
+
+
+
+ struct cap_wire_datum *d = cap_marshall_string(message, 7);
+ if(cap_send_fd(sock, "message and FDs", d, fds, fdlen) < 0)
+ err(EX_IOERR, "Error sending data/FD");
+
+ free(d);
- struct cap_wire_datum *d;
int fd_array[10];
- int fdlen = 10;
+ fdlen = 10;
char *name;
if(cap_recv_fd(sock, &name, &d, fd_array, &fdlen) < 0)
err(EX_IOERR, "Error receiving data/FD");
+ printf("Received FDs: ");
+ for(int i = 0; i < fdlen; i++) printf("%i ", fd_array[i]);
+ printf("\n");
+
+
return 0;
}
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#5 (text+ko) ====
@@ -75,12 +75,9 @@
-#include <stdio.h> // TODO: temporary
int cap_send_fd(int sock, const char *name, struct cap_wire_datum *d,
int32_t fd_array[], int32_t fdlen)
{
- printf("Sending datum + %i FD(s) over socket %i\n", fdlen, sock);
-
// the datum is the I/O vector
struct iovec iov;
iov.iov_base = d;
@@ -95,7 +92,8 @@
anc_hdr->cmsg_len = cmsghdrlen;
anc_hdr->cmsg_level = SOL_SOCKET;
anc_hdr->cmsg_type = SCM_RIGHTS;
- memcpy(anc_hdr + sizeof(struct cmsghdr), fd_array, fdlen * sizeof(int32_t));
+ memcpy(((void*) anc_hdr) + sizeof(struct cmsghdr), fd_array,
+ fdlen * sizeof(int32_t));
// sendmsg header
@@ -109,15 +107,15 @@
header.msg_flags = 0;
+ // send!
int bytes_sent = sendmsg(sock, &header, 0);
-// int bytes_sent = send(sock, d, sizeof(struct cap_wire_datum), 0);
if(bytes_sent < 0)
{
perror("Error sending data and file descriptor(s)");
- sleep(200);
return -1;
}
+
free(anc_hdr);
return bytes_sent;
}
@@ -127,14 +125,17 @@
int cap_recv_fd(int sock, char **name, struct cap_wire_datum **d,
int32_t *fd_array, int32_t *fdlen)
{
- printf("cap_recv_fd(%i, char**, datum**, int[], %i)\n", sock, *fdlen);
-
// how much data is there to receive?
struct cap_wire_datum peek;
- printf("Peek at first %iB...\n", sizeof(struct cap_wire_datum));
int bytes = recv(sock, &peek, sizeof(struct cap_wire_datum), MSG_PEEK);
+ if(bytes < 0)
+ {
+ perror("Error peeking at socket");
+ return -1;
+ }
+
int to_receive = sizeof(struct cap_wire_datum) + peek.length;
- printf("Total to receive: %iB\n", to_receive);
+
// make room for it
*d = (struct cap_wire_datum*) malloc(to_receive);
@@ -142,6 +143,7 @@
iov.iov_base = d;
iov.iov_len = to_receive;
+
// prepare to receive file descriptor(s)
int size = sizeof(struct cmsghdr) + *fdlen;
struct cmsghdr *anc_hdr = (struct cmsghdr*) malloc(size);
@@ -174,17 +176,14 @@
return -1;
}
- size = sizeof(struct cmsghdr) + *fdlen * sizeof(int32_t);
- printf("Received %iB cmsghdr\n", anc_hdr->cmsg_len);
int recv_fdlen =
(anc_hdr->cmsg_len - sizeof(struct cmsghdr)) / sizeof(int32_t);
- printf("Received %i FDs (room for %i)\n", recv_fdlen, *fdlen);
if(recv_fdlen < *fdlen) *fdlen = recv_fdlen;
- int32_t* recv_fd_array = (int32_t*) anc_hdr + sizeof(anc_hdr);
- memcpy(fd_array, recv_fd_array, *fdlen * sizeof(int32_t));
+ memcpy(fd_array, ((void*) anc_hdr) + sizeof(struct cmsghdr),
+ *fdlen * sizeof(int32_t));
return 0;
}
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.h#5 (text+ko) ====
More information about the p4-projects
mailing list