PERFORCE change 164407 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jun 15 08:15:23 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164407
Change 164407 by rwatson at rwatson_freebsd_capabilities on 2009/06/15 08:14:45
Move IPC-related functions from libcapability_{host,sandbox}.c
to libcapability_{host,sandbox}_io.c and hook them up to the
build.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#9 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#14 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host_io.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_internal.h#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox.c#7 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_io.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#9 (text+ko) ====
@@ -2,10 +2,12 @@
LIB= capability
-SRCS= \
- libcapability.c \
- libcapability_sandbox.c \
- libcapability_host.c
+SRCS= \
+ libcapability.c \
+ libcapability_sandbox.c \
+ libcapability_sandbox_io.c \
+ libcapability_host.c \
+ libcapability_host_io.c
INCS= libcapability.h
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#14 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#13 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#14 $
*/
#include <sys/param.h>
@@ -81,12 +81,6 @@
int closefrom(int lowfd);
-struct lc_sandbox {
- int lcs_fd_sock;
- int lcs_fd_procdesc;
- pid_t lcs_pid;
-};
-
/*
* Install an array of file descriptors using the array index of each
* descriptor in the array as its destination file descriptor number. All
@@ -402,142 +396,3 @@
*fdp = lcsp->lcs_fd_procdesc;
return (0);
}
-
-/*
- * Simple I/O wrappers for capability sockets. Possibly more keeping an eye
- * on the worker should take place here.
- */
-ssize_t
-lch_send(struct lc_sandbox *lcsp, const void *msg, size_t len, int flags)
-{
-
- return (_lc_send(lcsp->lcs_fd_sock, msg, len, flags));
-}
-
-ssize_t
-lch_send_rights(struct lc_sandbox *lcsp, const void *msg, size_t len,
- int flags, int *fdp, int fdcount)
-{
-
- return (_lc_send_rights(lcsp->lcs_fd_sock, msg, len, flags, fdp,
- fdcount));
-}
-
-ssize_t
-lch_recv(struct lc_sandbox *lcsp, void *buf, size_t len, int flags)
-{
-
- return (_lc_recv(lcsp->lcs_fd_sock, buf, len, flags));
-}
-
-ssize_t
-lch_recv_rights(struct lc_sandbox *lcsp, void *buf, size_t len, int flags,
- int *fdp, int *fdcountp)
-{
-
- return (_lc_recv_rights(lcsp->lcs_fd_sock, buf, len, flags, fdp,
- fdcountp));
-}
-
-/*
- * Simple libcapability RPC facility (lcrpc): send a request, get back a
- * reply (up to the size bound of the buffers passed in). The caller is
- * responsible for retransmitting if the sandbox fails.
- *
- * Right now sequence numbers are unimplemented -- that's fine because we
- * don't need retransmission, and are synchronous. However, it might not be
- * a bad idea to use them anyway.
- */
-int
-lch_rpc(struct lc_sandbox *lcsp, u_int32_t opno, struct iovec *req,
- int reqcount, struct iovec *rep, int repcount, size_t *replenp)
-{
- struct lcrpc_request_hdr req_hdr;
- struct lcrpc_reply_hdr rep_hdr;
- size_t left, off, space, totlen, want;
- ssize_t len;
- int i;
-
- bzero(&req_hdr, sizeof(req_hdr));
- req_hdr.lcrpc_reqhdr_magic = LCRPC_REQUEST_HDR_MAGIC;
- req_hdr.lcrpc_reqhdr_seqno = 0;
- req_hdr.lcrpc_reqhdr_opno = opno;
- for (i = 0; i < reqcount; i++)
- req_hdr.lcrpc_reqhdr_datalen += req[i].iov_len;
- for (i = 0; i < repcount; i++)
- req_hdr.lcrpc_reqhdr_maxrepdatalen += rep[i].iov_len;
-
- /*
- * Send our header.
- */
- len = lch_send(lcsp, &req_hdr, sizeof(req_hdr), 0);
- if (len < 0)
- return (-1);
- if (len != sizeof(req_hdr)) {
- errno = ECHILD;
- return (-1);
- }
-
- /*
- * Send the user request.
- */
- for (i = 0; i < reqcount; i++) {
- len = lch_send(lcsp, req[i].iov_base, req[i].iov_len, 0);
- if (len < 0)
- return (-1);
- if ((size_t)len != req[i].iov_len) {
- errno = ECHILD;
- return (-1);
- }
- }
-
- /*
- * Receive our header and validate.
- */
- len = lch_recv(lcsp, &rep_hdr, sizeof(rep_hdr), MSG_WAITALL);
- if (len < 0)
- return (-1);
- if (len != sizeof(rep_hdr)) {
- errno = ECHILD;
- return (-1);
- }
-
- if (rep_hdr.lcrpc_rephdr_magic != LCRPC_REPLY_HDR_MAGIC ||
- rep_hdr.lcrpc_rephdr_seqno != 0 ||
- rep_hdr.lcrpc_rephdr_opno != opno ||
- rep_hdr.lcrpc_rephdr_datalen > req_hdr.lcrpc_reqhdr_maxrepdatalen) {
- errno = EBADRPC;
- return (-1);
- }
-
- /*
- * Receive the user data. Notice that we can partially overwrite the
- * user buffer but still receive an error.
- */
- totlen = 0;
- for (i = 0; i < repcount; i++) {
- off = 0;
- while (totlen < rep_hdr.lcrpc_rephdr_datalen) {
- space = rep[i].iov_len - off;
- left = rep_hdr.lcrpc_rephdr_datalen - totlen;
- want = (space > left) ? space : left;
- len = lch_recv(lcsp,
- (u_char *)((uintptr_t)rep[i].iov_base + off),
- want, MSG_WAITALL);
- if (len < 0)
- return (-1);
- if ((size_t)len != want) {
- errno = ECHILD;
- return (-1);
- }
- off += len;
- totlen += len;
- if (rep[i].iov_len == off)
- break;
- }
- if (totlen == rep_hdr.lcrpc_rephdr_datalen)
- break;
- }
- *replenp = totlen;
- return (0);
-}
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host_io.c#2 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host_io.c#1 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host_io.c#2 $
*/
#include <sys/param.h>
@@ -52,357 +52,6 @@
#include "libcapability_internal.h"
#include "libcapability_sandbox_api.h"
-#define LIBCAPABILITY_CAPMASK_DEVNULL (CAP_EVENT | CAP_READ | CAP_WRITE)
-#define LIBCAPABILITY_CAPMASK_SOCK (CAP_EVENT | CAP_READ | CAP_WRITE)
-#define LIBCAPABILITY_CAPMASK_BIN (CAP_READ | CAP_EVENT | CAP_FSTAT | \
- CAP_FSTATFS | \
- CAP_FEXECVE | CAP_MMAP | \
- CAP_MAPEXEC)
-#define LIBCAPABILITY_CAPMASK_SANDBOX LIBCAPABILITY_CAPMASK_BIN
-#define LIBCAPABILITY_CAPMASK_LDSO LIBCAPABILITY_CAPMASK_BIN
-#define LIBCAPABILITY_CAPMASK_LIBC LIBCAPABILITY_CAPMASK_BIN
-#define LIBCAPABILITY_CAPMASK_LIBCAPABILITYM LIBCAPABILITY_CAPMASK_BIN
-#define LIBCAPABILITY_CAPMASK_LIBZ LIBCAPABILITY_CAPMASK_BIN
-
-#define _PATH_LIB "/lib"
-#define _PATH_USR_LIB "/usr/lib"
-#define LIBC_SO "libc.so.7"
-#define LIBZ_SO "libz.so.4"
-#define LIBCAPABILITYM_SO "libcapabilitym.so.1"
-
-extern char **environ;
-
-#define LD_ELF_CAP_SO "ld-elf-cap.so.1"
-#define PATH_LD_ELF_CAP_SO "/libexec"
-char *ldso_argv[] = {
- __DECONST(char *, PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO),
- NULL,
-};
-
-int closefrom(int lowfd);
-
-struct lc_sandbox {
- int lcs_fd_sock;
- int lcs_fd_procdesc;
- pid_t lcs_pid;
-};
-
-/*
- * Install an array of file descriptors using the array index of each
- * descriptor in the array as its destination file descriptor number. All
- * other existing file descriptors will be closed when this function returns,
- * leaving a pristine vector. If calls fail, then we return (-1), but there
- * are no guarantees about the state of the file descriptor array for the
- * process, so it's a throw-away.
- *
- * It would be nice not to shuffle descriptors that already have the right
- * number.
- */
-static int
-lch_installfds(u_int fd_count, int *fds)
-{
- u_int i;
- int highestfd;
-
- if (fd_count == 0)
- return (0);
-
- /*
- * Identify the highest source file descriptor we care about so that
- * when we play the dup2() rearranging game, we don't overwrite any
- * we care about.
- */
- highestfd = fds[0];
- for (i = 1; i < fd_count; i++) {
- if (fds[i] > highestfd)
- highestfd = fds[i];
- }
- highestfd++; /* Don't tread on the highest */
-
- /*
- * First, move all our descriptors up the range.
- */
- for (i = 0; i < fd_count; i++) {
- if (dup2(fds[i], highestfd + i) < 0)
- return (-1);
- }
-
- /*
- * Now put them back.
- */
- for (i = 0; i < fd_count; i++) {
- if (dup2(highestfd + i, i) < 0)
- return (-1);
- }
-
- /*
- * Close the descriptors that we moved, as well as any others that
- * were left open by the caller.
- */
- if (closefrom(fd_count) < 0)
- return (-1);
-
- return (0);
-}
-
-static void
-lch_sandbox(int fd_sock, int fd_sandbox, int fd_ldso, int fd_libc,
- int fd_libz, int fd_libcapabilitym, int fd_devnull, u_int flags,
- const char *binname, char *const argv[])
-{
- char *env_caplibindex, *env_libcapability_sandbox_api;
- int fd_array[10];
-
- if (lc_limitfd(fd_devnull, LIBCAPABILITY_CAPMASK_DEVNULL) < 0)
- return;
- if (lc_limitfd(fd_sandbox, LIBCAPABILITY_CAPMASK_SANDBOX) < 0)
- return;
- if (lc_limitfd(fd_sock, LIBCAPABILITY_CAPMASK_SOCK) < 0)
- return;
- if (lc_limitfd(fd_ldso, LIBCAPABILITY_CAPMASK_LDSO) < 0)
- return;
- if (lc_limitfd(fd_libc, LIBCAPABILITY_CAPMASK_LIBC) < 0)
- return;
- if (lc_limitfd(fd_libz, LIBCAPABILITY_CAPMASK_LIBZ) < 0)
- return;
- if (lc_limitfd(fd_libcapabilitym,
- LIBCAPABILITY_CAPMASK_LIBCAPABILITYM) < 0)
- return;
-
- fd_array[0] = fd_devnull;
- fd_array[1] = fd_devnull;
- if (flags & LCH_PERMIT_STDERR) {
- if (lc_limitfd(STDERR_FILENO, CAP_SEEK | CAP_WRITE) < 0)
- return;
- fd_array[2] = STDERR_FILENO;
- } else
- fd_array[2] = fd_devnull;
- fd_array[3] = fd_sandbox;
- fd_array[4] = fd_sock;
- fd_array[5] = fd_ldso;
- fd_array[6] = fd_libc;
- fd_array[7] = fd_libz;
- fd_array[8] = fd_libcapabilitym;
- fd_array[9] = fd_devnull;
-
- if (lch_installfds(10, fd_array) < 0)
- return;
-
- /*
- * Pass library list into rtld-elf-cap.
- */
- if (asprintf(&env_caplibindex, "%d:%s,%d:%s,%d:%s,%d:%s,%d:%s,%d:%s",
- 3, binname, 5, LD_ELF_CAP_SO, 6, LIBC_SO, 7, LIBZ_SO, 8,
- LIBCAPABILITYM_SO, 9, _PATH_DEVNULL) == -1)
- return;
- if (setenv("LD_CAPLIBINDEX", env_caplibindex, 1) == -1)
- return;
- free(env_caplibindex);
-
- /*
- * Make sure that libcapability in the sandbox knows that its API
- * assumptions hold.
- */
- if (asprintf(&env_libcapability_sandbox_api, "%s:%d",
- LIBCAPABILITY_SANDBOX_API_SOCK, 4) == -1)
- return;
- if (setenv(LIBCAPABILITY_SANDBOX_API_ENV,
- env_libcapability_sandbox_api, 1) == -1)
- return;
- free(env_libcapability_sandbox_api);
-
- if (cap_enter() < 0)
- return;
-
- (void)fexecve(5, argv, environ);
-}
-
-int
-lch_startfd_flags(int fd_sandbox, const char *binname, char *const argv[],
- u_int flags, struct lc_sandbox **lcspp)
-{
- struct lc_sandbox *lcsp;
- int fd_devnull, fd_ldso, fd_libc, fd_libcapabilitym, fd_libz;
- int fd_procdesc, fd_sockpair[2];
- int error, val;
- pid_t pid;
-
- fd_devnull = fd_ldso = fd_libc = fd_libz = fd_libcapabilitym =
- fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1;
-
- lcsp = malloc(sizeof(*lcsp));
- if (lcsp == NULL)
- return (-1);
- bzero(lcsp, sizeof(*lcsp));
-
-#ifdef IN_CAP_MODE
- if (ld_caplibindex_lookup(LD_ELF_CAP_SO, &fd_ldso) < 0)
- goto out_error;
- if (ld_caplibindex_lookup(LIBC_SO, &fd_libc) < 0)
- goto out_error;
- if (ld_caplibindex_lookup(LIBZ_SO, &fd_libz) < 0)
- goto out_error;
- if (ld_caplibindex_lookup(LIBCAPABILITYM_SO, &fd_libcapabilitym) < 0)
- goto out_error;
- if (ld_caplibindex_lookup(_PATH_DEVNULL, &fd_devnull) < 0)
- goto out_error;
-#else
- fd_ldso = open(PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO, O_RDONLY);
- if (fd_ldso < 0)
- goto out_error;
-
- fd_libc = open(_PATH_LIB "/" LIBC_SO, O_RDONLY);
- if (fd_libc < 0)
- goto out_error;
-
- fd_libz = open(_PATH_LIB "/" LIBZ_SO, O_RDONLY);
- if (fd_libz < 0)
- goto out_error;
-
- fd_libcapabilitym = open(_PATH_USR_LIB "/" LIBCAPABILITYM_SO,
- O_RDONLY);
- if (fd_libcapabilitym < 0)
- goto out_error;
-
- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
- if (fd_devnull < 0)
- goto out_error;
-#endif
-
- if (socketpair(PF_LOCAL, SOCK_STREAM, 0, fd_sockpair) < 0)
- goto out_error;
-
- val = 1;
- if (setsockopt(fd_sockpair[0], SOL_SOCKET, SO_NOSIGPIPE, &val,
- sizeof(val)) < 0) {
- fd_sockpair[0] = fd_sockpair[1] = -1;
- goto out_error;
- }
-
- pid = pdfork(&fd_procdesc);
- if (pid < 0) {
- fd_procdesc = -1;
- goto out_error;
- }
- if (pid == 0) {
- lch_sandbox(fd_sockpair[1], fd_sandbox, fd_ldso, fd_libc,
- fd_libz, fd_libcapabilitym, fd_devnull, flags, binname,
- argv);
- exit(-1);
- }
-#ifndef IN_CAP_MODE
- close(fd_devnull);
- close(fd_libcapabilitym);
- close(fd_libz);
- close(fd_libc);
- close(fd_ldso);
-#endif
- close(fd_sockpair[1]);
-
- lcsp->lcs_fd_procdesc = fd_procdesc;
- lcsp->lcs_fd_sock = fd_sockpair[0];
- lcsp->lcs_pid = pid;
- *lcspp = lcsp;
-
- return (0);
-
-out_error:
- error = errno;
- if (fd_sockpair[0] != -1)
- close(fd_sockpair[0]);
- if (fd_sockpair[1] != -1)
- close(fd_sockpair[1]);
-#ifndef IN_CAP_MODE
- if (fd_devnull != -1)
- close(fd_devnull);
- if (fd_libcapabilitym != -1)
- close(fd_libcapabilitym);
- if (fd_libz != -1)
- close(fd_libz);
- if (fd_libc != -1)
- close(fd_libc);
- if (fd_ldso != -1)
- close(fd_ldso);
-#endif
- if (lcsp != NULL)
- free(lcsp);
- errno = error;
- return (-1);
-}
-
-int
-lch_startfd(int fd_sandbox, const char *binname, char *const argv[],
- struct lc_sandbox **lcspp)
-{
-
- return (lch_startfd_flags(fd_sandbox, binname, argv, 0, lcspp));
-}
-
-#ifndef IN_CAP_MODE
-int
-lch_start_flags(const char *sandbox, char *const argv[], u_int flags,
- struct lc_sandbox **lcspp)
-{
- char binname[MAXPATHLEN];
- int error, fd_sandbox, ret;
-
- if (basename_r(sandbox, binname) == NULL)
- return (-1);
-
- fd_sandbox = open(sandbox, O_RDONLY);
- if (fd_sandbox < 0)
- return (-1);
-
- ret = lch_startfd_flags(fd_sandbox, binname, argv, flags, lcspp);
- error = errno;
- close(fd_sandbox);
- errno = error;
- return (ret);
-}
-
-int
-lch_start(const char *sandbox, char *const argv[], struct lc_sandbox **lcspp)
-{
-
- return (lch_start_flags(sandbox, argv, 0, lcspp));
-}
-#endif
-
-void
-lch_stop(struct lc_sandbox *lcsp)
-{
-
- close(lcsp->lcs_fd_sock);
- close(lcsp->lcs_fd_procdesc);
- lcsp->lcs_fd_sock = -1;
- lcsp->lcs_fd_procdesc = -1;
- lcsp->lcs_pid = -1;
-}
-
-int
-lch_getsock(struct lc_sandbox *lcsp, int *fdp)
-{
-
- *fdp = lcsp->lcs_fd_sock;
- return (0);
-}
-
-int
-lch_getpid(struct lc_sandbox *lcsp, pid_t *pidp)
-{
-
- *pidp = lcsp->lcs_pid;
- return (0);
-}
-
-int
-lch_getprocdesc(struct lc_sandbox *lcsp, int *fdp)
-{
-
- *fdp = lcsp->lcs_fd_procdesc;
- return (0);
-}
-
/*
* Simple I/O wrappers for capability sockets. Possibly more keeping an eye
* on the worker should take place here.
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_internal.h#2 (text+ko) ====
@@ -30,12 +30,22 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_internal.h#1 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_internal.h#2 $
*/
#ifndef _LIBCAPABILITY_INTERNAL_H_
#define _LIBCAPABILITY_INTERNAL_H_
+struct lc_host {
+ int lch_fd_sock;
+};
+
+struct lc_sandbox {
+ int lcs_fd_sock;
+ int lcs_fd_procdesc;
+ pid_t lcs_pid;
+};
+
struct msghdr;
int _lc_receive_rights(struct msghdr *msg, int *fdp, int *fdcountp);
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox.c#7 (text+ko) ====
@@ -48,10 +48,6 @@
#include "libcapability_internal.h"
#include "libcapability_sandbox_api.h"
-struct lc_host {
- int lch_fd_sock;
-};
-
static int lch_initialized;
static struct lc_host lch_global;
@@ -110,148 +106,3 @@
*fdp = lchp->lch_fd_sock;
return (0);
}
-
-ssize_t
-lcs_recv(struct lc_host *lchp, void *buf, size_t len, int flags)
-{
-
- return (_lc_recv(lchp->lch_fd_sock, buf, len, flags));
-}
-
-ssize_t
-lcs_recv_rights(struct lc_host *lchp, void *buf, size_t len, int flags,
- int *fdp, int *fdcountp)
-{
-
- return (_lc_recv_rights(lchp->lch_fd_sock, buf, len, flags, fdp,
- fdcountp));
-}
-
-ssize_t
-lcs_send(struct lc_host *lchp, const void *msg, size_t len, int flags)
-{
-
- return (_lc_send(lchp->lch_fd_sock, msg, len, flags));
-}
-
-ssize_t
-lcs_send_rights(struct lc_host *lchp, const void *msg, size_t len,
- int flags, int *fdp, int fdcount)
-{
-
- return (_lc_send_rights(lchp->lch_fd_sock, msg, len, flags, fdp,
- fdcount));
-}
-
-/*
- * libcapability RPC facility (lcrpc) sandbox routines. Since arguments are
- * variable size, space is allocated by the RPC code rather than the caller,
- * who is expected to free it with free(3) if desired.
- */
-int
-lcs_recvrpc(struct lc_host *lchp, u_int32_t *opnop, u_int32_t *seqnop,
- u_char **bufferp, size_t *lenp)
-{
- struct lcrpc_request_hdr req_hdr;
- size_t totlen;
- ssize_t len;
- u_char *buffer;
- int error;
-
- len = lcs_recv(lchp, &req_hdr, sizeof(req_hdr), MSG_WAITALL);
- if (len < 0)
- return (-1);
- if (len == 0) {
- errno = EPIPE;
- return (-1);
- }
- if (len != sizeof(req_hdr)) {
- errno = EBADMSG;
- return (-1);
- }
-
- if (req_hdr.lcrpc_reqhdr_magic != LCRPC_REQUEST_HDR_MAGIC) {
- errno = EBADMSG;
- return (-1);
- }
-
- /*
- * XXXRW: Should we check that the receive data fits in the address
- * space of the sandbox?
- *
- * XXXRW: If malloc() fails, we should drain the right amount of data
- * from the socket so that the next RPC will succeed. Possibly we
- * should also reply with an error from this layer to the sender?
- * What about if there are other socket errors, such as EINTR?
- */
- buffer = malloc(req_hdr.lcrpc_reqhdr_datalen);
- if (buffer == NULL)
- return (-1);
-
- /*
- * XXXRW: Likewise, how to handle failure at this stage?
- */
- totlen = 0;
- while (totlen < req_hdr.lcrpc_reqhdr_datalen) {
- len = lcs_recv(lchp, buffer + totlen,
- req_hdr.lcrpc_reqhdr_datalen - totlen, MSG_WAITALL);
- if (len < 0) {
- error = errno;
- free(buffer);
- return (-1);
- }
- if (len == 0) {
- errno = EPIPE;
- free(buffer);
- return (-1);
- }
- totlen += len;
- }
- *bufferp = buffer;
- *lenp = totlen;
- *opnop = req_hdr.lcrpc_reqhdr_opno;
- *seqnop = req_hdr.lcrpc_reqhdr_seqno;
- return (0);
-}
-
-int
-lcs_sendrpc(struct lc_host *lchp, u_int32_t opno, u_int32_t seqno,
- struct iovec *rep, int repcount)
-{
- struct lcrpc_reply_hdr rep_hdr;
- ssize_t len;
- int i;
-
- bzero(&rep_hdr, sizeof(rep_hdr));
- rep_hdr.lcrpc_rephdr_magic = LCRPC_REPLY_HDR_MAGIC;
- rep_hdr.lcrpc_rephdr_seqno = seqno;
- rep_hdr.lcrpc_rephdr_opno = opno;
- rep_hdr.lcrpc_rephdr_datalen = 0;
- for (i = 0; i < repcount; i++)
- rep_hdr.lcrpc_rephdr_datalen += rep[i].iov_len;
-
- /*
- * Send our header.
- */
- len = lcs_send(lchp, &rep_hdr, sizeof(rep_hdr), 0);
- if (len < 0)
- return (-1);
- if (len != sizeof(rep_hdr)) {
- errno = EPIPE;
- return (-1);
- }
-
- /*
- * Send user data.
- */
- for (i = 0; i < repcount; i++) {
- len = lcs_send(lchp, rep[i].iov_base, rep[i].iov_len, 0);
- if (len < 0)
- return (-1);
- if ((size_t)len != rep[i].iov_len) {
- errno = EPIPE;
- return (-1);
- }
- }
- return (0);
-}
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_io.c#2 (text+ko) ====
@@ -48,69 +48,6 @@
#include "libcapability_internal.h"
#include "libcapability_sandbox_api.h"
-struct lc_host {
- int lch_fd_sock;
-};
-
-static int lch_initialized;
-static struct lc_host lch_global;
-
-int
-lcs_get(struct lc_host **lchpp)
-{
- char *endp, *env, *env_dup, *env_dup_free, *name, *token, *value;
- int error, fd_sock;
- long long ll;
-
- if (lch_initialized) {
- *lchpp = &lch_global;
- return (0);
- }
-
- env = getenv(LIBCAPABILITY_SANDBOX_API_ENV);
- if (env == NULL) {
- errno = EINVAL; /* XXXRW: Better errno? */
- return (-1);
- }
-
- env_dup = env_dup_free = strdup(env);
- if (env_dup == NULL)
- return (-1);
-
- fd_sock = -1;
- while ((token = strsep(&env_dup, ",")) != NULL) {
- name = strsep(&token, ":");
- if (name == NULL)
- continue;
- value = token;
- if (strcmp(name, LIBCAPABILITY_SANDBOX_API_SOCK) == 0) {
- ll = strtoll(value, &endp, 10);
- if (*endp != '\0' || ll < 0 || ll > INT_MAX)
- continue;
- fd_sock = ll;
- }
- }
- if (fd_sock == -1) {
- error = errno;
- free(env_dup_free);
- errno = error;
- return (-1);
- }
- lch_global.lch_fd_sock = fd_sock;
- lch_initialized = 1;
- *lchpp = &lch_global;
- free(env_dup_free);
- return (0);
-}
-
-int
-lcs_getsock(struct lc_host *lchp, int *fdp)
-{
-
- *fdp = lchp->lch_fd_sock;
- return (0);
-}
-
ssize_t
lcs_recv(struct lc_host *lchp, void *buf, size_t len, int flags)
{
More information about the p4-projects
mailing list