PERFORCE change 165133 for review
Jonathan Anderson
jona at FreeBSD.org
Thu Jun 25 07:21:59 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=165133
Change 165133 by jona at jona-trustedbsd-belle-vmware on 2009/06/25 07:21:41
Added ua_find() to libuserangel
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.h#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/Makefile#8 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#11 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.c#2 (text+ko) ====
@@ -33,6 +33,7 @@
#include <sys/capability.h>
#include <sys/socket.h>
+#include <sys/un.h>
#include <libcapability.h>
@@ -55,6 +56,43 @@
const char* ua_protocol_error(void) { return errmsg; }
+int ua_find(void)
+{
+ char *homedir = getenv("HOME");
+
+ if(strlen(homedir) > 200)
+ {
+ sprintf(errmsg, "Obscenely long $HOME variable (%i chars)",
+ strlen(homedir));
+ return -1;
+ }
+
+ char control_socket_name[256] = "";
+
+ sprintf(control_socket_name, "%s/.user-angel", homedir);
+
+ struct sockaddr_un addr;
+ addr.sun_family = AF_UNIX;
+ strcpy(addr.sun_path, control_socket_name);
+
+ int angel = socket(AF_UNIX, SOCK_STREAM, 0);
+ if(connect(angel, (struct sockaddr*) &addr, sizeof(addr)))
+ {
+ sprintf(errmsg, "Error connecting to angel at '%s'", addr.sun_path);
+ return -1;
+ }
+
+ if(lc_limitfd(angel, CAP_READ | CAP_WRITE) < 0)
+ {
+ sprintf(errmsg, "Error creating user angel capability: %i (%s)",
+ errno, strerror(errno));
+ return -1;
+ }
+
+ return angel;
+}
+
+
int ua_send(int sock, datum *d, int32_t fds[], int32_t fdlen)
{
==== //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.h#2 (text+ko) ====
@@ -37,9 +37,16 @@
#include <libuserangel-powerbox.h>
+/* High-level API */
+
/** The last angel/sandbox protocol error */
const char* ua_protocol_error(void);
+/** Find the user angel (at $HOME/.user-angel or the like) */
+int ua_find(void);
+
+
+/* Low-level API */
/** Requests that clients can make */
enum ua_request_t { UA_NO_OP = 0, UA_OPEN_PATH, UA_LOAD_LIBRARY, UA_POWERBOX };
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/Makefile#8 (text+ko) ====
@@ -7,7 +7,7 @@
CFLAGS=--std=c99 ${DEBUG} ${WARNINGS} ${INCLUDE} -DVERSION='"${VERSION}"'
CXXFLAGS=${DEBUG} -Wall ${QDBUS_INCLUDE} -DVERSION='"${VERSION}"'
-LIBS=-luserangel
+LIBS=-lcapability -luserangel -lsbuf
BIN=user_angel test_client
AGENT_OBJ = user_angel.o server.o cap.o powerbox.o dbus.o
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#11 (text+ko) ====
@@ -14,7 +14,6 @@
#include <unistd.h>
-int connect_to_user_angel(void);
void open_file(int fd_angel, const char *path, int flags, cap_rights_t rights);
void open_powerbox(int fd_angel, const char *path, const char *filter, int parent);
void test_fd(int fd, char *name);
@@ -22,11 +21,9 @@
int main(int argc, char *argv[])
{
- int fd_angel = connect_to_user_angel();
- printf("angel FD: %i\n", fd_angel);
-
- fd_angel = cap_new(fd_angel, CAP_CONNECT | CAP_READ | CAP_WRITE);
- printf("angel cap: %i\n", fd_angel);
+ int fd_angel = ua_find();
+ if(fd_angel < 0) err(EX_SOFTWARE, "Error finding user angel");
+ printf("Conntected to user angel via FD %i\n", fd_angel);
int proc;
pid_t pid = pdfork(&proc);
@@ -69,30 +66,6 @@
}
-int connect_to_user_angel(void)
-{
- char *homedir = getenv("HOME");
-
- if(strlen(homedir) >= 80)
- err(EX_DATAERR, "Obscenely long $HOME variable: %s", homedir);
-
- char control_socket_name[256] = "";
-
- sprintf(control_socket_name, "%s/.user-angel", homedir);
- printf("Connecting to control socket at '%s'...\n", control_socket_name);
-
- struct sockaddr_un addr;
- addr.sun_family = AF_UNIX;
- strcpy(addr.sun_path, control_socket_name);
-
- int fd_angel = socket(AF_UNIX, SOCK_STREAM, 0);
- if(connect(fd_angel, (struct sockaddr*) &addr, sizeof(addr)))
- err(EX_IOERR, "Error connecting to angel at '%s'", addr.sun_path);
-
- return fd_angel;
-}
-
-
void open_file(int fd_angel, const char *path, int flags, cap_rights_t rights)
{
More information about the p4-projects
mailing list