PERFORCE change 163981 for review
Jonathan Anderson
jona at FreeBSD.org
Wed Jun 10 12:15:16 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=163981
Change 163981 by jona at jona-trustedbsd-belle-vm on 2009/06/10 12:14:24
user_angel can now handle multiple requests from multiple clients
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/Makefile#4 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#8 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/main.c#3 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/make-main.sh#3 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/Makefile#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/cap.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/cap.h#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdcomm.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdcomm.h#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.h#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.h#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/user_angel.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/user_angel.h#2 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/Makefile#4 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#8 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/main.c#3 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/make-main.sh#3 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/Makefile#2 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/cap.c#2 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/cap.h#2 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdcomm.c#2 (text+ko) ====
@@ -119,7 +119,7 @@
}
else if(bytes == 0)
{
- perror("Received 0 bytes");
+ fprintf(stderr, "Socket closed\n");
return -1;
}
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdcomm.h#2 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#2 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.h#2 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.c#2 (text+ko) ====
@@ -38,6 +38,7 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
@@ -54,33 +55,69 @@
int shutting_down = 0;
char control_socket_name[256] = "";
+int *clients;
+int clientslen;
+int clientsmaxlen;
+
+
void user_angel_server_shutdown(void)
{
shutting_down = 1;
close(fd_control);
unlink(control_socket_name);
+
+ fd_control = 0;
}
int handle_request(int client, enum user_angel_request req);
+int bind_to_path(const char *path);
+void accept_client(int fd_server);
+void service_clients(void);
int run_server(const char* address)
{
+ clientslen = 0;
+ clients = (int*) malloc (128 * sizeof(int));
+ clientsmaxlen = 128;
+
strcpy(control_socket_name, address);
printf("Creating control socket at %s...\n", control_socket_name);
+ fd_control = bind_to_path(control_socket_name);
+ if(fd_control < 0)
+ {
+ perror("Error binding control socket");
+ return -1;
+ }
+
+
+ while(fd_control)
+ {
+ accept_client(fd_control);
+ service_clients();
+ }
+
+ user_angel_server_shutdown();
+
+ return 0;
+}
+
+
+int bind_to_path(const char *path)
+{
struct sockaddr_un addr;
addr.sun_family = AF_UNIX;
strcpy(addr.sun_path, control_socket_name);
- fd_control = socket(AF_UNIX, SOCK_STREAM, 0);
- if(fd_control == 0)
+ int fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if(fd == 0)
{
if(shutting_down) return 0;
@@ -89,7 +126,8 @@
return -1;
}
- if(bind(fd_control, (struct sockaddr*) &addr, sizeof(struct sockaddr_un)))
+
+ if(bind(fd, (struct sockaddr*) &addr, sizeof(struct sockaddr_un)))
{
if(shutting_down) return 0;
@@ -99,7 +137,7 @@
}
- if(listen(fd_control, 10))
+ if(listen(fd, 0))
{
if(shutting_down) return 0;
@@ -109,45 +147,84 @@
}
- for(int i = 0; i < 3; i++)
+ // non-blocking socket I/O
+ int flags = fcntl(fd, F_GETFL, 0);
+ if(flags < 0)
+ {
+ perror("Error getting flags for control socket");
+ return -1;
+ }
+
+ if(fcntl(fd, F_SETFL, flags | O_NONBLOCK))
+ {
+ perror("Error setting flags on control socket");
+ return -1;
+ }
+
+
+ return fd;
+}
+
+
+
+void accept_client(int fd_server)
+{
+ int client;
+ struct sockaddr_un clientaddr;
+ unsigned int clientaddrlen;
+
+ client = accept(fd_server, (struct sockaddr*) &clientaddr,
+ &clientaddrlen);
+
+ if(client < 0)
+ {
+ if(errno == EAGAIN) { usleep(1); return; }
+ if(shutting_down) return;
+
+ perror("Error accepting client");
+ return;
+ }
+
+ printf("Accepted client: FD %i\n", client);
+
+ clients[clientslen++] = client;
+
+ if(clientslen == clientsmaxlen)
{
- int client;
- struct sockaddr_un clientaddr;
- unsigned int clientaddrlen;
+ int newsize = 2 * clientsmaxlen;
+ int *newclients = (int*) malloc(newsize * sizeof(int));
- client = accept(fd_control, (struct sockaddr*) &clientaddr, &clientaddrlen);
- if(client <= 0)
- {
- if(shutting_down) return 0;
+ memcpy(newclients, clients, clientslen * sizeof(int));
+ free(clients);
+ clients = newclients;
+ clientslen = newsize;
+ }
+}
- perror("Error accepting client");
- user_angel_server_shutdown();
- return -1;
- }
- printf("Accepted client: FD %i\n", client);
+void service_clients(void)
+{
+ enum user_angel_request req;
- enum user_angel_request req;
+ for(int i = 0; i < clientslen; i++)
+ {
+ int client = clients[i];
int bytes = get_int_from(client, (int*) &req);
- if(bytes == 0) usleep(100);
- else if(bytes > 0)
+ if(bytes > 0)
{
if(handle_request(client, req))
perror("Error handling client request");
}
+ else if((bytes == 0) && (errno == EAGAIN)) continue;
else
{
- if(shutting_down) return 0;
+ if(shutting_down) return;
- perror("Error recv()'ing from control pipe");
+ perror("Error recv()'ing from client");
break;
}
}
-
- user_angel_server_shutdown();
-
- return 0;
}
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.h#2 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#2 (text+ko) ====
@@ -31,8 +31,8 @@
else if(pid == 0) return 0;
// enter capability mode
- if(cap_enter()) err(EX_SOFTWARE, "Failed to enter capability mode");
- else printf("Now operating in capability mode\n");
+// if(cap_enter()) err(EX_SOFTWARE, "Failed to enter capability mode");
+// else printf("Now operating in capability mode\n");
@@ -43,7 +43,7 @@
// make sure that we are, in fact, sandboxed
if(open(path, O_RDONLY) < 0) printf("Sandbox is working\n");
- else err(EX_SOFTWARE, "Was able to open %s directly", path);
+ else fprintf(stderr, "Was able to open %s directly\n", path);
// get the user angel to open the file for us
@@ -60,7 +60,29 @@
// retrieve the file descriptor
int fd = fd_recv(fd_control);
- printf("Got file descriptor %i\n", fd);
+ if(fd >= 0) printf("Got file descriptor %i\n", fd);
+ else { fprintf(stderr, "Error receiving descriptor\n"); return 1; }
+
+
+
+ path = "/etc/group";
+
+ // get the user angel to open the file for us
+ if(send(fd_control, &req, sizeof(int), 0) < 0)
+ err(EX_IOERR, "Error sending request type %i", req);
+
+ if(send(fd_control, &len, sizeof(int), 0) < 0)
+ err(EX_IOERR, "Error sending path length %i", len);
+
+ if(send(fd_control, path, len, 0) < 0)
+ err(EX_IOERR, "Error sending path '%s'", path);
+
+
+
+ // retrieve the file descriptor
+ fd = fd_recv(fd_control);
+ if(fd >= 0) printf("Got file descriptor %i\n", fd);
+ else { fprintf(stderr, "Error receiving descriptor\n"); return 1; }
char buf[40];
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/user_angel.c#2 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/user_angel.h#2 (text+ko) ====
More information about the p4-projects
mailing list