PERFORCE change 164665 for review

Thu Jun 18 13:28:01 UTC 2009

http://perforce.freebsd.org/chv.cgi?CH=164665

Change 164665 by jona at jona-trustedbsd-kentvm on 2009/06/18 13:27:43

	A nice little (non-Qt) demo: demonstrate that the sandbox works, ask the user_angel to open files, pop up a powerbox and show that, even though the file was opened with O_RDWR, the capabilities system prevents write() operations

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#12 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.c#8 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#9 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#12 (text+ko) ====

@@ -457,7 +457,8 @@
 	int bytes_sent = sendmsg(sock, &header, 0);
 	if(bytes_sent < 0)
 	{
-		perror("Error sending data and file descriptor(s)");
+		sprintf(errmsg, "Error sending data and file descriptors: %i (%s)",
+                                 errno, strerror(errno));
 		free(anc_hdr);
 		return -1;
 	}
@@ -488,7 +489,8 @@
 	}
 	else if(bytes < 0)
 	{
-		perror("Error peeking at socket");
+		sprintf(errmsg, "Error peeking at socket: %i (%s)",
+		                 errno, strerror(errno));
 		return NULL;
 	}
 

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.c#8 (text+ko) ====

@@ -243,7 +243,7 @@
 
 	if(!d)
 	{
-		if((errno == ENOENT) || (errno == ECONNRESET))
+		if((errno == ENOENT) || (errno == ECONNRESET) || (errno == EAGAIN))
 			close_client(client, errno, "Client socket closed");
 
 		else perror("Error receiving from client");
@@ -360,7 +360,8 @@
 
 	if(cap_send_fd(client, d, &cap, 1) < 0)
 	{
-		perror("Error sending FD");
+		sprintf(current_error, "Error sending FD: %i (%s)",
+		                        errno, strerror(errno));
 		return -1;
 	}
 	close(cap);
@@ -433,8 +434,14 @@
 
 void close_client(int client, int errnum, const char *reason)
 {
-	printf("Client %4i: Closing (errno: %i/'%s', reason: '%s')\n",
-	       client, errnum, strerror(errnum), reason);
+	printf("Client %4i: Closing", client);
+
+	if((errnum == ECONNRESET) || (errnum == EAGAIN))
+		printf(" (client connection closed)");
+	else
+       		printf(" (errno: %i/'%s', reason: '%s')",
+		        errnum, strerror(errnum), reason);
+	printf("\n");
 
 	cap_send(client, cap_marshall_error(errnum, reason, strlen(reason)));
 

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#9 (text+ko) ====

@@ -63,7 +63,7 @@
 
 	open_file(fd_angel, "/etc/group", O_RDONLY, CAP_FSTAT | CAP_READ | CAP_SEEK);
 	open_file(fd_angel, "/etc/passwd", O_RDONLY, CAP_FSTAT | CAP_READ | CAP_WRITE | CAP_SEEK);
-	open_powerbox(fd_angel, "~/Desktop/", "*.gz", 0x2a00003);
+	open_powerbox(fd_angel, "~/Desktop/", "*.txt", 0x2a00003);
 
 	return 0;
 }
@@ -121,7 +121,8 @@
 	int fdcount;
 	if(cap_unmarshall_int(fdcountd, &fdcount) < 0)
 	{
-		fprintf(stderr, "Error unmarshalling FD count: %s\n", cap_protocol_error());
+		fprintf(stderr, "Error unmarshalling FD count: %s\n",
+		                 cap_protocol_error());
 		return;
 	}
 
@@ -144,6 +145,7 @@
 		}
 
 		test_fd(fd, name);
+		close(fd);
 	}
 }
 
@@ -161,7 +163,7 @@
 	options.filter = filter;
 	options.filterlen = strlen(filter);
 	options.flags = O_RDWR;
-	options.rights = CAP_FSTAT | CAP_READ | CAP_WRITE | CAP_SEEK;
+	options.rights = CAP_FSTAT | CAP_READ | CAP_SEEK;
 
 
 	struct cap_wire_datum *data[2];
@@ -183,7 +185,11 @@
 
 	int fdcount;
 	if(cap_unmarshall_int(fdcountd, &fdcount) < 0)
-		err(EX_SOFTWARE, "Error unmarshalling FD count");
+	{
+		fprintf(stderr, "Error unmarshalling FD count: %s\n",
+		                 cap_protocol_error());
+		return;
+	}
 
 	for(int i = 0; i < fdcount; i++)
 	{
@@ -204,6 +210,11 @@
 		}
 
 		test_fd(fd, name);
+
+		if(write(fd, "OVERWRITING", 12) < 0)
+			perror("Error overwriting file");
+
+		close(fd);
 	}
 }
 
@@ -214,17 +225,10 @@
 
 	FILE *rf = fdopen(fd, "r");
 	if(!rf) err(EX_IOERR, "Error opening %s", name);
-	printf("Opened %s for reading\n", name);
-	fclose(rf);
+	else printf("Opened %s for reading\n", name);
 
-	FILE *wf = fdopen(fd, "w");
-	if(wf)
-	{
-		printf("Opened %s for writing\n", name);
-		fclose(wf);
-	}
+	FILE *wf = fdopen(fd, "a");
+	if(wf) printf("Opened %s for writing\n", name);
 	else printf("Couldn't open %s for writing\n", name);
-
-	close(fd);
 }
 
