socsvn commit: r256906 - soc2013/dpl/head/lib/libzcap

Wed Sep 4 18:59:40 UTC 2013

Author: dpl
Date: Wed Sep  4 18:59:39 2013
New Revision: 256906
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=256906

Log:
  mini-update.
  

Modified:
  soc2013/dpl/head/lib/libzcap/capsicum.c
  soc2013/dpl/head/lib/libzcap/capsicum.h

Modified: soc2013/dpl/head/lib/libzcap/capsicum.c
==============================================================================

--- soc2013/dpl/head/lib/libzcap/capsicum.c	Wed Sep  4 18:28:03 2013	(r256905)
+++ soc2013/dpl/head/lib/libzcap/capsicum.c	Wed Sep  4 18:59:39 2013	(r256906)
@@ -13,76 +13,20 @@
 #include <stdio.h>
 #include <err.h>
 
-external struct sandbox;
-external struct slisthead sandboxes;
+extern struct sandbox;
+extern struct slisthead sandboxes;
 
-int startChild(void);
+struct sandbox * startSandbox(void *data);
+int stopSandbox(struct sandbox *sandbox);
+void startNullSandbox(void);
+struct sandbox * findSandbox(void *ptr);
+struct sandbox *startChild(void *data);
 void killChild(void);
 void suicide(int signal);
-nvlist_t * sendCommand(nvlist_t *nvl);
+nvlist_t * sendCommand(nvlist_t *nvl, int socket);
 
 bool slist_initiated = 0;
 
-nvlist_t *
-sendCommand(nvlist_t *nvl, int socket)
-{
-	nvlist_t *new;
-	if( nvlist_send(socket, nvl) != 0 ) 
-		err(1, "zcaplib: nvlist_send() Went wrong");
-	if ((new = nvlist_recv(socket)) == NULL) 
-		err(1, "nvlist_recv(): nvlist_t is NULL");
-	return (new);
-}
-
-void killChild(void) {
-	kill(pid, SIGKILL);
-}
-void suicide(int signal) {
-	kill(getpid(), SIGKILL);
-}
-
-void
-startChild(void *data)
-{
-	int procd, sv[2];
-	struct sandbox *newsandbox;
-
-	if ((newsandbox = malloc(sizeof (struct sandbox)) == NULL)
-		err(1, "Couldn't allocate memory for sandboxes");
-
-	sv[0] = sv[1] = 0;
-	if (socketpair(PF_LOCAL, SOCK_STREAM, 0, sv) < 0 )
-		perror("zcaplib: socketpair()");
-
-	procd = pdfork();
-	if (pid == 0 ){
-		if (cap_rights_limit(STDIN_FILENO, CAP_READ) < 0)
-			err(1, "Couldn't limit rights");
-		if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE|CAP_FSTAT) < 0)
-			err(1, "Couldn't limit rights");
-		if  (cap_rights_limit(STDERR_FILENO, CAP_WRITE) < 0)
-			err(1, "Couldn't limit rights");
-		dup2(sv[0], 3);
-		if (cap_rights_limit(3, CAP_WRITE|CAP_READ|CAP_POLL_EVENT) < 0)
-			err(1, "Couldn't limit rights");
-		closefrom(4);
-
-		/* execl() zlibworker */
-		if ( execl("/usr/libexec/zlibworker", "zlibworker", NULL) < 0) {
-			err(1, "Couldn't find zlibworker.");
-		}
-		exit(0);
-	} else if (pid == -1) {
-		err(1, "Couldn't fork");
-	} else {
-		close(sv[1]);
-		signal(SIGCHLD, suicide);
-		atexit(killChild);
-		sandbox->dataptr = data;
-		sandbox->pd = procd;
-		sandbox->socket = sv[0];
-	}
-}
 
 /*
  * This function should be called only by:
@@ -104,22 +48,6 @@
 	return (newsandbox);
 }
 
-void
-startNullSandbox(void)
-{
-	if (!slist_initiated) {
-		SLIST_INIT(&sandboxes);
-
-		/* Here we add a sandbox used for non-structure related stuff */
-		/* This will be the first sandbox always */
-		if (SLIST_EMPTY(&sandboxes)) {
-			newsandbox = startChild(newsandbox, NULL);
-			SLIST_INSERT_HEAD(&sandboxes, newsandbox, entries);
-		}
-	}
-	slist_initiated = 1;
-}
-
 /*
  * Kills the sandbox, and deletes the associated 
  * struct sandbox. Should be called by: gzclose,
@@ -140,19 +68,33 @@
 	free(sandbox);
 }
 
+/* Starts the default sandbox. */
+void
+startNullSandbox(void)
+{
+	if (!slist_initiated) {
+		sandboxes = SLIST_HEAD_INITIALIZER(head);
+		SLIST_INIT(&sandboxes);
+		/* Here we add a sandbox used for non-structure related stuff */
+		/* This will be the first sandbox always */
+		if (SLIST_EMPTY(&sandboxes)) {
+			newsandbox = startChild(newsandbox, NULL);
+			SLIST_INSERT_HEAD(&sandboxes, newsandbox, entries);
+		}
+	}
+	slist_initiated = 1;
+}
+
 /*
  * Finds the struct sandbox for
  * a pointer to the data structure
  * the sandbox is related to.
- * Returns NULL if not found.
  */
 struct sandbox *
-findsandbox(void *ptr)
+findSandbox(void *ptr)
 {
 	struct sandbox *sandbox;
 
-	sandbox = NULL;
-
 	if (ptr == NULL)
 		return (SLIST_FIRST(&sandboxes));
 
@@ -162,4 +104,65 @@
 
 	/* Not found */
 	return (NULL);
-}
\ No newline at end of file
+}
+
+struct sandbox *
+startChild(void *data)
+{
+	int procd, sv[2];
+	struct sandbox *newsandbox;
+
+	if ((newsandbox = malloc(sizeof (struct sandbox)) == NULL)
+		err(1, "Couldn't allocate memory for sandboxes");
+
+	sv[0] = sv[1] = 0;
+	if (socketpair(PF_LOCAL, SOCK_STREAM, 0, sv) < 0 )
+		perror("zcaplib: socketpair()");
+
+	procd = pdfork();
+	if (pid == 0 ){
+		if (cap_rights_limit(STDIN_FILENO, CAP_READ) < 0)
+			err(1, "Couldn't limit rights");
+		if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE|CAP_FSTAT) < 0)
+			err(1, "Couldn't limit rights");
+		if  (cap_rights_limit(STDERR_FILENO, CAP_WRITE) < 0)
+			err(1, "Couldn't limit rights");
+		dup2(sv[0], 3);
+		if (cap_rights_limit(3, CAP_WRITE|CAP_READ|CAP_POLL_EVENT) < 0)
+			err(1, "Couldn't limit rights");
+		closefrom(4);
+
+		/* execl() zlibworker */
+		if ( execl("/usr/libexec/zlibworker", "zlibworker", NULL) < 0) {
+			err(1, "Couldn't find zlibworker.");
+		}
+		exit(0);
+	} else if (pid == -1) {
+		err(1, "Couldn't fork");
+	} else {
+		close(sv[1]);
+		signal(SIGCHLD, suicide);
+		atexit(killChild);
+		sandbox->dataptr = data;
+		sandbox->pd = procd;
+		sandbox->socket = sv[0];
+	}
+}
+
+void killChild(void) {
+	kill(pid, SIGKILL);
+}
+void suicide(int signal) {
+	kill(getpid(), SIGKILL);
+}
+
+nvlist_t *
+sendCommand(nvlist_t *nvl, int socket)
+{
+	nvlist_t *new;
+	if( nvlist_send(socket, nvl) != 0 ) 
+		err(1, "zcaplib: nvlist_send() Went wrong");
+	if ((new = nvlist_recv(socket)) == NULL) 
+		err(1, "nvlist_recv(): nvlist_t is NULL");
+	return (new);
+}

Modified: soc2013/dpl/head/lib/libzcap/capsicum.h
==============================================================================
--- soc2013/dpl/head/lib/libzcap/capsicum.h	Wed Sep  4 18:28:03 2013	(r256905)
+++ soc2013/dpl/head/lib/libzcap/capsicum.h	Wed Sep  4 18:59:39 2013	(r256906)
@@ -18,16 +18,18 @@
 
 #define MAXLEN (5*1024)
 
-extern int pid;
-extern int sv[2];
-extern struct sandbox * sandboxes;
-
-extern int startChild(void);
-extern void killChild(void);
-extern nvlist_t * sendCommand(nvlist_t *nvl);
+struct sandbox * startSandbox(void *data);
+int stopSandbox(struct sandbox *sandbox);
+void startNullSandbox(void);
+struct sandbox * findSandbox(void *ptr);
+struct sandbox *startChild(void *data);
+void killChild(void);
+void suicide(int signal);
+nvlist_t * sendCommand(nvlist_t *nvl, int socket);
 
 /* head of singly-linked list. */
-SLIST_HEAD(slisthead, sandbox) sandboxes = SLIST_HEAD_INITIALIZER(head);
+struct slisthead sandboxes;
+SLIST_HEAD(slisthead, sandbox) sandboxes;
 
 /*
  * This structure holds a relation of structs of data structs,
@@ -38,4 +40,4 @@
 	int pd;				/* Process descriptor */
 	int socket;			/* Socket we have to pass the data through */
 	SLIST_ENTRY(entry)	entries;	/* Singly-linked list. */
-}
+};
