socsvn commit: r257236 - in soc2013/dpl/head/lib/libzcap: . test zlibworker
dpl at FreeBSD.org
dpl at FreeBSD.org
Thu Sep 12 14:41:21 UTC 2013
Author: dpl
Date: Thu Sep 12 14:41:20 2013
New Revision: 257236
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257236
Log:
Update.
Modified:
soc2013/dpl/head/lib/libzcap/capsicum.c
soc2013/dpl/head/lib/libzcap/commands.c
soc2013/dpl/head/lib/libzcap/commands.h
soc2013/dpl/head/lib/libzcap/deflate.c
soc2013/dpl/head/lib/libzcap/gzlib.c
soc2013/dpl/head/lib/libzcap/test/testlib.sh
soc2013/dpl/head/lib/libzcap/test/zcaplibtest.c
soc2013/dpl/head/lib/libzcap/zlibworker/commands.c
soc2013/dpl/head/lib/libzcap/zlibworker/commands.h
soc2013/dpl/head/lib/libzcap/zlibworker/zlibworker.c
Modified: soc2013/dpl/head/lib/libzcap/capsicum.c
==============================================================================
--- soc2013/dpl/head/lib/libzcap/capsicum.c Thu Sep 12 10:39:38 2013 (r257235)
+++ soc2013/dpl/head/lib/libzcap/capsicum.c Thu Sep 12 14:41:20 2013 (r257236)
@@ -46,19 +46,6 @@
/* At "debug.h" */
extern int DEBUG_ZCAP;
-static void
-limitfd(int fd, unsigned long long cap)
-{
- cap_rights_t rights;
-
- cap_rights_init(&rights);
- cap_rights_set(&rights, cap);
-
- if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
- err(1, "Couldn't limit fd: %d\n", fd);
-}
-
-
/*
* This function should be called only by:
* gzopen(), deflateInit(), inflateInit(),
@@ -101,13 +88,11 @@
startNullSandbox(void)
{
struct sandbox *newsandbox;
- if (DEBUG_ZCAP)
- printf("DEBUG: Starting NULL sandbox\n");
if (!slist_initiated) {
SLIST_INIT(&sandboxes);
- /* Here we add a sandbox used for non-structure related stuff */
+ /* Here we add a sandbox used for not structure-related stuff */
/* This will be the first sandbox always */
if (SLIST_EMPTY(&sandboxes)) {
newsandbox = startChild(NULL);
@@ -118,9 +103,8 @@
}
/*
- * Finds the struct sandbox for
- * a pointer to the data structure
- * the sandbox is related to.
+ * Finds the struct sandbox for a pointer to the
+ * data structure the sandbox is related to.
*/
struct sandbox *
findSandbox(void *ptr)
@@ -141,7 +125,7 @@
struct sandbox *
startChild(void *data)
{
- int procd, sv[2];
+ int procd, pid, sv[2];
struct sandbox *newsandbox;
if ((newsandbox = malloc(sizeof (struct sandbox))) == NULL)
@@ -149,60 +133,61 @@
sv[0] = sv[1] = 0;
if (socketpair(PF_LOCAL, SOCK_STREAM, 0, sv) < 0 )
- perror("zcaplib: socketpair()");
- if (DEBUG_ZCAP)
- printf("DEBUG: Called socketpair(): sv[0]: %d, sv[1]: %d\n", sv[0], sv[1]);
+ err(1, "zcaplib: socketpair()");
- procd = pdfork(&procd, 0);
- if (procd == 0 ) {
- /* Sandbox the process */
- if (cap_enter() < 0)
- err(1, "Couldn't enter capability mode");
-
- if (DEBUG_ZCAP)
- printf("DEBUG: STDIN_FILENO: %d\n", STDIN_FILENO);
-
- limitfd(STDIN_FILENO, CAP_READ);
- limitfd(STDOUT_FILENO, CAP_WRITE|CAP_FSTAT);
- limitfd(STDERR_FILENO, CAP_WRITE);
+ pid = pdfork(&procd, 0);
+ if (pid == 0 ) {
+ cap_rights_t stdin_cap;
+ cap_rights_t stdout_cap;
+ cap_rights_t stderr_cap;
+ cap_rights_t socket_cap;
+
+ cap_rights_init(&stdin_cap, CAP_READ);
+ cap_rights_init(&stderr_cap, CAP_WRITE, CAP_FSTAT);
+ cap_rights_init(&stdout_cap, CAP_WRITE);
if (dup2(sv[0], 3) != 3)
err(1, "Couldn't duplicate fd");
closefrom(4);
- limitfd(3, CAP_WRITE|CAP_READ|CAP_POLL_EVENT);
+ cap_rights_init(&socket_cap, CAP_WRITE, CAP_READ, CAP_POLL_EVENT);
+
+ if (cap_rights_limit(STDIN_FILENO, &stdin_cap) < 0)
+ err(1, "Couldn't limit stdin");
+ if (cap_rights_limit(STDOUT_FILENO, &stdout_cap) < 0)
+ err(1, "Couldn't limit stdout");
+ if (cap_rights_limit(STDERR_FILENO, &stderr_cap) < 0)
+ err(1, "Couldn't limit stderr");
+ if (cap_rights_limit(3, &socket_cap) < 0)
+ err(1, "Couldn't limit sandbox socket");
/* execl() zlibworker */
if ( execl("/usr/libexec/zlibworker", "zlibworker", NULL) < 0)
err(1, "Couldn't find zlibworker.");
exit(0);
- } else if (procd == -1) {
+ } else if (pid == -1) {
err(1, "Couldn't fork");
} else {
- if ( DEBUG_ZCAP )
- printf("DEBUG: Done forking: %d\n", procd);
-
signal(SIGCHLD, suicide);
atexit(killChild);
newsandbox->dataptr = data;
newsandbox->pd = procd;
- newsandbox->socket = sv[0];
- if (DEBUG_ZCAP)
+ newsandbox->socket = sv[1];
+ if (DEBUG_ZCAP) {
printf("DEBUG: We have started a new sandbox.\n");
printf("\tpd: %d, socket: %d\n", newsandbox->pd, newsandbox->socket);
+ }
}
return (newsandbox);
}
void killChild(void) {
- int pid;
struct sandbox *box;
/* Kill all sandboxes. */
SLIST_FOREACH(box, &sandboxes, next)
- if (pdgetpid(box->pd, &pid) > 0)
- kill(SIGKILL, pid);
+ pdkill(box->pd, SIGKILL);
}
void suicide(int signal) {
kill(getpid(), SIGKILL);
@@ -216,11 +201,9 @@
struct sandbox *box;
box = findSandbox(ptr);
- if (DEBUG_ZCAP)
- printf("DEBUG: Sending command to %d sandbox\n", box->pd);
if( nvlist_send(box->socket, nvl) != 0 )
- err(1, "zcaplib: nvlist_send() Went wrong");
+ err(1, "zcaplib: nvlist_send Error");
if ((new = nvlist_recv(box->socket)) == NULL)
err(1, "nvlist_recv(): nvlist_t is NULL");
return (new);
Modified: soc2013/dpl/head/lib/libzcap/commands.c
==============================================================================
--- soc2013/dpl/head/lib/libzcap/commands.c Thu Sep 12 10:39:38 2013 (r257235)
+++ soc2013/dpl/head/lib/libzcap/commands.c Thu Sep 12 14:41:20 2013 (r257236)
@@ -6,6 +6,7 @@
#include "commands.h"
#include "capsicum.h"
+#include <stdlib.h>
#include <string.h>
#include <err.h>
#include <nv.h>
@@ -134,15 +135,14 @@
nvlist_add_nvlist(nvl, "args", args);
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
+ ret = nvlist_get_number(result, "result");
/*
* We get the "good" struct from the worker.
- * Here we have the good internal_state.
* When we work on the data now, we have to pass
* it in buffers, and sync next_in, avail_in, total_in,
* next_out, avail_out and total_out.
*/
- newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
const char *msg = dnvlist_get_string(result, "msg", NULL);
if (msg != NULL)
@@ -165,8 +165,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
/* Supposing there's already space reserved for z_stream */
memcpy(strm, newstrm, zstreamsize);
destroy();
@@ -187,8 +187,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, NULL);
if (newstrm != NULL)
memcpy(strm, newstrm, zstreamsize);
else
@@ -218,8 +218,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, NULL);
if (newstrm != NULL)
memcpy(strm, newstrm, zstreamsize);
msg = dnvlist_get_string(result, "msg", NULL);
@@ -242,8 +242,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
/* Supposing there's already space reserved for z_stream */
memcpy(strm, newstrm, zstreamsize);
destroy();
@@ -264,8 +264,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, NULL);
if (newstrm != NULL)
memcpy(strm, newstrm, zstreamsize);
destroy();
@@ -289,8 +289,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -311,8 +311,8 @@
/* The dest z_streamp is copied at its sandbox. */
result = sendCommand(nvl, dest);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(dest, newstrm, zstreamsize);
destroy();
return(ret);
@@ -331,9 +331,9 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
+ ret = nvlist_get_number(result, "result");
/* Save the reseted strm. */
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
const char *msg = dnvlist_get_string(result, "msg", NULL);
memcpy(strm->msg, msg, strlen(msg)+1);
@@ -356,9 +356,9 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
+ ret = nvlist_get_number(result, "result");
/* Overwrite the old streamp */
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -382,8 +382,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -403,8 +403,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -426,8 +426,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -448,8 +448,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -473,8 +473,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -494,8 +494,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -515,8 +515,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -535,8 +535,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -558,8 +558,8 @@
/* XXX - There's a problem with this, we can't copy internat_state */
result = sendCommand(nvl, dest);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(dest, newstrm, zstreamsize);
destroy();
return(ret);
@@ -578,8 +578,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
const char *msg = dnvlist_get_string(result, "msg", NULL);
memcpy(strm->msg, msg, strlen(msg)+1);
@@ -601,8 +601,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
const char *msg = dnvlist_get_string(result, "msg", NULL);
memcpy(strm->msg, msg, strlen(msg)+1);
@@ -625,8 +625,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -645,8 +645,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -667,10 +667,10 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
- gz_headerp newhead = (gz_headerp)dnvlist_get_binary(result, "newhead", gzheadersize, NULL, sizeof(NULL));
+ gz_headerp newhead = (gz_headerp)nvlist_get_binary(result, "newhead", gzheadersize);
head->done = newhead->done;
destroy();
return(ret);
@@ -692,8 +692,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
const char *msg = dnvlist_get_string(result, "msg", NULL);
memcpy(strm->msg, msg, strlen(msg)+1);
@@ -715,8 +715,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -735,8 +735,8 @@
result = sendCommand(nvl, strm);
- ret = dnvlist_get_number(result, "result", NULL);
- const z_stream *newstrm = dnvlist_get_binary(result, "newstrm", &zstreamsize, NULL, sizeof(NULL));
+ ret = nvlist_get_number(result, "result");
+ const z_stream *newstrm = nvlist_get_binary(result, "newstrm", &zstreamsize);
memcpy(strm, newstrm, zstreamsize);
destroy();
return(ret);
@@ -754,7 +754,7 @@
result = sendCommand(nvl, NULL);
- ret = dnvlist_get_number(result, "result", NULL);
+ ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -772,7 +772,7 @@
nvlist_add_nvlist(nvl, "args", args);
result = sendCommand(nvl, NULL);
- ret = dnvlist_get_number(result, "result", NULL);
+ ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -781,8 +781,8 @@
gzFile
zcapcmd_gzopen(int fd, const char *mode)
{
- gzFile *fileptr;
gzFile file;
+ const void *ptr;
initNvl();
startSandbox(file);
@@ -794,12 +794,11 @@
result = sendCommand(nvl, file);
- fileptr = (gzFile *)dnvlist_get_binary(result, "result", &gzfilesize, NULL, sizeof(NULL));
- file = *fileptr;
+ if ((file = malloc(gzfilesize)) == NULL)
+ err(1, "malloc");
+ memcpy(file, ptr, gzfilesize);
destroy();
- fprintf(stderr, "zcaplib: after zcapcmd_gzopen: fileptr: %p *fileprt: %p\n", fileptr, *fileptr);
- fprintf(stderr, "zcaplib: after zcapcmd_gzopen: file: %p\n", file);
- return((gzFile)file);
+ return(file);
}
int
@@ -815,7 +814,7 @@
result = sendCommand(nvl, file);
- int ret = dnvlist_get_number(result, "result", NULL);
+ int ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -834,7 +833,7 @@
result = sendCommand(nvl, file);
- int ret = dnvlist_get_number(result, "result", NULL);
+ int ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -853,8 +852,8 @@
result = sendCommand(nvl, file);
- int ret = dnvlist_get_number(result, "result", NULL);
- data = dnvlist_get_binary(result, "data", len, NULL, sizeof(NULL));
+ int ret = nvlist_get_number(result, "result");
+ data = nvlist_get_binary(result, "data", len);
memcpy(buf, data, (size_t)len);
destroy();
return(ret);
@@ -873,7 +872,7 @@
result = sendCommand(nvl, file);
- int ret = dnvlist_get_number(result, "result", NULL);
+ int ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -890,7 +889,7 @@
result = sendCommand(nvl, file);
- int ret = dnvlist_get_number(result, "result", NULL);
+ int ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -908,7 +907,7 @@
result = sendCommand(nvl, file);
- int ret = dnvlist_get_number(result, "result", NULL);
+ int ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -948,7 +947,7 @@
result = sendCommand(nvl, file);
- int ret = dnvlist_get_number(result, "result", NULL);
+ int ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -966,7 +965,7 @@
result = sendCommand(nvl, file);
- int ret = dnvlist_get_number(result, "result", NULL);
+ int ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -984,7 +983,7 @@
result = sendCommand(nvl, file);
- int ret = dnvlist_get_number(result, "result", NULL);
+ int ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -1003,7 +1002,7 @@
result = sendCommand(nvl, file);
- int ret = dnvlist_get_number(result, "result", NULL);
+ int ret = nvlist_get_number(result, "result");
destroy();
return ((z_off_t)ret);
}
@@ -1015,7 +1014,6 @@
int
zcapcmd_simplecommand(gzFile file, int command)
{
-
initNvl();
nvlist_add_number(nvl, "command", command);
@@ -1024,8 +1022,11 @@
nvlist_add_nvlist(nvl, "args", args);
result = sendCommand(nvl, file);
+ if (command == ZCAPCMD_GZCLOSE_W || command == ZCAPCMD_GZCLOSE_R)
+ /* file is not anymore needed */
+ free(file);
- int ret = dnvlist_get_number(result, "result", NULL);
+ int ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -1033,7 +1034,9 @@
const char *
zcapcmd_gzerror(gzFile file, int *errnum)
{
-
+ const char *ptr;
+ const char *ret;
+
initNvl();
nvlist_add_number(nvl, "command", ZCAPCMD_GZPUTC);
@@ -1042,9 +1045,11 @@
result = sendCommand(nvl, file);
- /* XXX: Should I malloc space for this? */
- const char * ret = dnvlist_get_string(result, "result", NULL);
- *errnum = dnvlist_get_number(result, "zerrno", NULL);
+ ptr = nvlist_get_string(result, "result");
+ *errnum = nvlist_get_number(result, "zerrno");
+
+ ret = malloc(sizeof(*ptr));
+ memcpy((void *)ret, (void *)ptr, sizeof(*ptr));
destroy();
return(ret);
}
@@ -1065,7 +1070,7 @@
result = sendCommand(nvl, NULL);
- ret = dnvlist_get_number(result, "result", NULL);
+ ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -1085,7 +1090,7 @@
result = sendCommand(nvl, NULL);
- ret = dnvlist_get_number(result, "result", NULL);
+ ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -1105,7 +1110,7 @@
result = sendCommand(nvl, NULL);
- ret = dnvlist_get_number(result, "result", NULL);
+ ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
@@ -1124,7 +1129,7 @@
nvlist_add_nvlist(nvl, "args", args);
result = sendCommand(nvl, NULL);
- ret = dnvlist_get_number(result, "result", NULL);
+ ret = nvlist_get_number(result, "result");
destroy();
return(ret);
}
\ No newline at end of file
Modified: soc2013/dpl/head/lib/libzcap/commands.h
==============================================================================
--- soc2013/dpl/head/lib/libzcap/commands.h Thu Sep 12 10:39:38 2013 (r257235)
+++ soc2013/dpl/head/lib/libzcap/commands.h Thu Sep 12 14:41:20 2013 (r257236)
@@ -69,14 +69,13 @@
#define ZCAPCMD_GZOFFSET 54
#define ZCAPCMD_GZEOF 55
#define ZCAPCMD_GZDIRECT 56
-#define ZCAPCMD_GZCLOSE 57
-#define ZCAPCMD_GZCLOSE_R 58
-#define ZCAPCMD_GZCLOSE_W 59
-#define ZCAPCMD_GZERROR 60
-#define ZCAPCMD_GZCLEARERR 61
+#define ZCAPCMD_GZCLOSE_R 57
+#define ZCAPCMD_GZCLOSE_W 58
+#define ZCAPCMD_GZERROR 59
+#define ZCAPCMD_GZCLEARERR 60
/* checksum functions */
-#define ZCAPCMD_ADLER32 62
-#define ZCAPCMD_ADLER32_COMBINE 63
-#define ZCAPCMD_CRC32 64
-#define ZCAPCMD_CRC32_COMBINE 65
+#define ZCAPCMD_ADLER32 61
+#define ZCAPCMD_ADLER32_COMBINE 62
+#define ZCAPCMD_CRC32 63
+#define ZCAPCMD_CRC32_COMBINE 64
Modified: soc2013/dpl/head/lib/libzcap/deflate.c
==============================================================================
--- soc2013/dpl/head/lib/libzcap/deflate.c Thu Sep 12 10:39:38 2013 (r257235)
+++ soc2013/dpl/head/lib/libzcap/deflate.c Thu Sep 12 14:41:20 2013 (r257236)
@@ -36,7 +36,7 @@
const char *version;
int stream_size;
{
- /* The other process can't use this process functions. */
+ /* zlibworker can't use this process functions. */
strm->zalloc = Z_NULL;
strm->zfree = Z_NULL;
strm->opaque = Z_NULL;
Modified: soc2013/dpl/head/lib/libzcap/gzlib.c
==============================================================================
--- soc2013/dpl/head/lib/libzcap/gzlib.c Thu Sep 12 10:39:38 2013 (r257235)
+++ soc2013/dpl/head/lib/libzcap/gzlib.c Thu Sep 12 14:41:20 2013 (r257236)
@@ -7,6 +7,8 @@
#include <sys/capability.h>
+#include <err.h>
+
#include "gzguts.h"
#include "zutil.h"
#include "commands.h"
@@ -30,6 +32,7 @@
int oflag = 0;
int fd;
char *loopmode;
+ cap_rights_t rights;
strncpy(loopmode, mode, strlen(mode)+1);
while(*loopmode) {
@@ -65,19 +68,16 @@
++loopmode;
}
- if ((fd = open(path, oflag)) < 0) {
- perror("zcaplib: Couldn't create gzip file");
- abort();
- }
+ if ((fd = open(path, oflag)) < 0)
+ err(1, "zcaplib: Couldn't create gzip file");
+
+ cap_rights_init(&rights, CAP_READ, CAP_SEEK, CAP_WRITE, CAP_FSTAT, CAP_FCNTL);
+ if (cap_rights_limit(fd, &rights) < 0)
+ err(1, "zcaplib: Couldn't limit fd: %d", fd);
+
+ if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0)
+ err(1, "zcaplib: Couldn't limit fcntls of fd: %d", fd);
- if (cap_rights_limit(fd, CAP_READ|CAP_SEEK|CAP_WRITE|CAP_FSTAT|CAP_FCNTL) < 0) {
- perror("zcaplib: Couldn't limit fd");
- abort();
- }
- if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0) {
- perror("zcaplib: Couldn't limit fd");
- abort();
- }
return gzdopen(fd, mode);
}
@@ -104,6 +104,7 @@
gzFile file;
unsigned size;
{
+ fprintf(stderr, "Inside gzbuffer, calling zcapcmd_gzbuffer()");
return zcapcmd_gzbuffer(file, size);
}
Modified: soc2013/dpl/head/lib/libzcap/test/testlib.sh
==============================================================================
--- soc2013/dpl/head/lib/libzcap/test/testlib.sh Thu Sep 12 10:39:38 2013 (r257235)
+++ soc2013/dpl/head/lib/libzcap/test/testlib.sh Thu Sep 12 14:41:20 2013 (r257236)
@@ -8,9 +8,4 @@
echo 'Done compiling library and tester.'
echo
-if [ $1 = "-k" ]
-then
- ktrace -i ./zcaplibtest
-else
- ./zcaplibtest
-fi
+sudo ktrace -i ./zcaplibtest
Modified: soc2013/dpl/head/lib/libzcap/test/zcaplibtest.c
==============================================================================
--- soc2013/dpl/head/lib/libzcap/test/zcaplibtest.c Thu Sep 12 10:39:38 2013 (r257235)
+++ soc2013/dpl/head/lib/libzcap/test/zcaplibtest.c Thu Sep 12 14:41:20 2013 (r257236)
@@ -82,19 +82,23 @@
testzlibVersion(void)
{
const char *str = NULL;
+
str = zlibVersion();
if (str == NULL)
- printf("zlibversiion(): Error\n");
-
+ printf("zlibversion(): Error\n");
+ printf("zlibVersion: %s\n", str);
}
/* Basic functions */
void
testdeflateInit(z_streamp strm)
{
- int ret = deflateInit(strm, Z_DEFAULT_COMPRESSION);
+ int ret;
+
+ ret = deflateInit(strm, Z_DEFAULT_COMPRESSION);
if (strm->state == NULL || ret != 0)
printf("deflateInit(): Error: %d\n", ret);
+ printf("deflateInit: %d\n", ret);
}
void
@@ -106,17 +110,23 @@
void
testdeflateEnd(z_streamp strm)
{
- int ret = deflateEnd(strm);
- if (strm->state != Z_NULL || ret != 0)
+ int ret;
+
+ ret = deflateEnd(strm);
+ if (strm->state != NULL || ret != 0)
printf("deflateEnd(): Error: %d\n", ret);
+ printf("deflateEnd: %d\n", ret);
}
void
testinflateInit(z_streamp strm)
{
- int ret = inflateInit(strm);
+ int ret;
+
+ ret = inflateInit(strm);
if (strm->state == NULL || ret != 0)
printf("inflateInit(): Error: %d\n", ret);
+ printf("inflateInit: %d\n", ret);
}
void
@@ -129,18 +139,24 @@
void
testinflateEnd(z_streamp strm)
{
- int ret = inflateEnd(strm);
+ int ret;
+
+ ret = inflateEnd(strm);
if (strm->state != Z_NULL || ret != 0)
printf("inflateEnd(): Error: %d\n", ret);
+ printf("inflateEnd: %d\n", ret);
}
/* Advanced functions */
void
testzlibCompileFlags(void)
{
- uLong ret = zlibCompileFlags();
+ uLong ret;
+
+ ret = zlibCompileFlags();
if (ret == 0)
printf("zlibCompileFlags(): Error: %lu\n", ret);
+ printf("zlibCompileFlags: %lu\n", ret);
}
/* Utility functions */
@@ -150,6 +166,7 @@
uLong ret = compressBound(10L);
if (ret != 23)
printf("compressBound(): Error: %lu\n", ret);
+ printf("compressBound: %lu\n", ret);
}
/* Gzip Functions */
@@ -157,11 +174,10 @@
testgzbasic(void)
{
gzFile file;
- fprintf(stderr, "Starting testgzbasic\n");
- fprintf(stderr, "gzopen()\n");
file = gzopen(filename, "wb");
if (file == NULL)
err(1, "Couldn't open %s to write", filename);
+ printf("gzopen: %p\n", file);
fprintf(stderr, "gzbuffer()\n");
int ret = gzbuffer(file, 8192);
Modified: soc2013/dpl/head/lib/libzcap/zlibworker/commands.c
==============================================================================
--- soc2013/dpl/head/lib/libzcap/zlibworker/commands.c Thu Sep 12 10:39:38 2013 (r257235)
+++ soc2013/dpl/head/lib/libzcap/zlibworker/commands.c Thu Sep 12 14:41:20 2013 (r257236)
@@ -26,6 +26,7 @@
uLong ret = -1;
z_streamp stream;
z_streamp zstrmtemp;
+
/* We save the z_stream into memory. */
if ((stream = calloc(zstreamsize, 1)) == NULL)
err(1, "deflateInit: Can't allocate memory");
@@ -249,11 +250,10 @@
* allocated memory to store the gzFile struct, we
* only have to pass the pointer to this data.
*/
- fd = nvlist_get_descriptor(args, "fd");
+ fd = nvlist_take_descriptor(args, "fd");
mode = nvlist_get_string(args, "mode");
ret = gzdopen(fd, mode);
- fprintf(stderr, "zlibworker: gzopen: ret: %p\n", ret);
nvlist_add_binary(result, "result", ret, gzsize);
}
Modified: soc2013/dpl/head/lib/libzcap/zlibworker/commands.h
==============================================================================
--- soc2013/dpl/head/lib/libzcap/zlibworker/commands.h Thu Sep 12 10:39:38 2013 (r257235)
+++ soc2013/dpl/head/lib/libzcap/zlibworker/commands.h Thu Sep 12 14:41:20 2013 (r257236)
@@ -69,14 +69,13 @@
#define ZCAPCMD_GZOFFSET 54
#define ZCAPCMD_GZEOF 55
#define ZCAPCMD_GZDIRECT 56
-#define ZCAPCMD_GZCLOSE 57
-#define ZCAPCMD_GZCLOSE_R 58
-#define ZCAPCMD_GZCLOSE_W 59
-#define ZCAPCMD_GZERROR 60
-#define ZCAPCMD_GZCLEARERR 61
+#define ZCAPCMD_GZCLOSE_R 57
+#define ZCAPCMD_GZCLOSE_W 58
+#define ZCAPCMD_GZERROR 59
+#define ZCAPCMD_GZCLEARERR 60
/* checksum functions */
-#define ZCAPCMD_ADLER32 62
-#define ZCAPCMD_ADLER32_COMBINE 63
-#define ZCAPCMD_CRC32 64
-#define ZCAPCMD_CRC32_COMBINE 65
+#define ZCAPCMD_ADLER32 61
+#define ZCAPCMD_ADLER32_COMBINE 62
+#define ZCAPCMD_CRC32 63
+#define ZCAPCMD_CRC32_COMBINE 64
Modified: soc2013/dpl/head/lib/libzcap/zlibworker/zlibworker.c
==============================================================================
--- soc2013/dpl/head/lib/libzcap/zlibworker/zlibworker.c Thu Sep 12 10:39:38 2013 (r257235)
+++ soc2013/dpl/head/lib/libzcap/zlibworker/zlibworker.c Thu Sep 12 14:41:20 2013 (r257236)
@@ -103,6 +103,10 @@
{
nvlist_t *nvl, *args, *result;
+ /* Sandbox the process */
+ if (cap_enter() < 0)
+ err(1, "Couldn't enter capability mode");
+
if ((data = calloc(5*1024, 1)) == NULL)
err(1, "malloc\n");
@@ -110,18 +114,17 @@
if ((result = nvlist_create(0)) == NULL)
err(1, "Can't create result.\n");
- if ((nvl = nvlist_recv(SOCKETFILENO)) != NULL) {
- if (!nvlist_exists(nvl, "command"))
- err(1, "No command.\n");
-
- if (!nvlist_exists(nvl, "args"))
- err(1, "args doesn't exist in nvlist\n");
-
- if ((args = nvlist_take_nvlist(nvl, "args")) == NULL)
- err(1, "couldn't take 'args' from nvlist\n");
- } else {
+ if ((nvl = nvlist_recv(SOCKETFILENO)) == NULL)
err(1, "Received nvlist is NULL\n");
- }
+
+ if (!nvlist_exists(nvl, "command"))
+ err(1, "No command.\n");
+
+ if (!nvlist_exists(nvl, "args"))
+ err(1, "args doesn't exist in nvlist\n");
+
+ if ((args = nvlist_take_nvlist(nvl, "args")) == NULL)
+ err(1, "couldn't take 'args' from nvlist\n");
// Switch for "command"
// Get args, and call the real lib.
More information about the svn-soc-all
mailing list