Date: Thu, 25 Jun 2009 18:41:45 GMT From: Jonathan Anderson <jona@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 165190 for review Message-ID: <200906251841.n5PIfjcD068507@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=165190 Change 165190 by jona@jona-trustedbsd-belle-vmware on 2009/06/25 18:41:04 Added (and used and tested) ua_open() Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.c#5 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.h#4 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#13 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.c#5 (text+ko) ==== @@ -38,6 +38,7 @@ #include <libcapability.h> #include <errno.h> +#include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -116,9 +117,7 @@ angel = -1; return -1; } - free(hello_datum); - printf("Got server hello: \"%s\"\n", hello); // validate server 'hello' message if(strncmp(hello, "user_angel", 10)) @@ -151,6 +150,89 @@ +int ua_open(const char *path, int flags) +{ + if(angel < 0) angel = ua_find(); + if(angel < 0) return -1; + + cap_rights_t rights = CAP_SEEK | CAP_FSYNC; + + if((flags & O_RDONLY) || (flags & O_RDWR)) rights |= CAP_READ; + if((flags & O_WRONLY) || (flags & O_RDWR)) + rights |= CAP_WRITE | CAP_FTRUNCATE; + + if(flags & O_EXEC) rights |= CAP_FEXECVE; + + + struct ua_datum *data[4]; + data[0] = ua_marshall_int(UA_OPEN_PATH); + data[1] = ua_marshall_string(path, strlen(path)); + data[2] = ua_marshall_int(flags); + data[3] = ua_marshall_int(rights); + + + for(int i = 0; i < 4; i++) + if(ua_send(angel, data[i], NULL, 0) < 0) + { + sprintf(errmsg, "Error sending request message: %s", + ua_protocol_error()); + return -1; + } + + free(data[0]); + free(data[1]); + free(data[2]); + free(data[3]); + + + + // retrieve the file descriptor(s) + struct ua_datum *fdcountd = ua_recv(angel, NULL, NULL); + if(!fdcountd) + { + sprintf(errmsg, "Error receiving FD count: %s", + ua_protocol_error()); + return -1; + } + + int fdcount; + if(ua_unmarshall_int(fdcountd, &fdcount) < 0) + { + fprintf(stderr, "Error unmarshalling FD count: %s\n", + ua_protocol_error()); + return -1; + } + + if(fdcount != 1) + { + sprintf(errmsg, "Receiving %i FDs, only asked for 1", fdcount); + return -1; + } + + int32_t fd; + unsigned int fdlen = 1; + struct ua_datum *fd_datum = ua_recv(angel, &fd, &fdlen); + if(!fd_datum) + { + sprintf(errmsg, "Error receiving FD: %s", + ua_protocol_error()); + return -1; + } + + unsigned int namelen = 80; + char name[namelen]; + if(ua_unmarshall_string(fd_datum, name, &namelen) < 0) + { + sprintf(errmsg, "Error unmarshalling FD name: %s", + ua_protocol_error()); + return -1; + } + + return fd; +} + + + int ua_send(int sock, datum *d, int32_t fds[], int32_t fdlen) { // the datum is the I/O vector ==== //depot/projects/trustedbsd/capabilities/src/lib/libuserangel/libuserangel.h#4 (text+ko) ==== @@ -45,6 +45,9 @@ /** The last angel/sandbox protocol error */ const char* ua_protocol_error(void); +/** Open a file via the User Angel */ +int ua_open(const char *path, int flags); + /** Find the user angel (at $HOME/.user-angel or the like) */ int ua_find(void); ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#13 (text+ko) ==== @@ -16,7 +16,7 @@ void open_file(int fd_angel, const char *path, int flags, cap_rights_t rights); void open_powerbox(int fd_angel, const char *path, const char *filter, int parent); -void test_fd(int fd, char *name); +void test_fd(int fd, const char *name); int main(int argc, char *argv[]) @@ -30,13 +30,7 @@ } printf("Connected to user angel via FD %i\n", fd_angel); - int proc; - pid_t pid = pdfork(&proc); - printf("PID: %i, proc: %i\n", pid, proc); - if (pid < 0) err(EX_SOFTWARE, "Error in pdfork()"); - else if(pid == 0) return 0; - // enter capability mode if(cap_enter()) err(EX_SOFTWARE, "Failed to enter capability mode"); else printf("Now operating in capability mode\n"); @@ -49,10 +43,23 @@ + // try to some files + int fd; + fd = ua_open("/etc/group", O_RDONLY); + test_fd(fd, "/etc/group"); + close(fd); + + fd = ua_open("/etc/passwd", O_RDONLY); + lc_limitfd(fd, CAP_FSTAT | CAP_READ | CAP_WRITE | CAP_SEEK); + test_fd(fd, "/etc/passwd"); + close(fd); + fd = ua_open("/home/jon/test.txt", O_RDWR); + lc_limitfd(fd, CAP_FSTAT | CAP_READ | CAP_SEEK); + test_fd(fd, "/home/jon/test.txt"); + if(write(fd, "OVERWRITING", 12) < 0) perror("Error overwriting file"); + close(fd); - open_file(fd_angel, "/etc/group", O_RDONLY, CAP_FSTAT | CAP_READ | CAP_SEEK); - open_file(fd_angel, "/etc/passwd", O_RDONLY, CAP_FSTAT | CAP_READ | CAP_WRITE | CAP_SEEK); open_powerbox(fd_angel, "~/Desktop/", "*.txt", 0x2a00003); return 0; @@ -60,63 +67,7 @@ -void open_file(int fd_angel, const char *path, int flags, cap_rights_t rights) -{ - // get the user angel to open the file for us - struct ua_datum *data[4]; - data[0] = ua_marshall_int(UA_OPEN_PATH); - data[1] = ua_marshall_string(path, strlen(path)); - data[2] = ua_marshall_int(flags); - data[3] = ua_marshall_int(rights); - - - for(int i = 0; i < 4; i++) - if(ua_send(fd_angel, data[i], NULL, 0) < 0) - err(EX_IOERR, "Error sending request message"); - free(data[0]); - free(data[1]); - free(data[2]); - free(data[3]); - - - - // retrieve the file descriptor(s) - struct ua_datum *fdcountd = ua_recv(fd_angel, NULL, NULL); - if(!fdcountd) err(EX_IOERR, "Error receiving FD count"); - - int fdcount; - if(ua_unmarshall_int(fdcountd, &fdcount) < 0) - { - fprintf(stderr, "Error unmarshalling FD count: %s\n", - ua_protocol_error()); - return; - } - - for(int i = 0; i < fdcount; i++) - { - int32_t fd; - unsigned int fdlen = 1; - struct ua_datum *fd_datum = ua_recv(fd_angel, &fd, &fdlen); - if(!fd_datum) err(EX_IOERR, "Error receiving FD %i of %i", i, fdcount); - - unsigned int namelen = 80; - char name[namelen]; - if(ua_unmarshall_string(fd_datum, name, &namelen) < 0) - err(EX_SOFTWARE, "Error unmarshalling FD name"); - - if(fdlen != 1) - { - fprintf(stderr, "fdlen is %i, not 1\n", fdlen); - return; - } - - test_fd(fd, name); - close(fd); - } -} - - void open_powerbox(int fd_angel, const char *path, const char *filter, int parent) { struct ua_powerbox_options options; @@ -187,7 +138,7 @@ } -void test_fd(int fd, char *name) +void test_fd(int fd, const char *name) { printf("FD %i: %s\n", fd, name);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906251841.n5PIfjcD068507>