Index: head/lib/Makefile =================================================================== --- head/lib/Makefile +++ head/lib/Makefile @@ -35,6 +35,7 @@ libcalendar \ libcam \ libcapsicum \ + libcasper \ libcompat \ libcrypt \ libdevctl \ @@ -127,7 +128,6 @@ SUBDIR.${MK_BLACKLIST}+=libblacklist SUBDIR.${MK_BLUETOOTH}+=libbluetooth libsdp SUBDIR.${MK_BSNMP}+= libbsnmp -SUBDIR.${MK_CASPER}+= libcasper .if !defined(COMPAT_32BIT) && !defined(COMPAT_SOFTFP) SUBDIR.${MK_CLANG}+= clang Index: head/lib/libcasper/Makefile.inc =================================================================== --- head/lib/libcasper/Makefile.inc +++ head/lib/libcasper/Makefile.inc @@ -1,3 +1,9 @@ # $FreeBSD$ +.include + +.if ${MK_CASPER} != "no" +CFLAGS+=-DWITH_CASPER +.endif + .include "../Makefile.inc" Index: head/lib/libcasper/libcasper/Makefile =================================================================== --- head/lib/libcasper/libcasper/Makefile +++ head/lib/libcasper/libcasper/Makefile @@ -1,16 +1,21 @@ # $FreeBSD$ +.include + PACKAGE=${LIB} -LIB= casper SHLIB_MAJOR= 0 SHLIBDIR?= /lib +.if ${MK_CASPER} != "no" +LIB= casper + SRCS= libcasper.c SRCS+= libcasper_impl.c SRCS+= libcasper_service.c SRCS+= service.c SRCS+= zygote.c +.endif INCS= libcasper.h INCS+= libcasper_service.h Index: head/lib/libcasper/libcasper/libcasper.h =================================================================== --- head/lib/libcasper/libcasper/libcasper.h +++ head/lib/libcasper/libcasper/libcasper.h @@ -1,6 +1,6 @@ /*- * Copyright (c) 2012-2013 The FreeBSD Foundation - * Copyright (c) 2015 Mariusz Zaborski + * Copyright (c) 2015-2017 Mariusz Zaborski * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from @@ -33,8 +33,16 @@ #ifndef _LIBCASPER_H_ #define _LIBCASPER_H_ +#ifdef HAVE_CASPER +#define WITH_CASPER +#endif + #include +#include +#include +#include + #ifndef _NVLIST_T_DECLARED #define _NVLIST_T_DECLARED struct nvlist; @@ -44,72 +52,191 @@ #ifndef _CAP_CHANNEL_T_DECLARED #define _CAP_CHANNEL_T_DECLARED +#ifdef WITH_CASPER struct cap_channel; typedef struct cap_channel cap_channel_t; -#endif +#else +struct cap_channel { + int cch_fd; +}; +typedef struct cap_channel cap_channel_t; +#endif /* ! WITH_CASPER */ +#endif /* ! _CAP_CHANNEL_T_DECLARED */ /* * The functions opens unrestricted communication channel to Casper. */ +#ifdef WITH_CASPER cap_channel_t *cap_init(void); +#else +static inline cap_channel_t * +cap_init(void) +{ + cap_channel_t *chan; + chan = malloc(sizeof(*chan)); + if (chan != NULL) { + chan->cch_fd = -1; + } + return (chan); +} +#endif + /* * The functions to communicate with service. */ +#ifdef WITH_CASPER cap_channel_t *cap_service_open(const cap_channel_t *chan, const char *name); int cap_service_limit(const cap_channel_t *chan, const char * const *names, size_t nnames); +#else +#define cap_service_open(chan, name) (cap_init()) +#define cap_service_limit(chan, names, nnames) (0) +#endif /* * The function creates cap_channel_t based on the given socket. */ +#ifdef WITH_CASPER cap_channel_t *cap_wrap(int sock); +#else +static inline cap_channel_t * +cap_wrap(int sock) +{ + cap_channel_t *chan; + chan = cap_init(); + if (chan != NULL) { + chan->cch_fd = sock; + } + return (chan); +} +#endif + /* * The function returns communication socket and frees cap_channel_t. */ +#ifdef WITH_CASPER int cap_unwrap(cap_channel_t *chan); +#else +#define cap_unwrap(chan) (chan->cch_fd) +#endif /* * The function clones the given capability. */ +#ifdef WITH_CASPER cap_channel_t *cap_clone(const cap_channel_t *chan); +#else +static inline cap_channel_t * +cap_clone(const cap_channel_t *chan) +{ + cap_channel_t *newchan; + newchan = cap_init(); + if (newchan == NULL) { + return (NULL); + } + + if (chan->cch_fd == -1) { + newchan->cch_fd = -1; + } else { + newchan->cch_fd = dup(chan->cch_fd); + if (newchan->cch_fd < 0) { + free(newchan); + newchan = NULL; + } + } + + return (newchan); +} +#endif + /* * The function closes the given capability. */ +#ifdef WITH_CASPER void cap_close(cap_channel_t *chan); +#else +static inline void +cap_close(cap_channel_t *chan) +{ + if (chan->cch_fd >= 0) { + close(chan->cch_fd); + } + free(chan); +} +#endif + /* * The function returns socket descriptor associated with the given * cap_channel_t for use with select(2)/kqueue(2)/etc. */ +#ifdef WITH_CASPER int cap_sock(const cap_channel_t *chan); +#else +#define cap_sock(chan) (chan->cch_fd) +#endif /* * The function limits the given capability. * It always destroys 'limits' on return. */ +#ifdef WITH_CASPER int cap_limit_set(const cap_channel_t *chan, nvlist_t *limits); +#else +#define cap_limit_set(chan, limits) (0) +#endif /* * The function returns current limits of the given capability. */ +#ifdef WITH_CASPER int cap_limit_get(const cap_channel_t *chan, nvlist_t **limitsp); +#else +static inline int +cap_limit_get(const cap_channel_t *chan __unused, nvlist_t **limitsp) +{ + *limitsp = nvlist_create(0); + return (0); +} +#endif + /* * Function sends nvlist over the given capability. */ +#ifdef WITH_CASPER int cap_send_nvlist(const cap_channel_t *chan, const nvlist_t *nvl); +#else +#define cap_send_nvlist(chan, nvl) (0) +#endif + /* * Function receives nvlist over the given capability. */ +#ifdef WITH_CASPER nvlist_t *cap_recv_nvlist(const cap_channel_t *chan, int flags); +#else +#define cap_recv_nvlist(chan, flags) (0) +#endif + /* * Function sends the given nvlist, destroys it and receives new nvlist in * response over the given capability. */ +#ifdef WITH_CASPER nvlist_t *cap_xfer_nvlist(const cap_channel_t *chan, nvlist_t *nvl, int flags); +#else +static inline nvlist_t * +cap_xfer_nvlist(const cap_channel_t *chan __unused, nvlist_t *nvl, int flags) +{ + + nvlist_destroy(nvl); + return (nvlist_create(flags)); +} +#endif #endif /* !_LIBCASPER_H_ */ Index: head/lib/libcasper/services/Makefile =================================================================== --- head/lib/libcasper/services/Makefile +++ head/lib/libcasper/services/Makefile @@ -1,5 +1,7 @@ # $FreeBSD$ +.include + SUBDIR= cap_dns SUBDIR+= cap_grp SUBDIR+= cap_pwd Index: head/lib/libcasper/services/cap_dns/Makefile =================================================================== --- head/lib/libcasper/services/cap_dns/Makefile +++ head/lib/libcasper/services/cap_dns/Makefile @@ -5,12 +5,15 @@ .include PACKAGE=libcasper -LIB= cap_dns SHLIB_MAJOR= 0 INCSDIR?= ${INCLUDEDIR}/casper +.if ${MK_CASPER} != "no" +LIB= cap_dns + SRCS= cap_dns.c +.endif INCS= cap_dns.h Index: head/lib/libcasper/services/cap_dns/cap_dns.h =================================================================== --- head/lib/libcasper/services/cap_dns/cap_dns.h +++ head/lib/libcasper/services/cap_dns/cap_dns.h @@ -32,11 +32,16 @@ #ifndef _CAP_DNS_H_ #define _CAP_DNS_H_ +#ifdef HAVE_CASPER +#define WITH_CASPER +#endif + #include /* socklen_t */ struct addrinfo; struct hostent; +#ifdef WITH_CASPER struct hostent *cap_gethostbyname(cap_channel_t *chan, const char *name); struct hostent *cap_gethostbyname2(cap_channel_t *chan, const char *name, int type); @@ -53,5 +58,18 @@ size_t ntypes); int cap_dns_family_limit(cap_channel_t *chan, const int *families, size_t nfamilies); +#else +#define cap_gethostbyname(chan, name) gethostbyname(name) +#define cap_gethostbyname2(chan, name, type) gethostbyname2(name, type) +#define cap_gethostbyaddr(chan, addr, len, type) gethostbyaddr(addr, len, type) + +#define cap_getaddrinfo(chan, hostname, servname, hints, res) \ + getaddrinfo(hostname, servname, hints, res) +#define cap_getnameinfo(chan, sa, salen, host, hostlen, serv, servlen, flags) \ + getnameinfo(sa, salen, host, hostlen, serv, servlen, flags) + +#define cap_dns_type_limit(chan, types, ntypes) (0) +#define cap_dns_family_limit(chan, families, nfamilies) (0) +#endif #endif /* !_CAP_DNS_H_ */ Index: head/lib/libcasper/services/cap_dns/tests/Makefile =================================================================== --- head/lib/libcasper/services/cap_dns/tests/Makefile +++ head/lib/libcasper/services/cap_dns/tests/Makefile @@ -1,9 +1,13 @@ # $FreeBSD$ +.include + TAP_TESTS_C= dns_test +.if ${MK_CASPER} != "no" LIBADD+= casper LIBADD+= cap_dns +.endif LIBADD+= nv WARNS?= 3 Index: head/lib/libcasper/services/cap_dns/tests/dns_test.c =================================================================== --- head/lib/libcasper/services/cap_dns/tests/dns_test.c +++ head/lib/libcasper/services/cap_dns/tests/dns_test.c @@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include Index: head/lib/libcasper/services/cap_grp/Makefile =================================================================== --- head/lib/libcasper/services/cap_grp/Makefile +++ head/lib/libcasper/services/cap_grp/Makefile @@ -5,12 +5,15 @@ .include PACKAGE=libcasper -LIB= cap_grp SHLIB_MAJOR= 0 INCSDIR?= ${INCLUDEDIR}/casper +.if ${MK_CASPER} != "no" +LIB= cap_grp + SRCS= cap_grp.c +.endif INCS= cap_grp.h Index: head/lib/libcasper/services/cap_grp/cap_grp.h =================================================================== --- head/lib/libcasper/services/cap_grp/cap_grp.h +++ head/lib/libcasper/services/cap_grp/cap_grp.h @@ -32,6 +32,11 @@ #ifndef _CAP_GRP_H_ #define _CAP_GRP_H_ +#ifdef HAVE_CASPER +#define WITH_CASPER +#endif + +#ifdef WITH_CASPER struct group *cap_getgrent(cap_channel_t *chan); struct group *cap_getgrnam(cap_channel_t *chan, const char *name); struct group *cap_getgrgid(cap_channel_t *chan, gid_t gid); @@ -53,5 +58,32 @@ size_t nfields); int cap_grp_limit_groups(cap_channel_t *chan, const char * const *names, size_t nnames, gid_t *gids, size_t ngids); +#else +#define cap_getgrent(chan) getgrent() +#define cap_getgrnam(chan, name) getgrnam(name) +#define cap_getgrgid(chan, gid) getgrgid(gid) + +#define cap_setgroupent(chan, stayopen) etgroupent(stayopen) +#define endgrent(chan) endgrent() +inline int +cap_setgrent(cap_channel_t *chan __unused) +{ + + setgrent(); + return(0); +} + +#define cap_getgrent_r(chan, grp, buffer, bufsize, result) \ + getgrent_r(grp, buffer, bufsize, result) +#define cap_getgrnam_r(chan, name, grp, buffer, bufsize, result) \ + getgrnam_r(name, grp, buffer, bufsize, result) +#define cap_getgrgid_r(chan, gid, grp, buffer, bufsize, result) \ + getgrgid_r(gid, grp, buffer, bufsize, result) + +#define cap_grp_limit_cmds(chan, cmds, ncmds) (0) +#define cap_grp_limit_fields(chan, fields, nfields) (0) +#define cap_grp_limit_groups(chan, names, nnames, gids, ngids) (0) + +#endif #endif /* !_CAP_GRP_H_ */ Index: head/lib/libcasper/services/cap_grp/tests/Makefile =================================================================== --- head/lib/libcasper/services/cap_grp/tests/Makefile +++ head/lib/libcasper/services/cap_grp/tests/Makefile @@ -1,9 +1,13 @@ # $FreeBSD$ +.include + TAP_TESTS_C= grp_test +.if ${MK_CASPER} != "no" LIBADD+= casper LIBADD+= cap_grp +.endif LIBADD+= nv WARNS?= 3 Index: head/lib/libcasper/services/cap_grp/tests/grp_test.c =================================================================== --- head/lib/libcasper/services/cap_grp/tests/grp_test.c +++ head/lib/libcasper/services/cap_grp/tests/grp_test.c @@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include Index: head/lib/libcasper/services/cap_pwd/Makefile =================================================================== --- head/lib/libcasper/services/cap_pwd/Makefile +++ head/lib/libcasper/services/cap_pwd/Makefile @@ -5,12 +5,15 @@ .include PACKAGE=libcasper -LIB= cap_pwd SHLIB_MAJOR= 0 INCSDIR?= ${INCLUDEDIR}/casper +.if ${MK_CASPER} != "no" +LIB= cap_pwd + SRCS= cap_pwd.c +.endif INCS= cap_pwd.h Index: head/lib/libcasper/services/cap_pwd/cap_pwd.h =================================================================== --- head/lib/libcasper/services/cap_pwd/cap_pwd.h +++ head/lib/libcasper/services/cap_pwd/cap_pwd.h @@ -32,6 +32,11 @@ #ifndef _CAP_PWD_H_ #define _CAP_PWD_H_ +#ifdef HAVE_CASPER +#define WITH_CASPER +#endif + +#ifdef WITH_CASPER struct passwd *cap_getpwent(cap_channel_t *chan); struct passwd *cap_getpwnam(cap_channel_t *chan, const char *login); struct passwd *cap_getpwuid(cap_channel_t *chan, uid_t uid); @@ -53,5 +58,25 @@ size_t nfields); int cap_pwd_limit_users(cap_channel_t *chan, const char * const *names, size_t nnames, uid_t *uids, size_t nuids); +#else +#define cap_getpwent(chan) getpwent() +#define cap_getpwnam(chan, login) getpwnam(login) +#define cap_getpwuid(chan, uid) getpwuid(uid) + +#define cap_getpwent_r(chan, pwd, buffer, bufsize, result) \ + getpwent_r(pwd, buffer, bufsize, result) +#define cap_getpwnam_r(chan, name, pwd, buffer, bufsize, result) \ + getpwnam_r(name, pwd, buffer, bufsize, result) +#define cap_getpwuid_r(chan, uid, pwd, buffer, bufsize, result) \ + getpwuid_r(uid, pwd, buffer, bufsize, result) + +#define cap_setpassent(chan, stayopen) setpassent(stayopen) +#define cap_setpwent(chan) setpwent() +#define cap_endpwent(chan) endpwent() + +#define cap_pwd_limit_cmds(chan, cmds, ncmds) (0) +#define cap_pwd_limit_fields(chan, fields, nfields) (0) +#define cap_pwd_limit_users(chan, names, nnames, uids, nuids) (0) +#endif #endif /* !_CAP_PWD_H_ */ Index: head/lib/libcasper/services/cap_pwd/tests/Makefile =================================================================== --- head/lib/libcasper/services/cap_pwd/tests/Makefile +++ head/lib/libcasper/services/cap_pwd/tests/Makefile @@ -1,9 +1,13 @@ # $FreeBSD$ +.include + TAP_TESTS_C= pwd_test +.if ${MK_CASPER} != "no" LIBADD+= casper LIBADD+= cap_pwd +.endif LIBADD+= nv WARNS?= 3 Index: head/lib/libcasper/services/cap_pwd/tests/pwd_test.c =================================================================== --- head/lib/libcasper/services/cap_pwd/tests/pwd_test.c +++ head/lib/libcasper/services/cap_pwd/tests/pwd_test.c @@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include Index: head/lib/libcasper/services/cap_random/Makefile =================================================================== --- head/lib/libcasper/services/cap_random/Makefile +++ head/lib/libcasper/services/cap_random/Makefile @@ -1,13 +1,18 @@ # $FreeBSD$ +.include + PACKAGE=libcasper -LIB= cap_random SHLIB_MAJOR= 0 SHLIBDIR?= /lib/casper INCSDIR?= ${INCLUDEDIR}/casper +.if ${MK_CASPER} != "no" +LIB= cap_random + SRCS= cap_random.c +.endif INCS= cap_random.h Index: head/lib/libcasper/services/cap_random/cap_random.h =================================================================== --- head/lib/libcasper/services/cap_random/cap_random.h +++ head/lib/libcasper/services/cap_random/cap_random.h @@ -32,6 +32,20 @@ #ifndef _CAP_RANDOM_H_ #define _CAP_RANDOM_H_ +#ifdef HAVE_CASPER +#define WITH_CASPER +#endif + +#ifdef WITH_CASPER int cap_random_buf(cap_channel_t *chan, void *buf, size_t nbytes); +#else +inline int +cap_random_buf(cap_channel_t *chan, void *buf, size_t nbytes) +{ + + arc4random_buf(buf, nbytes); + return(0); +} +#endif #endif /* !_CAP_RANDOM_H_ */ Index: head/lib/libcasper/services/cap_sysctl/Makefile =================================================================== --- head/lib/libcasper/services/cap_sysctl/Makefile +++ head/lib/libcasper/services/cap_sysctl/Makefile @@ -5,12 +5,15 @@ .include PACKAGE=libcasper -LIB= cap_sysctl SHLIB_MAJOR= 0 INCSDIR?= ${INCLUDEDIR}/casper +.if ${MK_CASPER} != "no" +LIB= cap_sysctl + SRCS= cap_sysctl.c +.endif INCS= cap_sysctl.h Index: head/lib/libcasper/services/cap_sysctl/cap_sysctl.h =================================================================== --- head/lib/libcasper/services/cap_sysctl/cap_sysctl.h +++ head/lib/libcasper/services/cap_sysctl/cap_sysctl.h @@ -32,12 +32,21 @@ #ifndef _CAP_SYSCTL_H_ #define _CAP_SYSCTL_H_ +#ifdef HAVE_CASPER +#define WITH_CASPER +#endif + #define CAP_SYSCTL_READ 0x01 #define CAP_SYSCTL_WRITE 0x02 #define CAP_SYSCTL_RDWR (CAP_SYSCTL_READ | CAP_SYSCTL_WRITE) #define CAP_SYSCTL_RECURSIVE 0x04 +#ifdef WITH_CASPER int cap_sysctlbyname(cap_channel_t *chan, const char *name, void *oldp, size_t *oldlenp, const void *newp, size_t newlen); +#else +#define cap_sysctlbyname(chan, name, oldp, oldlenp, newp, newlen) \ + sysctlbyname(name, oldp, oldlenp, newp, newlen) +#endif #endif /* !_CAP_SYSCTL_H_ */ Index: head/lib/libcasper/services/cap_sysctl/tests/Makefile =================================================================== --- head/lib/libcasper/services/cap_sysctl/tests/Makefile +++ head/lib/libcasper/services/cap_sysctl/tests/Makefile @@ -1,9 +1,13 @@ # $FreeBSD$ +.include + TAP_TESTS_C= sysctl_test +.if ${MK_CASPER} != "no" LIBADD+= casper LIBADD+= cap_sysctl +.endif LIBADD+= nv WARNS?= 3