D8753.id34424.diff
No OneTemporary
Actions

Size

17 KB

Referenced Files

None

Subscribers

None

D8753.id34424.diff
View Options

	Index: head/lib/Makefile
	===================================================================
	--- head/lib/Makefile
	+++ head/lib/Makefile
	@@ -35,6 +35,7 @@
	libcalendar \
	libcam \
	libcapsicum \
	+ libcasper \
	libcompat \
	libcrypt \
	libdevctl \
	@@ -127,7 +128,6 @@
	SUBDIR.${MK_BLACKLIST}+=libblacklist
	SUBDIR.${MK_BLUETOOTH}+=libbluetooth libsdp
	SUBDIR.${MK_BSNMP}+= libbsnmp
	-SUBDIR.${MK_CASPER}+= libcasper

	.if !defined(COMPAT_32BIT) && !defined(COMPAT_SOFTFP)
	SUBDIR.${MK_CLANG}+= clang
	Index: head/lib/libcasper/Makefile.inc
	===================================================================
	--- head/lib/libcasper/Makefile.inc
	+++ head/lib/libcasper/Makefile.inc
	@@ -1,3 +1,9 @@
	# $FreeBSD$

	+.include <src.opts.mk>
	+
	+.if ${MK_CASPER} != "no"
	+CFLAGS+=-DWITH_CASPER
	+.endif
	+
	.include "../Makefile.inc"
	Index: head/lib/libcasper/libcasper/Makefile
	===================================================================
	--- head/lib/libcasper/libcasper/Makefile
	+++ head/lib/libcasper/libcasper/Makefile
	@@ -1,16 +1,21 @@
	# $FreeBSD$

	+.include <src.opts.mk>
	+
	PACKAGE=${LIB}
	-LIB= casper

	SHLIB_MAJOR= 0
	SHLIBDIR?= /lib

	+.if ${MK_CASPER} != "no"
	+LIB= casper
	+
	SRCS= libcasper.c
	SRCS+= libcasper_impl.c
	SRCS+= libcasper_service.c
	SRCS+= service.c
	SRCS+= zygote.c
	+.endif

	INCS= libcasper.h
	INCS+= libcasper_service.h
	Index: head/lib/libcasper/libcasper/libcasper.h
	===================================================================
	--- head/lib/libcasper/libcasper/libcasper.h
	+++ head/lib/libcasper/libcasper/libcasper.h
	@@ -1,6 +1,6 @@
	/*-
	* Copyright (c) 2012-2013 The FreeBSD Foundation
	- * Copyright (c) 2015 Mariusz Zaborski <oshogbo@FreeBSD.org>
	+ * Copyright (c) 2015-2017 Mariusz Zaborski <oshogbo@FreeBSD.org>
	* All rights reserved.
	*
	* This software was developed by Pawel Jakub Dawidek under sponsorship from
	@@ -33,8 +33,16 @@
	#ifndef _LIBCASPER_H_
	#define _LIBCASPER_H_

	+#ifdef HAVE_CASPER
	+#define WITH_CASPER
	+#endif
	+
	#include <sys/types.h>
	+#include <sys/nv.h>

	+#include <stdlib.h>
	+#include <unistd.h>
	+
	#ifndef _NVLIST_T_DECLARED
	#define _NVLIST_T_DECLARED
	struct nvlist;
	@@ -44,72 +52,191 @@

	#ifndef _CAP_CHANNEL_T_DECLARED
	#define _CAP_CHANNEL_T_DECLARED
	+#ifdef WITH_CASPER
	struct cap_channel;

	typedef struct cap_channel cap_channel_t;
	-#endif
	+#else
	+struct cap_channel {
	+ int cch_fd;
	+};
	+typedef struct cap_channel cap_channel_t;
	+#endif /* ! WITH_CASPER */
	+#endif /* ! _CAP_CHANNEL_T_DECLARED */

	/*
	* The functions opens unrestricted communication channel to Casper.
	*/
	+#ifdef WITH_CASPER
	cap_channel_t *cap_init(void);
	+#else
	+static inline cap_channel_t *
	+cap_init(void)
	+{
	+ cap_channel_t *chan;

	+ chan = malloc(sizeof(*chan));
	+ if (chan != NULL) {
	+ chan->cch_fd = -1;
	+ }
	+ return (chan);
	+}
	+#endif
	+
	/*
	* The functions to communicate with service.
	*/
	+#ifdef WITH_CASPER
	cap_channel_t cap_service_open(const cap_channel_t chan, const char *name);
	int cap_service_limit(const cap_channel_t *chan,
	const char * const *names, size_t nnames);
	+#else
	+#define cap_service_open(chan, name) (cap_init())
	+#define cap_service_limit(chan, names, nnames) (0)
	+#endif

	/*
	* The function creates cap_channel_t based on the given socket.
	*/
	+#ifdef WITH_CASPER
	cap_channel_t *cap_wrap(int sock);
	+#else
	+static inline cap_channel_t *
	+cap_wrap(int sock)
	+{
	+ cap_channel_t *chan;

	+ chan = cap_init();
	+ if (chan != NULL) {
	+ chan->cch_fd = sock;
	+ }
	+ return (chan);
	+}
	+#endif
	+
	/*
	* The function returns communication socket and frees cap_channel_t.
	*/
	+#ifdef WITH_CASPER
	int cap_unwrap(cap_channel_t *chan);
	+#else
	+#define cap_unwrap(chan) (chan->cch_fd)
	+#endif

	/*
	* The function clones the given capability.
	*/
	+#ifdef WITH_CASPER
	cap_channel_t cap_clone(const cap_channel_t chan);
	+#else
	+static inline cap_channel_t *
	+cap_clone(const cap_channel_t *chan)
	+{
	+ cap_channel_t *newchan;

	+ newchan = cap_init();
	+ if (newchan == NULL) {
	+ return (NULL);
	+ }
	+
	+ if (chan->cch_fd == -1) {
	+ newchan->cch_fd = -1;
	+ } else {
	+ newchan->cch_fd = dup(chan->cch_fd);
	+ if (newchan->cch_fd < 0) {
	+ free(newchan);
	+ newchan = NULL;
	+ }
	+ }
	+
	+ return (newchan);
	+}
	+#endif
	+
	/*
	* The function closes the given capability.
	*/
	+#ifdef WITH_CASPER
	void cap_close(cap_channel_t *chan);
	+#else
	+static inline void
	+cap_close(cap_channel_t *chan)
	+{

	+ if (chan->cch_fd >= 0) {
	+ close(chan->cch_fd);
	+ }
	+ free(chan);
	+}
	+#endif
	+
	/*
	* The function returns socket descriptor associated with the given
	* cap_channel_t for use with select(2)/kqueue(2)/etc.
	*/
	+#ifdef WITH_CASPER
	int cap_sock(const cap_channel_t *chan);
	+#else
	+#define cap_sock(chan) (chan->cch_fd)
	+#endif

	/*
	* The function limits the given capability.
	* It always destroys 'limits' on return.
	*/
	+#ifdef WITH_CASPER
	int cap_limit_set(const cap_channel_t chan, nvlist_t limits);
	+#else
	+#define cap_limit_set(chan, limits) (0)
	+#endif

	/*
	* The function returns current limits of the given capability.
	*/
	+#ifdef WITH_CASPER
	int cap_limit_get(const cap_channel_t chan, nvlist_t *limitsp);
	+#else
	+static inline int
	+cap_limit_get(const cap_channel_t chan __unused, nvlist_t *limitsp)
	+{

	+ *limitsp = nvlist_create(0);
	+ return (0);
	+}
	+#endif
	+
	/*
	* Function sends nvlist over the given capability.
	*/
	+#ifdef WITH_CASPER
	int cap_send_nvlist(const cap_channel_t chan, const nvlist_t nvl);
	+#else
	+#define cap_send_nvlist(chan, nvl) (0)
	+#endif
	+
	/*
	* Function receives nvlist over the given capability.
	*/
	+#ifdef WITH_CASPER
	nvlist_t cap_recv_nvlist(const cap_channel_t chan, int flags);
	+#else
	+#define cap_recv_nvlist(chan, flags) (0)
	+#endif
	+
	/*
	* Function sends the given nvlist, destroys it and receives new nvlist in
	* response over the given capability.
	*/
	+#ifdef WITH_CASPER
	nvlist_t cap_xfer_nvlist(const cap_channel_t chan, nvlist_t *nvl, int flags);
	+#else
	+static inline nvlist_t *
	+cap_xfer_nvlist(const cap_channel_t chan __unused, nvlist_t nvl, int flags)
	+{
	+
	+ nvlist_destroy(nvl);
	+ return (nvlist_create(flags));
	+}
	+#endif

	#endif /* !_LIBCASPER_H_ */
	Index: head/lib/libcasper/services/Makefile
	===================================================================
	--- head/lib/libcasper/services/Makefile
	+++ head/lib/libcasper/services/Makefile
	@@ -1,5 +1,7 @@
	# $FreeBSD$

	+.include <src.opts.mk>
	+
	SUBDIR= cap_dns
	SUBDIR+= cap_grp
	SUBDIR+= cap_pwd
	Index: head/lib/libcasper/services/cap_dns/Makefile
	===================================================================
	--- head/lib/libcasper/services/cap_dns/Makefile
	+++ head/lib/libcasper/services/cap_dns/Makefile
	@@ -5,12 +5,15 @@
	.include <src.opts.mk>

	PACKAGE=libcasper
	-LIB= cap_dns

	SHLIB_MAJOR= 0
	INCSDIR?= ${INCLUDEDIR}/casper

	+.if ${MK_CASPER} != "no"
	+LIB= cap_dns
	+
	SRCS= cap_dns.c
	+.endif

	INCS= cap_dns.h

	Index: head/lib/libcasper/services/cap_dns/cap_dns.h
	===================================================================
	--- head/lib/libcasper/services/cap_dns/cap_dns.h
	+++ head/lib/libcasper/services/cap_dns/cap_dns.h
	@@ -32,11 +32,16 @@
	#ifndef _CAP_DNS_H_
	#define _CAP_DNS_H_

	+#ifdef HAVE_CASPER
	+#define WITH_CASPER
	+#endif
	+
	#include <sys/socket.h> /* socklen_t */

	struct addrinfo;
	struct hostent;

	+#ifdef WITH_CASPER
	struct hostent cap_gethostbyname(cap_channel_t chan, const char *name);
	struct hostent cap_gethostbyname2(cap_channel_t chan, const char *name,
	int type);
	@@ -53,5 +58,18 @@
	size_t ntypes);
	int cap_dns_family_limit(cap_channel_t chan, const int families,
	size_t nfamilies);
	+#else
	+#define cap_gethostbyname(chan, name) gethostbyname(name)
	+#define cap_gethostbyname2(chan, name, type) gethostbyname2(name, type)
	+#define cap_gethostbyaddr(chan, addr, len, type) gethostbyaddr(addr, len, type)
	+
	+#define cap_getaddrinfo(chan, hostname, servname, hints, res) \
	+ getaddrinfo(hostname, servname, hints, res)
	+#define cap_getnameinfo(chan, sa, salen, host, hostlen, serv, servlen, flags) \
	+ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags)
	+
	+#define cap_dns_type_limit(chan, types, ntypes) (0)
	+#define cap_dns_family_limit(chan, families, nfamilies) (0)
	+#endif

	#endif /* !_CAP_DNS_H_ */
	Index: head/lib/libcasper/services/cap_dns/tests/Makefile
	===================================================================
	--- head/lib/libcasper/services/cap_dns/tests/Makefile
	+++ head/lib/libcasper/services/cap_dns/tests/Makefile
	@@ -1,9 +1,13 @@
	# $FreeBSD$

	+.include <src.opts.mk>
	+
	TAP_TESTS_C= dns_test

	+.if ${MK_CASPER} != "no"
	LIBADD+= casper
	LIBADD+= cap_dns
	+.endif
	LIBADD+= nv

	WARNS?= 3
	Index: head/lib/libcasper/services/cap_dns/tests/dns_test.c
	===================================================================
	--- head/lib/libcasper/services/cap_dns/tests/dns_test.c
	+++ head/lib/libcasper/services/cap_dns/tests/dns_test.c
	@@ -31,6 +31,7 @@
	__FBSDID("$FreeBSD$");

	#include <sys/capsicum.h>
	+#include <sys/nv.h>

	#include <arpa/inet.h>
	#include <netinet/in.h>
	Index: head/lib/libcasper/services/cap_grp/Makefile
	===================================================================
	--- head/lib/libcasper/services/cap_grp/Makefile
	+++ head/lib/libcasper/services/cap_grp/Makefile
	@@ -5,12 +5,15 @@
	.include <src.opts.mk>

	PACKAGE=libcasper
	-LIB= cap_grp

	SHLIB_MAJOR= 0
	INCSDIR?= ${INCLUDEDIR}/casper

	+.if ${MK_CASPER} != "no"
	+LIB= cap_grp
	+
	SRCS= cap_grp.c
	+.endif

	INCS= cap_grp.h

	Index: head/lib/libcasper/services/cap_grp/cap_grp.h
	===================================================================
	--- head/lib/libcasper/services/cap_grp/cap_grp.h
	+++ head/lib/libcasper/services/cap_grp/cap_grp.h
	@@ -32,6 +32,11 @@
	#ifndef _CAP_GRP_H_
	#define _CAP_GRP_H_

	+#ifdef HAVE_CASPER
	+#define WITH_CASPER
	+#endif
	+
	+#ifdef WITH_CASPER
	struct group cap_getgrent(cap_channel_t chan);
	struct group cap_getgrnam(cap_channel_t chan, const char *name);
	struct group cap_getgrgid(cap_channel_t chan, gid_t gid);
	@@ -53,5 +58,32 @@
	size_t nfields);
	int cap_grp_limit_groups(cap_channel_t chan, const char const *names,
	size_t nnames, gid_t *gids, size_t ngids);
	+#else
	+#define cap_getgrent(chan) getgrent()
	+#define cap_getgrnam(chan, name) getgrnam(name)
	+#define cap_getgrgid(chan, gid) getgrgid(gid)
	+
	+#define cap_setgroupent(chan, stayopen) etgroupent(stayopen)
	+#define endgrent(chan) endgrent()
	+inline int
	+cap_setgrent(cap_channel_t *chan __unused)
	+{
	+
	+ setgrent();
	+ return(0);
	+}
	+
	+#define cap_getgrent_r(chan, grp, buffer, bufsize, result) \
	+ getgrent_r(grp, buffer, bufsize, result)
	+#define cap_getgrnam_r(chan, name, grp, buffer, bufsize, result) \
	+ getgrnam_r(name, grp, buffer, bufsize, result)
	+#define cap_getgrgid_r(chan, gid, grp, buffer, bufsize, result) \
	+ getgrgid_r(gid, grp, buffer, bufsize, result)
	+
	+#define cap_grp_limit_cmds(chan, cmds, ncmds) (0)
	+#define cap_grp_limit_fields(chan, fields, nfields) (0)
	+#define cap_grp_limit_groups(chan, names, nnames, gids, ngids) (0)
	+
	+#endif

	#endif /* !_CAP_GRP_H_ */
	Index: head/lib/libcasper/services/cap_grp/tests/Makefile
	===================================================================
	--- head/lib/libcasper/services/cap_grp/tests/Makefile
	+++ head/lib/libcasper/services/cap_grp/tests/Makefile
	@@ -1,9 +1,13 @@
	# $FreeBSD$

	+.include <src.opts.mk>
	+
	TAP_TESTS_C= grp_test

	+.if ${MK_CASPER} != "no"
	LIBADD+= casper
	LIBADD+= cap_grp
	+.endif
	LIBADD+= nv

	WARNS?= 3
	Index: head/lib/libcasper/services/cap_grp/tests/grp_test.c
	===================================================================
	--- head/lib/libcasper/services/cap_grp/tests/grp_test.c
	+++ head/lib/libcasper/services/cap_grp/tests/grp_test.c
	@@ -31,6 +31,7 @@
	__FBSDID("$FreeBSD$");

	#include <sys/capsicum.h>
	+#include <sys/nv.h>

	#include <assert.h>
	#include <err.h>
	Index: head/lib/libcasper/services/cap_pwd/Makefile
	===================================================================
	--- head/lib/libcasper/services/cap_pwd/Makefile
	+++ head/lib/libcasper/services/cap_pwd/Makefile
	@@ -5,12 +5,15 @@
	.include <src.opts.mk>

	PACKAGE=libcasper
	-LIB= cap_pwd

	SHLIB_MAJOR= 0
	INCSDIR?= ${INCLUDEDIR}/casper

	+.if ${MK_CASPER} != "no"
	+LIB= cap_pwd
	+
	SRCS= cap_pwd.c
	+.endif

	INCS= cap_pwd.h

	Index: head/lib/libcasper/services/cap_pwd/cap_pwd.h
	===================================================================
	--- head/lib/libcasper/services/cap_pwd/cap_pwd.h
	+++ head/lib/libcasper/services/cap_pwd/cap_pwd.h
	@@ -32,6 +32,11 @@
	#ifndef _CAP_PWD_H_
	#define _CAP_PWD_H_

	+#ifdef HAVE_CASPER
	+#define WITH_CASPER
	+#endif
	+
	+#ifdef WITH_CASPER
	struct passwd cap_getpwent(cap_channel_t chan);
	struct passwd cap_getpwnam(cap_channel_t chan, const char *login);
	struct passwd cap_getpwuid(cap_channel_t chan, uid_t uid);
	@@ -53,5 +58,25 @@
	size_t nfields);
	int cap_pwd_limit_users(cap_channel_t chan, const char const *names,
	size_t nnames, uid_t *uids, size_t nuids);
	+#else
	+#define cap_getpwent(chan) getpwent()
	+#define cap_getpwnam(chan, login) getpwnam(login)
	+#define cap_getpwuid(chan, uid) getpwuid(uid)
	+
	+#define cap_getpwent_r(chan, pwd, buffer, bufsize, result) \
	+ getpwent_r(pwd, buffer, bufsize, result)
	+#define cap_getpwnam_r(chan, name, pwd, buffer, bufsize, result) \
	+ getpwnam_r(name, pwd, buffer, bufsize, result)
	+#define cap_getpwuid_r(chan, uid, pwd, buffer, bufsize, result) \
	+ getpwuid_r(uid, pwd, buffer, bufsize, result)
	+
	+#define cap_setpassent(chan, stayopen) setpassent(stayopen)
	+#define cap_setpwent(chan) setpwent()
	+#define cap_endpwent(chan) endpwent()
	+
	+#define cap_pwd_limit_cmds(chan, cmds, ncmds) (0)
	+#define cap_pwd_limit_fields(chan, fields, nfields) (0)
	+#define cap_pwd_limit_users(chan, names, nnames, uids, nuids) (0)
	+#endif

	#endif /* !_CAP_PWD_H_ */
	Index: head/lib/libcasper/services/cap_pwd/tests/Makefile
	===================================================================
	--- head/lib/libcasper/services/cap_pwd/tests/Makefile
	+++ head/lib/libcasper/services/cap_pwd/tests/Makefile
	@@ -1,9 +1,13 @@
	# $FreeBSD$

	+.include <src.opts.mk>
	+
	TAP_TESTS_C= pwd_test

	+.if ${MK_CASPER} != "no"
	LIBADD+= casper
	LIBADD+= cap_pwd
	+.endif
	LIBADD+= nv

	WARNS?= 3
	Index: head/lib/libcasper/services/cap_pwd/tests/pwd_test.c
	===================================================================
	--- head/lib/libcasper/services/cap_pwd/tests/pwd_test.c
	+++ head/lib/libcasper/services/cap_pwd/tests/pwd_test.c
	@@ -31,6 +31,7 @@
	__FBSDID("$FreeBSD$");

	#include <sys/capsicum.h>
	+#include <sys/nv.h>

	#include <assert.h>
	#include <err.h>
	Index: head/lib/libcasper/services/cap_random/Makefile
	===================================================================
	--- head/lib/libcasper/services/cap_random/Makefile
	+++ head/lib/libcasper/services/cap_random/Makefile
	@@ -1,13 +1,18 @@
	# $FreeBSD$

	+.include <src.opts.mk>
	+
	PACKAGE=libcasper
	-LIB= cap_random

	SHLIB_MAJOR= 0
	SHLIBDIR?= /lib/casper
	INCSDIR?= ${INCLUDEDIR}/casper

	+.if ${MK_CASPER} != "no"
	+LIB= cap_random
	+
	SRCS= cap_random.c
	+.endif

	INCS= cap_random.h

	Index: head/lib/libcasper/services/cap_random/cap_random.h
	===================================================================
	--- head/lib/libcasper/services/cap_random/cap_random.h
	+++ head/lib/libcasper/services/cap_random/cap_random.h
	@@ -32,6 +32,20 @@
	#ifndef _CAP_RANDOM_H_
	#define _CAP_RANDOM_H_

	+#ifdef HAVE_CASPER
	+#define WITH_CASPER
	+#endif
	+
	+#ifdef WITH_CASPER
	int cap_random_buf(cap_channel_t chan, void buf, size_t nbytes);
	+#else
	+inline int
	+cap_random_buf(cap_channel_t chan, void buf, size_t nbytes)
	+{
	+
	+ arc4random_buf(buf, nbytes);
	+ return(0);
	+}
	+#endif

	#endif /* !_CAP_RANDOM_H_ */
	Index: head/lib/libcasper/services/cap_sysctl/Makefile
	===================================================================
	--- head/lib/libcasper/services/cap_sysctl/Makefile
	+++ head/lib/libcasper/services/cap_sysctl/Makefile
	@@ -5,12 +5,15 @@
	.include <src.opts.mk>

	PACKAGE=libcasper
	-LIB= cap_sysctl

	SHLIB_MAJOR= 0
	INCSDIR?= ${INCLUDEDIR}/casper

	+.if ${MK_CASPER} != "no"
	+LIB= cap_sysctl
	+
	SRCS= cap_sysctl.c
	+.endif

	INCS= cap_sysctl.h

	Index: head/lib/libcasper/services/cap_sysctl/cap_sysctl.h
	===================================================================
	--- head/lib/libcasper/services/cap_sysctl/cap_sysctl.h
	+++ head/lib/libcasper/services/cap_sysctl/cap_sysctl.h
	@@ -32,12 +32,21 @@
	#ifndef _CAP_SYSCTL_H_
	#define _CAP_SYSCTL_H_

	+#ifdef HAVE_CASPER
	+#define WITH_CASPER
	+#endif
	+
	#define CAP_SYSCTL_READ 0x01
	#define CAP_SYSCTL_WRITE 0x02
	#define CAP_SYSCTL_RDWR (CAP_SYSCTL_READ \| CAP_SYSCTL_WRITE)
	#define CAP_SYSCTL_RECURSIVE 0x04

	+#ifdef WITH_CASPER
	int cap_sysctlbyname(cap_channel_t chan, const char name, void *oldp,
	size_t oldlenp, const void newp, size_t newlen);
	+#else
	+#define cap_sysctlbyname(chan, name, oldp, oldlenp, newp, newlen) \
	+ sysctlbyname(name, oldp, oldlenp, newp, newlen)
	+#endif

	#endif /* !_CAP_SYSCTL_H_ */
	Index: head/lib/libcasper/services/cap_sysctl/tests/Makefile
	===================================================================
	--- head/lib/libcasper/services/cap_sysctl/tests/Makefile
	+++ head/lib/libcasper/services/cap_sysctl/tests/Makefile
	@@ -1,9 +1,13 @@
	# $FreeBSD$

	+.include <src.opts.mk>
	+
	TAP_TESTS_C= sysctl_test

	+.if ${MK_CASPER} != "no"
	LIBADD+= casper
	LIBADD+= cap_sysctl
	+.endif
	LIBADD+= nv

	WARNS?= 3

File Metadata

Mime Type: text/plain
Expires: Wed, Feb 11, 6:19 AM (21 m, 59 s)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28640027
Default Alt Text: D8753.id34424.diff (17 KB)

D8753.id34424.diffNo OneTemporaryActions

D8753.id34424.diffView Options

File Metadata

Event Timeline

D8753.id34424.diff
No OneTemporary
Actions

D8753.id34424.diff
View Options