commit 49f9c4924e54b55c34050a2ce1053f7cd78eeaf5 Author: Nick Mathewson nickm@torproject.org Date: Mon Sep 9 15:59:41 2013 -0400
Fix compilation on OSX --- src/common/address.c | 2 +- src/common/sandbox.c | 77 +++++++++++++++++++++++++++++++++++++++++++++----- src/common/sandbox.h | 34 +++++++++++++++++----- 3 files changed, 98 insertions(+), 15 deletions(-)
diff --git a/src/common/address.c b/src/common/address.c index f9647b9..945e5e7 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -235,7 +235,7 @@ tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr) memset(&hints, 0, sizeof(hints)); hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; - err = sandbox_getaddrinfo(name, &hints, &res); + err = sandbox_getaddrinfo(name, NULL, &hints, &res); if (!err) { best = NULL; for (res_p = res; res_p; res_p = res_p->ai_next) { diff --git a/src/common/sandbox.c b/src/common/sandbox.c index a5bc892..0eb27bc 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -26,10 +26,6 @@ #include "util.h" #include "tor_queue.h"
-#if defined(HAVE_SECCOMP_H) && defined(__linux__) -#define USE_LIBSECCOMP -#endif - #define DEBUGGING_CLOSE
#if defined(USE_LIBSECCOMP) @@ -1083,11 +1079,15 @@ sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...) }
int -sandbox_getaddrinfo(const char *name, const struct addrinfo *hints, - struct addrinfo **res) +sandbox_getaddrinfo(const char *name, const char *servname, + const struct addrinfo *hints, + struct addrinfo **res) { sb_addr_info_t *el;
+ if (servname != NULL) + return -1; + *res = NULL;
for (el = sb_addr_info; el; el = el->next) { @@ -1386,21 +1386,24 @@ sandbox_cfg_new(void) }
int -sandbox_init(sandbox_cfg_t* cfg) +sandbox_init(sandbox_cfg_t *cfg) { #if defined(USE_LIBSECCOMP) return initialise_libseccomp_sandbox(cfg);
#elif defined(_WIN32) + (void)cfg; log_warn(LD_BUG,"Windows sandboxing is not implemented. The feature is " "currently disabled."); return 0;
#elif defined(TARGET_OS_MAC) + (void)cfg; log_warn(LD_BUG,"Mac OSX sandboxing is not implemented. The feature is " "currently disabled"); return 0; #else + (void)cfg; log_warn(LD_BUG,"Sandboxing is not implemented for your platform. The " "feature is currently disabled"); return 0; @@ -1417,3 +1420,63 @@ sandbox_set_debugging_fd(int fd) #endif }
+#ifndef USE_LIBSECCOMP +int +sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file, + int fr) +{ + (void)cfg; (void)file; (void)fr; + return 0; +} + +int +sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...) +{ + (void)cfg; + return 0; +} + +int +sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file, + int fr) +{ + (void)cfg; (void)file; (void)fr; + return 0; +} + +int +sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...) +{ + (void)cfg; + return 0; +} + +int +sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com) +{ + (void)cfg; (void)com; + return 0; +} + +int +sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...) +{ + (void)cfg; + return 0; +} + +int +sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file, + int fr) +{ + (void)cfg; (void)file; (void)fr; + return 0; +} + +int +sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...) +{ + (void)cfg; + return 0; +} +#endif diff --git a/src/common/sandbox.h b/src/common/sandbox.h index a1434ce..07c34a4 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -12,6 +12,9 @@ #ifndef SANDBOX_H_ #define SANDBOX_H_
+#include "orconfig.h" +#include "torint.h" + #ifndef SYS_SECCOMP
/** @@ -22,12 +25,15 @@
#endif
-#include "torint.h" +#if defined(HAVE_SECCOMP_H) && defined(__linux__) +#define USE_LIBSECCOMP +#endif +
/** * Linux definitions */ -#ifdef __linux__ +#ifdef USE_LIBSECCOMP
#ifndef __USE_GNU #define __USE_GNU @@ -80,8 +86,6 @@ struct sandbox_cfg_elem { /** Next element of the configuration*/ struct sandbox_cfg_elem *next; }; -/** Typedef to structure used to manage a sandbox configuration. */ -typedef struct sandbox_cfg_elem sandbox_cfg_t;
/** * Structure used for keeping a linked list of getaddrinfo pre-recorded @@ -127,22 +131,38 @@ typedef struct {
#endif
-#endif // __linux__ +#endif // USE_LIBSECCOMP + +/** Typedef to structure used to manage a sandbox configuration. */ +typedef struct sandbox_cfg_elem sandbox_cfg_t;
+#ifdef USE_LIBSECCOMP /** Pre-calls getaddrinfo in order to pre-record result. */ int sandbox_add_addrinfo(const char *addr);
+struct addrinfo; /** Replacement for getaddrinfo(), using pre-recorded results. */ -int sandbox_getaddrinfo(const char *name, const struct addrinfo *hints, - struct addrinfo **res); +int sandbox_getaddrinfo(const char *name, const char *servname, + const struct addrinfo *hints, + struct addrinfo **res); +#else +#define sandbox_getaddrinfo(name, servname, hints, res) \ + getaddrinfo((name),(servname), (hints),(res)) +#define sandbox_add_addrinfo(name) \ + ((void)(name)) +#endif
/** Use <b>fd</b> to log non-survivable sandbox violations. */ void sandbox_set_debugging_fd(int fd);
+#ifdef USE_LIBSECCOMP /** Returns a registered protected string used with the sandbox, given that * it matches the parameter. */ const char* sandbox_intern_string(const char *param); +#else +#define sandbox_intern_string(s) (s) +#endif
/** Creates an empty sandbox configuration file.*/ sandbox_cfg_t * sandbox_cfg_new(void);