Convert casperd(8) daemon to the libcasper.

After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277

1 files changed, 30 insertions, 33 deletions

diff --git a/contrib/tcpdump/tcpdump.c b/contrib/tcpdump/tcpdump.c
index ed3ce5e..bc0c5ee 100644
--- a/contrib/tcpdump/tcpdump.c
+++ b/contrib/tcpdump/tcpdump.c
@@ -87,17 +87,16 @@ extern int SIZE_BUF;
 #include <sys/capsicum.h>
 #include <sys/sysctl.h>
 #endif /* __FreeBSD__ */
-#ifdef HAVE_CAPSICUM
-#include <libcapsicum.h>
-#include <libcapsicum_dns.h>
-#include <libcapsicum_service.h>
+#ifdef HAVE_CAPSPER
+#include <libcasper.h>
+#include <casper/cap_dns.h>
 #include <sys/nv.h>
 #include <sys/capability.h>
 #include <sys/ioccom.h>
 #include <net/bpf.h>
 #include <fcntl.h>
 #include <libgen.h>
-#endif	/* HAVE_CAPSICUM */
+#endif	/* HAVE_CAPSPER */
 #include <pcap.h>
 #include <signal.h>
 #include <stdio.h>
@@ -161,7 +160,7 @@ static int infoprint;
 
 char *program_name;
 
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 cap_channel_t *capdns;
 #endif
 
@@ -485,7 +484,7 @@ struct dump_info {
 	char	*CurrentFileName;
 	pcap_t	*pd;
 	pcap_dumper_t *p;
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 	int	dirfd;
 #endif
 };
@@ -909,7 +908,7 @@ get_next_file(FILE *VFile, char *ptr)
 	return ret;
 }
 
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 static cap_channel_t *
 capdns_setup(void)
 {
@@ -918,10 +917,8 @@ capdns_setup(void)
 	int families[2];
 
 	capcas = cap_init();
-	if (capcas == NULL) {
-		warning("unable to contact casperd");
-		return (NULL);
-	}
+	if (capcas == NULL)
+		error("unable to create casper process");
 	capdnsloc = cap_service_open(capcas, "system.dns");
 	/* Casper capability no longer needed. */
 	cap_close(capcas);
@@ -938,7 +935,7 @@ capdns_setup(void)
 
 	return (capdnsloc);
 }
-#endif	/* HAVE_CAPSICUM */
+#endif	/* HAVE_CAPSPER */
 
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
 static int
@@ -970,7 +967,7 @@ tstamp_precision_to_string(int precision)
 }
 #endif
 
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 /*
  * Ensure that, on a dump file's descriptor, we have all the rights
  * necessary to make the standard I/O library work with an fdopen()ed
@@ -1070,9 +1067,9 @@ main(int argc, char **argv)
 #endif
 	int status;
 	FILE *VFile;
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 	cap_rights_t rights;
-#endif	/* HAVE_CAPSICUM */
+#endif	/* HAVE_CAPSPER */
 	int cansandbox;
 
 #ifdef WIN32
@@ -1613,7 +1610,7 @@ main(int argc, char **argv)
 
 		if (pd == NULL)
 			error("%s", ebuf);
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 		cap_rights_init(&rights, CAP_READ);
 		if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 &&
 		    errno != ENOSYS) {
@@ -1850,10 +1847,10 @@ main(int argc, char **argv)
 		exit(0);
 	}
 
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 	if (!nflag)
 		capdns = capdns_setup();
-#endif	/* HAVE_CAPSICUM */
+#endif	/* HAVE_CAPSPER */
 
 	init_addrtoname(gndo, localnet, netmask);
         init_checksum();
@@ -1921,7 +1918,7 @@ main(int argc, char **argv)
 
 	if (pcap_setfilter(pd, &fcode) < 0)
 		error("%s", pcap_geterr(pd));
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 	if (RFileName == NULL && VFileName == NULL) {
 		static const unsigned long cmds[] = { BIOCGSTATS };
 
@@ -1971,11 +1968,11 @@ main(int argc, char **argv)
 #endif /* HAVE_LIBCAP_NG */
 		if (p == NULL)
 			error("%s", pcap_geterr(pd));
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 		set_dumper_capsicum_rights(p);
 #endif
 		if (Cflag != 0 || Gflag != 0) {
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 			dumpinfo.WFileName = strdup(basename(WFileName));
 			dumpinfo.dirfd = open(dirname(WFileName),
 			    O_DIRECTORY | O_RDONLY);
@@ -1993,7 +1990,7 @@ main(int argc, char **argv)
 			    errno != ENOSYS) {
 				error("unable to limit dump descriptor fcntls");
 			}
-#else	/* !HAVE_CAPSICUM */
+#else	/* !HAVE_CAPSPER */
 			dumpinfo.WFileName = WFileName;
 #endif
 			callback = dump_packet_and_trunc;
@@ -2069,7 +2066,7 @@ main(int argc, char **argv)
 
 #ifdef __FreeBSD__
 	cansandbox = (VFileName == NULL && zflag == NULL);
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 	cansandbox = (cansandbox && (nflag || capdns != NULL));
 #else
 	cansandbox = (cansandbox && nflag);
@@ -2125,7 +2122,7 @@ main(int argc, char **argv)
 				pd = pcap_open_offline(RFileName, ebuf);
 				if (pd == NULL)
 					error("%s", ebuf);
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 				cap_rights_init(&rights, CAP_READ);
 				if (cap_rights_limit(fileno(pcap_file(pd)),
 				    &rights) < 0 && errno != ENOSYS) {
@@ -2328,7 +2325,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
 
 		/* If the time is greater than the specified window, rotate */
 		if (t - Gflag_time >= Gflag) {
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 			FILE *fp;
 			int fd;
 #endif
@@ -2386,7 +2383,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
 			capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
 			capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 			fd = openat(dump_info->dirfd,
 			    dump_info->CurrentFileName,
 			    O_CREAT | O_WRONLY | O_TRUNC, 0644);
@@ -2400,7 +2397,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
 				    dump_info->CurrentFileName);
 			}
 			dump_info->p = pcap_dump_fopen(dump_info->pd, fp);
-#else	/* !HAVE_CAPSICUM */
+#else	/* !HAVE_CAPSPER */
 			dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
 #endif
 #ifdef HAVE_LIBCAP_NG
@@ -2409,7 +2406,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
 #endif /* HAVE_LIBCAP_NG */
 			if (dump_info->p == NULL)
 				error("%s", pcap_geterr(pd));
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 			set_dumper_capsicum_rights(dump_info->p);
 #endif
 		}
@@ -2426,7 +2423,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
 		if (size == -1)
 			error("ftell fails on output file");
 		if (size > Cflag) {
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 			FILE *fp;
 			int fd;
 #endif
@@ -2458,7 +2455,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
 			capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
 			capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 			fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
 			    O_CREAT | O_WRONLY | O_TRUNC, 0644);
 			if (fd < 0) {
@@ -2471,7 +2468,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
 				    dump_info->CurrentFileName);
 			}
 			dump_info->p = pcap_dump_fopen(dump_info->pd, fp);
-#else	/* !HAVE_CAPSICUM */
+#else	/* !HAVE_CAPSPER */
 			dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
 #endif
 #ifdef HAVE_LIBCAP_NG
@@ -2480,7 +2477,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
 #endif /* HAVE_LIBCAP_NG */
 			if (dump_info->p == NULL)
 				error("%s", pcap_geterr(pd));
-#ifdef HAVE_CAPSICUM
+#ifdef HAVE_CAPSPER
 			set_dumper_capsicum_rights(dump_info->p);
 #endif
 		}