ksgi

1
/*	$Id$ */
2
/*
3
 * Copyright (c) 2012, 2014, 2015, 2018 Kristaps Dzonsons <kristaps@bsd.lv>
4
 *
5
 * Permission to use, copy, modify, and distribute this software for any
6
 * purpose with or without fee is hereby granted, provided that the above
7
 * copyright notice and this permission notice appear in all copies.
8
 *
9
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
 */
17
#include "config.h"
18

19
#if !HAVE_PLEDGE
20
# if !HAVE_SECCOMP_FILTER
21
#  if !HAVE_CAPSICUM
22
#   if !HAVE_SANDBOX_INIT
23
#    warning Compiling without a sandbox!?
24
#   endif
25
#  endif
26
# endif
27
#endif
28

29
#include <stdarg.h>
30
#include <stdio.h>
31
#include <stdint.h>
32
#include <stdlib.h>
33

34
#include "kcgi.h"
35
#include "extern.h"
36

37
/*
38
 * Initialise the child context of a sandbox.
39
 * Each sandbox will want to do something here to make sure that the
40
 * child context is sandboxed properly.
41
 * This function depends on "type": if SAND_WORKER, we set fd1 to be the
42
 * descriptor between the child and the application; if fd2 isn't -1,
43
 * it's the FastCGI control connection (fdfiled and fdaccept should be
44
 * ignored in SAND_WORKER case).
45
 * If not SAND_WORKER, we're the control process in a FastCGI context:
46
 * fd1 is the control connection; fd2 is -1; fdaccept, if not -1, is the
47
 * old-style FastCGI socket; fdfiled, if not -1, is the new-style
48
 * transport descriptor interface.
49
 * Whew!
50
 */
51
int
52
ksandbox_init_child(enum sandtype type, 
53
	int fd1, int fd2, int fdfiled, int fdaccept)
54
{
55
#if HAVE_CAPSICUM
56
	if (!ksandbox_capsicum_init_child
57
	    (type, fd1, fd2, fdfiled, fdaccept))
58
		return 0;
59
#elif HAVE_SANDBOX_INIT
60
	if (!ksandbox_darwin_init_child(type))
61
		return 0;
62
#elif HAVE_PLEDGE
63
	if (!ksandbox_pledge_init_child(type))
64
		return 0;
65
#elif HAVE_SECCOMP_FILTER
66
	if (!ksandbox_seccomp_init_child(type))
67
		return 0;
68
#endif
69

70
	return 1;
71
}
72