Revision: 16961
http://projects.blender.org/plugins/scmsvn/viewcvs.php?view=rev&root=bf-blender&revision=16961
Author: eof
Date: 2008-10-07 19:13:35 +0200 (Tue, 07 Oct 2008)
Log Message:
-----------
WebPlugin
fix:
* web plugin works on opera too
sandboxing:
* added AppArmor configuration
* enabled privilege separation for the web plugin: the blender player can run
as a lower privileged user, xauth token is generated on the fly .
testing:
* web plugin tested on ubuntu 32/64bit, fedora and FreeBSD
Changed only cmake build script: AppArmor is enabled by default, if you want to
enable privilege separation instead, you have to change the cmake variable
WEBPLUGIN_SANDBOX_MODE to privsep (or none to
disable it).
Warning: source/gameengine/GamePlayer/xembed/blenderplayer-wrapper.c must be
setuid root in order to change user successfully
Modified Paths:
--------------
trunk/blender/CMakeLists.txt
trunk/blender/source/gameengine/GamePlayer/netscape/test/resource/test.html
trunk/blender/source/gameengine/GamePlayer/xembed/CMakeLists.txt
trunk/blender/source/gameengine/GamePlayer/xembed/UnixShell.c
Added Paths:
-----------
trunk/blender/source/gameengine/GamePlayer/xembed/apparmor/
trunk/blender/source/gameengine/GamePlayer/xembed/apparmor/README
trunk/blender/source/gameengine/GamePlayer/xembed/apparmor/usr.bin.blenderplayer-web
trunk/blender/source/gameengine/GamePlayer/xembed/blenderplayer-wrapper.c
Modified: trunk/blender/CMakeLists.txt
===================================================================
--- trunk/blender/CMakeLists.txt 2008-10-07 15:01:44 UTC (rev 16960)
+++ trunk/blender/CMakeLists.txt 2008-10-07 17:13:35 UTC (rev 16961)
@@ -64,7 +64,7 @@
OPTION(WITH_FFMPEG "Enable FFMPeg Support
(http://ffmpeg.mplayerhq.hu/)" OFF)
OPTION(WITH_OPENAL "Enable OpenAL Support (http://www.openal.org)"
ON)
OPTION(WITH_OPENMP "Enable OpenMP (has to be supported by the
compiler)" OFF)
-OPTION(WITH_WEBPLUGIN "Enable Web Plugin (Mozilla-Unix only)"
OFF)
+OPTION(WITH_WEBPLUGIN "Enable Web Plugin (Unix only)"
OFF)
IF(NOT WITH_GAMEENGINE AND WITH_PLAYER)
MESSAGE("WARNING: WITH_PLAYER needs WITH_GAMEENGINE")
@@ -429,6 +429,17 @@
#-----------------------------------------------------------------------------
+# Blender WebPlugin
+
+IF(WITH_WEBPLUGIN)
+ SET(GECKO_DIR "${CMAKE_SOURCE_DIR}/../gecko-sdk/" CACHE PATH "Gecko SDK
path")
+ SET(WEBPLUGIN_SANDBOX_MODE "apparmor" CACHE STRING "WEB Plugin sandbox mode,
can be apparmor, privsep, none")
+
+ SET(WITH_PLAYER ON)
+ENDIF(WITH_WEBPLUGIN)
+
+
+#-----------------------------------------------------------------------------
# Configure OpenGL.
INCLUDE(${CMAKE_ROOT}/Modules/FindOpenGL.cmake)
INCLUDE_DIRECTORIES(${OPENGL_INCLUDE_DIR})
@@ -457,12 +468,6 @@
# Blender Application
SUBDIRS(source/creator)
-#-----------------------------------------------------------------------------
-# Blender WebPlugin
-IF(WITH_WEBPLUGIN)
- SET(MOZILLA_DIR "${CMAKE_SOURCE_DIR}/../gecko-sdk/" CACHE PATH "Gecko SDK
path")
- SET(WITH_PLAYER ON)
-ENDIF(WITH_WEBPLUGIN)
#-----------------------------------------------------------------------------
# Blender Player
Modified:
trunk/blender/source/gameengine/GamePlayer/netscape/test/resource/test.html
===================================================================
--- trunk/blender/source/gameengine/GamePlayer/netscape/test/resource/test.html
2008-10-07 15:01:44 UTC (rev 16960)
+++ trunk/blender/source/gameengine/GamePlayer/netscape/test/resource/test.html
2008-10-07 17:13:35 UTC (rev 16961)
@@ -6,12 +6,7 @@
width="800" height="600" >
</object>
-<object
data="../../../../../../../demo/graphics-demos-2.43-preview1/VertexWave.blend"
type="application/x-blender-plugin"
- width="800" height="100" >
-</object>
-
-
-The above should cause the template plugin to get active. It wants a
-mime/.blend file.
+<br/>
+The above should cause the template plugin to get active.
<HR>
</HTML>
Modified: trunk/blender/source/gameengine/GamePlayer/xembed/CMakeLists.txt
===================================================================
--- trunk/blender/source/gameengine/GamePlayer/xembed/CMakeLists.txt
2008-10-07 15:01:44 UTC (rev 16960)
+++ trunk/blender/source/gameengine/GamePlayer/xembed/CMakeLists.txt
2008-10-07 17:13:35 UTC (rev 16961)
@@ -1,44 +1,59 @@
-# $Id$
-# ***** BEGIN GPL/BL DUAL LICENSE BLOCK *****
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version. The Blender
-# Foundation also sells licenses for use in proprietary software under
-# the Blender License. See http://www.blender.org/BL/ for information
-# about this.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation,
-# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# The Original Code is Copyright (C) 2006, Blender Foundation
-# All rights reserved.
-#
-# The Original Code is: none
-#
-# Contributor(s): Enrico Fracasso.
-#
-# ***** END GPL/BL DUAL LICENSE BLOCK *****
-
-MESSAGE(STATUS "Configuring WebPlugin - Gecko (XEmbed version)")
-
-SET(LIBRARY_OUTPUT_PATH ${CMAKE_BINARY_DIR}/webplugin)
-
-SET(INC
- ${MOZILLA_DIR}/include/
-)
-
-SET(SRC
- npunix.c
- UnixShell.c
-)
-
-INCLUDE_DIRECTORIES(${INC})
-ADD_LIBRARY(blender_plugin SHARED ${SRC} )
+# $Id$
+# ***** BEGIN GPL/BL DUAL LICENSE BLOCK *****
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version. The Blender
+# Foundation also sells licenses for use in proprietary software under
+# the Blender License. See http://www.blender.org/BL/ for information
+# about this.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# The Original Code is Copyright (C) 2006, Blender Foundation
+# All rights reserved.
+#
+# The Original Code is: none
+#
+# Contributor(s): Enrico Fracasso.
+#
+# ***** END GPL/BL DUAL LICENSE BLOCK *****
+
+MESSAGE(STATUS "Configuring WebPlugin")
+
+# Enable build flag
+STRING(TOUPPER ${WEBPLUGIN_SANDBOX_MODE} WEBPLUGIN_SANDBOX_MODE_UPPER)
+
+IF (WEBPLUGIN_SANDBOX_MODE_UPPER STREQUAL "APPARMOR")
+ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWITH_APPARMOR ")
+ENDIF (WEBPLUGIN_SANDBOX_MODE_UPPER STREQUAL "APPARMOR")
+
+IF (WEBPLUGIN_SANDBOX_MODE_UPPER STREQUAL "PRIVSEP")
+ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWITH_PRIVSEP ")
+ ADD_EXECUTABLE(blenderplayer-wrapper blenderplayer-wrapper.c)
+ENDIF (WEBPLUGIN_SANDBOX_MODE_UPPER STREQUAL "PRIVSEP")
+
+# set output path
+SET(LIBRARY_OUTPUT_PATH ${CMAKE_BINARY_DIR}/webplugin)
+
+SET(INC
+ ${GECKO_DIR}/include/
+)
+
+SET(SRC
+ npunix.c
+ UnixShell.c
+)
+
+INCLUDE_DIRECTORIES(${INC})
+ADD_LIBRARY(blender_plugin SHARED ${SRC} )
+
+
Modified: trunk/blender/source/gameengine/GamePlayer/xembed/UnixShell.c
===================================================================
--- trunk/blender/source/gameengine/GamePlayer/xembed/UnixShell.c
2008-10-07 15:01:44 UTC (rev 16960)
+++ trunk/blender/source/gameengine/GamePlayer/xembed/UnixShell.c
2008-10-07 17:13:35 UTC (rev 16961)
@@ -57,12 +57,15 @@
#include "blender_plugin_types.h"
+#include <signal.h>
+
/* --------------------------------------------------------------------- */
/** If defined: write to the plugin log file */
+#ifndef NDEBUG
#define NZC_GENERATE_LOG
+#endif
-
int32 STREAMBUFSIZE;
/** Generate a log file. */
@@ -70,6 +73,9 @@
log_entry(char* msg);
+void
+execute_blenderplayer(BlenderPluginInstance*);
+
/* --------------------------------------------------------------------- */
/* Implementations: */
/* --------------------------------------------------------------------- */
@@ -225,16 +231,20 @@
if (This != NULL) {
if (This->pID != 0) {
- kill(This->pID, 9);
+#ifdef WITH_PRIVSEP
+ kill(This->pID, SIGTERM);
+#else
+ kill(This->pID, SIGKILL); //if I have to kill
blenderplayer directly I need to send SIGKILL
+#endif
wait(This->pID);
unlink(This->temp_mail_file_name);
}
// sometimes FF doesn't delete it's own window...
//printf("%s \n", NPN_UserAgent(instance));
- if (This->display != NULL && This->window != 0)
+ /*if (This->display != NULL && This->window != 0)
XDestroyWindow(This->display, This->window);
-
+ */
if (This->blend_file) NPN_MemFree(This->blend_file);
if (This->temp_mail_file_name)
NPN_MemFree(This->temp_mail_file_name);
if (This->main_file_store) NPN_MemFree(This->main_file_store);
@@ -300,9 +310,12 @@
This = (BlenderPluginInstance*) instance->pdata;
+ if (!This)
+ return NPERR_INVALID_INSTANCE_ERROR;
+
printf("Loading main file %s (%s)\n", stream->url, type);
if ( strcmp(type,"text/html") == 0 ) // original HTML file
- return;
+ return NPERR_NO_ERROR;
This->stream_total = stream->end;
This->stream_retrieved = 0;
@@ -316,6 +329,7 @@
This->main_file_stream = stream;
return NPERR_NO_ERROR;
+
}
@@ -345,9 +359,14 @@
log_entry("NPP_WriteReady");
- if (instance != NULL)
- This = (BlenderPluginInstance*) instance->pdata;
+ if (instance == NULL)
+ return NPERR_INVALID_INSTANCE_ERROR;
+ This = (BlenderPluginInstance*) instance->pdata;
+
+ if (This == NULL)
+ return NPERR_INVALID_INSTANCE_ERROR;
+
/* Check whether buffers already exist: */
if ((This->main_file_stream && This->main_file_store)) {
@@ -372,70 +391,38 @@
int accepted = 0;
log_entry("NPP_Write");
+
+ if (instance == NULL)
+ return NPERR_INVALID_INSTANCE_ERROR;
This = (BlenderPluginInstance*) instance->pdata;
-
- if (instance != NULL)
- {
- if (stream == This->main_file_stream) {
- log_entry("NPP_Write: loading main_file_stream");
- memcpy(((unsigned char*)This->main_file_store) +
This->stream_retrieved, buffer, len);
- accepted = len;
- This->stream_retrieved += len;
- if (This->stream_retrieved >= This->stream_total) {
- fflush(stderr);
- log_entry("NPP_Write: main_file_stream
loaded");
+ if (This == NULL)
+ return NPERR_INVALID_INSTANCE_ERROR;
- char file_name[] = "/tmp/blender.XXXXXX";
-
- int fd = mkstemp(file_name);
- ssize_t real_size = write(fd,
This->main_file_store, This->stream_retrieved);
- close(fd);
+
+ if (stream == This->main_file_stream) {
+ log_entry("NPP_Write: loading main_file_stream");
+ memcpy(((unsigned char*)This->main_file_store) +
This->stream_retrieved, buffer, len);
+ accepted = len;
+ This->stream_retrieved += len;
+ if (This->stream_retrieved >= This->stream_total) {
+ log_entry("NPP_Write: main_file_stream loaded");
+ execute_blenderplayer(This);
+ }
+ } else {
+ /* the stream ref wasn't set yet..*/
+ log_entry("NPP_Write: not main stream");
+ log_entry(stream->url);
- This->temp_mail_file_name =
NPN_MemAlloc(strlen(file_name) + 1);
- strcpy(This->temp_mail_file_name, file_name);
-
- This->pID = fork();
- //XSelectInput(This->display , This->window,
SubstructureNotifyMask);
@@ Diff output truncated at 10240 characters. @@
_______________________________________________
Bf-blender-cvs mailing list
[email protected]
http://lists.blender.org/mailman/listinfo/bf-blender-cvs
