[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [16961] trunk/blender: WebPlugin

Enrico Fracasso enrico.fracasso at email.it
Tue Oct 7 19:13:35 CEST 2008 

Revision: 16961
          http://projects.blender.org/plugins/scmsvn/viewcvs.php?view=rev&root=bf-blender&revision=16961
Author:   eof
Date:     2008-10-07 19:13:35 +0200 (Tue, 07 Oct 2008)

Log Message:
-----------
WebPlugin
fix:
* web plugin works on opera too

sandboxing:
* added AppArmor configuration
* enabled privilege separation for the web plugin: the blender player can run as a lower privileged user, xauth token is generated on the fly .

testing:
* web plugin tested on ubuntu 32/64bit, fedora and FreeBSD

Changed only cmake build script: AppArmor is enabled by default, if you want to enable privilege separation instead, you have to change the cmake variable WEBPLUGIN_SANDBOX_MODE to privsep (or none to 
disable it).

Warning: source/gameengine/GamePlayer/xembed/blenderplayer-wrapper.c must be setuid root in order to change user successfully

Modified Paths:
--------------
    trunk/blender/CMakeLists.txt
    trunk/blender/source/gameengine/GamePlayer/netscape/test/resource/test.html
    trunk/blender/source/gameengine/GamePlayer/xembed/CMakeLists.txt
    trunk/blender/source/gameengine/GamePlayer/xembed/UnixShell.c

Added Paths:
-----------
    trunk/blender/source/gameengine/GamePlayer/xembed/apparmor/
    trunk/blender/source/gameengine/GamePlayer/xembed/apparmor/README
    trunk/blender/source/gameengine/GamePlayer/xembed/apparmor/usr.bin.blenderplayer-web
    trunk/blender/source/gameengine/GamePlayer/xembed/blenderplayer-wrapper.c

Modified: trunk/blender/CMakeLists.txt
===================================================================
--- trunk/blender/CMakeLists.txt	2008-10-07 15:01:44 UTC (rev 16960)
+++ trunk/blender/CMakeLists.txt	2008-10-07 17:13:35 UTC (rev 16961)
@@ -64,7 +64,7 @@
 OPTION(WITH_FFMPEG		"Enable FFMPeg Support (http://ffmpeg.mplayerhq.hu/)"	OFF)
 OPTION(WITH_OPENAL		"Enable OpenAL Support (http://www.openal.org)"		ON)
 OPTION(WITH_OPENMP		"Enable OpenMP (has to be supported by the compiler)"	OFF)
-OPTION(WITH_WEBPLUGIN		"Enable Web Plugin (Mozilla-Unix only)"			OFF)
+OPTION(WITH_WEBPLUGIN		"Enable Web Plugin (Unix only)"				OFF)
 
 IF(NOT WITH_GAMEENGINE AND WITH_PLAYER)
   MESSAGE("WARNING: WITH_PLAYER needs WITH_GAMEENGINE")
@@ -429,6 +429,17 @@
 
 
 #-----------------------------------------------------------------------------
+# Blender WebPlugin
+
+IF(WITH_WEBPLUGIN) 
+  SET(GECKO_DIR "${CMAKE_SOURCE_DIR}/../gecko-sdk/" CACHE PATH "Gecko SDK path")
+  SET(WEBPLUGIN_SANDBOX_MODE "apparmor" CACHE STRING "WEB Plugin sandbox mode, can be apparmor, privsep, none")
+
+  SET(WITH_PLAYER ON)
+ENDIF(WITH_WEBPLUGIN)
+
+
+#-----------------------------------------------------------------------------
 # Configure OpenGL.
 INCLUDE(${CMAKE_ROOT}/Modules/FindOpenGL.cmake)
 INCLUDE_DIRECTORIES(${OPENGL_INCLUDE_DIR})
@@ -457,12 +468,6 @@
 # Blender Application
 SUBDIRS(source/creator)
 
-#-----------------------------------------------------------------------------
-# Blender WebPlugin
-IF(WITH_WEBPLUGIN) 
-  SET(MOZILLA_DIR "${CMAKE_SOURCE_DIR}/../gecko-sdk/" CACHE PATH "Gecko SDK path")
-  SET(WITH_PLAYER ON)
-ENDIF(WITH_WEBPLUGIN)
 
 #-----------------------------------------------------------------------------
 # Blender Player

Modified: trunk/blender/source/gameengine/GamePlayer/netscape/test/resource/test.html
===================================================================
--- trunk/blender/source/gameengine/GamePlayer/netscape/test/resource/test.html	2008-10-07 15:01:44 UTC (rev 16960)
+++ trunk/blender/source/gameengine/GamePlayer/netscape/test/resource/test.html	2008-10-07 17:13:35 UTC (rev 16961)
@@ -6,12 +6,7 @@
         width="800" height="600" >
 </object>
 
-<object data="../../../../../../../demo/graphics-demos-2.43-preview1/VertexWave.blend" type="application/x-blender-plugin" 
-        width="800" height="100" >
-</object>
-
-
-The above should cause the template plugin to get active. It wants a
-mime/.blend file.
+<br/>
+The above should cause the template plugin to get active. 
 <HR>
 </HTML>

Modified: trunk/blender/source/gameengine/GamePlayer/xembed/CMakeLists.txt
===================================================================
--- trunk/blender/source/gameengine/GamePlayer/xembed/CMakeLists.txt	2008-10-07 15:01:44 UTC (rev 16960)
+++ trunk/blender/source/gameengine/GamePlayer/xembed/CMakeLists.txt	2008-10-07 17:13:35 UTC (rev 16961)
@@ -1,44 +1,59 @@
-# $Id$
-# ***** BEGIN GPL/BL DUAL LICENSE BLOCK *****
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version. The Blender
-# Foundation also sells licenses for use in proprietary software under
-# the Blender License.  See http://www.blender.org/BL/ for information
-# about this.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation,
-# Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-#
-# The Original Code is Copyright (C) 2006, Blender Foundation
-# All rights reserved.
-#
-# The Original Code is: none
-#
-# Contributor(s): Enrico Fracasso.
-#
-# ***** END GPL/BL DUAL LICENSE BLOCK *****
-
-MESSAGE(STATUS "Configuring WebPlugin - Gecko (XEmbed version)")
-
-SET(LIBRARY_OUTPUT_PATH  ${CMAKE_BINARY_DIR}/webplugin)
-
-SET(INC
-	${MOZILLA_DIR}/include/
-)
-
-SET(SRC 
-	npunix.c 
-	UnixShell.c 
-)
-
-INCLUDE_DIRECTORIES(${INC})
-ADD_LIBRARY(blender_plugin SHARED ${SRC} )
+# $Id$
+# ***** BEGIN GPL/BL DUAL LICENSE BLOCK *****
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version. The Blender
+# Foundation also sells licenses for use in proprietary software under
+# the Blender License.  See http://www.blender.org/BL/ for information
+# about this.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+# The Original Code is Copyright (C) 2006, Blender Foundation
+# All rights reserved.
+#
+# The Original Code is: none
+#
+# Contributor(s): Enrico Fracasso.
+#
+# ***** END GPL/BL DUAL LICENSE BLOCK *****
+
+MESSAGE(STATUS "Configuring WebPlugin")
+
+# Enable build flag
+STRING(TOUPPER ${WEBPLUGIN_SANDBOX_MODE} WEBPLUGIN_SANDBOX_MODE_UPPER)
+
+IF (WEBPLUGIN_SANDBOX_MODE_UPPER STREQUAL "APPARMOR")
+  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWITH_APPARMOR ")
+ENDIF (WEBPLUGIN_SANDBOX_MODE_UPPER STREQUAL "APPARMOR")
+
+IF (WEBPLUGIN_SANDBOX_MODE_UPPER STREQUAL "PRIVSEP")
+  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWITH_PRIVSEP ")
+  ADD_EXECUTABLE(blenderplayer-wrapper blenderplayer-wrapper.c)
+ENDIF (WEBPLUGIN_SANDBOX_MODE_UPPER STREQUAL "PRIVSEP")
+
+# set output path
+SET(LIBRARY_OUTPUT_PATH  ${CMAKE_BINARY_DIR}/webplugin)
+
+SET(INC
+	${GECKO_DIR}/include/
+)
+
+SET(SRC 
+	npunix.c 
+	UnixShell.c 
+)
+
+INCLUDE_DIRECTORIES(${INC})
+ADD_LIBRARY(blender_plugin SHARED ${SRC} )
+
+

Modified: trunk/blender/source/gameengine/GamePlayer/xembed/UnixShell.c
===================================================================
--- trunk/blender/source/gameengine/GamePlayer/xembed/UnixShell.c	2008-10-07 15:01:44 UTC (rev 16960)
+++ trunk/blender/source/gameengine/GamePlayer/xembed/UnixShell.c	2008-10-07 17:13:35 UTC (rev 16961)
@@ -57,12 +57,15 @@
 
 #include "blender_plugin_types.h"
 
+#include <signal.h>
+
 /* --------------------------------------------------------------------- */
 
 /** If defined: write to the plugin log file */
+#ifndef NDEBUG
 #define NZC_GENERATE_LOG
+#endif
 
-
 int32 STREAMBUFSIZE;
 
 /** Generate a log file. */
@@ -70,6 +73,9 @@
 log_entry(char* msg);
 
 
+void
+execute_blenderplayer(BlenderPluginInstance*);
+
 /* --------------------------------------------------------------------- */
 /* Implementations:                                                      */
 /* --------------------------------------------------------------------- */
@@ -225,16 +231,20 @@
 	if (This != NULL) {
 
 		if (This->pID != 0) {
-			kill(This->pID, 9);
+#ifdef WITH_PRIVSEP
+			kill(This->pID, SIGTERM);
+#else 
+			kill(This->pID, SIGKILL); //if I have to kill blenderplayer directly I need to send SIGKILL
+#endif
 			wait(This->pID);
 			unlink(This->temp_mail_file_name);
 		}
 
 		// sometimes FF doesn't delete it's own window...
 		//printf("%s \n", NPN_UserAgent(instance));
-		if (This->display != NULL && This->window != 0)
+		/*if (This->display != NULL && This->window != 0)
 			XDestroyWindow(This->display, This->window);
-		
+		*/
 		if (This->blend_file) NPN_MemFree(This->blend_file);
 		if (This->temp_mail_file_name) NPN_MemFree(This->temp_mail_file_name);
 		if (This->main_file_store) NPN_MemFree(This->main_file_store);
@@ -300,9 +310,12 @@
 
 	This = (BlenderPluginInstance*) instance->pdata;
 
+	if (!This) 
+		return NPERR_INVALID_INSTANCE_ERROR;
+
 	printf("Loading main file %s (%s)\n", stream->url, type);
 	if ( strcmp(type,"text/html") == 0 ) // original HTML file 
-		return;
+		return NPERR_NO_ERROR;
 	
 	This->stream_total = stream->end;
 	This->stream_retrieved = 0;
@@ -316,6 +329,7 @@
 	This->main_file_stream = stream;
 
 	return NPERR_NO_ERROR;
+		
 }
 
 
@@ -345,9 +359,14 @@
 	
  	log_entry("NPP_WriteReady"); 
 
-	if (instance != NULL)
-		This = (BlenderPluginInstance*) instance->pdata;
+	if (instance == NULL)	
+		return NPERR_INVALID_INSTANCE_ERROR;
 
+	This = (BlenderPluginInstance*) instance->pdata;
+
+	if (This == NULL)	
+		return NPERR_INVALID_INSTANCE_ERROR;
+
 	/* Check whether buffers already exist: */
 
 	if ((This->main_file_stream && This->main_file_store)) {
@@ -372,70 +391,38 @@
 	int accepted = 0;
 	
  	log_entry("NPP_Write"); 
+
+	if (instance == NULL)	
+		return NPERR_INVALID_INSTANCE_ERROR;
 	
 	This = (BlenderPluginInstance*) instance->pdata;
-	
-	if (instance != NULL)
-	{
-		if (stream == This->main_file_stream) {
-			log_entry("NPP_Write: loading main_file_stream"); 
-			memcpy(((unsigned char*)This->main_file_store) + This->stream_retrieved, buffer, len);
-			accepted = len;
-			This->stream_retrieved += len;
-			if (This->stream_retrieved >= This->stream_total) {
 
-				fflush(stderr);
-				log_entry("NPP_Write: main_file_stream loaded"); 
+	if (This == NULL)	
+		return NPERR_INVALID_INSTANCE_ERROR;
 
-				char file_name[] = "/tmp/blender.XXXXXX";
-				
-				int fd = mkstemp(file_name);
-				ssize_t real_size = write(fd, This->main_file_store, This->stream_retrieved);
-				close(fd);
+	
+	if (stream == This->main_file_stream) {
+		log_entry("NPP_Write: loading main_file_stream"); 
+		memcpy(((unsigned char*)This->main_file_store) + This->stream_retrieved, buffer, len);
+		accepted = len;
+		This->stream_retrieved += len;
+		if (This->stream_retrieved >= This->stream_total) {
+			log_entry("NPP_Write: main_file_stream loaded"); 
+			execute_blenderplayer(This);
+		}
+	} else {
+		/* the stream ref wasn't set yet..*/
+		log_entry("NPP_Write: not main stream"); 
+		log_entry(stream->url);
 
-				This->temp_mail_file_name = NPN_MemAlloc(strlen(file_name) + 1);
-				strcpy(This->temp_mail_file_name, file_name);
-
-				This->pID = fork();
-				//XSelectInput(This->display , This->window, SubstructureNotifyMask);

@@ Diff output truncated at 10240 characters. @@

More information about the Bf-blender-cvs mailing list