Cross Reference: /freebsd-10.2-release/usr.sbin/jail/command.c

Deleted Added

sdiff udiff text old ( 216367 ) new ( 223188 )

full compact

command.c (216367)	command.c (223188)
1/- 2 Copyright (c) 2010 James Gritton 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h>	1/- 2 Copyright (c) 2010 James Gritton 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/command.c 216367 2010-12-10 23:57:55Z jamie $");	28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/command.c 223188 2011-06-17 16:06:13Z jamie $");
29 30#include <sys/types.h> 31#include <sys/event.h> 32#include <sys/mount.h> 33#include <sys/stat.h> 34#include <sys/sysctl.h> 35#include <sys/user.h> 36#include <sys/wait.h> 37 38#include <err.h> 39#include <errno.h> 40#include <fcntl.h> 41#include <kvm.h> 42#include <login_cap.h> 43#include <paths.h> 44#include <pwd.h> 45#include <signal.h> 46#include <stdio.h> 47#include <stdlib.h> 48#include <string.h> 49#include <unistd.h> 50 51#include "jailp.h" 52 53#define COMSTRING_DUMMY ((struct cfstring )1) 54#define DEFAULT_STOP_TIMEOUT 10 55#define PHASH_SIZE 256 56 57LIST_HEAD(phhead, phash); 58 59struct phash { 60 LIST_ENTRY(phash) le; 61 struct cfjail j; 62 pid_t pid; 63}; 64 65int paralimit = -1; 66 67extern char *environ; 68 69static int get_user_info(struct cfjail j, const char username, 70 const struct passwd pwdp, login_cap_t lcapp); 71static void add_proc(struct cfjail j, pid_t pid); 72static void clear_procs(struct cfjail j); 73static struct cfjail find_proc(pid_t pid); 74static int term_procs(struct cfjail j); 75static int check_path(struct cfjail j, const char pname, const char path, 76 int isfile, const char umount_type); 77 78static struct cfjails sleeping = TAILQ_HEAD_INITIALIZER(sleeping); 79static struct cfjails runnable = TAILQ_HEAD_INITIALIZER(runnable); 80static struct phhead phash[PHASH_SIZE]; 81static int kq; 82 83/ 84 * Run a command associated with a jail, possibly inside the jail. 85 / 86int 87run_command(struct cfjail j, enum intparam comparam) 88{ 89 const struct passwd pwd; 90 struct cfstring comstring, s; 91 login_cap_t lcap; 92 char *argv; 93 char cs, addr, comcs, devpath; 94 const char jidstr, conslog, path, ruleset, term, username; 95 size_t comlen; 96 pid_t pid; 97 int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout; 98 99 static char cleanenv; 100 101 if (comparam) { 102 switch (comparam) { 103 case IP_MOUNT_DEVFS: 104 if (!bool_param(j->intparams[IP_MOUNT_DEVFS])) 105 return 0; 106 /* FALLTHROUGH / 107* case IP_STOP_TIMEOUT: 108 j->comstring = COMSTRING_DUMMY; 109 break; 110 default: 111 if (j->intparams[comparam] == NULL) 112 return 0; 113 j->comstring =	29 30#include <sys/types.h> 31#include <sys/event.h> 32#include <sys/mount.h> 33#include <sys/stat.h> 34#include <sys/sysctl.h> 35#include <sys/user.h> 36#include <sys/wait.h> 37 38#include <err.h> 39#include <errno.h> 40#include <fcntl.h> 41#include <kvm.h> 42#include <login_cap.h> 43#include <paths.h> 44#include <pwd.h> 45#include <signal.h> 46#include <stdio.h> 47#include <stdlib.h> 48#include <string.h> 49#include <unistd.h> 50 51#include "jailp.h" 52 53#define COMSTRING_DUMMY ((struct cfstring )1) 54#define DEFAULT_STOP_TIMEOUT 10 55#define PHASH_SIZE 256 56 57LIST_HEAD(phhead, phash); 58 59struct phash { 60 LIST_ENTRY(phash) le; 61 struct cfjail j; 62 pid_t pid; 63}; 64 65int paralimit = -1; 66 67extern char *environ; 68 69static int get_user_info(struct cfjail j, const char username, 70 const struct passwd pwdp, login_cap_t lcapp); 71static void add_proc(struct cfjail j, pid_t pid); 72static void clear_procs(struct cfjail j); 73static struct cfjail find_proc(pid_t pid); 74static int term_procs(struct cfjail j); 75static int check_path(struct cfjail j, const char pname, const char path, 76 int isfile, const char umount_type); 77 78static struct cfjails sleeping = TAILQ_HEAD_INITIALIZER(sleeping); 79static struct cfjails runnable = TAILQ_HEAD_INITIALIZER(runnable); 80static struct phhead phash[PHASH_SIZE]; 81static int kq; 82 83/ 84 * Run a command associated with a jail, possibly inside the jail. 85 / 86int 87run_command(struct cfjail j, enum intparam comparam) 88{ 89 const struct passwd pwd; 90 struct cfstring comstring, s; 91 login_cap_t lcap; 92 char *argv; 93 char cs, addr, comcs, devpath; 94 const char jidstr, conslog, path, ruleset, term, username; 95 size_t comlen; 96 pid_t pid; 97 int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout; 98 99 static char cleanenv; 100 101 if (comparam) { 102 switch (comparam) { 103 case IP_MOUNT_DEVFS: 104 if (!bool_param(j->intparams[IP_MOUNT_DEVFS])) 105 return 0; 106 /* FALLTHROUGH / 107* case IP_STOP_TIMEOUT: 108 j->comstring = COMSTRING_DUMMY; 109 break; 110 default: 111 if (j->intparams[comparam] == NULL) 112 return 0; 113 j->comstring =
114 STAILQ_FIRST(&j->intparams[comparam]->val);	114 TAILQ_FIRST(&j->intparams[comparam]->val);
115 } 116 j->comparam = comparam; 117 } else 118 comparam = j->comparam; 119 next_comstring: 120 comstring = j->comstring; 121 if (comstring == NULL) 122 return 0; 123 if (paralimit == 0) { 124 requeue(j, &runnable); 125 return 1; 126 } 127 j->comstring =	115 } 116 j->comparam = comparam; 117 } else 118 comparam = j->comparam; 119 next_comstring: 120 comstring = j->comstring; 121 if (comstring == NULL) 122 return 0; 123 if (paralimit == 0) { 124 requeue(j, &runnable); 125 return 1; 126 } 127 j->comstring =
128 comstring == COMSTRING_DUMMY ? NULL : STAILQ_NEXT(comstring, tq);	128 comstring == COMSTRING_DUMMY ? NULL : TAILQ_NEXT(comstring, tq);
129 if (comstring != COMSTRING_DUMMY && comstring->len == 0) 130 goto next_comstring; 131 /* 132 * Collect exec arguments. Internal commands for network and 133 * mounting build their own argument lists. 134 / 135* bg = j->flags & JF_FAILED; 136 down = j->flags & (JF_STOP \| JF_FAILED); 137 switch (comparam) { 138 case IP_STOP_TIMEOUT: 139 /* This isn't really a command / 140* return term_procs(j); 141 142 case IP__IP4_IFADDR: 143 argv = alloca(8 * sizeof(char )); 144* (const char )&argv[0] = _PATH_IFCONFIG; 145* if ((cs = strchr(comstring->s, '\|'))) { 146 argv[1] = alloca(cs - comstring->s + 1); 147 strlcpy(argv[1], comstring->s, cs - comstring->s + 1); 148 addr = cs + 1; 149 } else { 150 (const char )&argv[1] = 151* string_param(j->intparams[IP_INTERFACE]); 152 addr = comstring->s; 153 } 154 (const char )&argv[2] = "inet"; 155* if (!(cs = strchr(addr, '/'))) { 156 argv[3] = addr; 157 (const char )&argv[4] = "netmask"; 158* (const char )&argv[5] = "255.255.255.255"; 159* argc = 6; 160 } else if (strchr(cs + 1, '.')) { 161 argv[3] = alloca(cs - addr + 1); 162 strlcpy(argv[3], addr, cs - addr + 1); 163 (const char )&argv[4] = "netmask"; 164* (const char )&argv[5] = cs + 1; 165* argc = 6; 166 } else { 167 argv[3] = addr; 168 argc = 4; 169 } 170 (const char )&argv[argc] = down ? "-alias" : "alias"; 171* argv[argc + 1] = NULL; 172 j->flags \|= JF_IFUP; 173 break; 174 175#ifdef INET6 176 case IP__IP6_IFADDR: 177 argv = alloca(8 * sizeof(char )); 178* (const char )&argv[0] = _PATH_IFCONFIG; 179* if ((cs = strchr(comstring->s, '\|'))) { 180 argv[1] = alloca(cs - comstring->s + 1); 181 strlcpy(argv[1], comstring->s, cs - comstring->s + 1); 182 addr = cs + 1; 183 } else { 184 (const char )&argv[1] = 185* string_param(j->intparams[IP_INTERFACE]); 186 addr = comstring->s; 187 } 188 (const char )&argv[2] = "inet6"; 189* argv[3] = addr; 190 if (!(cs = strchr(addr, '/'))) { 191 (const char )&argv[4] = "prefixlen"; 192* (const char )&argv[5] = "128"; 193* argc = 6; 194 } else 195 argc = 4; 196 (const char )&argv[argc] = down ? "-alias" : "alias"; 197* argv[argc + 1] = NULL; 198 j->flags \|= JF_IFUP; 199 break; 200#endif 201 202 case IP_VNET_INTERFACE: 203 argv = alloca(5 * sizeof(char )); 204* (const char )&argv[0] = _PATH_IFCONFIG; 205* argv[1] = comstring->s; 206 (const char )&argv[2] = down ? "-vnet" : "vnet"; 207* jidstr = string_param(j->intparams[KP_JID]); 208 (const char )&argv[3] = 209* jidstr ? jidstr : string_param(j->intparams[KP_NAME]); 210 argv[4] = NULL; 211 j->flags \|= JF_IFUP; 212 break; 213 214 case IP_MOUNT: 215 case IP__MOUNT_FROM_FSTAB: 216 argv = alloca(8 * sizeof(char )); 217* comcs = alloca(comstring->len + 1); 218 strcpy(comcs, comstring->s); 219 argc = 0; 220 for (cs = strtok(comcs, " \t\f\v\r\n"); cs && argc < 4; 221 cs = strtok(NULL, " \t\f\v\r\n")) 222 argv[argc++] = cs; 223 if (argc == 0) 224 goto next_comstring; 225 if (argc < 3) { 226 jail_warnx(j, "%s: %s: missing information", 227 j->intparams[comparam]->name, comstring->s); 228 failed(j); 229 return -1; 230 } 231 if (check_path(j, j->intparams[comparam]->name, argv[1], 0, 232 down ? argv[2] : NULL) < 0) { 233 failed(j); 234 return -1; 235 } 236 if (down) { 237 argv[4] = NULL; 238 argv[3] = argv[1]; 239 (const char )&argv[0] = "/sbin/umount"; 240* } else { 241 if (argc == 4) { 242 argv[7] = NULL; 243 argv[6] = argv[1]; 244 argv[5] = argv[0]; 245 argv[4] = argv[3]; 246 (const char )&argv[3] = "-o"; 247* } else { 248 argv[5] = NULL; 249 argv[4] = argv[1]; 250 argv[3] = argv[0]; 251 } 252 (const char )&argv[0] = _PATH_MOUNT; 253* } 254 (const char )&argv[1] = "-t"; 255* j->flags \|= JF_MOUNTED; 256 break; 257 258 case IP_MOUNT_DEVFS: 259 path = string_param(j->intparams[KP_PATH]); 260 if (path == NULL) { 261 jail_warnx(j, "mount.devfs: no path"); 262 failed(j); 263 return -1; 264 } 265 devpath = alloca(strlen(path) + 5); 266 sprintf(devpath, "%s/dev", path); 267 if (check_path(j, "mount.devfs", devpath, 0, 268 down ? "devfs" : NULL) < 0) { 269 failed(j); 270 return -1; 271 } 272 if (down) { 273 argv = alloca(3 * sizeof(char )); 274* (const char )&argv[0] = "/sbin/umount"; 275* argv[1] = devpath; 276 argv[2] = NULL; 277 } else { 278 argv = alloca(4 * sizeof(char )); 279* (const char )&argv[0] = _PATH_BSHELL; 280* (const char )&argv[1] = "-c"; 281* ruleset = string_param(j->intparams 282 [IP_MOUNT_DEVFS_RULESET]); 283 argv[2] = alloca(strlen(path) + 284 (ruleset ? strlen(ruleset) + 1 : 0) + 56); 285 sprintf(argv[2], ". /etc/rc.subr; load_rc_config .; " 286 "devfs_mount_jail %s/dev%s%s", path, 287 ruleset ? " " : "", ruleset ? ruleset : ""); 288 argv[3] = NULL; 289 } 290 j->flags \|= JF_MOUNTED; 291 break; 292 293 case IP_COMMAND: 294 if (j->name != NULL) 295 goto default_command; 296 argc = 0;	129 if (comstring != COMSTRING_DUMMY && comstring->len == 0) 130 goto next_comstring; 131 /* 132 * Collect exec arguments. Internal commands for network and 133 * mounting build their own argument lists. 134 / 135* bg = j->flags & JF_FAILED; 136 down = j->flags & (JF_STOP \| JF_FAILED); 137 switch (comparam) { 138 case IP_STOP_TIMEOUT: 139 /* This isn't really a command / 140* return term_procs(j); 141 142 case IP__IP4_IFADDR: 143 argv = alloca(8 * sizeof(char )); 144* (const char )&argv[0] = _PATH_IFCONFIG; 145* if ((cs = strchr(comstring->s, '\|'))) { 146 argv[1] = alloca(cs - comstring->s + 1); 147 strlcpy(argv[1], comstring->s, cs - comstring->s + 1); 148 addr = cs + 1; 149 } else { 150 (const char )&argv[1] = 151* string_param(j->intparams[IP_INTERFACE]); 152 addr = comstring->s; 153 } 154 (const char )&argv[2] = "inet"; 155* if (!(cs = strchr(addr, '/'))) { 156 argv[3] = addr; 157 (const char )&argv[4] = "netmask"; 158* (const char )&argv[5] = "255.255.255.255"; 159* argc = 6; 160 } else if (strchr(cs + 1, '.')) { 161 argv[3] = alloca(cs - addr + 1); 162 strlcpy(argv[3], addr, cs - addr + 1); 163 (const char )&argv[4] = "netmask"; 164* (const char )&argv[5] = cs + 1; 165* argc = 6; 166 } else { 167 argv[3] = addr; 168 argc = 4; 169 } 170 (const char )&argv[argc] = down ? "-alias" : "alias"; 171* argv[argc + 1] = NULL; 172 j->flags \|= JF_IFUP; 173 break; 174 175#ifdef INET6 176 case IP__IP6_IFADDR: 177 argv = alloca(8 * sizeof(char )); 178* (const char )&argv[0] = _PATH_IFCONFIG; 179* if ((cs = strchr(comstring->s, '\|'))) { 180 argv[1] = alloca(cs - comstring->s + 1); 181 strlcpy(argv[1], comstring->s, cs - comstring->s + 1); 182 addr = cs + 1; 183 } else { 184 (const char )&argv[1] = 185* string_param(j->intparams[IP_INTERFACE]); 186 addr = comstring->s; 187 } 188 (const char )&argv[2] = "inet6"; 189* argv[3] = addr; 190 if (!(cs = strchr(addr, '/'))) { 191 (const char )&argv[4] = "prefixlen"; 192* (const char )&argv[5] = "128"; 193* argc = 6; 194 } else 195 argc = 4; 196 (const char )&argv[argc] = down ? "-alias" : "alias"; 197* argv[argc + 1] = NULL; 198 j->flags \|= JF_IFUP; 199 break; 200#endif 201 202 case IP_VNET_INTERFACE: 203 argv = alloca(5 * sizeof(char )); 204* (const char )&argv[0] = _PATH_IFCONFIG; 205* argv[1] = comstring->s; 206 (const char )&argv[2] = down ? "-vnet" : "vnet"; 207* jidstr = string_param(j->intparams[KP_JID]); 208 (const char )&argv[3] = 209* jidstr ? jidstr : string_param(j->intparams[KP_NAME]); 210 argv[4] = NULL; 211 j->flags \|= JF_IFUP; 212 break; 213 214 case IP_MOUNT: 215 case IP__MOUNT_FROM_FSTAB: 216 argv = alloca(8 * sizeof(char )); 217* comcs = alloca(comstring->len + 1); 218 strcpy(comcs, comstring->s); 219 argc = 0; 220 for (cs = strtok(comcs, " \t\f\v\r\n"); cs && argc < 4; 221 cs = strtok(NULL, " \t\f\v\r\n")) 222 argv[argc++] = cs; 223 if (argc == 0) 224 goto next_comstring; 225 if (argc < 3) { 226 jail_warnx(j, "%s: %s: missing information", 227 j->intparams[comparam]->name, comstring->s); 228 failed(j); 229 return -1; 230 } 231 if (check_path(j, j->intparams[comparam]->name, argv[1], 0, 232 down ? argv[2] : NULL) < 0) { 233 failed(j); 234 return -1; 235 } 236 if (down) { 237 argv[4] = NULL; 238 argv[3] = argv[1]; 239 (const char )&argv[0] = "/sbin/umount"; 240* } else { 241 if (argc == 4) { 242 argv[7] = NULL; 243 argv[6] = argv[1]; 244 argv[5] = argv[0]; 245 argv[4] = argv[3]; 246 (const char )&argv[3] = "-o"; 247* } else { 248 argv[5] = NULL; 249 argv[4] = argv[1]; 250 argv[3] = argv[0]; 251 } 252 (const char )&argv[0] = _PATH_MOUNT; 253* } 254 (const char )&argv[1] = "-t"; 255* j->flags \|= JF_MOUNTED; 256 break; 257 258 case IP_MOUNT_DEVFS: 259 path = string_param(j->intparams[KP_PATH]); 260 if (path == NULL) { 261 jail_warnx(j, "mount.devfs: no path"); 262 failed(j); 263 return -1; 264 } 265 devpath = alloca(strlen(path) + 5); 266 sprintf(devpath, "%s/dev", path); 267 if (check_path(j, "mount.devfs", devpath, 0, 268 down ? "devfs" : NULL) < 0) { 269 failed(j); 270 return -1; 271 } 272 if (down) { 273 argv = alloca(3 * sizeof(char )); 274* (const char )&argv[0] = "/sbin/umount"; 275* argv[1] = devpath; 276 argv[2] = NULL; 277 } else { 278 argv = alloca(4 * sizeof(char )); 279* (const char )&argv[0] = _PATH_BSHELL; 280* (const char )&argv[1] = "-c"; 281* ruleset = string_param(j->intparams 282 [IP_MOUNT_DEVFS_RULESET]); 283 argv[2] = alloca(strlen(path) + 284 (ruleset ? strlen(ruleset) + 1 : 0) + 56); 285 sprintf(argv[2], ". /etc/rc.subr; load_rc_config .; " 286 "devfs_mount_jail %s/dev%s%s", path, 287 ruleset ? " " : "", ruleset ? ruleset : ""); 288 argv[3] = NULL; 289 } 290 j->flags \|= JF_MOUNTED; 291 break; 292 293 case IP_COMMAND: 294 if (j->name != NULL) 295 goto default_command; 296 argc = 0;
297 STAILQ_FOREACH(s, &j->intparams[IP_COMMAND]->val, tq)	297 TAILQ_FOREACH(s, &j->intparams[IP_COMMAND]->val, tq)
298 argc++; 299 argv = alloca((argc + 1) * sizeof(char )); 300* argc = 0;	298 argc++; 299 argv = alloca((argc + 1) * sizeof(char )); 300* argc = 0;
301 STAILQ_FOREACH(s, &j->intparams[IP_COMMAND]->val, tq)	301 TAILQ_FOREACH(s, &j->intparams[IP_COMMAND]->val, tq)
302 argv[argc++] = s->s; 303 argv[argc] = NULL; 304 j->comstring = NULL; 305 break; 306 307 default: 308 default_command: 309 if ((cs = strpbrk(comstring->s, "!\"$&'();<>?[\\]`{\|}~")) && 310* !(cs[0] == '&' && cs[1] == '\0')) { 311 argv = alloca(4 * sizeof(char )); 312* (const char )&argv[0] = _PATH_BSHELL; 313* (const char )&argv[1] = "-c"; 314* argv[2] = comstring->s; 315 argv[3] = NULL; 316 } else { 317 if (cs) { 318 cs = 0; 319* bg = 1; 320 } 321 comcs = alloca(comstring->len + 1); 322 strcpy(comcs, comstring->s); 323 argc = 0; 324 for (cs = strtok(comcs, " \t\f\v\r\n"); cs; 325 cs = strtok(NULL, " \t\f\v\r\n")) 326 argc++; 327 argv = alloca((argc + 1) * sizeof(char )); 328* strcpy(comcs, comstring->s); 329 argc = 0; 330 for (cs = strtok(comcs, " \t\f\v\r\n"); cs; 331 cs = strtok(NULL, " \t\f\v\r\n")) 332 argv[argc++] = cs; 333 argv[argc] = NULL; 334 } 335 } 336 337 if (argv[0] == NULL) 338 goto next_comstring; 339 if (int_param(j->intparams[IP_EXEC_TIMEOUT], &timeout) && 340 timeout != 0) { 341 clock_gettime(CLOCK_REALTIME, &j->timeout); 342 j->timeout.tv_sec += timeout; 343 } else 344 j->timeout.tv_sec = 0; 345 346 injail = comparam == IP_EXEC_START \|\| comparam == IP_COMMAND \|\| 347 comparam == IP_EXEC_STOP; 348 clean = bool_param(j->intparams[IP_EXEC_CLEAN]); 349 username = string_param(j->intparams[injail 350 ? IP_EXEC_JAIL_USER : IP_EXEC_SYSTEM_USER]); 351 sjuser = bool_param(j->intparams[IP_EXEC_SYSTEM_JAIL_USER]); 352 353 consfd = 0; 354 if (injail && 355 (conslog = string_param(j->intparams[IP_EXEC_CONSOLELOG]))) { 356 if (check_path(j, "exec.consolelog", conslog, 1, NULL) < 0) { 357 failed(j); 358 return -1; 359 } 360 consfd = 361 open(conslog, O_WRONLY \| O_CREAT \| O_APPEND, DEFFILEMODE); 362 if (consfd < 0) { 363 jail_warnx(j, "open %s: %s", conslog, strerror(errno)); 364 failed(j); 365 return -1; 366 } 367 } 368 369 comlen = 0; 370 for (i = 0; argv[i]; i++) 371 comlen += strlen(argv[i]) + 1; 372 j->comline = cs = emalloc(comlen); 373 for (i = 0; argv[i]; i++) { 374 strcpy(cs, argv[i]); 375 if (argv[i + 1]) { 376 cs += strlen(argv[i]) + 1; 377 cs[-1] = ' '; 378 } 379 } 380 if (verbose > 0) 381 jail_note(j, "run command%s%s%s: %s\n", 382 injail ? " in jail" : "", username ? " as " : "", 383 username ? username : "", j->comline); 384 385 pid = fork(); 386 if (pid < 0) 387 err(1, "fork"); 388 if (pid > 0) { 389 if (bg) { 390 free(j->comline); 391 j->comline = NULL; 392 requeue(j, &ready); 393 } else { 394 paralimit--; 395 add_proc(j, pid); 396 } 397 return 1; 398 } 399 if (bg) 400 setsid(); 401 402 pwd = NULL; 403 lcap = NULL; 404 if ((clean \|\| username) && injail && sjuser && 405 get_user_info(j, username, &pwd, &lcap) < 0) 406 exit(1); 407 if (injail) { 408 /* jail_attach won't chdir along with its chroot. / 409* path = string_param(j->intparams[KP_PATH]); 410 if (path && chdir(path) < 0) { 411 jail_warnx(j, "chdir %s: %s", path, strerror(errno)); 412 exit(1); 413 } 414 if (int_param(j->intparams[IP_EXEC_FIB], &fib) && 415 setfib(fib) < 0) { 416 jail_warnx(j, "setfib: %s", strerror(errno)); 417 exit(1); 418 } 419 if (jail_attach(j->jid) < 0) { 420 jail_warnx(j, "jail_attach: %s", strerror(errno)); 421 exit(1); 422 } 423 } 424 if (clean \|\| username) { 425 if (!(injail && sjuser) && 426 get_user_info(j, username, &pwd, &lcap) < 0) 427 exit(1); 428 if (clean) { 429 term = getenv("TERM"); 430 environ = &cleanenv; 431 setenv("PATH", "/bin:/usr/bin", 0); 432 setenv("TERM", term, 1); 433 } 434 if (setusercontext(lcap, pwd, pwd->pw_uid, username 435 ? LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN 436 : LOGIN_SETPATH \| LOGIN_SETENV) < 0) { 437 jail_warnx(j, "setusercontext %s: %s", pwd->pw_name, 438 strerror(errno)); 439 exit(1); 440 } 441 login_close(lcap); 442 setenv("USER", pwd->pw_name, 1); 443 setenv("HOME", pwd->pw_dir, 1); 444 setenv("SHELL", 445 pwd->pw_shell ? pwd->pw_shell : _PATH_BSHELL, 1); 446* if (clean && chdir(pwd->pw_dir) < 0) { 447 jail_warnx(j, "chdir %s: %s", 448 pwd->pw_dir, strerror(errno)); 449 exit(1); 450 } 451 endpwent(); 452 } 453 454 if (consfd != 0 && (dup2(consfd, 1) < 0 \|\| dup2(consfd, 2) < 0)) { 455 jail_warnx(j, "exec.consolelog: %s", strerror(errno)); 456 exit(1); 457 } 458 closefrom(3); 459 execvp(argv[0], argv); 460 jail_warnx(j, "exec %s: %s", argv[0], strerror(errno)); 461 exit(1); 462} 463 464/* 465 * Check command exit status 466 / 467int 468finish_command(struct cfjail j) 469{ 470 int error; 471 472 if (!(j->flags & JF_SLEEPQ)) 473 return 0; 474 j->flags &= ~JF_SLEEPQ; 475 if (j->comparam != IP_STOP_TIMEOUT) { 476 paralimit++; 477 if (!TAILQ_EMPTY(&runnable)) 478 requeue(TAILQ_FIRST(&runnable), &ready); 479 } 480 error = 0; 481 if (j->flags & JF_TIMEOUT) { 482 j->flags &= ~JF_TIMEOUT; 483 if (j->comparam != IP_STOP_TIMEOUT) { 484 jail_warnx(j, "%s: timed out", j->comline); 485 failed(j); 486 error = -1; 487 } else if (verbose > 0) 488 jail_note(j, "timed out\n"); 489 } else if (j->pstatus != 0) { 490 if (WIFSIGNALED(j->pstatus)) 491 jail_warnx(j, "%s: exited on signal %d", 492 j->comline, WTERMSIG(j->pstatus)); 493 else 494 jail_warnx(j, "%s: failed", j->comline); 495 j->pstatus = 0; 496 failed(j); 497 error = -1; 498 } 499 free(j->comline); 500 j->comline = NULL; 501 return error; 502} 503 504/* 505 * Check for finished processed or timeouts. 506 / 507struct cfjail 508next_proc(int nonblock) 509{ 510 struct kevent ke; 511 struct timespec ts; 512 struct timespec tsp; 513* struct cfjail j; 514* 515 if (!TAILQ_EMPTY(&sleeping)) { 516 again: 517 tsp = NULL; 518 if ((j = TAILQ_FIRST(&sleeping)) && j->timeout.tv_sec) { 519 clock_gettime(CLOCK_REALTIME, &ts); 520 ts.tv_sec = j->timeout.tv_sec - ts.tv_sec; 521 ts.tv_nsec = j->timeout.tv_nsec - ts.tv_nsec; 522 if (ts.tv_nsec < 0) { 523 ts.tv_sec--; 524 ts.tv_nsec += 1000000000; 525 } 526 if (ts.tv_sec < 0 \|\| 527 (ts.tv_sec == 0 && ts.tv_nsec == 0)) { 528 j->flags \|= JF_TIMEOUT; 529 clear_procs(j); 530 return j; 531 } 532 tsp = &ts; 533 } 534 if (nonblock) { 535 ts.tv_sec = 0; 536 ts.tv_nsec = 0; 537 tsp = &ts; 538 } 539 switch (kevent(kq, NULL, 0, &ke, 1, tsp)) { 540 case -1: 541 if (errno != EINTR) 542 err(1, "kevent"); 543 goto again; 544 case 0: 545 if (!nonblock) { 546 j = TAILQ_FIRST(&sleeping); 547 j->flags \|= JF_TIMEOUT; 548 clear_procs(j); 549 return j; 550 } 551 break; 552 case 1: 553 (void)waitpid(ke.ident, NULL, WNOHANG); 554 if ((j = find_proc(ke.ident))) { 555 j->pstatus = ke.data; 556 return j; 557 } 558 goto again; 559 } 560 } 561 return NULL; 562} 563 564/* 565 * Add a process to the hash, tied to a jail. 566 / 567static void 568add_proc(struct cfjail j, pid_t pid) 569{ 570 struct kevent ke; 571 struct cfjail tj; 572* struct phash ph; 573* 574 if (!kq && (kq = kqueue()) < 0) 575 err(1, "kqueue"); 576 EV_SET(&ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, NULL); 577 if (kevent(kq, &ke, 1, NULL, 0, NULL) < 0) 578 err(1, "kevent"); 579 ph = emalloc(sizeof(struct phash)); 580 ph->j = j; 581 ph->pid = pid; 582 LIST_INSERT_HEAD(&phash[pid % PHASH_SIZE], ph, le); 583 j->nprocs++; 584 j->flags \|= JF_SLEEPQ; 585 if (j->timeout.tv_sec == 0) 586 requeue(j, &sleeping); 587 else { 588 /* File the jail in the sleep queue acording to its timeout. / 589* TAILQ_REMOVE(j->queue, j, tq); 590 TAILQ_FOREACH(tj, &sleeping, tq) { 591 if (!tj->timeout.tv_sec \|\| 592 j->timeout.tv_sec < tj->timeout.tv_sec \|\| 593 (j->timeout.tv_sec == tj->timeout.tv_sec && 594 j->timeout.tv_nsec <= tj->timeout.tv_nsec)) { 595 TAILQ_INSERT_BEFORE(tj, j, tq); 596 break; 597 } 598 } 599 if (tj == NULL) 600 TAILQ_INSERT_TAIL(&sleeping, j, tq); 601 j->queue = &sleeping; 602 } 603} 604 605/* 606 * Remove any processes from the hash that correspond to a jail. 607 / 608static void 609clear_procs(struct cfjail j) 610{ 611 struct kevent ke; 612 struct phash ph, tph; 613 int i; 614 615 j->nprocs = 0; 616 for (i = 0; i < PHASH_SIZE; i++) 617 LIST_FOREACH_SAFE(ph, &phash[i], le, tph) 618 if (ph->j == j) { 619 EV_SET(&ke, ph->pid, EVFILT_PROC, EV_DELETE, 620 NOTE_EXIT, 0, NULL); 621 (void)kevent(kq, &ke, 1, NULL, 0, NULL); 622 LIST_REMOVE(ph, le); 623 free(ph); 624 } 625} 626 627/* 628 * Find the jail that corresponds to an exited process. 629 / 630static struct cfjail 631find_proc(pid_t pid) 632{ 633 struct cfjail j; 634* struct phash ph; 635* 636 LIST_FOREACH(ph, &phash[pid % PHASH_SIZE], le) 637 if (ph->pid == pid) { 638 j = ph->j; 639 LIST_REMOVE(ph, le); 640 free(ph); 641 return --j->nprocs ? NULL : j; 642 } 643 return NULL; 644} 645 646/* 647 * Send SIGTERM to all processes in a jail and wait for them to die. 648 / 649static int 650term_procs(struct cfjail j) 651{ 652 struct kinfo_proc ki; 653* int i, noted, pcnt, timeout; 654 655 static kvm_t kd; 656* 657 if (!int_param(j->intparams[IP_STOP_TIMEOUT], &timeout)) 658 timeout = DEFAULT_STOP_TIMEOUT; 659 else if (timeout == 0) 660 return 0; 661 662 if (kd == NULL) { 663 kd = kvm_open(NULL, NULL, NULL, O_RDONLY, "jail"); 664 if (kd == NULL) 665 exit(1); 666 } 667 668 ki = kvm_getprocs(kd, KERN_PROC_PROC, 0, &pcnt); 669 if (ki == NULL) 670 exit(1); 671 noted = 0; 672 for (i = 0; i < pcnt; i++) 673 if (ki[i].ki_jid == j->jid && 674 kill(ki[i].ki_pid, SIGTERM) == 0) { 675 add_proc(j, ki[i].ki_pid); 676 if (verbose > 0) { 677 if (!noted) { 678 noted = 1; 679 jail_note(j, "sent SIGTERM to:"); 680 } 681 printf(" %d", ki[i].ki_pid); 682 } 683 } 684 if (noted) 685 printf("\n"); 686 if (j->nprocs > 0) { 687 clock_gettime(CLOCK_REALTIME, &j->timeout); 688 j->timeout.tv_sec += timeout; 689 return 1; 690 } 691 return 0; 692} 693 694/* 695 * Look up a user in the passwd and login.conf files. 696 / 697static int 698get_user_info(struct cfjail j, const char username, 699* const struct passwd pwdp, login_cap_t lcapp) 700{ 701 const struct passwd pwd; 702* 703 pwdp = pwd = username ? getpwnam(username) : getpwuid(getuid()); 704* if (pwd == NULL) { 705 if (errno) 706 jail_warnx(j, "getpwnam%s%s: %s", username ? " " : "", 707 username ? username : "", strerror(errno)); 708 else if (username) 709 jail_warnx(j, "%s: no such user", username); 710 else 711 jail_warnx(j, "unknown uid %d", getuid()); 712 return -1; 713 } 714 lcapp = login_getpwclass(pwd); 715* if (lcapp == NULL) { 716* jail_warnx(j, "getpwclass %s: %s", pwd->pw_name, 717 strerror(errno)); 718 return -1; 719 } 720 /* Set the groups while the group file is still available / 721* if (initgroups(pwd->pw_name, pwd->pw_gid) < 0) { 722 jail_warnx(j, "initgroups %s: %s", pwd->pw_name, 723 strerror(errno)); 724 return -1; 725 } 726 return 0; 727} 728 729/* 730 * Make sure a mount or consolelog path is a valid absolute pathname 731 * with no symlinks. 732 / 733static int 734check_path(struct cfjail j, const char pname, const char path, int isfile, 735 const char umount_type) 736{ 737* struct stat st, mpst; 738 struct statfs stfs; 739 char tpath, p; 740 const char jailpath; 741* size_t jplen; 742 743 if (path[0] != '/') { 744 jail_warnx(j, "%s: %s: not an absolute pathname", 745 pname, path); 746 return -1; 747 } 748 /* 749 * Only check for symlinks in components below the jail's path, 750 * since that's where the security risk lies. 751 / 752* jailpath = string_param(j->intparams[KP_PATH]); 753 if (jailpath == NULL) 754 jailpath = ""; 755 jplen = strlen(jailpath); 756 if (!strncmp(path, jailpath, jplen) && path[jplen] == '/') { 757 tpath = alloca(strlen(path) + 1); 758 strcpy(tpath, path); 759 for (p = tpath + jplen; p != NULL; ) { 760 p = strchr(p + 1, '/'); 761 if (p) 762 p = '\0'; 763* if (lstat(tpath, &st) < 0) { 764 if (errno == ENOENT && isfile && !p) 765 break; 766 jail_warnx(j, "%s: %s: %s", pname, tpath, 767 strerror(errno)); 768 return -1; 769 } 770 if (S_ISLNK(st.st_mode)) { 771 jail_warnx(j, "%s: %s is a symbolic link", 772 pname, tpath); 773 return -1; 774 } 775 if (p) 776 p = '/'; 777* } 778 } 779 if (umount_type != NULL) { 780 if (stat(path, &st) < 0 \|\| statfs(path, &stfs) < 0) { 781 jail_warnx(j, "%s: %s: %s", pname, path, 782 strerror(errno)); 783 return -1; 784 } 785 if (stat(stfs.f_mntonname, &mpst) < 0) { 786 jail_warnx(j, "%s: %s: %s", pname, stfs.f_mntonname, 787 strerror(errno)); 788 return -1; 789 } 790 if (st.st_ino != mpst.st_ino) { 791 jail_warnx(j, "%s: %s: not a mount point", 792 pname, path); 793 return -1; 794 } 795 if (strcmp(stfs.f_fstypename, umount_type)) { 796 jail_warnx(j, "%s: %s: not a %s mount", 797 pname, path, umount_type); 798 return -1; 799 } 800 } 801 return 0; 802}	302 argv[argc++] = s->s; 303 argv[argc] = NULL; 304 j->comstring = NULL; 305 break; 306 307 default: 308 default_command: 309 if ((cs = strpbrk(comstring->s, "!\"$&'();<>?[\\]`{\|}~")) && 310* !(cs[0] == '&' && cs[1] == '\0')) { 311 argv = alloca(4 * sizeof(char )); 312* (const char )&argv[0] = _PATH_BSHELL; 313* (const char )&argv[1] = "-c"; 314* argv[2] = comstring->s; 315 argv[3] = NULL; 316 } else { 317 if (cs) { 318 cs = 0; 319* bg = 1; 320 } 321 comcs = alloca(comstring->len + 1); 322 strcpy(comcs, comstring->s); 323 argc = 0; 324 for (cs = strtok(comcs, " \t\f\v\r\n"); cs; 325 cs = strtok(NULL, " \t\f\v\r\n")) 326 argc++; 327 argv = alloca((argc + 1) * sizeof(char )); 328* strcpy(comcs, comstring->s); 329 argc = 0; 330 for (cs = strtok(comcs, " \t\f\v\r\n"); cs; 331 cs = strtok(NULL, " \t\f\v\r\n")) 332 argv[argc++] = cs; 333 argv[argc] = NULL; 334 } 335 } 336 337 if (argv[0] == NULL) 338 goto next_comstring; 339 if (int_param(j->intparams[IP_EXEC_TIMEOUT], &timeout) && 340 timeout != 0) { 341 clock_gettime(CLOCK_REALTIME, &j->timeout); 342 j->timeout.tv_sec += timeout; 343 } else 344 j->timeout.tv_sec = 0; 345 346 injail = comparam == IP_EXEC_START \|\| comparam == IP_COMMAND \|\| 347 comparam == IP_EXEC_STOP; 348 clean = bool_param(j->intparams[IP_EXEC_CLEAN]); 349 username = string_param(j->intparams[injail 350 ? IP_EXEC_JAIL_USER : IP_EXEC_SYSTEM_USER]); 351 sjuser = bool_param(j->intparams[IP_EXEC_SYSTEM_JAIL_USER]); 352 353 consfd = 0; 354 if (injail && 355 (conslog = string_param(j->intparams[IP_EXEC_CONSOLELOG]))) { 356 if (check_path(j, "exec.consolelog", conslog, 1, NULL) < 0) { 357 failed(j); 358 return -1; 359 } 360 consfd = 361 open(conslog, O_WRONLY \| O_CREAT \| O_APPEND, DEFFILEMODE); 362 if (consfd < 0) { 363 jail_warnx(j, "open %s: %s", conslog, strerror(errno)); 364 failed(j); 365 return -1; 366 } 367 } 368 369 comlen = 0; 370 for (i = 0; argv[i]; i++) 371 comlen += strlen(argv[i]) + 1; 372 j->comline = cs = emalloc(comlen); 373 for (i = 0; argv[i]; i++) { 374 strcpy(cs, argv[i]); 375 if (argv[i + 1]) { 376 cs += strlen(argv[i]) + 1; 377 cs[-1] = ' '; 378 } 379 } 380 if (verbose > 0) 381 jail_note(j, "run command%s%s%s: %s\n", 382 injail ? " in jail" : "", username ? " as " : "", 383 username ? username : "", j->comline); 384 385 pid = fork(); 386 if (pid < 0) 387 err(1, "fork"); 388 if (pid > 0) { 389 if (bg) { 390 free(j->comline); 391 j->comline = NULL; 392 requeue(j, &ready); 393 } else { 394 paralimit--; 395 add_proc(j, pid); 396 } 397 return 1; 398 } 399 if (bg) 400 setsid(); 401 402 pwd = NULL; 403 lcap = NULL; 404 if ((clean \|\| username) && injail && sjuser && 405 get_user_info(j, username, &pwd, &lcap) < 0) 406 exit(1); 407 if (injail) { 408 /* jail_attach won't chdir along with its chroot. / 409* path = string_param(j->intparams[KP_PATH]); 410 if (path && chdir(path) < 0) { 411 jail_warnx(j, "chdir %s: %s", path, strerror(errno)); 412 exit(1); 413 } 414 if (int_param(j->intparams[IP_EXEC_FIB], &fib) && 415 setfib(fib) < 0) { 416 jail_warnx(j, "setfib: %s", strerror(errno)); 417 exit(1); 418 } 419 if (jail_attach(j->jid) < 0) { 420 jail_warnx(j, "jail_attach: %s", strerror(errno)); 421 exit(1); 422 } 423 } 424 if (clean \|\| username) { 425 if (!(injail && sjuser) && 426 get_user_info(j, username, &pwd, &lcap) < 0) 427 exit(1); 428 if (clean) { 429 term = getenv("TERM"); 430 environ = &cleanenv; 431 setenv("PATH", "/bin:/usr/bin", 0); 432 setenv("TERM", term, 1); 433 } 434 if (setusercontext(lcap, pwd, pwd->pw_uid, username 435 ? LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN 436 : LOGIN_SETPATH \| LOGIN_SETENV) < 0) { 437 jail_warnx(j, "setusercontext %s: %s", pwd->pw_name, 438 strerror(errno)); 439 exit(1); 440 } 441 login_close(lcap); 442 setenv("USER", pwd->pw_name, 1); 443 setenv("HOME", pwd->pw_dir, 1); 444 setenv("SHELL", 445 pwd->pw_shell ? pwd->pw_shell : _PATH_BSHELL, 1); 446* if (clean && chdir(pwd->pw_dir) < 0) { 447 jail_warnx(j, "chdir %s: %s", 448 pwd->pw_dir, strerror(errno)); 449 exit(1); 450 } 451 endpwent(); 452 } 453 454 if (consfd != 0 && (dup2(consfd, 1) < 0 \|\| dup2(consfd, 2) < 0)) { 455 jail_warnx(j, "exec.consolelog: %s", strerror(errno)); 456 exit(1); 457 } 458 closefrom(3); 459 execvp(argv[0], argv); 460 jail_warnx(j, "exec %s: %s", argv[0], strerror(errno)); 461 exit(1); 462} 463 464/* 465 * Check command exit status 466 / 467int 468finish_command(struct cfjail j) 469{ 470 int error; 471 472 if (!(j->flags & JF_SLEEPQ)) 473 return 0; 474 j->flags &= ~JF_SLEEPQ; 475 if (j->comparam != IP_STOP_TIMEOUT) { 476 paralimit++; 477 if (!TAILQ_EMPTY(&runnable)) 478 requeue(TAILQ_FIRST(&runnable), &ready); 479 } 480 error = 0; 481 if (j->flags & JF_TIMEOUT) { 482 j->flags &= ~JF_TIMEOUT; 483 if (j->comparam != IP_STOP_TIMEOUT) { 484 jail_warnx(j, "%s: timed out", j->comline); 485 failed(j); 486 error = -1; 487 } else if (verbose > 0) 488 jail_note(j, "timed out\n"); 489 } else if (j->pstatus != 0) { 490 if (WIFSIGNALED(j->pstatus)) 491 jail_warnx(j, "%s: exited on signal %d", 492 j->comline, WTERMSIG(j->pstatus)); 493 else 494 jail_warnx(j, "%s: failed", j->comline); 495 j->pstatus = 0; 496 failed(j); 497 error = -1; 498 } 499 free(j->comline); 500 j->comline = NULL; 501 return error; 502} 503 504/* 505 * Check for finished processed or timeouts. 506 / 507struct cfjail 508next_proc(int nonblock) 509{ 510 struct kevent ke; 511 struct timespec ts; 512 struct timespec tsp; 513* struct cfjail j; 514* 515 if (!TAILQ_EMPTY(&sleeping)) { 516 again: 517 tsp = NULL; 518 if ((j = TAILQ_FIRST(&sleeping)) && j->timeout.tv_sec) { 519 clock_gettime(CLOCK_REALTIME, &ts); 520 ts.tv_sec = j->timeout.tv_sec - ts.tv_sec; 521 ts.tv_nsec = j->timeout.tv_nsec - ts.tv_nsec; 522 if (ts.tv_nsec < 0) { 523 ts.tv_sec--; 524 ts.tv_nsec += 1000000000; 525 } 526 if (ts.tv_sec < 0 \|\| 527 (ts.tv_sec == 0 && ts.tv_nsec == 0)) { 528 j->flags \|= JF_TIMEOUT; 529 clear_procs(j); 530 return j; 531 } 532 tsp = &ts; 533 } 534 if (nonblock) { 535 ts.tv_sec = 0; 536 ts.tv_nsec = 0; 537 tsp = &ts; 538 } 539 switch (kevent(kq, NULL, 0, &ke, 1, tsp)) { 540 case -1: 541 if (errno != EINTR) 542 err(1, "kevent"); 543 goto again; 544 case 0: 545 if (!nonblock) { 546 j = TAILQ_FIRST(&sleeping); 547 j->flags \|= JF_TIMEOUT; 548 clear_procs(j); 549 return j; 550 } 551 break; 552 case 1: 553 (void)waitpid(ke.ident, NULL, WNOHANG); 554 if ((j = find_proc(ke.ident))) { 555 j->pstatus = ke.data; 556 return j; 557 } 558 goto again; 559 } 560 } 561 return NULL; 562} 563 564/* 565 * Add a process to the hash, tied to a jail. 566 / 567static void 568add_proc(struct cfjail j, pid_t pid) 569{ 570 struct kevent ke; 571 struct cfjail tj; 572* struct phash ph; 573* 574 if (!kq && (kq = kqueue()) < 0) 575 err(1, "kqueue"); 576 EV_SET(&ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, NULL); 577 if (kevent(kq, &ke, 1, NULL, 0, NULL) < 0) 578 err(1, "kevent"); 579 ph = emalloc(sizeof(struct phash)); 580 ph->j = j; 581 ph->pid = pid; 582 LIST_INSERT_HEAD(&phash[pid % PHASH_SIZE], ph, le); 583 j->nprocs++; 584 j->flags \|= JF_SLEEPQ; 585 if (j->timeout.tv_sec == 0) 586 requeue(j, &sleeping); 587 else { 588 /* File the jail in the sleep queue acording to its timeout. / 589* TAILQ_REMOVE(j->queue, j, tq); 590 TAILQ_FOREACH(tj, &sleeping, tq) { 591 if (!tj->timeout.tv_sec \|\| 592 j->timeout.tv_sec < tj->timeout.tv_sec \|\| 593 (j->timeout.tv_sec == tj->timeout.tv_sec && 594 j->timeout.tv_nsec <= tj->timeout.tv_nsec)) { 595 TAILQ_INSERT_BEFORE(tj, j, tq); 596 break; 597 } 598 } 599 if (tj == NULL) 600 TAILQ_INSERT_TAIL(&sleeping, j, tq); 601 j->queue = &sleeping; 602 } 603} 604 605/* 606 * Remove any processes from the hash that correspond to a jail. 607 / 608static void 609clear_procs(struct cfjail j) 610{ 611 struct kevent ke; 612 struct phash ph, tph; 613 int i; 614 615 j->nprocs = 0; 616 for (i = 0; i < PHASH_SIZE; i++) 617 LIST_FOREACH_SAFE(ph, &phash[i], le, tph) 618 if (ph->j == j) { 619 EV_SET(&ke, ph->pid, EVFILT_PROC, EV_DELETE, 620 NOTE_EXIT, 0, NULL); 621 (void)kevent(kq, &ke, 1, NULL, 0, NULL); 622 LIST_REMOVE(ph, le); 623 free(ph); 624 } 625} 626 627/* 628 * Find the jail that corresponds to an exited process. 629 / 630static struct cfjail 631find_proc(pid_t pid) 632{ 633 struct cfjail j; 634* struct phash ph; 635* 636 LIST_FOREACH(ph, &phash[pid % PHASH_SIZE], le) 637 if (ph->pid == pid) { 638 j = ph->j; 639 LIST_REMOVE(ph, le); 640 free(ph); 641 return --j->nprocs ? NULL : j; 642 } 643 return NULL; 644} 645 646/* 647 * Send SIGTERM to all processes in a jail and wait for them to die. 648 / 649static int 650term_procs(struct cfjail j) 651{ 652 struct kinfo_proc ki; 653* int i, noted, pcnt, timeout; 654 655 static kvm_t kd; 656* 657 if (!int_param(j->intparams[IP_STOP_TIMEOUT], &timeout)) 658 timeout = DEFAULT_STOP_TIMEOUT; 659 else if (timeout == 0) 660 return 0; 661 662 if (kd == NULL) { 663 kd = kvm_open(NULL, NULL, NULL, O_RDONLY, "jail"); 664 if (kd == NULL) 665 exit(1); 666 } 667 668 ki = kvm_getprocs(kd, KERN_PROC_PROC, 0, &pcnt); 669 if (ki == NULL) 670 exit(1); 671 noted = 0; 672 for (i = 0; i < pcnt; i++) 673 if (ki[i].ki_jid == j->jid && 674 kill(ki[i].ki_pid, SIGTERM) == 0) { 675 add_proc(j, ki[i].ki_pid); 676 if (verbose > 0) { 677 if (!noted) { 678 noted = 1; 679 jail_note(j, "sent SIGTERM to:"); 680 } 681 printf(" %d", ki[i].ki_pid); 682 } 683 } 684 if (noted) 685 printf("\n"); 686 if (j->nprocs > 0) { 687 clock_gettime(CLOCK_REALTIME, &j->timeout); 688 j->timeout.tv_sec += timeout; 689 return 1; 690 } 691 return 0; 692} 693 694/* 695 * Look up a user in the passwd and login.conf files. 696 / 697static int 698get_user_info(struct cfjail j, const char username, 699* const struct passwd pwdp, login_cap_t lcapp) 700{ 701 const struct passwd pwd; 702* 703 pwdp = pwd = username ? getpwnam(username) : getpwuid(getuid()); 704* if (pwd == NULL) { 705 if (errno) 706 jail_warnx(j, "getpwnam%s%s: %s", username ? " " : "", 707 username ? username : "", strerror(errno)); 708 else if (username) 709 jail_warnx(j, "%s: no such user", username); 710 else 711 jail_warnx(j, "unknown uid %d", getuid()); 712 return -1; 713 } 714 lcapp = login_getpwclass(pwd); 715* if (lcapp == NULL) { 716* jail_warnx(j, "getpwclass %s: %s", pwd->pw_name, 717 strerror(errno)); 718 return -1; 719 } 720 /* Set the groups while the group file is still available / 721* if (initgroups(pwd->pw_name, pwd->pw_gid) < 0) { 722 jail_warnx(j, "initgroups %s: %s", pwd->pw_name, 723 strerror(errno)); 724 return -1; 725 } 726 return 0; 727} 728 729/* 730 * Make sure a mount or consolelog path is a valid absolute pathname 731 * with no symlinks. 732 / 733static int 734check_path(struct cfjail j, const char pname, const char path, int isfile, 735 const char umount_type) 736{ 737* struct stat st, mpst; 738 struct statfs stfs; 739 char tpath, p; 740 const char jailpath; 741* size_t jplen; 742 743 if (path[0] != '/') { 744 jail_warnx(j, "%s: %s: not an absolute pathname", 745 pname, path); 746 return -1; 747 } 748 /* 749 * Only check for symlinks in components below the jail's path, 750 * since that's where the security risk lies. 751 / 752* jailpath = string_param(j->intparams[KP_PATH]); 753 if (jailpath == NULL) 754 jailpath = ""; 755 jplen = strlen(jailpath); 756 if (!strncmp(path, jailpath, jplen) && path[jplen] == '/') { 757 tpath = alloca(strlen(path) + 1); 758 strcpy(tpath, path); 759 for (p = tpath + jplen; p != NULL; ) { 760 p = strchr(p + 1, '/'); 761 if (p) 762 p = '\0'; 763* if (lstat(tpath, &st) < 0) { 764 if (errno == ENOENT && isfile && !p) 765 break; 766 jail_warnx(j, "%s: %s: %s", pname, tpath, 767 strerror(errno)); 768 return -1; 769 } 770 if (S_ISLNK(st.st_mode)) { 771 jail_warnx(j, "%s: %s is a symbolic link", 772 pname, tpath); 773 return -1; 774 } 775 if (p) 776 p = '/'; 777* } 778 } 779 if (umount_type != NULL) { 780 if (stat(path, &st) < 0 \|\| statfs(path, &stfs) < 0) { 781 jail_warnx(j, "%s: %s: %s", pname, path, 782 strerror(errno)); 783 return -1; 784 } 785 if (stat(stfs.f_mntonname, &mpst) < 0) { 786 jail_warnx(j, "%s: %s: %s", pname, stfs.f_mntonname, 787 strerror(errno)); 788 return -1; 789 } 790 if (st.st_ino != mpst.st_ino) { 791 jail_warnx(j, "%s: %s: not a mount point", 792 pname, path); 793 return -1; 794 } 795 if (strcmp(stfs.f_fstypename, umount_type)) { 796 jail_warnx(j, "%s: %s: not a %s mount", 797 pname, path, umount_type); 798 return -1; 799 } 800 } 801 return 0; 802}