jls.c (186085) | jls.c (192896) |
---|---|
1/*- 2 * Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org> 3 * Copyright (c) 2008 Bjoern A. Zeeb <bz@FreeBSD.org> | 1/*- 2 * Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org> 3 * Copyright (c) 2008 Bjoern A. Zeeb <bz@FreeBSD.org> |
4 * Copyright (c) 2009 James Gritton <jamie@FreeBSD.org> |
|
4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright --- 6 unchanged lines hidden (view full) --- 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. | 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright --- 6 unchanged lines hidden (view full) --- 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. |
26 * 27 * $FreeBSD: head/usr.sbin/jls/jls.c 186085 2008-12-14 16:56:47Z bz $ | |
28 */ 29 | 27 */ 28 |
29#include <sys/cdefs.h> 30__FBSDID("$FreeBSD: head/usr.sbin/jls/jls.c 192896 2009-05-27 14:30:26Z jamie $"); 31 |
|
30#include <sys/param.h> | 32#include <sys/param.h> |
31#include <sys/types.h> | |
32#include <sys/jail.h> | 33#include <sys/jail.h> |
34#include <sys/socket.h> |
|
33#include <sys/sysctl.h> | 35#include <sys/sysctl.h> |
36#include <sys/uio.h> |
|
34 | 37 |
35#include <sys/socket.h> 36#include <netinet/in.h> | |
37#include <arpa/inet.h> | 38#include <arpa/inet.h> |
39#include <netinet/in.h> 40 |
|
38#include <err.h> 39#include <errno.h> 40#include <limits.h> 41#include <stdio.h> 42#include <stdlib.h> 43#include <string.h> 44#include <unistd.h> 45 | 41#include <err.h> 42#include <errno.h> 43#include <limits.h> 44#include <stdio.h> 45#include <stdlib.h> 46#include <string.h> 47#include <unistd.h> 48 |
46#define FLAG_A 0x00001 47#define FLAG_V 0x00002 | 49#define SJPARAM "security.jail.param" 50#define ARRAY_SLOP 5 |
48 | 51 |
49#ifdef SUPPORT_OLD_XPRISON 50static 51char *print_xprison_v1(void *p, char *end, unsigned flags) | 52#define CTLTYPE_BOOL (CTLTYPE + 1) 53#define CTLTYPE_NOBOOL (CTLTYPE + 2) 54#define CTLTYPE_IPADDR (CTLTYPE + 3) 55#define CTLTYPE_IP6ADDR (CTLTYPE + 4) 56 57#define PARAM_KEY 0x01 58#define PARAM_USER 0x02 59#define PARAM_ARRAY 0x04 60#define PARAM_OPT 0x08 61#define PARAM_WR 0x10 62 63#define PRINT_DEFAULT 0x01 64#define PRINT_HEADER 0x02 65#define PRINT_NAMEVAL 0x04 66#define PRINT_QUOTED 0x08 67#define PRINT_SKIP 0x10 68#define PRINT_VERBOSE 0x20 69 70struct param { 71 char *name; 72 void *value; 73 size_t size; 74 int type; 75 unsigned flags; 76 int noparent; 77}; 78 79struct iovec2 { 80 struct iovec name; 81 struct iovec value; 82}; 83 84static struct param *params; 85static int nparams; 86static char errmsg[256]; 87 88static int add_param(const char *name, void *value, unsigned flags); 89static int get_param(const char *name, struct param *param); 90static int sort_param(const void *a, const void *b); 91static char *noname(const char *name); 92static char *nononame(const char *name); 93static int print_jail(int pflags, int jflags); 94static void quoted_print(char *str, int len); 95 96int 97main(int argc, char **argv) |
52{ | 98{ |
53 struct xprison_v1 *xp; 54 struct in_addr in; | 99 char *dot, *ep, *jname, *nname; 100 int c, i, jflags, jid, lastjid, pflags, spc; |
55 | 101 |
56 if ((char *)p + sizeof(struct xprison_v1) > end) 57 errx(1, "Invalid length for jail"); | 102 jname = NULL; 103 pflags = jflags = jid = 0; 104 while ((c = getopt(argc, argv, "adj:hnqsv")) >= 0) 105 switch (c) { 106 case 'a': 107 case 'd': 108 jflags |= JAIL_DYING; 109 break; 110 case 'j': 111 jid = strtoul(optarg, &ep, 10); 112 if (!*optarg || *ep) 113 jname = optarg; 114 break; 115 case 'h': 116 pflags = (pflags & ~PRINT_SKIP) | PRINT_HEADER; 117 break; 118 case 'n': 119 pflags = (pflags & ~PRINT_VERBOSE) | PRINT_NAMEVAL; 120 break; 121 case 'q': 122 pflags |= PRINT_QUOTED; 123 break; 124 case 's': 125 pflags = (pflags & ~(PRINT_HEADER | PRINT_VERBOSE)) | 126 PRINT_NAMEVAL | PRINT_QUOTED | PRINT_SKIP; 127 break; 128 case 'v': 129 pflags = (pflags & ~(PRINT_NAMEVAL | PRINT_SKIP)) | 130 PRINT_VERBOSE; 131 break; 132 default: 133 errx(1, "usage: jls [-dhnqv] [-j jail] [param ...]"); 134 } |
58 | 135 |
59 xp = (struct xprison_v1 *)p; 60 if (flags & FLAG_V) { 61 printf("%6d %-29.29s %.74s\n", 62 xp->pr_id, xp->pr_host, xp->pr_path); 63 /* We are not printing an empty line here for state and name. */ 64 /* We are not printing an empty line here for cpusetid. */ 65 /* IPv4 address. */ 66 in.s_addr = htonl(xp->pr_ip); 67 printf("%6s %-15.15s\n", "", inet_ntoa(in)); | 136 /* Add the parameters to print. */ 137 if (optind == argc) { 138 if (pflags & PRINT_VERBOSE) { 139 add_param("jid", NULL, PARAM_USER); 140 add_param("host.hostname", NULL, PARAM_USER); 141 add_param("path", NULL, PARAM_USER); 142 add_param("name", NULL, PARAM_USER); 143 add_param("dying", NULL, PARAM_USER); 144 add_param("cpuset", NULL, PARAM_USER); 145 add_param("ip4.addr", NULL, PARAM_USER); 146 add_param("ip6.addr", NULL, PARAM_USER | PARAM_OPT); 147 } else { 148 pflags = (pflags & 149 ~(PRINT_NAMEVAL | PRINT_SKIP | PRINT_VERBOSE)) | 150 PRINT_DEFAULT; 151 add_param("jid", NULL, PARAM_USER); 152 add_param("ip4.addr", NULL, PARAM_USER); 153 add_param("host.hostname", NULL, PARAM_USER); 154 add_param("path", NULL, PARAM_USER); 155 } 156 } else 157 while (optind < argc) 158 add_param(argv[optind++], NULL, PARAM_USER); 159 160 if (pflags & PRINT_SKIP) { 161 /* Check for parameters with boolean parents. */ 162 for (i = 0; i < nparams; i++) { 163 if ((params[i].flags & PARAM_USER) && 164 (dot = strchr(params[i].name, '.'))) { 165 *dot = 0; 166 nname = noname(params[i].name); 167 *dot = '.'; 168 params[i].noparent = 169 add_param(nname, NULL, PARAM_OPT); 170 free(nname); 171 } 172 } 173 } 174 175 /* Add the index key and errmsg parameters. */ 176 if (jid != 0) 177 add_param("jid", &jid, PARAM_KEY); 178 else if (jname != NULL) 179 add_param("name", jname, PARAM_KEY); 180 else 181 add_param("lastjid", &lastjid, PARAM_KEY); 182 add_param("errmsg", errmsg, PARAM_KEY); 183 184 /* Print a header line if requested. */ 185 if (pflags & PRINT_VERBOSE) 186 printf(" JID Hostname Path\n" 187 " Name State\n" 188 " CPUSetID\n" 189 " IP Address(es)\n"); 190 else if (pflags & PRINT_DEFAULT) 191 printf(" JID IP Address " 192 "Hostname Path\n"); 193 else if (pflags & PRINT_HEADER) { 194 for (i = spc = 0; i < nparams; i++) 195 if (params[i].flags & PARAM_USER) { 196 if (spc) 197 putchar(' '); 198 else 199 spc = 1; 200 fputs(params[i].name, stdout); 201 } 202 putchar('\n'); 203 } 204 205 /* Fetch the jail(s) and print the paramters. */ 206 if (jid != 0 || jname != NULL) { 207 if (print_jail(pflags, jflags) < 0) { 208 if (errmsg[0]) 209 errx(1, "%s", errmsg); 210 err(1, "jail_get"); 211 } |
68 } else { | 212 } else { |
69 printf("%6d %-15.15s %-29.29s %.74s\n", 70 xp->pr_id, inet_ntoa(in), xp->pr_host, xp->pr_path); | 213 for (lastjid = 0; 214 (lastjid = print_jail(pflags, jflags)) >= 0; ) 215 ; 216 if (errno != 0 && errno != ENOENT) { 217 if (errmsg[0]) 218 errx(1, "%s", errmsg); 219 err(1, "jail_get"); 220 } |
71 } 72 | 221 } 222 |
73 return ((char *)(xp + 1)); | 223 return (0); |
74} | 224} |
75#endif | |
76 | 225 |
77static 78char *print_xprison_v3(void *p, char *end, unsigned flags) | 226static int 227add_param(const char *name, void *value, unsigned flags) |
79{ | 228{ |
80 struct xprison *xp; 81 struct in_addr *iap, in; 82 struct in6_addr *ia6p; 83 char buf[INET6_ADDRSTRLEN]; 84 const char *state; 85 char *q; 86 uint32_t i; | 229 struct param *param; 230 char *nname; 231 size_t mlen1, mlen2, buflen; 232 int mib1[CTL_MAXNAME], mib2[CTL_MAXNAME - 2]; 233 int i, tnparams; 234 char buf[MAXPATHLEN]; |
87 | 235 |
88 if ((char *)p + sizeof(struct xprison) > end) 89 errx(1, "Invalid length for jail"); 90 xp = (struct xprison *)p; | 236 static int paramlistsize; |
91 | 237 |
92 if (xp->pr_state < 0 || xp->pr_state >= (int) 93 ((sizeof(prison_states) / sizeof(struct prison_state)))) 94 state = "(bogus)"; 95 else 96 state = prison_states[xp->pr_state].state_name; | 238 /* The pseudo-parameter "all" scans the list of available parameters. */ 239 if (!strcmp(name, "all")) { 240 tnparams = nparams; 241 mib1[0] = 0; 242 mib1[1] = 2; 243 mlen1 = CTL_MAXNAME - 2; 244 if (sysctlnametomib(SJPARAM, mib1 + 2, &mlen1) < 0) 245 err(1, "sysctlnametomib(" SJPARAM ")"); 246 for (;;) { 247 /* Get the next parameter. */ 248 mlen2 = sizeof(mib2); 249 if (sysctl(mib1, mlen1 + 2, mib2, &mlen2, NULL, 0) < 0) 250 err(1, "sysctl(0.2)"); 251 if (mib2[0] != mib1[2] || mib2[1] != mib1[3] || 252 mib2[2] != mib1[4]) 253 break; 254 /* Convert it to an ascii name. */ 255 memcpy(mib1 + 2, mib2, mlen2); 256 mlen1 = mlen2 / sizeof(int); 257 mib1[1] = 1; 258 buflen = sizeof(buf); 259 if (sysctl(mib1, mlen1 + 2, buf, &buflen, NULL, 0) < 0) 260 err(1, "sysctl(0.1)"); 261 add_param(buf + sizeof(SJPARAM), NULL, flags); 262 /* 263 * Convert nobool parameters to bool if their 264 * counterpart is a node, ortherwise discard them. 265 */ 266 param = ¶ms[nparams - 1]; 267 if (param->type == CTLTYPE_NOBOOL) { 268 nname = nononame(param->name); 269 if (get_param(nname, param) >= 0 && 270 param->type != CTLTYPE_NODE) { 271 free(nname); 272 nparams--; 273 } else { 274 free(param->name); 275 param->name = nname; 276 param->type = CTLTYPE_BOOL; 277 param->size = sizeof(int); 278 param->value = NULL; 279 } 280 } 281 mib1[1] = 2; 282 } |
97 | 283 |
98 /* See if we should print non-ACTIVE jails. No? */ 99 if ((flags & FLAG_A) == 0 && strcmp(state, "ALIVE")) { 100 q = (char *)(xp + 1); 101 q += (xp->pr_ip4s * sizeof(struct in_addr)); 102 if (q > end) 103 errx(1, "Invalid length for jail"); 104 q += (xp->pr_ip6s * sizeof(struct in6_addr)); 105 if (q > end) 106 errx(1, "Invalid length for jail"); 107 return (q); | 284 qsort(params + tnparams, (size_t)(nparams - tnparams), 285 sizeof(struct param), sort_param); 286 return -1; |
108 } 109 | 287 } 288 |
110 if (flags & FLAG_V) 111 printf("%6d %-29.29s %.74s\n", 112 xp->pr_id, xp->pr_host, xp->pr_path); | 289 /* Check for repeat parameters. */ 290 for (i = 0; i < nparams; i++) 291 if (!strcmp(name, params[i].name)) { 292 params[i].value = value; 293 params[i].flags |= flags; 294 return i; 295 } |
113 | 296 |
114 /* Jail state and name. */ 115 if (flags & FLAG_V) 116 printf("%6s %-29.29s %.74s\n", 117 "", (xp->pr_name[0] != '\0') ? xp->pr_name : "", state); | 297 /* Make sure there is room for the new param record. */ 298 if (!nparams) { 299 paramlistsize = 32; 300 params = malloc(paramlistsize * sizeof(*params)); 301 if (params == NULL) 302 err(1, "malloc"); 303 } else if (nparams >= paramlistsize) { 304 paramlistsize *= 2; 305 params = realloc(params, paramlistsize * sizeof(*params)); 306 if (params == NULL) 307 err(1, "realloc"); 308 } |
118 | 309 |
119 /* cpusetid. */ 120 if (flags & FLAG_V) 121 printf("%6s %-6d\n", 122 "", xp->pr_cpusetid); | 310 /* Look up the parameter. */ 311 param = params + nparams++; 312 memset(param, 0, sizeof *param); 313 param->name = strdup(name); 314 if (param->name == NULL) 315 err(1, "strdup"); 316 param->flags = flags; 317 param->noparent = -1; 318 /* We have to know about pseudo-parameters without asking. */ 319 if (!strcmp(param->name, "lastjid")) { 320 param->type = CTLTYPE_INT; 321 param->size = sizeof(int); 322 goto got_type; 323 } 324 if (!strcmp(param->name, "errmsg")) { 325 param->type = CTLTYPE_STRING; 326 param->size = sizeof(errmsg); 327 goto got_type; 328 } 329 if (get_param(name, param) < 0) { 330 if (errno != ENOENT) 331 err(1, "sysctl(0.3.%s)", name); 332 /* See if this the "no" part of an existing boolean. */ 333 if ((nname = nononame(name))) { 334 i = get_param(nname, param); 335 free(nname); 336 if (i >= 0 && param->type == CTLTYPE_BOOL) { 337 param->type = CTLTYPE_NOBOOL; 338 goto got_type; 339 } 340 } 341 if (flags & PARAM_OPT) { 342 nparams--; 343 return -1; 344 } 345 errx(1, "unknown parameter: %s", name); 346 } 347 if (param->type == CTLTYPE_NODE) { 348 /* 349 * A node isn't normally a parameter, but may be a boolean 350 * if its "no" counterpart exists. 351 */ 352 nname = noname(name); 353 i = get_param(nname, param); 354 free(nname); 355 if (i >= 0 && param->type == CTLTYPE_NOBOOL) { 356 param->type = CTLTYPE_BOOL; 357 goto got_type; 358 } 359 errx(1, "unknown parameter: %s", name); 360 } |
123 | 361 |
124 q = (char *)(xp + 1); 125 /* IPv4 addresses. */ 126 iap = (struct in_addr *)(void *)q; 127 q += (xp->pr_ip4s * sizeof(struct in_addr)); 128 if (q > end) 129 errx(1, "Invalid length for jail"); 130 in.s_addr = 0; 131 for (i = 0; i < xp->pr_ip4s; i++) { 132 if (i == 0 || flags & FLAG_V) 133 in.s_addr = iap[i].s_addr; 134 if (flags & FLAG_V) 135 printf("%6s %-15.15s\n", "", inet_ntoa(in)); | 362 got_type: 363 param->value = value; 364 return param - params; 365} 366 367static int 368get_param(const char *name, struct param *param) 369{ 370 char *p; 371 size_t buflen, mlen; 372 int mib[CTL_MAXNAME]; 373 struct { 374 int i; 375 char s[MAXPATHLEN]; 376 } buf; 377 378 /* Look up the MIB. */ 379 mib[0] = 0; 380 mib[1] = 3; 381 snprintf(buf.s, sizeof(buf.s), SJPARAM ".%s", name); 382 mlen = sizeof(mib) - 2 * sizeof(int); 383 if (sysctl(mib, 2, mib + 2, &mlen, buf.s, strlen(buf.s)) < 0) 384 return (-1); 385 /* Get the type and size. */ 386 mib[1] = 4; 387 buflen = sizeof(buf); 388 if (sysctl(mib, (mlen / sizeof(int)) + 2, &buf, &buflen, NULL, 0) < 0) 389 err(1, "sysctl(0.4.%s)", name); 390 param->type = buf.i & CTLTYPE; 391 if (buf.i & (CTLFLAG_WR | CTLFLAG_TUN)) 392 param->flags |= PARAM_WR; 393 p = strchr(buf.s, '\0'); 394 if (p - 2 >= buf.s && !strcmp(p - 2, ",a")) { 395 p[-2] = 0; 396 param->flags |= PARAM_ARRAY; |
136 } | 397 } |
137 /* IPv6 addresses. */ 138 ia6p = (struct in6_addr *)(void *)q; 139 q += (xp->pr_ip6s * sizeof(struct in6_addr)); 140 if (q > end) 141 errx(1, "Invalid length for jail"); 142 for (i = 0; i < xp->pr_ip6s; i++) { 143 if (flags & FLAG_V) { 144 inet_ntop(AF_INET6, &ia6p[i], buf, sizeof(buf)); 145 printf("%6s %s\n", "", buf); | 398 switch (param->type) { 399 case CTLTYPE_INT: 400 /* An integer parameter might be a boolean. */ 401 if (buf.s[0] == 'B') 402 param->type = buf.s[1] == 'N' 403 ? CTLTYPE_NOBOOL : CTLTYPE_BOOL; 404 case CTLTYPE_UINT: 405 param->size = sizeof(int); 406 break; 407 case CTLTYPE_LONG: 408 case CTLTYPE_ULONG: 409 param->size = sizeof(long); 410 break; 411 case CTLTYPE_STRUCT: 412 if (!strcmp(buf.s, "S,in_addr")) { 413 param->type = CTLTYPE_IPADDR; 414 param->size = sizeof(struct in_addr); 415 } else if (!strcmp(buf.s, "S,in6_addr")) { 416 param->type = CTLTYPE_IP6ADDR; 417 param->size = sizeof(struct in6_addr); |
146 } | 418 } |
419 break; 420 case CTLTYPE_STRING: 421 buf.s[0] = 0; 422 sysctl(mib + 2, mlen / sizeof(int), buf.s, &buflen, NULL, 0); 423 param->size = strtoul(buf.s, NULL, 10); 424 if (param->size == 0) 425 param->size = BUFSIZ; |
|
147 } | 426 } |
427 return (0); 428} |
|
148 | 429 |
149 /* If requested print the old style single line version. */ 150 if (!(flags & FLAG_V)) 151 printf("%6d %-15.15s %-29.29s %.74s\n", 152 xp->pr_id, (in.s_addr) ? inet_ntoa(in) : "", 153 xp->pr_host, xp->pr_path); | 430static int 431sort_param(const void *a, const void *b) 432{ 433 const struct param *parama, *paramb; 434 char *ap, *bp; |
154 | 435 |
155 return (q); | 436 /* Put top-level parameters first. */ 437 parama = a; 438 paramb = b; 439 ap = strchr(parama->name, '.'); 440 bp = strchr(paramb->name, '.'); 441 if (ap && !bp) 442 return (1); 443 if (bp && !ap) 444 return (-1); 445 return (strcmp(parama->name, paramb->name)); |
156} 157 | 446} 447 |
158static void 159usage(void) | 448static char * 449noname(const char *name) |
160{ | 450{ |
451 char *nname, *p; |
|
161 | 452 |
162 (void)fprintf(stderr, "usage: jls [-av]\n"); 163 exit(1); | 453 nname = malloc(strlen(name) + 3); 454 if (nname == NULL) 455 err(1, "malloc"); 456 p = strrchr(name, '.'); 457 if (p != NULL) 458 sprintf(nname, "%.*s.no%s", (int)(p - name), name, p + 1); 459 else 460 sprintf(nname, "no%s", name); 461 return nname; |
164} 165 | 462} 463 |
166int 167main(int argc, char *argv[]) 168{ 169 int ch, version; 170 unsigned flags; 171 size_t i, j, len; 172 void *p, *q; | 464static char * 465nononame(const char *name) 466{ 467 char *nname, *p; |
173 | 468 |
174 flags = 0; 175 while ((ch = getopt(argc, argv, "av")) != -1) { 176 switch (ch) { 177 case 'a': 178 flags |= FLAG_A; 179 break; 180 case 'v': 181 flags |= FLAG_V; 182 break; 183 default: 184 usage(); 185 } 186 } 187 argc -= optind; 188 argv += optind; | 469 p = strrchr(name, '.'); 470 if (strncmp(p ? p + 1 : name, "no", 2)) 471 return NULL; 472 nname = malloc(strlen(name) - 1); 473 if (nname == NULL) 474 err(1, "malloc"); 475 if (p != NULL) 476 sprintf(nname, "%.*s.%s", (int)(p - name), name, p + 3); 477 else 478 strcpy(nname, name + 2); 479 return nname; 480} |
189 | 481 |
190 if (sysctlbyname("security.jail.list", NULL, &len, NULL, 0) == -1) 191 err(1, "sysctlbyname(): security.jail.list"); | 482static int 483print_jail(int pflags, int jflags) 484{ 485 char *nname; 486 int i, ai, jid, count, sanity, spc; 487 char ipbuf[INET6_ADDRSTRLEN]; |
192 | 488 |
193 j = len; 194 for (i = 0; i < 4; i++) { 195 if (len <= 0) 196 exit(0); 197 p = q = malloc(len); 198 if (p == NULL) 199 err(1, "malloc()"); | 489 static struct iovec2 *iov, *aiov; 490 static int narray, nkey; |
200 | 491 |
201 if (sysctlbyname("security.jail.list", q, &len, NULL, 0) == -1) { 202 if (errno == ENOMEM) { 203 free(p); 204 p = NULL; 205 len += j; 206 continue; | 492 /* Set up the parameter list(s) the first time around. */ 493 if (iov == NULL) { 494 iov = malloc(nparams * sizeof(struct iovec2)); 495 if (iov == NULL) 496 err(1, "malloc"); 497 for (i = narray = 0; i < nparams; i++) { 498 iov[i].name.iov_base = params[i].name; 499 iov[i].name.iov_len = strlen(params[i].name) + 1; 500 iov[i].value.iov_base = params[i].value; 501 iov[i].value.iov_len = 502 params[i].type == CTLTYPE_STRING && 503 params[i].value != NULL && 504 ((char *)params[i].value)[0] != '\0' 505 ? strlen(params[i].value) + 1 : params[i].size; 506 if (params[i].flags & (PARAM_KEY | PARAM_ARRAY)) { 507 narray++; 508 if (params[i].flags & PARAM_KEY) 509 nkey++; |
207 } | 510 } |
208 err(1, "sysctlbyname(): security.jail.list"); | |
209 } | 511 } |
210 break; | 512 if (narray > nkey) { 513 aiov = malloc(narray * sizeof(struct iovec2)); 514 if (aiov == NULL) 515 err(1, "malloc"); 516 for (i = ai = 0; i < nparams; i++) 517 if (params[i].flags & 518 (PARAM_KEY | PARAM_ARRAY)) 519 aiov[ai++] = iov[i]; 520 } |
211 } | 521 } |
212 if (p == NULL) 213 err(1, "sysctlbyname(): security.jail.list"); 214 if (len < sizeof(int)) 215 errx(1, "This is no prison. Kernel and userland out of sync?"); 216 version = *(int *)p; 217 if (version > XPRISON_VERSION) 218 errx(1, "Sci-Fi prison. Kernel/userland out of sync?"); 219 220 if (flags & FLAG_V) { 221 printf(" JID Hostname Path\n"); 222 printf(" Name State\n"); 223 printf(" CPUSetID\n"); 224 printf(" IP Address(es)\n"); 225 } else { 226 printf(" JID IP Address Hostname" 227 " Path\n"); | 522 /* If there are array parameters, find their sizes. */ 523 if (aiov != NULL) { 524 for (ai = 0; ai < narray; ai++) 525 if (aiov[ai].value.iov_base == NULL) 526 aiov[ai].value.iov_len = 0; 527 if (jail_get((struct iovec *)aiov, 2 * narray, jflags) < 0) 528 return (-1); |
228 } | 529 } |
229 for (; q != NULL && (char *)q + sizeof(int) < (char *)p + len;) { 230 version = *(int *)q; 231 if (version > XPRISON_VERSION) 232 errx(1, "Sci-Fi prison. Kernel/userland out of sync?"); 233 switch (version) { 234#ifdef SUPPORT_OLD_XPRISON 235 case 1: 236 q = print_xprison_v1(q, (char *)p + len, flags); 237 break; 238 case 2: 239 errx(1, "Version 2 was used by multi-IPv4 jail " 240 "implementations that never made it into the " 241 "official kernel."); 242 /* NOTREACHED */ 243 break; 244#endif 245 case 3: 246 q = print_xprison_v3(q, (char *)p + len, flags); 247 break; 248 default: 249 errx(1, "Prison unknown. Kernel/userland out of sync?"); 250 /* NOTREACHED */ 251 break; | 530 /* Allocate storage for all parameters. */ 531 for (i = ai = 0; i < nparams; i++) { 532 if (params[i].flags & (PARAM_KEY | PARAM_ARRAY)) { 533 if (params[i].flags & PARAM_ARRAY) { 534 iov[i].value.iov_len = aiov[ai].value.iov_len + 535 ARRAY_SLOP * params[i].size; 536 iov[i].value.iov_base = 537 malloc(iov[i].value.iov_len); 538 } 539 ai++; 540 } else 541 iov[i].value.iov_base = malloc(params[i].size); 542 if (iov[i].value.iov_base == NULL) 543 err(1, "malloc"); 544 if (params[i].value == NULL) 545 memset(iov[i].value.iov_base, 0, iov[i].value.iov_len); 546 } 547 /* 548 * Get the actual prison. If there are array elements, retry a few 549 * times in case the size changed from under us. 550 */ 551 if ((jid = jail_get((struct iovec *)iov, 2 * nparams, jflags)) < 0) { 552 if (errno != EINVAL || aiov == NULL || errmsg[0]) 553 return (-1); 554 for (sanity = 0;; sanity++) { 555 if (sanity == 10) 556 return (-1); 557 for (ai = 0; ai < narray; ai++) 558 if (params[i].flags & PARAM_ARRAY) 559 aiov[ai].value.iov_len = 0; 560 if (jail_get((struct iovec *)iov, 2 * narray, jflags) < 561 0) 562 return (-1); 563 for (i = ai = 0; i < nparams; i++) { 564 if (!(params[i].flags & 565 (PARAM_KEY | PARAM_ARRAY))) 566 continue; 567 if (params[i].flags & PARAM_ARRAY) { 568 iov[i].value.iov_len = 569 aiov[ai].value.iov_len + 570 ARRAY_SLOP * params[i].size; 571 iov[i].value.iov_base = 572 realloc(iov[i].value.iov_base, 573 iov[i].value.iov_len); 574 if (iov[i].value.iov_base == NULL) 575 err(1, "malloc"); 576 } 577 ai++; 578 } |
252 } 253 } | 579 } 580 } |
581 if (pflags & PRINT_VERBOSE) { 582 printf("%6d %-29.29s %.74s\n" 583 "%6s %-29.29s %.74s\n" 584 "%6s %-6d\n", 585 *(int *)iov[0].value.iov_base, 586 (char *)iov[1].value.iov_base, 587 (char *)iov[2].value.iov_base, 588 "", 589 (char *)iov[3].value.iov_base, 590 *(int *)iov[4].value.iov_base ? "DYING" : "ACTIVE", 591 "", 592 *(int *)iov[5].value.iov_base); 593 count = iov[6].value.iov_len / sizeof(struct in_addr); 594 for (ai = 0; ai < count; ai++) 595 if (inet_ntop(AF_INET, 596 &((struct in_addr *)iov[6].value.iov_base)[ai], 597 ipbuf, sizeof(ipbuf)) == NULL) 598 err(1, "inet_ntop"); 599 else 600 printf("%6s %-15.15s\n", "", ipbuf); 601 if (!strcmp(params[7].name, "ip6.addr")) { 602 count = iov[7].value.iov_len / sizeof(struct in6_addr); 603 for (ai = 0; ai < count; ai++) 604 if (inet_ntop(AF_INET6, &((struct in_addr *) 605 iov[7].value.iov_base)[ai], 606 ipbuf, sizeof(ipbuf)) == NULL) 607 err(1, "inet_ntop"); 608 else 609 printf("%6s %-15.15s\n", "", ipbuf); 610 } 611 } else if (pflags & PRINT_DEFAULT) 612 printf("%6d %-15.15s %-29.29s %.74s\n", 613 *(int *)iov[0].value.iov_base, 614 iov[1].value.iov_len == 0 ? "-" 615 : inet_ntoa(*(struct in_addr *)iov[1].value.iov_base), 616 (char *)iov[2].value.iov_base, 617 (char *)iov[3].value.iov_base); 618 else { 619 for (i = spc = 0; i < nparams; i++) { 620 if (!(params[i].flags & PARAM_USER)) 621 continue; 622 if ((pflags & PRINT_SKIP) && 623 ((!(params[i].flags & PARAM_WR)) || 624 (params[i].noparent >= 0 && 625 *(int *)iov[params[i].noparent].value.iov_base))) 626 continue; 627 if (spc) 628 putchar(' '); 629 else 630 spc = 1; 631 if (pflags & PRINT_NAMEVAL) { 632 /* 633 * Generally "name=value", but for booleans 634 * either "name" or "noname". 635 */ 636 switch (params[i].type) { 637 case CTLTYPE_BOOL: 638 if (*(int *)iov[i].value.iov_base) 639 printf("%s", params[i].name); 640 else { 641 nname = noname(params[i].name); 642 printf("%s", nname); 643 free(nname); 644 } 645 break; 646 case CTLTYPE_NOBOOL: 647 if (*(int *)iov[i].value.iov_base) 648 printf("%s", params[i].name); 649 else { 650 nname = 651 nononame(params[i].name); 652 printf("%s", nname); 653 free(nname); 654 } 655 break; 656 default: 657 printf("%s=", params[i].name); 658 } 659 } 660 count = params[i].flags & PARAM_ARRAY 661 ? iov[i].value.iov_len / params[i].size : 1; 662 if (count == 0) { 663 if (pflags & PRINT_QUOTED) 664 printf("\"\""); 665 else if (!(pflags & PRINT_NAMEVAL)) 666 putchar('-'); 667 } 668 for (ai = 0; ai < count; ai++) { 669 if (ai > 0) 670 putchar(','); 671 switch (params[i].type) { 672 case CTLTYPE_INT: 673 printf("%d", ((int *) 674 iov[i].value.iov_base)[ai]); 675 break; 676 case CTLTYPE_UINT: 677 printf("%u", ((int *) 678 iov[i].value.iov_base)[ai]); 679 break; 680 case CTLTYPE_IPADDR: 681 if (inet_ntop(AF_INET, 682 &((struct in_addr *) 683 iov[i].value.iov_base)[ai], 684 ipbuf, sizeof(ipbuf)) == NULL) 685 err(1, "inet_ntop"); 686 else 687 printf("%s", ipbuf); 688 break; 689 case CTLTYPE_IP6ADDR: 690 if (inet_ntop(AF_INET6, 691 &((struct in6_addr *) 692 iov[i].value.iov_base)[ai], 693 ipbuf, sizeof(ipbuf)) == NULL) 694 err(1, "inet_ntop"); 695 else 696 printf("%s", ipbuf); 697 break; 698 case CTLTYPE_LONG: 699 printf("%ld", ((long *) 700 iov[i].value.iov_base)[ai]); 701 case CTLTYPE_ULONG: 702 printf("%lu", ((long *) 703 iov[i].value.iov_base)[ai]); 704 break; 705 case CTLTYPE_STRING: 706 if (pflags & PRINT_QUOTED) 707 quoted_print((char *) 708 iov[i].value.iov_base, 709 params[i].size); 710 else 711 printf("%.*s", 712 (int)params[i].size, 713 (char *) 714 iov[i].value.iov_base); 715 break; 716 case CTLTYPE_BOOL: 717 case CTLTYPE_NOBOOL: 718 if (!(pflags & PRINT_NAMEVAL)) 719 printf(((int *) 720 iov[i].value.iov_base)[ai] 721 ? "true" : "false"); 722 } 723 } 724 } 725 putchar('\n'); 726 } 727 for (i = 0; i < nparams; i++) 728 if (params[i].value == NULL) 729 free(iov[i].value.iov_base); 730 return (jid); 731} |
|
254 | 732 |
255 free(p); 256 exit(0); | 733static void 734quoted_print(char *str, int len) 735{ 736 int c, qc; 737 char *p = str; 738 char *ep = str + len; 739 740 /* An empty string needs quoting. */ 741 if (!*p) { 742 fputs("\"\"", stdout); 743 return; 744 } 745 746 /* 747 * The value will be surrounded by quotes if it contains spaces 748 * or quotes. 749 */ 750 qc = strchr(p, '\'') ? '"' 751 : strchr(p, '"') ? '\'' 752 : strchr(p, ' ') || strchr(p, '\t') ? '"' 753 : 0; 754 if (qc) 755 putchar(qc); 756 while (p < ep && (c = *p++)) { 757 if (c == '\\' || c == qc) 758 putchar('\\'); 759 putchar(c); 760 } 761 if (qc) 762 putchar(qc); |
257} | 763} |