jail.c revision 112972 
146432Sphk/*
246432Sphk * ----------------------------------------------------------------------------
346432Sphk * "THE BEER-WARE LICENSE" (Revision 42):
446432Sphk * <phk@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
546432Sphk * can do whatever you want with this stuff. If we meet some day, and you think
646432Sphk * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
746432Sphk * ----------------------------------------------------------------------------
846432Sphk *
950479Speter * $FreeBSD: head/usr.sbin/jail/jail.c 112972 2003-04-02 09:20:08Z maxim $
1046432Sphk *
1146432Sphk */
1246432Sphk
13112705Smaxim#include <sys/param.h>
1446155Sphk#include <sys/jail.h>
1578723Sdd
1646155Sphk#include <netinet/in.h>
1778723Sdd#include <arpa/inet.h>
1846155Sphk
1978723Sdd#include <err.h>
20112705Smaxim#include <grp.h>
21112705Smaxim#include <login_cap.h>
22112705Smaxim#include <pwd.h>
2378723Sdd#include <stdio.h>
2478723Sdd#include <stdlib.h>
2578723Sdd#include <string.h>
2678723Sdd#include <unistd.h>
2778723Sdd
28112705Smaximstatic void	usage(void);
29112705Smaxim
3046155Sphkint
3146155Sphkmain(int argc, char **argv)
3246155Sphk{
33112705Smaxim	login_cap_t *lcap;
3446155Sphk	struct jail j;
35112705Smaxim	struct passwd *pwd;
3646155Sphk	struct in_addr in;
37112972Smaxim	int ch, groups[NGROUPS], ngroups;
38112705Smaxim	char *username;
3946155Sphk
40112705Smaxim	username = NULL;
41112705Smaxim
42112705Smaxim	while ((ch = getopt(argc, argv, "u:")) != -1)
43112705Smaxim		switch (ch) {
44112705Smaxim		case 'u':
45112705Smaxim			username = optarg;
46112705Smaxim			break;
47112705Smaxim		default:
48112705Smaxim			usage();
49112705Smaxim			break;
50112705Smaxim		}
51112705Smaxim	argc -= optind;
52112705Smaxim	argv += optind;
53112705Smaxim	if (argc < 4)
54112705Smaxim		usage();
55112705Smaxim
56112705Smaxim	if (username != NULL) {
57112705Smaxim		pwd = getpwnam(username);
58112705Smaxim		if (pwd == NULL)
59112972Smaxim			err(1, "getpwnam: %s", username);
60112705Smaxim		lcap = login_getpwclass(pwd);
61112705Smaxim		if (lcap == NULL)
62112972Smaxim			err(1, "getpwclass: %s", username);
63112705Smaxim		ngroups = NGROUPS;
64112972Smaxim		if (getgrouplist(username, pwd->pw_gid, groups, &ngroups) != 0)
65112972Smaxim			err(1, "getgrouplist: %s", username);
66112705Smaxim	}
67112972Smaxim	if (chdir(argv[0]) != 0)
68112972Smaxim		err(1, "chdir: %s", argv[0]);
6951399Sphk	memset(&j, 0, sizeof(j));
7051399Sphk	j.version = 0;
71112705Smaxim	j.path = argv[0];
72112705Smaxim	j.hostname = argv[1];
73112972Smaxim	if (inet_aton(argv[2], &in) == 0)
74112972Smaxim		errx(1, "Could not make sense of ip-number: %s", argv[2]);
7546432Sphk	j.ip_number = ntohl(in.s_addr);
76112972Smaxim	if (jail(&j) != 0)
77112972Smaxim		err(1, "jail");
78112705Smaxim	if (username != NULL) {
79112972Smaxim		if (setgroups(ngroups, groups) != 0)
80112972Smaxim			err(1, "setgroups");
81112972Smaxim		if (setgid(pwd->pw_gid) != 0)
82112972Smaxim			err(1, "setgid");
83112972Smaxim		if (setusercontext(lcap, pwd, pwd->pw_uid,
84112972Smaxim		    LOGIN_SETALL & ~LOGIN_SETGROUP) != 0)
85112972Smaxim			err(1, "setusercontext");
86112705Smaxim	}
87112972Smaxim	if (execv(argv[3], argv + 3) != 0)
88112972Smaxim		err(1, "execv: %s", argv[3]);
8946155Sphk	exit (0);
9046155Sphk}
91112705Smaxim
92112705Smaximstatic void
93112705Smaximusage(void)
94112705Smaxim{
95112705Smaxim
96112972Smaxim	(void)fprintf(stderr, "%s\n",
97112705Smaxim	    "Usage: jail [-u username] path hostname ip-number command ...");
98112972Smaxim	exit(1);
99112705Smaxim}
100