jail.c revision 112972
146432Sphk/* 246432Sphk * ---------------------------------------------------------------------------- 346432Sphk * "THE BEER-WARE LICENSE" (Revision 42): 446432Sphk * <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 546432Sphk * can do whatever you want with this stuff. If we meet some day, and you think 646432Sphk * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 746432Sphk * ---------------------------------------------------------------------------- 846432Sphk * 950479Speter * $FreeBSD: head/usr.sbin/jail/jail.c 112972 2003-04-02 09:20:08Z maxim $ 1046432Sphk * 1146432Sphk */ 1246432Sphk 13112705Smaxim#include <sys/param.h> 1446155Sphk#include <sys/jail.h> 1578723Sdd 1646155Sphk#include <netinet/in.h> 1778723Sdd#include <arpa/inet.h> 1846155Sphk 1978723Sdd#include <err.h> 20112705Smaxim#include <grp.h> 21112705Smaxim#include <login_cap.h> 22112705Smaxim#include <pwd.h> 2378723Sdd#include <stdio.h> 2478723Sdd#include <stdlib.h> 2578723Sdd#include <string.h> 2678723Sdd#include <unistd.h> 2778723Sdd 28112705Smaximstatic void usage(void); 29112705Smaxim 3046155Sphkint 3146155Sphkmain(int argc, char **argv) 3246155Sphk{ 33112705Smaxim login_cap_t *lcap; 3446155Sphk struct jail j; 35112705Smaxim struct passwd *pwd; 3646155Sphk struct in_addr in; 37112972Smaxim int ch, groups[NGROUPS], ngroups; 38112705Smaxim char *username; 3946155Sphk 40112705Smaxim username = NULL; 41112705Smaxim 42112705Smaxim while ((ch = getopt(argc, argv, "u:")) != -1) 43112705Smaxim switch (ch) { 44112705Smaxim case 'u': 45112705Smaxim username = optarg; 46112705Smaxim break; 47112705Smaxim default: 48112705Smaxim usage(); 49112705Smaxim break; 50112705Smaxim } 51112705Smaxim argc -= optind; 52112705Smaxim argv += optind; 53112705Smaxim if (argc < 4) 54112705Smaxim usage(); 55112705Smaxim 56112705Smaxim if (username != NULL) { 57112705Smaxim pwd = getpwnam(username); 58112705Smaxim if (pwd == NULL) 59112972Smaxim err(1, "getpwnam: %s", username); 60112705Smaxim lcap = login_getpwclass(pwd); 61112705Smaxim if (lcap == NULL) 62112972Smaxim err(1, "getpwclass: %s", username); 63112705Smaxim ngroups = NGROUPS; 64112972Smaxim if (getgrouplist(username, pwd->pw_gid, groups, &ngroups) != 0) 65112972Smaxim err(1, "getgrouplist: %s", username); 66112705Smaxim } 67112972Smaxim if (chdir(argv[0]) != 0) 68112972Smaxim err(1, "chdir: %s", argv[0]); 6951399Sphk memset(&j, 0, sizeof(j)); 7051399Sphk j.version = 0; 71112705Smaxim j.path = argv[0]; 72112705Smaxim j.hostname = argv[1]; 73112972Smaxim if (inet_aton(argv[2], &in) == 0) 74112972Smaxim errx(1, "Could not make sense of ip-number: %s", argv[2]); 7546432Sphk j.ip_number = ntohl(in.s_addr); 76112972Smaxim if (jail(&j) != 0) 77112972Smaxim err(1, "jail"); 78112705Smaxim if (username != NULL) { 79112972Smaxim if (setgroups(ngroups, groups) != 0) 80112972Smaxim err(1, "setgroups"); 81112972Smaxim if (setgid(pwd->pw_gid) != 0) 82112972Smaxim err(1, "setgid"); 83112972Smaxim if (setusercontext(lcap, pwd, pwd->pw_uid, 84112972Smaxim LOGIN_SETALL & ~LOGIN_SETGROUP) != 0) 85112972Smaxim err(1, "setusercontext"); 86112705Smaxim } 87112972Smaxim if (execv(argv[3], argv + 3) != 0) 88112972Smaxim err(1, "execv: %s", argv[3]); 8946155Sphk exit (0); 9046155Sphk} 91112705Smaxim 92112705Smaximstatic void 93112705Smaximusage(void) 94112705Smaxim{ 95112705Smaxim 96112972Smaxim (void)fprintf(stderr, "%s\n", 97112705Smaxim "Usage: jail [-u username] path hostname ip-number command ..."); 98112972Smaxim exit(1); 99112705Smaxim} 100