usr.sbin/jexec/jexec.c

113277Smike/*-
113277Smike * Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org>
185435Sbz * Copyright (c) 2008 Bjoern A. Zeeb <bz@FreeBSD.org>
113277Smike * All rights reserved.
113277Smike *
113277Smike * Redistribution and use in source and binary forms, with or without
113277Smike * modification, are permitted provided that the following conditions
113277Smike * are met:
113277Smike * 1. Redistributions of source code must retain the above copyright
113277Smike *    notice, this list of conditions and the following disclaimer.
113277Smike * 2. Redistributions in binary form must reproduce the above copyright
113277Smike *    notice, this list of conditions and the following disclaimer in the
113277Smike *    documentation and/or other materials provided with the distribution.
113277Smike *
113277Smike * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
113277Smike * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
113277Smike * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
113277Smike * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
113277Smike * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
113277Smike * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
113277Smike * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
113277Smike * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
113277Smike * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
113277Smike * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
113277Smike * SUCH DAMAGE.
113277Smike *
113277Smike * $FreeBSD: head/usr.sbin/jexec/jexec.c 194709 2009-06-23 14:40:08Z jamie $
113277Smike */
113277Smike
113277Smike#include <sys/param.h>
113277Smike#include <sys/jail.h>
192896Sjamie#include <sys/socket.h>
179319Smr#include <sys/sysctl.h>
192896Sjamie#include <sys/uio.h>
113277Smike
192896Sjamie#include <arpa/inet.h>
185435Sbz#include <netinet/in.h>
179319Smr
113277Smike#include <err.h>
157864Sdelphij#include <errno.h>
192896Sjamie#include <limits.h>
157864Sdelphij#include <login_cap.h>
113277Smike#include <stdio.h>
113277Smike#include <stdlib.h>
185435Sbz#include <string.h>
157864Sdelphij#include <pwd.h>
113277Smike#include <unistd.h>
113277Smike
113277Smikestatic void	usage(void);
113277Smike
157864Sdelphij#define GET_USER_INFO do {						\
157864Sdelphij	pwd = getpwnam(username);					\
157864Sdelphij	if (pwd == NULL) {						\
157864Sdelphij		if (errno)						\
157864Sdelphij			err(1, "getpwnam: %s", username);		\
157864Sdelphij		else							\
157864Sdelphij			errx(1, "%s: no such user", username);		\
157864Sdelphij	}								\
157864Sdelphij	lcap = login_getpwclass(pwd);					\
157864Sdelphij	if (lcap == NULL)						\
157864Sdelphij		err(1, "getpwclass: %s", username);			\
194494Sbrooks	ngroups = ngroups_max;						\
157864Sdelphij	if (getgrouplist(username, pwd->pw_gid, groups, &ngroups) != 0)	\
157864Sdelphij		err(1, "getgrouplist: %s", username);			\
157864Sdelphij} while (0)
157864Sdelphij
113277Smikeint
113277Smikemain(int argc, char *argv[])
113277Smike{
192896Sjamie	struct iovec params[2];
113277Smike	int jid;
157864Sdelphij	login_cap_t *lcap = NULL;
157864Sdelphij	struct passwd *pwd = NULL;
194494Sbrooks	gid_t *groups = NULL;
185435Sbz	int ch, ngroups, uflag, Uflag;
194494Sbrooks	long ngroups_max;
192896Sjamie	char *ep, *username;
194709Sjamie
185435Sbz	ch = uflag = Uflag = 0;
192896Sjamie	username = NULL;
194494Sbrooks	ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
194494Sbrooks	if ((groups = malloc(sizeof(gid_t) * ngroups_max)) == NULL)
194494Sbrooks		err(1, "malloc");
194494Sbrooks
192896Sjamie	while ((ch = getopt(argc, argv, "nu:U:")) != -1) {
157864Sdelphij		switch (ch) {
185435Sbz		case 'n':
192896Sjamie			/* Specified name, now unused */
185435Sbz			break;
157864Sdelphij		case 'u':
157864Sdelphij			username = optarg;
157864Sdelphij			uflag = 1;
157864Sdelphij			break;
157864Sdelphij		case 'U':
157864Sdelphij			username = optarg;
157864Sdelphij			Uflag = 1;
157864Sdelphij			break;
157864Sdelphij		default:
157864Sdelphij			usage();
157864Sdelphij		}
157864Sdelphij	}
157864Sdelphij	argc -= optind;
157864Sdelphij	argv += optind;
157864Sdelphij	if (argc < 2)
113277Smike		usage();
157864Sdelphij	if (uflag && Uflag)
157864Sdelphij		usage();
157864Sdelphij	if (uflag)
157864Sdelphij		GET_USER_INFO;
192896Sjamie	jid = strtoul(argv[0], &ep, 10);
192896Sjamie	if (!*argv[0] || *ep) {
192896Sjamie		*(const void **)&params[0].iov_base = "name";
192896Sjamie		params[0].iov_len = sizeof("name");
192896Sjamie		params[1].iov_base = argv[0];
192896Sjamie		params[1].iov_len = strlen(argv[0]) + 1;
192896Sjamie		jid = jail_get(params, 2, 0);
192896Sjamie		if (jid < 0)
192896Sjamie			errx(1, "Unknown jail: %s", argv[0]);
192896Sjamie	}
113277Smike	if (jail_attach(jid) == -1)
179415Smr		err(1, "jail_attach(): %d", jid);
113277Smike	if (chdir("/") == -1)
113277Smike		err(1, "chdir(): /");
157864Sdelphij	if (username != NULL) {
157864Sdelphij		if (Uflag)
157864Sdelphij			GET_USER_INFO;
157864Sdelphij		if (setgroups(ngroups, groups) != 0)
157864Sdelphij			err(1, "setgroups");
157864Sdelphij		if (setgid(pwd->pw_gid) != 0)
157864Sdelphij			err(1, "setgid");
157864Sdelphij		if (setusercontext(lcap, pwd, pwd->pw_uid,
157864Sdelphij		    LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN) != 0)
157864Sdelphij			err(1, "setusercontext");
157864Sdelphij		login_close(lcap);
157864Sdelphij	}
157864Sdelphij	if (execvp(argv[1], argv + 1) == -1)
157864Sdelphij		err(1, "execvp(): %s", argv[1]);
113277Smike	exit(0);
113277Smike}
113277Smike
113277Smikestatic void
113277Smikeusage(void)
113277Smike{
113277Smike
192896Sjamie	fprintf(stderr, "%s\n",
192896Sjamie		"usage: jexec [-u username | -U username] jail command ...");
113277Smike	exit(1);
113277Smike}