1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org>
5 * Copyright (c) 2008 Bjoern A. Zeeb <bz@FreeBSD.org>
6 * Copyright (c) 2009 James Gritton <jamie@FreeBSD.org>
7 * Copyright (c) 2015 Emmanuel Vadot <manu@bocal.org>
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/param.h>
33 #include <sys/jail.h>
34 #include <sys/socket.h>
35 #include <sys/sysctl.h>
36
37 #include <arpa/inet.h>
38 #include <netinet/in.h>
39
40 #include <assert.h>
41 #include <ctype.h>
42 #include <errno.h>
43 #include <jail.h>
44 #include <limits.h>
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <string.h>
48 #include <unistd.h>
49 #include <libxo/xo.h>
50
51 #define JP_USER 0x01000000
52 #define JP_OPT 0x02000000
53
54 #define JLS_XO_VERSION "2"
55
56 #define PRINT_DEFAULT 0x01
57 #define PRINT_HEADER 0x02
58 #define PRINT_NAMEVAL 0x04
59 #define PRINT_QUOTED 0x08
60 #define PRINT_SKIP 0x10
61 #define PRINT_VERBOSE 0x20
62 #define PRINT_JAIL_NAME 0x40
63 #define PRINT_EXISTS 0x80
64
65 static struct jailparam *params;
66 static int *param_parent;
67 static int nparams;
68 #ifdef INET6
69 static int ip6_ok;
70 #endif
71 #ifdef INET
72 static int ip4_ok;
73 #endif
74
75 static int add_param(const char *name, void *value, size_t valuelen,
76 struct jailparam *source, unsigned flags);
77 static int sort_param(const void *a, const void *b);
78 static char *noname(const char *name);
79 static char *nononame(const char *name);
80 static int print_jail(int pflags, int jflags);
81 static int special_print(int pflags, struct jailparam *param);
82 static void quoted_print(int pflags, char *name, char *value);
83 static void emit_ip_addr_list(int af_family, const char *list_name,
84 struct jailparam *param);
85
86 static void
usage(void)87 usage(void)
88 {
89 xo_errx(1,
90 "usage: jls [-dhNnqv] [-j jail] [param ...]\n"
91 " jls -c [-d] -j jail");
92 }
93
94 int
main(int argc,char ** argv)95 main(int argc, char **argv)
96 {
97 char *dot, *ep, *jname, *pname;
98 int c, i, jflags, jid, lastjid, pflags, spc;
99
100 argc = xo_parse_args(argc, argv);
101 if (argc < 0)
102 exit(1);
103
104 xo_set_version(JLS_XO_VERSION);
105 jname = NULL;
106 pflags = jflags = jid = 0;
107 while ((c = getopt(argc, argv, "acdj:hNnqsv")) >= 0)
108 switch (c) {
109 case 'a':
110 case 'd':
111 jflags |= JAIL_DYING;
112 break;
113 case 'c':
114 pflags |= PRINT_EXISTS;
115 break;
116 case 'j':
117 jid = strtoul(optarg, &ep, 10);
118 if (!jid || *ep) {
119 jid = 0;
120 jname = optarg;
121 }
122 break;
123 case 'h':
124 pflags = (pflags & ~(PRINT_SKIP | PRINT_VERBOSE)) |
125 PRINT_HEADER;
126 break;
127 case 'N':
128 pflags |= PRINT_JAIL_NAME;
129 break;
130 case 'n':
131 pflags = (pflags & ~PRINT_VERBOSE) | PRINT_NAMEVAL;
132 break;
133 case 'q':
134 pflags |= PRINT_QUOTED;
135 break;
136 case 's':
137 pflags = (pflags & ~(PRINT_HEADER | PRINT_VERBOSE)) |
138 PRINT_NAMEVAL | PRINT_QUOTED | PRINT_SKIP;
139 break;
140 case 'v':
141 pflags = (pflags &
142 ~(PRINT_HEADER | PRINT_NAMEVAL | PRINT_SKIP)) |
143 PRINT_VERBOSE;
144 break;
145 default:
146 usage();
147 }
148
149 #ifdef INET6
150 ip6_ok = feature_present("inet6");
151 #endif
152 #ifdef INET
153 ip4_ok = feature_present("inet");
154 #endif
155
156 argc -= optind;
157 argv += optind;
158
159 /* Add the parameters to print. */
160 if ((pflags & PRINT_EXISTS) != 0) {
161 if ((pflags & ~PRINT_EXISTS) != 0) {
162 xo_warnx("-c is incompatible with other print options");
163 usage();
164 } else if (argc != 0) {
165 xo_warnx("-c does not accept non-option arguments");
166 usage();
167 } else if (jid == 0 && jname == NULL) {
168 xo_warnx("-j jail to check must be provided for -c");
169 usage();
170 }
171
172 /*
173 * Force libxo to be silent, as well -- we're only wanting our
174 * exit status.
175 */
176 xo_set_style(NULL, XO_STYLE_TEXT);
177 } else if (argc == 0) {
178 if (pflags & (PRINT_HEADER | PRINT_NAMEVAL))
179 add_param("all", NULL, (size_t)0, NULL, JP_USER);
180 else if (pflags & PRINT_VERBOSE) {
181 add_param("jid", NULL, (size_t)0, NULL, JP_USER);
182 add_param("host.hostname", NULL, (size_t)0, NULL,
183 JP_USER);
184 add_param("path", NULL, (size_t)0, NULL, JP_USER);
185 add_param("name", NULL, (size_t)0, NULL, JP_USER);
186 add_param("dying", NULL, (size_t)0, NULL, JP_USER);
187 add_param("cpuset.id", NULL, (size_t)0, NULL, JP_USER);
188 #ifdef INET
189 if (ip4_ok)
190 add_param("ip4.addr", NULL, (size_t)0, NULL,
191 JP_USER);
192 #endif
193 #ifdef INET6
194 if (ip6_ok)
195 add_param("ip6.addr", NULL, (size_t)0, NULL,
196 JP_USER | JP_OPT);
197 #endif
198 } else {
199 pflags |= PRINT_DEFAULT;
200 if (pflags & PRINT_JAIL_NAME)
201 add_param("name", NULL, (size_t)0, NULL, JP_USER);
202 else
203 add_param("jid", NULL, (size_t)0, NULL, JP_USER);
204 #ifdef INET
205 if (ip4_ok)
206 add_param("ip4.addr", NULL, (size_t)0, NULL,
207 JP_USER);
208 #endif
209 add_param("host.hostname", NULL, (size_t)0, NULL,
210 JP_USER);
211 add_param("path", NULL, (size_t)0, NULL, JP_USER);
212 }
213 } else {
214 pflags &= ~PRINT_VERBOSE;
215 for (i = 0; i < argc; i++)
216 add_param(argv[i], NULL, (size_t)0, NULL, JP_USER);
217 }
218
219 if (pflags & PRINT_SKIP) {
220 /* Check for parameters with jailsys parents. */
221 for (i = 0; i < nparams; i++) {
222 if ((params[i].jp_flags & JP_USER) &&
223 (dot = strchr(params[i].jp_name, '.'))) {
224 pname = alloca((dot - params[i].jp_name) + 1);
225 strlcpy(pname, params[i].jp_name,
226 (dot - params[i].jp_name) + 1);
227 param_parent[i] = add_param(pname,
228 NULL, (size_t)0, NULL, JP_OPT);
229 }
230 }
231 }
232
233 /* Add the index key parameters. */
234 if (jid != 0)
235 add_param("jid", &jid, sizeof(jid), NULL, 0);
236 else if (jname != NULL)
237 add_param("name", jname, strlen(jname), NULL, 0);
238 else
239 add_param("lastjid", &lastjid, sizeof(lastjid), NULL, 0);
240
241 /* Print a header line if requested. */
242 if (pflags & PRINT_VERBOSE) {
243 xo_emit("{T:/%3s}{T:JID}{P: }{T:Hostname}{Pd:/%22s}{T:Path}\n",
244 "", "");
245 xo_emit("{P:/%8s}{T:Name}{Pd:/%26s}{T:State}\n", "", "");
246 xo_emit("{P:/%8s}{T:CPUSetID}\n", "");
247 xo_emit("{P:/%8s}{T:IP Address(es)}\n", "");
248 }
249 else if (pflags & PRINT_DEFAULT)
250 if (pflags & PRINT_JAIL_NAME)
251 xo_emit("{P: }{T:JID/%-15s}{P: }{T:IP Address/%-15s}"
252 "{P: }{T:Hostname/%-29s}{P: }{T:Path}\n");
253 else
254 xo_emit("{T:JID/%6s}{P: }{T:IP Address}{P:/%6s}"
255 "{T:Hostname}{P:/%22s}{T:Path}\n", "", "");
256 else if (pflags & PRINT_HEADER) {
257 for (i = spc = 0; i < nparams; i++)
258 if (params[i].jp_flags & JP_USER) {
259 if (spc)
260 xo_emit("{P: }");
261 else
262 spc = 1;
263 xo_emit(params[i].jp_name);
264 }
265 xo_emit("{P:\n}");
266 }
267
268 xo_open_container("jail-information");
269 xo_open_list("jail");
270 /* Fetch the jail(s) and print the parameters. */
271 if (jid != 0 || jname != NULL) {
272 if (print_jail(pflags, jflags) < 0) {
273 /*
274 * We omit errors from existential issues if we're just
275 * doing a -c check that the jail exists.
276 */
277 if (pflags & PRINT_EXISTS)
278 exit(1);
279 xo_errx(1, "%s", jail_errmsg);
280 }
281 } else {
282 assert((pflags & PRINT_EXISTS) == 0);
283 for (lastjid = 0;
284 (lastjid = print_jail(pflags, jflags)) >= 0; )
285 ;
286 if (errno != 0 && errno != ENOENT)
287 xo_errx(1, "%s", jail_errmsg);
288 }
289 xo_close_list("jail");
290 xo_close_container("jail-information");
291 if (xo_finish() < 0)
292 xo_err(1, "stdout");
293 exit(0);
294 }
295
296 static int
add_param(const char * name,void * value,size_t valuelen,struct jailparam * source,unsigned flags)297 add_param(const char *name, void *value, size_t valuelen,
298 struct jailparam *source, unsigned flags)
299 {
300 struct jailparam *param, *tparams;
301 int i, tnparams;
302
303 static int paramlistsize;
304
305 /* The pseudo-parameter "all" scans the list of available parameters. */
306 if (!strcmp(name, "all")) {
307 tnparams = jailparam_all(&tparams);
308 if (tnparams < 0)
309 xo_errx(1, "%s", jail_errmsg);
310 qsort(tparams, (size_t)tnparams, sizeof(struct jailparam),
311 sort_param);
312 for (i = 0; i < tnparams; i++)
313 add_param(tparams[i].jp_name, NULL, (size_t)0,
314 tparams + i, flags);
315 free(tparams);
316 return -1;
317 }
318
319 /* Check for repeat parameters. */
320 for (i = 0; i < nparams; i++)
321 if (!strcmp(name, params[i].jp_name)) {
322 if (value != NULL && jailparam_import_raw(params + i,
323 value, valuelen) < 0)
324 xo_errx(1, "%s", jail_errmsg);
325 params[i].jp_flags |= flags;
326 if (source != NULL)
327 jailparam_free(source, 1);
328 return i;
329 }
330
331 /* Make sure there is room for the new param record. */
332 if (!nparams) {
333 paramlistsize = 32;
334 params = malloc(paramlistsize * sizeof(*params));
335 param_parent = malloc(paramlistsize * sizeof(*param_parent));
336 if (params == NULL || param_parent == NULL)
337 xo_err(1, "malloc");
338 } else if (nparams >= paramlistsize) {
339 paramlistsize *= 2;
340 params = realloc(params, paramlistsize * sizeof(*params));
341 param_parent = realloc(param_parent,
342 paramlistsize * sizeof(*param_parent));
343 if (params == NULL || param_parent == NULL)
344 xo_err(1, "realloc");
345 }
346
347 /* Look up the parameter. */
348 param_parent[nparams] = -1;
349 param = params + nparams++;
350 if (source != NULL) {
351 *param = *source;
352 param->jp_flags |= flags;
353 return param - params;
354 }
355 if (jailparam_init(param, name) < 0 ||
356 (value != NULL ? jailparam_import_raw(param, value, valuelen)
357 : jailparam_import(param, value)) < 0) {
358 if (flags & JP_OPT) {
359 nparams--;
360 return (-1);
361 }
362 xo_errx(1, "%s", jail_errmsg);
363 }
364 param->jp_flags |= flags;
365 return param - params;
366 }
367
368 static int
sort_param(const void * a,const void * b)369 sort_param(const void *a, const void *b)
370 {
371 const struct jailparam *parama, *paramb;
372 char *ap, *bp;
373
374 /* Put top-level parameters first. */
375 parama = a;
376 paramb = b;
377 ap = strchr(parama->jp_name, '.');
378 bp = strchr(paramb->jp_name, '.');
379 if (ap && !bp)
380 return (1);
381 if (bp && !ap)
382 return (-1);
383 return (strcmp(parama->jp_name, paramb->jp_name));
384 }
385
386 static char *
noname(const char * name)387 noname(const char *name)
388 {
389 char *nname, *p;
390
391 nname = malloc(strlen(name) + 3);
392 if (nname == NULL)
393 xo_err(1, "malloc");
394 p = strrchr(name, '.');
395 if (p != NULL)
396 sprintf(nname, "%.*s.no%s", (int)(p - name), name, p + 1);
397 else
398 sprintf(nname, "no%s", name);
399 return nname;
400 }
401
402 static char *
nononame(const char * name)403 nononame(const char *name)
404 {
405 char *nname, *p;
406
407 p = strrchr(name, '.');
408 if (strncmp(p ? p + 1 : name, "no", 2))
409 return NULL;
410 nname = malloc(strlen(name) - 1);
411 if (nname == NULL)
412 xo_err(1, "malloc");
413 if (p != NULL)
414 sprintf(nname, "%.*s.%s", (int)(p - name), name, p + 3);
415 else
416 strcpy(nname, name + 2);
417 return nname;
418 }
419
420 static int
print_jail(int pflags,int jflags)421 print_jail(int pflags, int jflags)
422 {
423 char *nname, *xo_nname;
424 char **param_values;
425 int i, jid, spc;
426 #if (defined INET || defined INET6)
427 int n;
428 #endif
429
430 jid = jailparam_get(params, nparams, jflags);
431 if (jid < 0)
432 return jid;
433 else if (pflags & PRINT_EXISTS)
434 return 0;
435
436 xo_open_instance("jail");
437
438 if (pflags & PRINT_VERBOSE) {
439 xo_emit("{:jid/%6d}{P: }{:hostname/%-29.29s/%s}{P: }"
440 "{:path/%.74s/%s}\n",
441 *(int *)params[0].jp_value,
442 (char *)params[1].jp_value,
443 (char *)params[2].jp_value);
444 xo_emit("{P: }{:name/%-29.29s/%s}{P: }{:state/%.74s}\n",
445 (char *)params[3].jp_value,
446 *(int *)params[4].jp_value ? "DYING" : "ACTIVE");
447 xo_emit("{P: }{:cpusetid/%d}\n", *(int *)params[5].jp_value);
448 #if (defined INET || defined INET6)
449 n = 6;
450 #endif
451 #ifdef INET
452 if (ip4_ok && !strcmp(params[n].jp_name, "ip4.addr")) {
453 emit_ip_addr_list(AF_INET, "ipv4_addrs", params + n);
454 n++;
455 }
456 #endif
457 #ifdef INET6
458 if (ip6_ok && !strcmp(params[n].jp_name, "ip6.addr")) {
459 emit_ip_addr_list(AF_INET6, "ipv6_addrs", params + n);
460 n++;
461 }
462 #endif
463 } else if (pflags & PRINT_DEFAULT) {
464 if (pflags & PRINT_JAIL_NAME)
465 xo_emit("{P: }{:name/%-15s/%s}{P: }",
466 (char *)params[0].jp_value);
467 else
468 xo_emit("{:jid/%6d}{P: }", *(int *)params[0].jp_value);
469 xo_emit("{:ipv4/%-15.15s/%s}{P: }{:hostname/%-29.29s/%s}{P: }{:path/%.74s/%s}\n",
470 #ifdef INET
471 (!ip4_ok || params[1].jp_valuelen == 0) ? ""
472 : inet_ntoa(*(struct in_addr *)params[1].jp_value),
473 (char *)params[2-!ip4_ok].jp_value,
474 (char *)params[3-!ip4_ok].jp_value);
475 #else
476 "-",
477 (char *)params[1].jp_value,
478 (char *)params[2].jp_value);
479 #endif
480 } else {
481 param_values = alloca(nparams * sizeof(*param_values));
482 for (i = 0; i < nparams; i++) {
483 if (!(params[i].jp_flags & JP_USER))
484 continue;
485 param_values[i] = jailparam_export(params + i);
486 if (param_values[i] == NULL)
487 xo_errx(1, "%s", jail_errmsg);
488 }
489 for (i = spc = 0; i < nparams; i++) {
490 if (!(params[i].jp_flags & JP_USER))
491 continue;
492 if ((pflags & PRINT_SKIP) &&
493 !(params[i].jp_flags & JP_KEYVALUE) &&
494 ((!(params[i].jp_ctltype &
495 (CTLFLAG_WR | CTLFLAG_TUN))) ||
496 (param_parent[i] >= 0 &&
497 *(int *)params[param_parent[i]].jp_value !=
498 JAIL_SYS_NEW)))
499 continue;
500 if (spc)
501 xo_emit("{P: }");
502 else
503 spc = 1;
504 if ((params[i].jp_flags & JP_KEYVALUE) &&
505 params[i].jp_valuelen == 0) {
506 /* Communicate back a missing key. */
507 if (pflags & PRINT_NAMEVAL)
508 xo_emit("{d:%s}", params[i].jp_name);
509 continue;
510 }
511 if (pflags & PRINT_NAMEVAL) {
512 /*
513 * Generally "name=value", but for booleans
514 * either "name" or "noname".
515 */
516 if (params[i].jp_flags &
517 (JP_BOOL | JP_NOBOOL)) {
518 if (*(int *)params[i].jp_value) {
519 asprintf(&xo_nname, "{en:%s/true}", params[i].jp_name);
520 xo_emit(xo_nname);
521 xo_emit("{d:/%s}", params[i].jp_name);
522 }
523 else {
524 nname = (params[i].jp_flags &
525 JP_NOBOOL) ?
526 nononame(params[i].jp_name)
527 : noname(params[i].jp_name);
528 if (params[i].jp_flags & JP_NOBOOL) {
529 asprintf(&xo_nname, "{en:%s/true}", params[i].jp_name);
530 xo_emit(xo_nname);
531 } else {
532 asprintf(&xo_nname, "{en:%s/false}", params[i].jp_name);
533 xo_emit(xo_nname);
534 }
535 xo_emit("{d:/%s}", nname);
536 free(nname);
537 }
538 free(xo_nname);
539 continue;
540 }
541 xo_emit("{d:%s}=", params[i].jp_name);
542 }
543 if (!special_print(pflags, params + i))
544 quoted_print(pflags, params[i].jp_name, param_values[i]);
545 }
546 xo_emit("{P:\n}");
547 for (i = 0; i < nparams; i++)
548 if (params[i].jp_flags & JP_USER)
549 free(param_values[i]);
550 }
551
552 xo_close_instance("jail");
553 return (jid);
554 }
555
556 static void
quoted_print(int pflags,char * name,char * value)557 quoted_print(int pflags, char *name, char *value)
558 {
559 int qc;
560 char *p = value;
561
562 /* An empty string needs quoting. */
563 if (!*p) {
564 xo_emit("{ea:/%s}{da:/\"\"}", name, value, name);
565 return;
566 }
567
568 /*
569 * The value will be surrounded by quotes if it contains
570 * whitespace or quotes.
571 */
572 if (strchr(p, '\''))
573 qc = '"';
574 else if (strchr(p, '"'))
575 qc = '\'';
576 else {
577 qc = 0;
578 for (; *p; ++p)
579 if (isspace(*p)) {
580 qc = '"';
581 break;
582 }
583 }
584
585 if (qc && pflags & PRINT_QUOTED)
586 xo_emit("{P:/%c}", qc);
587
588 xo_emit("{a:/%s}", name, value);
589
590 if (qc && pflags & PRINT_QUOTED)
591 xo_emit("{P:/%c}", qc);
592 }
593
594 static int
special_print(int pflags,struct jailparam * param)595 special_print(int pflags, struct jailparam *param)
596 {
597 int ip_as_list;
598
599 switch (xo_get_style(NULL)) {
600 case XO_STYLE_JSON:
601 case XO_STYLE_XML:
602 ip_as_list = 1;
603 break;
604 default:
605 ip_as_list = 0;
606 }
607
608 if (!ip_as_list && param->jp_valuelen == 0) {
609 if (pflags & PRINT_QUOTED)
610 xo_emit("{P:\"\"}");
611 else if (!(pflags & PRINT_NAMEVAL))
612 xo_emit("{P:-}");
613 } else if (ip_as_list && !strcmp(param->jp_name, "ip4.addr")) {
614 emit_ip_addr_list(AF_INET, param->jp_name, param);
615 } else if (ip_as_list && !strcmp(param->jp_name, "ip6.addr")) {
616 emit_ip_addr_list(AF_INET6, param->jp_name, param);
617 } else {
618 return 0;
619 }
620
621 return 1;
622 }
623
624 static void
emit_ip_addr_list(int af_family,const char * list_name,struct jailparam * param)625 emit_ip_addr_list(int af_family, const char *list_name, struct jailparam *param)
626 {
627 char ipbuf[INET6_ADDRSTRLEN];
628 size_t addr_len;
629 const char *emit_str;
630 int ai, count;
631
632 switch (af_family) {
633 case AF_INET:
634 addr_len = sizeof(struct in_addr);
635 emit_str = "{P: }{ql:ipv4_addr}{P:\n}";
636 break;
637 case AF_INET6:
638 addr_len = sizeof(struct in6_addr);
639 emit_str = "{P: }{ql:ipv6_addr}{P:\n}";
640 break;
641 default:
642 xo_err(1, "unsupported af_family");
643 return;
644 }
645
646 count = param->jp_valuelen / addr_len;
647
648 xo_open_list(list_name);
649 for (ai = 0; ai < count; ai++) {
650 if (inet_ntop(af_family,
651 ((uint8_t *)param->jp_value) + addr_len * ai,
652 ipbuf, sizeof(ipbuf)) == NULL) {
653 xo_err(1, "inet_ntop");
654 } else {
655 xo_emit(emit_str, ipbuf);
656 }
657 }
658 xo_close_list(list_name);
659 }
660