1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Kevin Fall.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34
35 #include <sys/capsicum.h>
36 #include <sys/param.h>
37 #include <sys/stat.h>
38 #ifndef NO_UDOM_SUPPORT
39 #include <sys/socket.h>
40 #include <sys/un.h>
41 #include <netdb.h>
42 #endif
43
44 #include <capsicum_helpers.h>
45 #include <ctype.h>
46 #include <err.h>
47 #include <errno.h>
48 #include <fcntl.h>
49 #include <locale.h>
50 #include <stdio.h>
51 #include <stdlib.h>
52 #include <string.h>
53 #include <unistd.h>
54 #include <wchar.h>
55 #include <wctype.h>
56
57 #include <libcasper.h>
58 #include <casper/cap_fileargs.h>
59 #include <casper/cap_net.h>
60
61 static int bflag, eflag, lflag, nflag, sflag, tflag, vflag;
62 static int rval;
63 static const char *filename;
64 static fileargs_t *fa;
65
66 static void usage(void) __dead2;
67 static void scanfiles(char *argv[], int cooked);
68 #ifndef BOOTSTRAP_CAT
69 static void cook_cat(FILE *);
70 static ssize_t in_kernel_copy(int);
71 #endif
72 static void raw_cat(int);
73
74 #ifndef NO_UDOM_SUPPORT
75 static cap_channel_t *capnet;
76
77 static int udom_open(const char *path, int flags);
78 #endif
79
80 /*
81 * Memory strategy threshold, in pages: if physmem is larger than this,
82 * use a large buffer.
83 */
84 #define PHYSPAGES_THRESHOLD (32 * 1024)
85
86 /* Maximum buffer size in bytes - do not allow it to grow larger than this. */
87 #define BUFSIZE_MAX (2 * 1024 * 1024)
88
89 /*
90 * Small (default) buffer size in bytes. It's inefficient for this to be
91 * smaller than MAXPHYS.
92 */
93 #define BUFSIZE_SMALL (MAXPHYS)
94
95
96 /*
97 * For the bootstrapped cat binary (needed for locked appending to METALOG), we
98 * disable all flags except -l and -u to avoid non-portable function calls.
99 * In the future we may instead want to write a small portable bootstrap tool
100 * that locks the output file before writing to it. However, for now
101 * bootstrapping cat without multibyte support is the simpler solution.
102 */
103 #ifdef BOOTSTRAP_CAT
104 #define SUPPORTED_FLAGS "lu"
105 #else
106 #define SUPPORTED_FLAGS "belnstuv"
107 #endif
108
109 #ifndef NO_UDOM_SUPPORT
110 static void
init_casper_net(cap_channel_t * casper)111 init_casper_net(cap_channel_t *casper)
112 {
113 cap_net_limit_t *limit;
114 int familylimit;
115
116 capnet = cap_service_open(casper, "system.net");
117 if (capnet == NULL)
118 err(EXIT_FAILURE, "unable to create network service");
119
120 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR |
121 CAPNET_CONNECTDNS);
122 if (limit == NULL)
123 err(EXIT_FAILURE, "unable to create limits");
124
125 familylimit = AF_LOCAL;
126 cap_net_limit_name2addr_family(limit, &familylimit, 1);
127
128 if (cap_net_limit(limit) != 0)
129 err(EXIT_FAILURE, "unable to apply limits");
130 }
131 #endif
132
133 static void
init_casper(int argc,char * argv[])134 init_casper(int argc, char *argv[])
135 {
136 cap_channel_t *casper;
137 cap_rights_t rights;
138
139 casper = cap_init();
140 if (casper == NULL)
141 err(EXIT_FAILURE, "unable to create Casper");
142
143 fa = fileargs_cinit(casper, argc, argv, O_RDONLY, 0,
144 cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_FCNTL, CAP_SEEK),
145 FA_OPEN | FA_REALPATH);
146 if (fa == NULL)
147 err(EXIT_FAILURE, "unable to create fileargs");
148
149 #ifndef NO_UDOM_SUPPORT
150 init_casper_net(casper);
151 #endif
152
153 cap_close(casper);
154 }
155
156 int
main(int argc,char * argv[])157 main(int argc, char *argv[])
158 {
159 int ch;
160 struct flock stdout_lock;
161
162 setlocale(LC_CTYPE, "");
163
164 while ((ch = getopt(argc, argv, SUPPORTED_FLAGS)) != -1)
165 switch (ch) {
166 case 'b':
167 bflag = nflag = 1; /* -b implies -n */
168 break;
169 case 'e':
170 eflag = vflag = 1; /* -e implies -v */
171 break;
172 case 'l':
173 lflag = 1;
174 break;
175 case 'n':
176 nflag = 1;
177 break;
178 case 's':
179 sflag = 1;
180 break;
181 case 't':
182 tflag = vflag = 1; /* -t implies -v */
183 break;
184 case 'u':
185 setbuf(stdout, NULL);
186 break;
187 case 'v':
188 vflag = 1;
189 break;
190 default:
191 usage();
192 }
193 argv += optind;
194 argc -= optind;
195
196 if (lflag) {
197 stdout_lock.l_len = 0;
198 stdout_lock.l_start = 0;
199 stdout_lock.l_type = F_WRLCK;
200 stdout_lock.l_whence = SEEK_SET;
201 if (fcntl(STDOUT_FILENO, F_SETLKW, &stdout_lock) != 0)
202 err(EXIT_FAILURE, "stdout");
203 }
204
205 init_casper(argc, argv);
206
207 caph_cache_catpages();
208
209 if (caph_enter_casper() != 0)
210 err(EXIT_FAILURE, "capsicum");
211
212 if (bflag || eflag || nflag || sflag || tflag || vflag)
213 scanfiles(argv, 1);
214 else
215 scanfiles(argv, 0);
216 if (fclose(stdout))
217 err(1, "stdout");
218 exit(rval);
219 /* NOTREACHED */
220 }
221
222 static void
usage(void)223 usage(void)
224 {
225
226 fprintf(stderr, "usage: cat [-" SUPPORTED_FLAGS "] [file ...]\n");
227 exit(1);
228 /* NOTREACHED */
229 }
230
231 static void
scanfiles(char * argv[],int cooked __unused)232 scanfiles(char *argv[], int cooked __unused)
233 {
234 int fd, i;
235 char *path;
236 #ifndef BOOTSTRAP_CAT
237 FILE *fp;
238 #endif
239
240 i = 0;
241 fd = -1;
242 while ((path = argv[i]) != NULL || i == 0) {
243 if (path == NULL || strcmp(path, "-") == 0) {
244 filename = "stdin";
245 fd = STDIN_FILENO;
246 } else {
247 filename = path;
248 fd = fileargs_open(fa, path);
249 #ifndef NO_UDOM_SUPPORT
250 if (fd < 0 && errno == EOPNOTSUPP)
251 fd = udom_open(path, O_RDONLY);
252 #endif
253 }
254 if (fd < 0) {
255 warn("%s", path);
256 rval = 1;
257 #ifndef BOOTSTRAP_CAT
258 } else if (cooked) {
259 if (fd == STDIN_FILENO)
260 cook_cat(stdin);
261 else {
262 fp = fdopen(fd, "r");
263 cook_cat(fp);
264 fclose(fp);
265 }
266 #endif
267 } else {
268 #ifndef BOOTSTRAP_CAT
269 if (in_kernel_copy(fd) != 0) {
270 if (errno == EINVAL || errno == EBADF ||
271 errno == EISDIR)
272 raw_cat(fd);
273 else
274 err(1, "%s", filename);
275 }
276 #else
277 raw_cat(fd);
278 #endif
279 if (fd != STDIN_FILENO)
280 close(fd);
281 }
282 if (path == NULL)
283 break;
284 ++i;
285 }
286 }
287
288 #ifndef BOOTSTRAP_CAT
289 static void
cook_cat(FILE * fp)290 cook_cat(FILE *fp)
291 {
292 int ch, gobble, line, prev;
293 wint_t wch;
294
295 /* Reset EOF condition on stdin. */
296 if (fp == stdin && feof(stdin))
297 clearerr(stdin);
298
299 line = gobble = 0;
300 for (prev = '\n'; (ch = getc(fp)) != EOF; prev = ch) {
301 if (prev == '\n') {
302 if (sflag) {
303 if (ch == '\n') {
304 if (gobble)
305 continue;
306 gobble = 1;
307 } else
308 gobble = 0;
309 }
310 if (nflag) {
311 if (!bflag || ch != '\n') {
312 (void)fprintf(stdout, "%6d\t", ++line);
313 if (ferror(stdout))
314 break;
315 } else if (eflag) {
316 (void)fprintf(stdout, "%6s\t", "");
317 if (ferror(stdout))
318 break;
319 }
320 }
321 }
322 if (ch == '\n') {
323 if (eflag && putchar('$') == EOF)
324 break;
325 } else if (ch == '\t') {
326 if (tflag) {
327 if (putchar('^') == EOF || putchar('I') == EOF)
328 break;
329 continue;
330 }
331 } else if (vflag) {
332 (void)ungetc(ch, fp);
333 /*
334 * Our getwc(3) doesn't change file position
335 * on error.
336 */
337 if ((wch = getwc(fp)) == WEOF) {
338 if (ferror(fp) && errno == EILSEQ) {
339 clearerr(fp);
340 /* Resync attempt. */
341 memset(&fp->_mbstate, 0, sizeof(mbstate_t));
342 if ((ch = getc(fp)) == EOF)
343 break;
344 wch = ch;
345 goto ilseq;
346 } else
347 break;
348 }
349 if (!iswascii(wch) && !iswprint(wch)) {
350 ilseq:
351 if (putchar('M') == EOF || putchar('-') == EOF)
352 break;
353 wch = toascii(wch);
354 }
355 if (iswcntrl(wch)) {
356 ch = toascii(wch);
357 ch = (ch == '\177') ? '?' : (ch | 0100);
358 if (putchar('^') == EOF || putchar(ch) == EOF)
359 break;
360 continue;
361 }
362 if (putwchar(wch) == WEOF)
363 break;
364 ch = -1;
365 continue;
366 }
367 if (putchar(ch) == EOF)
368 break;
369 }
370 if (ferror(fp)) {
371 warn("%s", filename);
372 rval = 1;
373 clearerr(fp);
374 }
375 if (ferror(stdout))
376 err(1, "stdout");
377 }
378
379 static ssize_t
in_kernel_copy(int rfd)380 in_kernel_copy(int rfd)
381 {
382 int wfd;
383 ssize_t ret;
384
385 wfd = fileno(stdout);
386 ret = 1;
387
388 while (ret > 0)
389 ret = copy_file_range(rfd, NULL, wfd, NULL, SSIZE_MAX, 0);
390
391 return (ret);
392 }
393 #endif /* BOOTSTRAP_CAT */
394
395 static void
raw_cat(int rfd)396 raw_cat(int rfd)
397 {
398 long pagesize;
399 int off, wfd;
400 ssize_t nr, nw;
401 static size_t bsize;
402 static char *buf = NULL;
403 struct stat sbuf;
404
405 wfd = fileno(stdout);
406 if (buf == NULL) {
407 if (fstat(wfd, &sbuf))
408 err(1, "stdout");
409 if (S_ISREG(sbuf.st_mode)) {
410 /* If there's plenty of RAM, use a large copy buffer */
411 if (sysconf(_SC_PHYS_PAGES) > PHYSPAGES_THRESHOLD)
412 bsize = MIN(BUFSIZE_MAX, MAXPHYS * 8);
413 else
414 bsize = BUFSIZE_SMALL;
415 } else {
416 bsize = sbuf.st_blksize;
417 pagesize = sysconf(_SC_PAGESIZE);
418 if (pagesize > 0)
419 bsize = MAX(bsize, (size_t)pagesize);
420 }
421 if ((buf = malloc(bsize)) == NULL)
422 err(1, "malloc() failure of IO buffer");
423 }
424 while ((nr = read(rfd, buf, bsize)) > 0)
425 for (off = 0; nr; nr -= nw, off += nw)
426 if ((nw = write(wfd, buf + off, (size_t)nr)) < 0)
427 err(1, "stdout");
428 if (nr < 0) {
429 warn("%s", filename);
430 rval = 1;
431 }
432 }
433
434 #ifndef NO_UDOM_SUPPORT
435
436 static int
udom_open(const char * path,int flags)437 udom_open(const char *path, int flags)
438 {
439 struct addrinfo hints, *res, *res0;
440 char rpath[PATH_MAX];
441 int error, fd, serrno;
442 cap_rights_t rights;
443
444 /*
445 * Construct the unix domain socket address and attempt to connect.
446 */
447 bzero(&hints, sizeof(hints));
448 hints.ai_family = AF_LOCAL;
449
450 if (fileargs_realpath(fa, path, rpath) == NULL)
451 return (-1);
452
453 error = cap_getaddrinfo(capnet, rpath, NULL, &hints, &res0);
454 if (error) {
455 warn("%s", gai_strerror(error));
456 errno = EINVAL;
457 return (-1);
458 }
459 cap_rights_init(&rights, CAP_CONNECT, CAP_READ, CAP_WRITE,
460 CAP_SHUTDOWN, CAP_FSTAT, CAP_FCNTL);
461
462 /* Default error if something goes wrong. */
463 serrno = EINVAL;
464
465 for (res = res0; res != NULL; res = res->ai_next) {
466 fd = socket(res->ai_family, res->ai_socktype,
467 res->ai_protocol);
468 if (fd < 0) {
469 serrno = errno;
470 freeaddrinfo(res0);
471 errno = serrno;
472 return (-1);
473 }
474 if (caph_rights_limit(fd, &rights) != 0) {
475 serrno = errno;
476 close(fd);
477 freeaddrinfo(res0);
478 errno = serrno;
479 return (-1);
480 }
481 error = cap_connect(capnet, fd, res->ai_addr, res->ai_addrlen);
482 if (error == 0)
483 break;
484 else {
485 serrno = errno;
486 close(fd);
487 }
488 }
489 freeaddrinfo(res0);
490
491 if (res == NULL) {
492 errno = serrno;
493 return (-1);
494 }
495
496 /*
497 * handle the open flags by shutting down appropriate directions
498 */
499
500 switch (flags & O_ACCMODE) {
501 case O_RDONLY:
502 cap_rights_clear(&rights, CAP_WRITE);
503 if (shutdown(fd, SHUT_WR) != 0)
504 warn(NULL);
505 break;
506 case O_WRONLY:
507 cap_rights_clear(&rights, CAP_READ);
508 if (shutdown(fd, SHUT_RD) != 0)
509 warn(NULL);
510 break;
511 default:
512 break;
513 }
514
515 cap_rights_clear(&rights, CAP_CONNECT, CAP_SHUTDOWN);
516 if (caph_rights_limit(fd, &rights) != 0) {
517 serrno = errno;
518 close(fd);
519 errno = serrno;
520 return (-1);
521 }
522 return (fd);
523 }
524
525 #endif
526