1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Kevin Fall. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #include <sys/capsicum.h> 36 #include <sys/param.h> 37 #include <sys/stat.h> 38 #ifndef NO_UDOM_SUPPORT 39 #include <sys/socket.h> 40 #include <sys/un.h> 41 #include <netdb.h> 42 #endif 43 44 #include <capsicum_helpers.h> 45 #include <ctype.h> 46 #include <err.h> 47 #include <errno.h> 48 #include <fcntl.h> 49 #include <locale.h> 50 #include <stdio.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <unistd.h> 54 #include <wchar.h> 55 #include <wctype.h> 56 57 #include <libcasper.h> 58 #include <casper/cap_fileargs.h> 59 #include <casper/cap_net.h> 60 61 static int bflag, eflag, lflag, nflag, sflag, tflag, vflag; 62 static int rval; 63 static const char *filename; 64 static fileargs_t *fa; 65 66 static void usage(void) __dead2; 67 static void scanfiles(char *argv[], int cooked); 68 #ifndef BOOTSTRAP_CAT 69 static void cook_cat(FILE *); 70 static ssize_t in_kernel_copy(int); 71 #endif 72 static void raw_cat(int); 73 74 #ifndef NO_UDOM_SUPPORT 75 static cap_channel_t *capnet; 76 77 static int udom_open(const char *path, int flags); 78 #endif 79 80 /* 81 * Memory strategy threshold, in pages: if physmem is larger than this, 82 * use a large buffer. 83 */ 84 #define PHYSPAGES_THRESHOLD (32 * 1024) 85 86 /* Maximum buffer size in bytes - do not allow it to grow larger than this. */ 87 #define BUFSIZE_MAX (2 * 1024 * 1024) 88 89 /* 90 * Small (default) buffer size in bytes. It's inefficient for this to be 91 * smaller than MAXPHYS. 92 */ 93 #define BUFSIZE_SMALL (MAXPHYS) 94 95 96 /* 97 * For the bootstrapped cat binary (needed for locked appending to METALOG), we 98 * disable all flags except -l and -u to avoid non-portable function calls. 99 * In the future we may instead want to write a small portable bootstrap tool 100 * that locks the output file before writing to it. However, for now 101 * bootstrapping cat without multibyte support is the simpler solution. 102 */ 103 #ifdef BOOTSTRAP_CAT 104 #define SUPPORTED_FLAGS "lu" 105 #else 106 #define SUPPORTED_FLAGS "belnstuv" 107 #endif 108 109 #ifndef NO_UDOM_SUPPORT 110 static void 111 init_casper_net(cap_channel_t *casper) 112 { 113 cap_net_limit_t *limit; 114 int familylimit; 115 116 capnet = cap_service_open(casper, "system.net"); 117 if (capnet == NULL) 118 err(EXIT_FAILURE, "unable to create network service"); 119 120 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR | 121 CAPNET_CONNECTDNS); 122 if (limit == NULL) 123 err(EXIT_FAILURE, "unable to create limits"); 124 125 familylimit = AF_LOCAL; 126 cap_net_limit_name2addr_family(limit, &familylimit, 1); 127 128 if (cap_net_limit(limit) < 0) 129 err(EXIT_FAILURE, "unable to apply limits"); 130 } 131 #endif 132 133 static void 134 init_casper(int argc, char *argv[]) 135 { 136 cap_channel_t *casper; 137 cap_rights_t rights; 138 139 casper = cap_init(); 140 if (casper == NULL) 141 err(EXIT_FAILURE, "unable to create Casper"); 142 143 fa = fileargs_cinit(casper, argc, argv, O_RDONLY, 0, 144 cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_FCNTL, CAP_SEEK), 145 FA_OPEN | FA_REALPATH); 146 if (fa == NULL) 147 err(EXIT_FAILURE, "unable to create fileargs"); 148 149 #ifndef NO_UDOM_SUPPORT 150 init_casper_net(casper); 151 #endif 152 153 cap_close(casper); 154 } 155 156 int 157 main(int argc, char *argv[]) 158 { 159 int ch; 160 struct flock stdout_lock; 161 162 setlocale(LC_CTYPE, ""); 163 164 while ((ch = getopt(argc, argv, SUPPORTED_FLAGS)) != -1) 165 switch (ch) { 166 case 'b': 167 bflag = nflag = 1; /* -b implies -n */ 168 break; 169 case 'e': 170 eflag = vflag = 1; /* -e implies -v */ 171 break; 172 case 'l': 173 lflag = 1; 174 break; 175 case 'n': 176 nflag = 1; 177 break; 178 case 's': 179 sflag = 1; 180 break; 181 case 't': 182 tflag = vflag = 1; /* -t implies -v */ 183 break; 184 case 'u': 185 setbuf(stdout, NULL); 186 break; 187 case 'v': 188 vflag = 1; 189 break; 190 default: 191 usage(); 192 } 193 argv += optind; 194 argc -= optind; 195 196 if (lflag) { 197 stdout_lock.l_len = 0; 198 stdout_lock.l_start = 0; 199 stdout_lock.l_type = F_WRLCK; 200 stdout_lock.l_whence = SEEK_SET; 201 if (fcntl(STDOUT_FILENO, F_SETLKW, &stdout_lock) == -1) 202 err(EXIT_FAILURE, "stdout"); 203 } 204 205 init_casper(argc, argv); 206 207 caph_cache_catpages(); 208 209 if (caph_enter_casper() < 0) 210 err(EXIT_FAILURE, "capsicum"); 211 212 if (bflag || eflag || nflag || sflag || tflag || vflag) 213 scanfiles(argv, 1); 214 else 215 scanfiles(argv, 0); 216 if (fclose(stdout)) 217 err(1, "stdout"); 218 exit(rval); 219 /* NOTREACHED */ 220 } 221 222 static void 223 usage(void) 224 { 225 226 fprintf(stderr, "usage: cat [-" SUPPORTED_FLAGS "] [file ...]\n"); 227 exit(1); 228 /* NOTREACHED */ 229 } 230 231 static void 232 scanfiles(char *argv[], int cooked __unused) 233 { 234 int fd, i; 235 char *path; 236 #ifndef BOOTSTRAP_CAT 237 FILE *fp; 238 #endif 239 240 i = 0; 241 fd = -1; 242 while ((path = argv[i]) != NULL || i == 0) { 243 if (path == NULL || strcmp(path, "-") == 0) { 244 filename = "stdin"; 245 fd = STDIN_FILENO; 246 } else { 247 filename = path; 248 fd = fileargs_open(fa, path); 249 #ifndef NO_UDOM_SUPPORT 250 if (fd < 0 && errno == EOPNOTSUPP) 251 fd = udom_open(path, O_RDONLY); 252 #endif 253 } 254 if (fd < 0) { 255 warn("%s", path); 256 rval = 1; 257 #ifndef BOOTSTRAP_CAT 258 } else if (cooked) { 259 if (fd == STDIN_FILENO) 260 cook_cat(stdin); 261 else { 262 fp = fdopen(fd, "r"); 263 cook_cat(fp); 264 fclose(fp); 265 } 266 #endif 267 } else { 268 #ifndef BOOTSTRAP_CAT 269 if (in_kernel_copy(fd) == -1) { 270 if (errno == EINVAL || errno == EBADF || 271 errno == EISDIR) 272 raw_cat(fd); 273 else 274 err(1, "stdout"); 275 } 276 #else 277 raw_cat(fd); 278 #endif 279 if (fd != STDIN_FILENO) 280 close(fd); 281 } 282 if (path == NULL) 283 break; 284 ++i; 285 } 286 } 287 288 #ifndef BOOTSTRAP_CAT 289 static void 290 cook_cat(FILE *fp) 291 { 292 int ch, gobble, line, prev; 293 wint_t wch; 294 295 /* Reset EOF condition on stdin. */ 296 if (fp == stdin && feof(stdin)) 297 clearerr(stdin); 298 299 line = gobble = 0; 300 for (prev = '\n'; (ch = getc(fp)) != EOF; prev = ch) { 301 if (prev == '\n') { 302 if (sflag) { 303 if (ch == '\n') { 304 if (gobble) 305 continue; 306 gobble = 1; 307 } else 308 gobble = 0; 309 } 310 if (nflag) { 311 if (!bflag || ch != '\n') { 312 (void)fprintf(stdout, "%6d\t", ++line); 313 if (ferror(stdout)) 314 break; 315 } else if (eflag) { 316 (void)fprintf(stdout, "%6s\t", ""); 317 if (ferror(stdout)) 318 break; 319 } 320 } 321 } 322 if (ch == '\n') { 323 if (eflag && putchar('$') == EOF) 324 break; 325 } else if (ch == '\t') { 326 if (tflag) { 327 if (putchar('^') == EOF || putchar('I') == EOF) 328 break; 329 continue; 330 } 331 } else if (vflag) { 332 (void)ungetc(ch, fp); 333 /* 334 * Our getwc(3) doesn't change file position 335 * on error. 336 */ 337 if ((wch = getwc(fp)) == WEOF) { 338 if (ferror(fp) && errno == EILSEQ) { 339 clearerr(fp); 340 /* Resync attempt. */ 341 memset(&fp->_mbstate, 0, sizeof(mbstate_t)); 342 if ((ch = getc(fp)) == EOF) 343 break; 344 wch = ch; 345 goto ilseq; 346 } else 347 break; 348 } 349 if (!iswascii(wch) && !iswprint(wch)) { 350 ilseq: 351 if (putchar('M') == EOF || putchar('-') == EOF) 352 break; 353 wch = toascii(wch); 354 } 355 if (iswcntrl(wch)) { 356 ch = toascii(wch); 357 ch = (ch == '\177') ? '?' : (ch | 0100); 358 if (putchar('^') == EOF || putchar(ch) == EOF) 359 break; 360 continue; 361 } 362 if (putwchar(wch) == WEOF) 363 break; 364 ch = -1; 365 continue; 366 } 367 if (putchar(ch) == EOF) 368 break; 369 } 370 if (ferror(fp)) { 371 warn("%s", filename); 372 rval = 1; 373 clearerr(fp); 374 } 375 if (ferror(stdout)) 376 err(1, "stdout"); 377 } 378 379 static ssize_t 380 in_kernel_copy(int rfd) 381 { 382 int wfd; 383 ssize_t ret; 384 385 wfd = fileno(stdout); 386 ret = 1; 387 388 while (ret > 0) 389 ret = copy_file_range(rfd, NULL, wfd, NULL, SSIZE_MAX, 0); 390 391 return (ret); 392 } 393 #endif /* BOOTSTRAP_CAT */ 394 395 static void 396 raw_cat(int rfd) 397 { 398 long pagesize; 399 int off, wfd; 400 ssize_t nr, nw; 401 static size_t bsize; 402 static char *buf = NULL; 403 struct stat sbuf; 404 405 wfd = fileno(stdout); 406 if (buf == NULL) { 407 if (fstat(wfd, &sbuf)) 408 err(1, "stdout"); 409 if (S_ISREG(sbuf.st_mode)) { 410 /* If there's plenty of RAM, use a large copy buffer */ 411 if (sysconf(_SC_PHYS_PAGES) > PHYSPAGES_THRESHOLD) 412 bsize = MIN(BUFSIZE_MAX, MAXPHYS * 8); 413 else 414 bsize = BUFSIZE_SMALL; 415 } else { 416 bsize = sbuf.st_blksize; 417 pagesize = sysconf(_SC_PAGESIZE); 418 if (pagesize > 0) 419 bsize = MAX(bsize, (size_t)pagesize); 420 } 421 if ((buf = malloc(bsize)) == NULL) 422 err(1, "malloc() failure of IO buffer"); 423 } 424 while ((nr = read(rfd, buf, bsize)) > 0) 425 for (off = 0; nr; nr -= nw, off += nw) 426 if ((nw = write(wfd, buf + off, (size_t)nr)) < 0) 427 err(1, "stdout"); 428 if (nr < 0) { 429 warn("%s", filename); 430 rval = 1; 431 } 432 } 433 434 #ifndef NO_UDOM_SUPPORT 435 436 static int 437 udom_open(const char *path, int flags) 438 { 439 struct addrinfo hints, *res, *res0; 440 char rpath[PATH_MAX]; 441 int error, fd, serrno; 442 cap_rights_t rights; 443 444 /* 445 * Construct the unix domain socket address and attempt to connect. 446 */ 447 bzero(&hints, sizeof(hints)); 448 hints.ai_family = AF_LOCAL; 449 450 if (fileargs_realpath(fa, path, rpath) == NULL) 451 return (-1); 452 453 error = cap_getaddrinfo(capnet, rpath, NULL, &hints, &res0); 454 if (error) { 455 warn("%s", gai_strerror(error)); 456 errno = EINVAL; 457 return (-1); 458 } 459 cap_rights_init(&rights, CAP_CONNECT, CAP_READ, CAP_WRITE, 460 CAP_SHUTDOWN, CAP_FSTAT, CAP_FCNTL); 461 462 /* Default error if something goes wrong. */ 463 serrno = EINVAL; 464 465 for (res = res0; res != NULL; res = res->ai_next) { 466 fd = socket(res->ai_family, res->ai_socktype, 467 res->ai_protocol); 468 if (fd < 0) { 469 serrno = errno; 470 freeaddrinfo(res0); 471 errno = serrno; 472 return (-1); 473 } 474 if (caph_rights_limit(fd, &rights) < 0) { 475 serrno = errno; 476 close(fd); 477 freeaddrinfo(res0); 478 errno = serrno; 479 return (-1); 480 } 481 error = cap_connect(capnet, fd, res->ai_addr, res->ai_addrlen); 482 if (error == 0) 483 break; 484 else { 485 serrno = errno; 486 close(fd); 487 } 488 } 489 freeaddrinfo(res0); 490 491 if (res == NULL) { 492 errno = serrno; 493 return (-1); 494 } 495 496 /* 497 * handle the open flags by shutting down appropriate directions 498 */ 499 500 switch (flags & O_ACCMODE) { 501 case O_RDONLY: 502 cap_rights_clear(&rights, CAP_WRITE); 503 if (shutdown(fd, SHUT_WR) == -1) 504 warn(NULL); 505 break; 506 case O_WRONLY: 507 cap_rights_clear(&rights, CAP_READ); 508 if (shutdown(fd, SHUT_RD) == -1) 509 warn(NULL); 510 break; 511 default: 512 break; 513 } 514 515 cap_rights_clear(&rights, CAP_CONNECT, CAP_SHUTDOWN); 516 if (caph_rights_limit(fd, &rights) < 0) { 517 serrno = errno; 518 close(fd); 519 errno = serrno; 520 return (-1); 521 } 522 return (fd); 523 } 524 525 #endif 526