xref: /freebsd/usr.sbin/jexec/jexec.c (revision 884a2a699669ec61e2366e3e358342dbc94be24a)
1 /*-
2  * Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org>
3  * Copyright (c) 2008 Bjoern A. Zeeb <bz@FreeBSD.org>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  *
27  * $FreeBSD$
28  */
29 
30 #include <sys/param.h>
31 #include <sys/jail.h>
32 #include <sys/socket.h>
33 #include <sys/sysctl.h>
34 
35 #include <arpa/inet.h>
36 #include <netinet/in.h>
37 
38 #include <err.h>
39 #include <errno.h>
40 #include <jail.h>
41 #include <limits.h>
42 #include <login_cap.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <pwd.h>
47 #include <unistd.h>
48 
49 static void	usage(void);
50 
51 #define GET_USER_INFO do {						\
52 	pwd = getpwnam(username);					\
53 	if (pwd == NULL) {						\
54 		if (errno)						\
55 			err(1, "getpwnam: %s", username);		\
56 		else							\
57 			errx(1, "%s: no such user", username);		\
58 	}								\
59 	lcap = login_getpwclass(pwd);					\
60 	if (lcap == NULL)						\
61 		err(1, "getpwclass: %s", username);			\
62 	ngroups = ngroups_max;						\
63 	if (getgrouplist(username, pwd->pw_gid, groups, &ngroups) != 0)	\
64 		err(1, "getgrouplist: %s", username);			\
65 } while (0)
66 
67 int
68 main(int argc, char *argv[])
69 {
70 	int jid;
71 	login_cap_t *lcap = NULL;
72 	struct passwd *pwd = NULL;
73 	gid_t *groups = NULL;
74 	int ch, ngroups, uflag, Uflag;
75 	long ngroups_max;
76 	char *username;
77 
78 	ch = uflag = Uflag = 0;
79 	username = NULL;
80 	ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
81 	if ((groups = malloc(sizeof(gid_t) * ngroups_max)) == NULL)
82 		err(1, "malloc");
83 
84 	while ((ch = getopt(argc, argv, "nu:U:")) != -1) {
85 		switch (ch) {
86 		case 'n':
87 			/* Specified name, now unused */
88 			break;
89 		case 'u':
90 			username = optarg;
91 			uflag = 1;
92 			break;
93 		case 'U':
94 			username = optarg;
95 			Uflag = 1;
96 			break;
97 		default:
98 			usage();
99 		}
100 	}
101 	argc -= optind;
102 	argv += optind;
103 	if (argc < 2)
104 		usage();
105 	if (uflag && Uflag)
106 		usage();
107 	if (uflag)
108 		GET_USER_INFO;
109 	jid = jail_getid(argv[0]);
110 	if (jid < 0)
111 		errx(1, "%s", jail_errmsg);
112 	if (jail_attach(jid) == -1)
113 		err(1, "jail_attach(%d)", jid);
114 	if (chdir("/") == -1)
115 		err(1, "chdir(): /");
116 	if (username != NULL) {
117 		if (Uflag)
118 			GET_USER_INFO;
119 		if (setgroups(ngroups, groups) != 0)
120 			err(1, "setgroups");
121 		if (setgid(pwd->pw_gid) != 0)
122 			err(1, "setgid");
123 		if (setusercontext(lcap, pwd, pwd->pw_uid,
124 		    LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN) != 0)
125 			err(1, "setusercontext");
126 		login_close(lcap);
127 	}
128 	if (execvp(argv[1], argv + 1) == -1)
129 		err(1, "execvp(): %s", argv[1]);
130 	exit(0);
131 }
132 
133 static void
134 usage(void)
135 {
136 
137 	fprintf(stderr, "%s\n",
138 		"usage: jexec [-u username | -U username] jail command ...");
139 	exit(1);
140 }
141