1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org> 5 * Copyright (c) 2008 Bjoern A. Zeeb <bz@FreeBSD.org> 6 * Copyright (c) 2009 James Gritton <jamie@FreeBSD.org> 7 * Copyright (c) 2015 Emmanuel Vadot <manu@bocal.org> 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/param.h> 33 #include <sys/jail.h> 34 #include <sys/socket.h> 35 #include <sys/sysctl.h> 36 37 #include <arpa/inet.h> 38 #include <netinet/in.h> 39 40 #include <assert.h> 41 #include <ctype.h> 42 #include <errno.h> 43 #include <jail.h> 44 #include <limits.h> 45 #include <stdio.h> 46 #include <stdlib.h> 47 #include <string.h> 48 #include <unistd.h> 49 #include <libxo/xo.h> 50 51 #define JP_USER 0x01000000 52 #define JP_OPT 0x02000000 53 54 #define JLS_XO_VERSION "2" 55 56 #define PRINT_DEFAULT 0x01 57 #define PRINT_HEADER 0x02 58 #define PRINT_NAMEVAL 0x04 59 #define PRINT_QUOTED 0x08 60 #define PRINT_SKIP 0x10 61 #define PRINT_VERBOSE 0x20 62 #define PRINT_JAIL_NAME 0x40 63 #define PRINT_EXISTS 0x80 64 65 static struct jailparam *params; 66 static int *param_parent; 67 static int nparams; 68 #ifdef INET6 69 static int ip6_ok; 70 #endif 71 #ifdef INET 72 static int ip4_ok; 73 #endif 74 75 static int add_param(const char *name, void *value, size_t valuelen, 76 struct jailparam *source, unsigned flags); 77 static int sort_param(const void *a, const void *b); 78 static char *noname(const char *name); 79 static char *nononame(const char *name); 80 static int print_jail(int pflags, int jflags); 81 static int special_print(int pflags, struct jailparam *param); 82 static void quoted_print(int pflags, char *name, char *value); 83 static void emit_ip_addr_list(int af_family, const char *list_name, 84 struct jailparam *param); 85 86 static void 87 usage(void) 88 { 89 xo_errx(1, 90 "usage: jls [-dhNnqv] [-j jail] [param ...]\n" 91 " jls -c [-d] -j jail"); 92 } 93 94 int 95 main(int argc, char **argv) 96 { 97 char *dot, *ep, *jname, *pname; 98 int c, i, jflags, jid, lastjid, pflags, spc; 99 100 argc = xo_parse_args(argc, argv); 101 if (argc < 0) 102 exit(1); 103 104 xo_set_version(JLS_XO_VERSION); 105 jname = NULL; 106 pflags = jflags = jid = 0; 107 while ((c = getopt(argc, argv, "acdj:hNnqsv")) >= 0) 108 switch (c) { 109 case 'a': 110 case 'd': 111 jflags |= JAIL_DYING; 112 break; 113 case 'c': 114 pflags |= PRINT_EXISTS; 115 break; 116 case 'j': 117 jid = strtoul(optarg, &ep, 10); 118 if (!jid || *ep) { 119 jid = 0; 120 jname = optarg; 121 } 122 break; 123 case 'h': 124 pflags = (pflags & ~(PRINT_SKIP | PRINT_VERBOSE)) | 125 PRINT_HEADER; 126 break; 127 case 'N': 128 pflags |= PRINT_JAIL_NAME; 129 break; 130 case 'n': 131 pflags = (pflags & ~PRINT_VERBOSE) | PRINT_NAMEVAL; 132 break; 133 case 'q': 134 pflags |= PRINT_QUOTED; 135 break; 136 case 's': 137 pflags = (pflags & ~(PRINT_HEADER | PRINT_VERBOSE)) | 138 PRINT_NAMEVAL | PRINT_QUOTED | PRINT_SKIP; 139 break; 140 case 'v': 141 pflags = (pflags & 142 ~(PRINT_HEADER | PRINT_NAMEVAL | PRINT_SKIP)) | 143 PRINT_VERBOSE; 144 break; 145 default: 146 usage(); 147 } 148 149 #ifdef INET6 150 ip6_ok = feature_present("inet6"); 151 #endif 152 #ifdef INET 153 ip4_ok = feature_present("inet"); 154 #endif 155 156 argc -= optind; 157 argv += optind; 158 159 /* Add the parameters to print. */ 160 if ((pflags & PRINT_EXISTS) != 0) { 161 if ((pflags & ~PRINT_EXISTS) != 0) { 162 xo_warnx("-c is incompatible with other print options"); 163 usage(); 164 } else if (argc != 0) { 165 xo_warnx("-c does not accept non-option arguments"); 166 usage(); 167 } else if (jid == 0 && jname == NULL) { 168 xo_warnx("-j jail to check must be provided for -c"); 169 usage(); 170 } 171 172 /* 173 * Force libxo to be silent, as well -- we're only wanting our 174 * exit status. 175 */ 176 xo_set_style(NULL, XO_STYLE_TEXT); 177 } else if (argc == 0) { 178 if (pflags & (PRINT_HEADER | PRINT_NAMEVAL)) 179 add_param("all", NULL, (size_t)0, NULL, JP_USER); 180 else if (pflags & PRINT_VERBOSE) { 181 add_param("jid", NULL, (size_t)0, NULL, JP_USER); 182 add_param("host.hostname", NULL, (size_t)0, NULL, 183 JP_USER); 184 add_param("path", NULL, (size_t)0, NULL, JP_USER); 185 add_param("name", NULL, (size_t)0, NULL, JP_USER); 186 add_param("dying", NULL, (size_t)0, NULL, JP_USER); 187 add_param("cpuset.id", NULL, (size_t)0, NULL, JP_USER); 188 #ifdef INET 189 if (ip4_ok) 190 add_param("ip4.addr", NULL, (size_t)0, NULL, 191 JP_USER); 192 #endif 193 #ifdef INET6 194 if (ip6_ok) 195 add_param("ip6.addr", NULL, (size_t)0, NULL, 196 JP_USER | JP_OPT); 197 #endif 198 } else { 199 pflags |= PRINT_DEFAULT; 200 if (pflags & PRINT_JAIL_NAME) 201 add_param("name", NULL, (size_t)0, NULL, JP_USER); 202 else 203 add_param("jid", NULL, (size_t)0, NULL, JP_USER); 204 #ifdef INET 205 if (ip4_ok) 206 add_param("ip4.addr", NULL, (size_t)0, NULL, 207 JP_USER); 208 #endif 209 add_param("host.hostname", NULL, (size_t)0, NULL, 210 JP_USER); 211 add_param("path", NULL, (size_t)0, NULL, JP_USER); 212 } 213 } else { 214 pflags &= ~PRINT_VERBOSE; 215 for (i = 0; i < argc; i++) 216 add_param(argv[i], NULL, (size_t)0, NULL, JP_USER); 217 } 218 219 if (pflags & PRINT_SKIP) { 220 /* Check for parameters with jailsys parents. */ 221 for (i = 0; i < nparams; i++) { 222 if ((params[i].jp_flags & JP_USER) && 223 (dot = strchr(params[i].jp_name, '.'))) { 224 pname = alloca((dot - params[i].jp_name) + 1); 225 strlcpy(pname, params[i].jp_name, 226 (dot - params[i].jp_name) + 1); 227 param_parent[i] = add_param(pname, 228 NULL, (size_t)0, NULL, JP_OPT); 229 } 230 } 231 } 232 233 /* Add the index key parameters. */ 234 if (jid != 0) 235 add_param("jid", &jid, sizeof(jid), NULL, 0); 236 else if (jname != NULL) 237 add_param("name", jname, strlen(jname), NULL, 0); 238 else 239 add_param("lastjid", &lastjid, sizeof(lastjid), NULL, 0); 240 241 /* Print a header line if requested. */ 242 if (pflags & PRINT_VERBOSE) { 243 xo_emit("{T:/%3s}{T:JID}{P: }{T:Hostname}{Pd:/%22s}{T:Path}\n", 244 "", ""); 245 xo_emit("{P:/%8s}{T:Name}{Pd:/%26s}{T:State}\n", "", ""); 246 xo_emit("{P:/%8s}{T:CPUSetID}\n", ""); 247 xo_emit("{P:/%8s}{T:IP Address(es)}\n", ""); 248 } 249 else if (pflags & PRINT_DEFAULT) 250 if (pflags & PRINT_JAIL_NAME) 251 xo_emit("{P: }{T:JID/%-15s}{P: }{T:IP Address/%-15s}" 252 "{P: }{T:Hostname/%-29s}{P: }{T:Path}\n"); 253 else 254 xo_emit("{T:JID/%6s}{P: }{T:IP Address}{P:/%6s}" 255 "{T:Hostname}{P:/%22s}{T:Path}\n", "", ""); 256 else if (pflags & PRINT_HEADER) { 257 for (i = spc = 0; i < nparams; i++) 258 if (params[i].jp_flags & JP_USER) { 259 if (spc) 260 xo_emit("{P: }"); 261 else 262 spc = 1; 263 xo_emit(params[i].jp_name); 264 } 265 xo_emit("{P:\n}"); 266 } 267 268 xo_open_container("jail-information"); 269 xo_open_list("jail"); 270 /* Fetch the jail(s) and print the parameters. */ 271 if (jid != 0 || jname != NULL) { 272 if (print_jail(pflags, jflags) < 0) { 273 /* 274 * We omit errors from existential issues if we're just 275 * doing a -c check that the jail exists. 276 */ 277 if (pflags & PRINT_EXISTS) 278 exit(1); 279 xo_errx(1, "%s", jail_errmsg); 280 } 281 } else { 282 assert((pflags & PRINT_EXISTS) == 0); 283 for (lastjid = 0; 284 (lastjid = print_jail(pflags, jflags)) >= 0; ) 285 ; 286 if (errno != 0 && errno != ENOENT) 287 xo_errx(1, "%s", jail_errmsg); 288 } 289 xo_close_list("jail"); 290 xo_close_container("jail-information"); 291 if (xo_finish() < 0) 292 xo_err(1, "stdout"); 293 exit(0); 294 } 295 296 static int 297 add_param(const char *name, void *value, size_t valuelen, 298 struct jailparam *source, unsigned flags) 299 { 300 struct jailparam *param, *tparams; 301 int i, tnparams; 302 303 static int paramlistsize; 304 305 /* The pseudo-parameter "all" scans the list of available parameters. */ 306 if (!strcmp(name, "all")) { 307 tnparams = jailparam_all(&tparams); 308 if (tnparams < 0) 309 xo_errx(1, "%s", jail_errmsg); 310 qsort(tparams, (size_t)tnparams, sizeof(struct jailparam), 311 sort_param); 312 for (i = 0; i < tnparams; i++) 313 add_param(tparams[i].jp_name, NULL, (size_t)0, 314 tparams + i, flags); 315 free(tparams); 316 return -1; 317 } 318 319 /* Check for repeat parameters. */ 320 for (i = 0; i < nparams; i++) 321 if (!strcmp(name, params[i].jp_name)) { 322 if (value != NULL && jailparam_import_raw(params + i, 323 value, valuelen) < 0) 324 xo_errx(1, "%s", jail_errmsg); 325 params[i].jp_flags |= flags; 326 if (source != NULL) 327 jailparam_free(source, 1); 328 return i; 329 } 330 331 /* Make sure there is room for the new param record. */ 332 if (!nparams) { 333 paramlistsize = 32; 334 params = malloc(paramlistsize * sizeof(*params)); 335 param_parent = malloc(paramlistsize * sizeof(*param_parent)); 336 if (params == NULL || param_parent == NULL) 337 xo_err(1, "malloc"); 338 } else if (nparams >= paramlistsize) { 339 paramlistsize *= 2; 340 params = realloc(params, paramlistsize * sizeof(*params)); 341 param_parent = realloc(param_parent, 342 paramlistsize * sizeof(*param_parent)); 343 if (params == NULL || param_parent == NULL) 344 xo_err(1, "realloc"); 345 } 346 347 /* Look up the parameter. */ 348 param_parent[nparams] = -1; 349 param = params + nparams++; 350 if (source != NULL) { 351 *param = *source; 352 param->jp_flags |= flags; 353 return param - params; 354 } 355 if (jailparam_init(param, name) < 0 || 356 (value != NULL ? jailparam_import_raw(param, value, valuelen) 357 : jailparam_import(param, value)) < 0) { 358 if (flags & JP_OPT) { 359 nparams--; 360 return (-1); 361 } 362 xo_errx(1, "%s", jail_errmsg); 363 } 364 param->jp_flags |= flags; 365 return param - params; 366 } 367 368 static int 369 sort_param(const void *a, const void *b) 370 { 371 const struct jailparam *parama, *paramb; 372 char *ap, *bp; 373 374 /* Put top-level parameters first. */ 375 parama = a; 376 paramb = b; 377 ap = strchr(parama->jp_name, '.'); 378 bp = strchr(paramb->jp_name, '.'); 379 if (ap && !bp) 380 return (1); 381 if (bp && !ap) 382 return (-1); 383 return (strcmp(parama->jp_name, paramb->jp_name)); 384 } 385 386 static char * 387 noname(const char *name) 388 { 389 char *nname, *p; 390 391 nname = malloc(strlen(name) + 3); 392 if (nname == NULL) 393 xo_err(1, "malloc"); 394 p = strrchr(name, '.'); 395 if (p != NULL) 396 sprintf(nname, "%.*s.no%s", (int)(p - name), name, p + 1); 397 else 398 sprintf(nname, "no%s", name); 399 return nname; 400 } 401 402 static char * 403 nononame(const char *name) 404 { 405 char *nname, *p; 406 407 p = strrchr(name, '.'); 408 if (strncmp(p ? p + 1 : name, "no", 2)) 409 return NULL; 410 nname = malloc(strlen(name) - 1); 411 if (nname == NULL) 412 xo_err(1, "malloc"); 413 if (p != NULL) 414 sprintf(nname, "%.*s.%s", (int)(p - name), name, p + 3); 415 else 416 strcpy(nname, name + 2); 417 return nname; 418 } 419 420 static int 421 print_jail(int pflags, int jflags) 422 { 423 char *nname, *xo_nname; 424 char **param_values; 425 int i, jid, spc; 426 #if (defined INET || defined INET6) 427 int n; 428 #endif 429 430 jid = jailparam_get(params, nparams, jflags); 431 if (jid < 0) 432 return jid; 433 else if (pflags & PRINT_EXISTS) 434 return 0; 435 436 xo_open_instance("jail"); 437 438 if (pflags & PRINT_VERBOSE) { 439 xo_emit("{:jid/%6d}{P: }{:hostname/%-29.29s/%s}{P: }" 440 "{:path/%.74s/%s}\n", 441 *(int *)params[0].jp_value, 442 (char *)params[1].jp_value, 443 (char *)params[2].jp_value); 444 xo_emit("{P: }{:name/%-29.29s/%s}{P: }{:state/%.74s}\n", 445 (char *)params[3].jp_value, 446 *(int *)params[4].jp_value ? "DYING" : "ACTIVE"); 447 xo_emit("{P: }{:cpusetid/%d}\n", *(int *)params[5].jp_value); 448 #if (defined INET || defined INET6) 449 n = 6; 450 #endif 451 #ifdef INET 452 if (ip4_ok && !strcmp(params[n].jp_name, "ip4.addr")) { 453 emit_ip_addr_list(AF_INET, "ipv4_addrs", params + n); 454 n++; 455 } 456 #endif 457 #ifdef INET6 458 if (ip6_ok && !strcmp(params[n].jp_name, "ip6.addr")) { 459 emit_ip_addr_list(AF_INET6, "ipv6_addrs", params + n); 460 n++; 461 } 462 #endif 463 } else if (pflags & PRINT_DEFAULT) { 464 if (pflags & PRINT_JAIL_NAME) 465 xo_emit("{P: }{:name/%-15s/%s}{P: }", 466 (char *)params[0].jp_value); 467 else 468 xo_emit("{:jid/%6d}{P: }", *(int *)params[0].jp_value); 469 xo_emit("{:ipv4/%-15.15s/%s}{P: }{:hostname/%-29.29s/%s}{P: }{:path/%.74s/%s}\n", 470 #ifdef INET 471 (!ip4_ok || params[1].jp_valuelen == 0) ? "" 472 : inet_ntoa(*(struct in_addr *)params[1].jp_value), 473 (char *)params[2-!ip4_ok].jp_value, 474 (char *)params[3-!ip4_ok].jp_value); 475 #else 476 "-", 477 (char *)params[1].jp_value, 478 (char *)params[2].jp_value); 479 #endif 480 } else { 481 param_values = alloca(nparams * sizeof(*param_values)); 482 for (i = 0; i < nparams; i++) { 483 if (!(params[i].jp_flags & JP_USER)) 484 continue; 485 param_values[i] = jailparam_export(params + i); 486 if (param_values[i] == NULL) 487 xo_errx(1, "%s", jail_errmsg); 488 } 489 for (i = spc = 0; i < nparams; i++) { 490 if (!(params[i].jp_flags & JP_USER)) 491 continue; 492 if ((pflags & PRINT_SKIP) && 493 !(params[i].jp_flags & JP_KEYVALUE) && 494 ((!(params[i].jp_ctltype & 495 (CTLFLAG_WR | CTLFLAG_TUN))) || 496 (param_parent[i] >= 0 && 497 *(int *)params[param_parent[i]].jp_value != 498 JAIL_SYS_NEW))) 499 continue; 500 if (spc) 501 xo_emit("{P: }"); 502 else 503 spc = 1; 504 if ((params[i].jp_flags & JP_KEYVALUE) && 505 params[i].jp_valuelen == 0) { 506 /* Communicate back a missing key. */ 507 if (pflags & PRINT_NAMEVAL) 508 xo_emit("{d:%s}", params[i].jp_name); 509 continue; 510 } 511 if (pflags & PRINT_NAMEVAL) { 512 /* 513 * Generally "name=value", but for booleans 514 * either "name" or "noname". 515 */ 516 if (params[i].jp_flags & 517 (JP_BOOL | JP_NOBOOL)) { 518 if (*(int *)params[i].jp_value) { 519 asprintf(&xo_nname, "{en:%s/true}", params[i].jp_name); 520 xo_emit(xo_nname); 521 xo_emit("{d:/%s}", params[i].jp_name); 522 } 523 else { 524 nname = (params[i].jp_flags & 525 JP_NOBOOL) ? 526 nononame(params[i].jp_name) 527 : noname(params[i].jp_name); 528 if (params[i].jp_flags & JP_NOBOOL) { 529 asprintf(&xo_nname, "{en:%s/true}", params[i].jp_name); 530 xo_emit(xo_nname); 531 } else { 532 asprintf(&xo_nname, "{en:%s/false}", params[i].jp_name); 533 xo_emit(xo_nname); 534 } 535 xo_emit("{d:/%s}", nname); 536 free(nname); 537 } 538 free(xo_nname); 539 continue; 540 } 541 xo_emit("{d:%s}=", params[i].jp_name); 542 } 543 if (!special_print(pflags, params + i)) 544 quoted_print(pflags, params[i].jp_name, param_values[i]); 545 } 546 xo_emit("{P:\n}"); 547 for (i = 0; i < nparams; i++) 548 if (params[i].jp_flags & JP_USER) 549 free(param_values[i]); 550 } 551 552 xo_close_instance("jail"); 553 return (jid); 554 } 555 556 static void 557 quoted_print(int pflags, char *name, char *value) 558 { 559 int qc; 560 char *p = value; 561 562 /* An empty string needs quoting. */ 563 if (!*p) { 564 xo_emit("{ea:/%s}{da:/\"\"}", name, value, name); 565 return; 566 } 567 568 /* 569 * The value will be surrounded by quotes if it contains 570 * whitespace or quotes. 571 */ 572 if (strchr(p, '\'')) 573 qc = '"'; 574 else if (strchr(p, '"')) 575 qc = '\''; 576 else { 577 qc = 0; 578 for (; *p; ++p) 579 if (isspace(*p)) { 580 qc = '"'; 581 break; 582 } 583 } 584 585 if (qc && pflags & PRINT_QUOTED) 586 xo_emit("{P:/%c}", qc); 587 588 xo_emit("{a:/%s}", name, value); 589 590 if (qc && pflags & PRINT_QUOTED) 591 xo_emit("{P:/%c}", qc); 592 } 593 594 static int 595 special_print(int pflags, struct jailparam *param) 596 { 597 int ip_as_list; 598 599 switch (xo_get_style(NULL)) { 600 case XO_STYLE_JSON: 601 case XO_STYLE_XML: 602 ip_as_list = 1; 603 break; 604 default: 605 ip_as_list = 0; 606 } 607 608 if (!ip_as_list && param->jp_valuelen == 0) { 609 if (pflags & PRINT_QUOTED) 610 xo_emit("{P:\"\"}"); 611 else if (!(pflags & PRINT_NAMEVAL)) 612 xo_emit("{P:-}"); 613 } else if (ip_as_list && !strcmp(param->jp_name, "ip4.addr")) { 614 emit_ip_addr_list(AF_INET, param->jp_name, param); 615 } else if (ip_as_list && !strcmp(param->jp_name, "ip6.addr")) { 616 emit_ip_addr_list(AF_INET6, param->jp_name, param); 617 } else { 618 return 0; 619 } 620 621 return 1; 622 } 623 624 static void 625 emit_ip_addr_list(int af_family, const char *list_name, struct jailparam *param) 626 { 627 char ipbuf[INET6_ADDRSTRLEN]; 628 size_t addr_len; 629 const char *emit_str; 630 int ai, count; 631 632 switch (af_family) { 633 case AF_INET: 634 addr_len = sizeof(struct in_addr); 635 emit_str = "{P: }{ql:ipv4_addr}{P:\n}"; 636 break; 637 case AF_INET6: 638 addr_len = sizeof(struct in6_addr); 639 emit_str = "{P: }{ql:ipv6_addr}{P:\n}"; 640 break; 641 default: 642 xo_err(1, "unsupported af_family"); 643 return; 644 } 645 646 count = param->jp_valuelen / addr_len; 647 648 xo_open_list(list_name); 649 for (ai = 0; ai < count; ai++) { 650 if (inet_ntop(af_family, 651 ((uint8_t *)param->jp_value) + addr_len * ai, 652 ipbuf, sizeof(ipbuf)) == NULL) { 653 xo_err(1, "inet_ntop"); 654 } else { 655 xo_emit(emit_str, ipbuf); 656 } 657 } 658 xo_close_list(list_name); 659 } 660