kernel - Enable busmaster on bridges (BIOS might not)
[dragonfly.git] / usr.sbin / jail / jail.c
blob9622d6cdea5872d01d0ed88f18ab98c9622e70e9
1 /*
2 * ----------------------------------------------------------------------------
3 * "THE BEER-WARE LICENSE" (Revision 42):
4 * <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
5 * can do whatever you want with this stuff. If we meet some day, and you think
6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
7 * ----------------------------------------------------------------------------
8 *
9 * $FreeBSD: src/usr.sbin/jail/jail.c,v 1.5.2.2 2003/05/08 13:04:24 maxim Exp $
10 * $DragonFly: src/usr.sbin/jail/jail.c,v 1.8 2007/01/17 10:37:48 victor Exp $
14 #include <sys/param.h>
15 #include <sys/jail.h>
17 #include <netinet/in.h>
18 #include <arpa/inet.h>
20 #include <err.h>
21 #include <errno.h>
22 #include <grp.h>
23 #include <login_cap.h>
24 #include <paths.h>
25 #include <pwd.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <unistd.h>
31 static void usage(void);
32 extern char **environ;
34 #define GET_USER_INFO do { \
35 pwd = getpwnam(username); \
36 if (pwd == NULL) { \
37 if (errno) \
38 err(1, "getpwnam: %s", username); \
39 else \
40 errx(1, "%s: no such user", username); \
41 } \
42 lcap = login_getpwclass(pwd); \
43 if (lcap == NULL) \
44 err(1, "getpwclass: %s", username); \
45 ngroups = NGROUPS; \
46 if (getgrouplist(username, pwd->pw_gid, groups, &ngroups) != 0) \
47 err(1, "getgrouplist: %s", username); \
48 } while (0)
50 int
51 main(int argc, char **argv)
53 login_cap_t *lcap = NULL;
54 struct jail j;
55 struct sockaddr_in *sin4;
56 struct sockaddr_in6 *sin6;
57 struct passwd *pwd = NULL;
58 gid_t groups[NGROUPS];
59 int ch, ngroups, i, iflag, lflag, uflag, Uflag;
60 static char *cleanenv;
61 const char *shell, *p = NULL;
62 char path[PATH_MAX], *username, *curpos;
64 iflag = lflag = uflag = Uflag = 0;
65 username = NULL;
66 j.ips = malloc(sizeof(struct sockaddr_storage)*20);
67 bzero(j.ips, sizeof(struct sockaddr_storage)*20);
69 while ((ch = getopt(argc, argv, "ilu:U:")) != -1)
70 switch (ch) {
71 case 'i':
72 iflag = 1;
73 break;
74 case 'l':
75 lflag = 1;
76 break;
77 case 'u':
78 username = optarg;
79 uflag = 1;
80 break;
81 case 'U':
82 username = optarg;
83 Uflag = 1;
84 break;
85 default:
86 usage();
87 break;
89 argc -= optind;
90 argv += optind;
91 if (argc < 4)
92 usage();
93 if (uflag && Uflag)
94 usage();
95 if (lflag && username == NULL)
96 usage();
97 if (uflag)
98 GET_USER_INFO;
99 if (realpath(argv[0], path) == NULL)
100 err(1, "realpath: %s", argv[0]);
101 if (chdir(path) != 0)
102 err(1, "chdir: %s", path);
104 j.version = 1;
105 j.path = path;
106 j.hostname = argv[1];
107 curpos = strtok(argv[2], ",");
108 for (i=0; curpos != NULL; i++) {
109 if (i && i%20 == 0) {
110 if ( (j.ips = realloc(j.ips, sizeof(struct sockaddr_storage)*i+20)) == NULL) {
111 perror("Can't allocate memory");
112 exit(1);
116 sin4 = (struct sockaddr_in *)(j.ips+i);
117 sin6 = (struct sockaddr_in6 *)(j.ips+i);
119 if (inet_pton(AF_INET, curpos, &sin4->sin_addr) == 1) {
120 sin4->sin_family = AF_INET;
121 } else {
122 if (inet_pton(AF_INET6, curpos, &sin6->sin6_addr) == 1) {
123 sin6->sin6_family = AF_INET6;
124 } else {
125 printf("Invalid value %s\n", curpos);
126 exit(1);
129 curpos = strtok(NULL, ",");
132 j.n_ips = i;
133 i = jail(&j);
134 if (i == -1)
135 err(1, "jail");
136 if (iflag) {
137 printf("%d\n", i);
138 fflush(stdout);
140 if (username != NULL) {
141 if (Uflag)
142 GET_USER_INFO;
143 if (lflag) {
144 p = getenv("TERM");
145 environ = &cleanenv;
147 if (setgroups(ngroups, groups) != 0)
148 err(1, "setgroups");
149 if (setgid(pwd->pw_gid) != 0)
150 err(1, "setgid");
151 if (setusercontext(lcap, pwd, pwd->pw_uid,
152 LOGIN_SETALL & ~LOGIN_SETGROUP) != 0)
153 err(1, "setusercontext");
154 login_close(lcap);
156 if (lflag) {
157 if (*pwd->pw_shell)
158 shell = pwd->pw_shell;
159 else
160 shell = _PATH_BSHELL;
161 if (chdir(pwd->pw_dir) < 0)
162 errx(1, "no home directory");
163 setenv("HOME", pwd->pw_dir, 1);
164 setenv("SHELL", shell, 1);
165 setenv("USER", pwd->pw_name, 1);
166 if (p)
167 setenv("TERM", p, 1);
169 if (execv(argv[3], argv + 3) != 0)
170 err(1, "execv: %s", argv[3]);
171 exit (0);
174 static void
175 usage(void)
178 fprintf(stderr, "%s\n",
179 "Usage: jail [-i] [-l -u username | -U username] path hostname ip-list command ...");
180 exit(1);