diff options
| author | Jamie Gritton <jamie@FreeBSD.org> | 2018-07-03 23:47:20 +0000 |
|---|---|---|
| committer | Jamie Gritton <jamie@FreeBSD.org> | 2018-07-03 23:47:20 +0000 |
| commit | de68a3200a6cdba2011026d36bea45193363ace0 (patch) | |
| tree | 66278716219ef7758e465254ce46a58fa2fcaaab /lib/libugidfw | |
| parent | 1abd10a2ea459dfc79a4aa4489518cc7ebe00902 (diff) | |
Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
sockstat(1), ugidfw(8)
These are the last of the jail-aware userland utilities that didn't work
with names.
PR: 229266
MFC after: 3 days
Differential Revision: D16047
Notes
Notes:
svn path=/head/; revision=335921
Diffstat (limited to 'lib/libugidfw')
| -rw-r--r-- | lib/libugidfw/ugidfw.c | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/lib/libugidfw/ugidfw.c b/lib/libugidfw/ugidfw.c index 0c54b67ec1e4..a77fd9d15bc6 100644 --- a/lib/libugidfw/ugidfw.c +++ b/lib/libugidfw/ugidfw.c @@ -34,9 +34,11 @@ */ #include <sys/param.h> #include <sys/errno.h> +#include <sys/jail.h> #include <sys/time.h> #include <sys/sysctl.h> #include <sys/ucred.h> +#include <sys/uio.h> #include <sys/mount.h> #include <security/mac_bsdextended/mac_bsdextended.h> @@ -600,16 +602,45 @@ bsde_parse_gidrange(char *spec, gid_t *min, gid_t *max, } static int +bsde_get_jailid(const char *name, size_t buflen, char *errstr) +{ + char *ep; + int jid; + struct iovec jiov[4]; + + /* Copy jail_getid(3) instead of messing with library dependancies */ + jid = strtoul(name, &ep, 10); + if (*name && !*ep) + return jid; + jiov[0].iov_base = __DECONST(char *, "name"); + jiov[0].iov_len = sizeof("name"); + jiov[1].iov_len = strlen(name) + 1; + jiov[1].iov_base = alloca(jiov[1].iov_len); + strcpy(jiov[1].iov_base, name); + if (errstr && buflen) { + jiov[2].iov_base = __DECONST(char *, "errmsg"); + jiov[2].iov_len = sizeof("errmsg"); + jiov[3].iov_base = errstr; + jiov[3].iov_len = buflen; + errstr[0] = 0; + jid = jail_get(jiov, 4, 0); + if (jid < 0 && !errstr[0]) + snprintf(errstr, buflen, "jail_get: %s", + strerror(errno)); + } else + jid = jail_get(jiov, 2, 0); + return jid; +} + +static int bsde_parse_subject(int argc, char *argv[], struct mac_bsdextended_subject *subject, size_t buflen, char *errstr) { int not_seen, flags; int current, neg, nextnot; - char *endp; uid_t uid_min, uid_max; gid_t gid_min, gid_max; int jid = 0; - long value; current = 0; flags = 0; @@ -668,13 +699,9 @@ bsde_parse_subject(int argc, char *argv[], snprintf(errstr, buflen, "one jail only"); return (-1); } - value = strtol(argv[current+1], &endp, 10); - if (*endp != '\0') { - snprintf(errstr, buflen, "invalid jid: '%s'", - argv[current+1]); + jid = bsde_get_jailid(argv[current+1], buflen, errstr); + if (jid < 0) return (-1); - } - jid = value; flags |= MBS_PRISON_DEFINED; if (nextnot) { neg ^= MBS_PRISON_DEFINED; |