Lines 64-69
Link Here
|
64 |
err(1, "getgrouplist: %s", username); \ |
64 |
err(1, "getgrouplist: %s", username); \ |
65 |
} while (0) |
65 |
} while (0) |
|
|
66 |
|
66 |
int |
67 |
int |
67 |
main(int argc, char *argv[]) |
68 |
main(int argc, char *argv[]) |
68 |
{ |
69 |
{ |
Lines 73-82
Link Here
|
73 |
gid_t *groups = NULL; |
74 |
gid_t *groups = NULL; |
74 |
int ch, ngroups, uflag, Uflag; |
75 |
int ch, ngroups, uflag, Uflag; |
75 |
long ngroups_max; |
76 |
long ngroups_max; |
76 |
char *username; |
77 |
const char *username; |
|
|
78 |
const char *shell; |
79 |
|
80 |
ch = uflag = Uflag = 0; |
81 |
username = "root"; |
82 |
shell = "/bin/sh"; |
77 |
ch = uflag = Uflag = 0; |
|
|
78 |
username = NULL; |
79 |
ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1; |
83 |
ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1; |
80 |
if ((groups = malloc(sizeof(gid_t) * ngroups_max)) == NULL) |
84 |
if ((groups = malloc(sizeof(gid_t) * ngroups_max)) == NULL) |
81 |
err(1, "malloc"); |
85 |
err(1, "malloc"); |
Lines 100-111
Link Here
|
100 |
} |
104 |
} |
101 |
argc -= optind; |
105 |
argc -= optind; |
102 |
argv += optind; |
106 |
argv += optind; |
103 |
if (argc < 2) |
107 |
if (argc < 1) /* Need at least the jid */ |
104 |
usage(); |
108 |
usage(); |
105 |
if (uflag && Uflag) |
109 |
if (uflag && Uflag) |
106 |
usage(); |
110 |
usage(); |
107 |
if (uflag) |
111 |
if (uflag) |
|
|
112 |
/* User info from the host environment */ |
108 |
GET_USER_INFO; |
113 |
GET_USER_INFO; |
|
|
114 |
|
115 |
/* go into the jail */ |
109 |
jid = jail_getid(argv[0]); |
116 |
jid = jail_getid(argv[0]); |
110 |
if (jid < 0) |
117 |
if (jid < 0) |
111 |
errx(1, "%s", jail_errmsg); |
118 |
errx(1, "%s", jail_errmsg); |
Lines 113-132
Link Here
|
113 |
err(1, "jail_attach(%d)", jid); |
120 |
err(1, "jail_attach(%d)", jid); |
114 |
if (chdir("/") == -1) |
121 |
if (chdir("/") == -1) |
115 |
err(1, "chdir(): /"); |
122 |
err(1, "chdir(): /"); |
116 |
if (username != NULL) { |
123 |
|
117 |
if (Uflag) |
124 |
/* Setup user environment */ |
118 |
GET_USER_INFO; |
125 |
if (Uflag || (strcmp(username, "root")==0)) |
|
|
126 |
/* get user environment from jail */ |
127 |
GET_USER_INFO; |
128 |
if (Uflag) { |
129 |
/* setup the user according the jail environment */ |
119 |
if (setgroups(ngroups, groups) != 0) |
130 |
if (setgroups(ngroups, groups) != 0) |
120 |
err(1, "setgroups"); |
131 |
err(1, "setgroups"); |
121 |
if (setgid(pwd->pw_gid) != 0) |
132 |
if (setgid(pwd->pw_gid) != 0) |
122 |
err(1, "setgid"); |
133 |
err(1, "setgid"); |
123 |
if (setusercontext(lcap, pwd, pwd->pw_uid, |
134 |
if (setusercontext(lcap, pwd, pwd->pw_uid, |
124 |
LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN) != 0) |
135 |
LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN) != 0) |
125 |
err(1, "setusercontext"); |
136 |
err(1, "setusercontext"); |
126 |
login_close(lcap); |
137 |
login_close(lcap); |
127 |
} |
138 |
} |
128 |
if (execvp(argv[1], argv + 1) == -1) |
139 |
if (argc == 1) { |
129 |
err(1, "execvp(): %s", argv[1]); |
140 |
/* Get the user shell as command */ |
|
|
141 |
if (pwd->pw_shell) { |
142 |
argv[1] = pwd->pw_shell; |
143 |
} else |
144 |
argv[1] = (char*)shell; |
145 |
argv[2] = NULL; |
146 |
} |
147 |
if (execvp(argv[1], argv + 1) == -1) { |
148 |
err(1, "execvp(): %s", argv[1]); |
149 |
} |
130 |
exit(0); |
150 |
exit(0); |
131 |
} |
151 |
} |
Lines 135-140
Link Here
|
135 |
{ |
155 |
{ |
136 |
fprintf(stderr, "%s\n", |
156 |
fprintf(stderr, "%s\n", |
137 |
"usage: jexec [-u username | -U username] jail command ..."); |
157 |
"usage: jexec [-u username | -U username] jail [command] ..."); |
138 |
exit(1); |
158 |
exit(1); |
139 |
} |
159 |
} |