Lines 34-42
Link Here
|
34 |
*/ |
34 |
*/ |
35 |
#include <sys/param.h> |
35 |
#include <sys/param.h> |
36 |
#include <sys/errno.h> |
36 |
#include <sys/errno.h> |
|
|
37 |
#include <sys/jail.h> |
37 |
#include <sys/time.h> |
38 |
#include <sys/time.h> |
38 |
#include <sys/sysctl.h> |
39 |
#include <sys/sysctl.h> |
39 |
#include <sys/ucred.h> |
40 |
#include <sys/ucred.h> |
|
|
41 |
#include <sys/uio.h> |
40 |
#include <sys/mount.h> |
42 |
#include <sys/mount.h> |
41 |
|
43 |
|
42 |
#include <security/mac_bsdextended/mac_bsdextended.h> |
44 |
#include <security/mac_bsdextended/mac_bsdextended.h> |
Lines 600-615
Link Here
|
600 |
} |
602 |
} |
601 |
|
603 |
|
602 |
static int |
604 |
static int |
|
|
605 |
bsde_get_jailid(const char *name, size_t buflen, char *errstr) |
606 |
{ |
607 |
char *ep; |
608 |
int jid; |
609 |
struct iovec jiov[4]; |
610 |
|
611 |
/* Copy jail_getid(3) instead of messing with library dependancies */ |
612 |
jid = strtoul(name, &ep, 10); |
613 |
if (*name && !*ep) |
614 |
return jid; |
615 |
jiov[0].iov_base = __DECONST(char *, "name"); |
616 |
jiov[0].iov_len = sizeof("name"); |
617 |
jiov[1].iov_len = strlen(name) + 1; |
618 |
jiov[1].iov_base = alloca(jiov[1].iov_len); |
619 |
strcpy(jiov[1].iov_base, name); |
620 |
if (errstr && buflen) { |
621 |
jiov[2].iov_base = __DECONST(char *, "errmsg"); |
622 |
jiov[2].iov_len = sizeof("errmsg"); |
623 |
jiov[3].iov_base = errstr; |
624 |
jiov[3].iov_len = buflen; |
625 |
errstr[0] = 0; |
626 |
jid = jail_get(jiov, 4, 0); |
627 |
if (jid < 0 && !errstr[0]) |
628 |
snprintf(errstr, buflen, "jail_get: %s", |
629 |
strerror(errno)); |
630 |
} else |
631 |
jid = jail_get(jiov, 2, 0); |
632 |
return jid; |
633 |
} |
634 |
|
635 |
static int |
603 |
bsde_parse_subject(int argc, char *argv[], |
636 |
bsde_parse_subject(int argc, char *argv[], |
604 |
struct mac_bsdextended_subject *subject, size_t buflen, char *errstr) |
637 |
struct mac_bsdextended_subject *subject, size_t buflen, char *errstr) |
605 |
{ |
638 |
{ |
606 |
int not_seen, flags; |
639 |
int not_seen, flags; |
607 |
int current, neg, nextnot; |
640 |
int current, neg, nextnot; |
608 |
char *endp; |
|
|
609 |
uid_t uid_min, uid_max; |
641 |
uid_t uid_min, uid_max; |
610 |
gid_t gid_min, gid_max; |
642 |
gid_t gid_min, gid_max; |
611 |
int jid = 0; |
643 |
int jid = 0; |
612 |
long value; |
|
|
613 |
|
644 |
|
614 |
current = 0; |
645 |
current = 0; |
615 |
flags = 0; |
646 |
flags = 0; |
Lines 668-680
Link Here
|
668 |
snprintf(errstr, buflen, "one jail only"); |
699 |
snprintf(errstr, buflen, "one jail only"); |
669 |
return (-1); |
700 |
return (-1); |
670 |
} |
701 |
} |
671 |
value = strtol(argv[current+1], &endp, 10); |
702 |
jid = bsde_get_jailid(argv[current+1], buflen, errstr); |
672 |
if (*endp != '\0') { |
703 |
if (jid < 0) |
673 |
snprintf(errstr, buflen, "invalid jid: '%s'", |
|
|
674 |
argv[current+1]); |
675 |
return (-1); |
704 |
return (-1); |
676 |
} |
|
|
677 |
jid = value; |
678 |
flags |= MBS_PRISON_DEFINED; |
705 |
flags |= MBS_PRISON_DEFINED; |
679 |
if (nextnot) { |
706 |
if (nextnot) { |
680 |
neg ^= MBS_PRISON_DEFINED; |
707 |
neg ^= MBS_PRISON_DEFINED; |