void
ssh_sandbox_child(struct ssh_sandbox *box)
{
char *errmsg;
struct rlimit rl_zero;
debug3("%s: starting Darwin sandbox", __func__);
#ifdef __APPLE_SANDBOX_NAMED_EXTERNAL__
#ifndef SANDBOX_NAMED_EXTERNAL
#define SANDBOX_NAMED_EXTERNAL (0x3)
#endif
if (sandbox_init("/System/Library/Sandbox/Profiles/org.openssh.sshd.sb",
SANDBOX_NAMED_EXTERNAL, &errmsg) == -1)
#else
if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
&errmsg) == -1)
#endif
fatal("%s: sandbox_init: %s", __func__, errmsg);
/*
* The kSBXProfilePureComputation still allows sockets, so
* we must disable these using rlimit.
*/
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
__func__, strerror(errno));
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
__func__, strerror(errno));
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
__func__, strerror(errno));
}
void
ssh_sandbox_child(struct ssh_sandbox *box)
{
char *errmsg;
struct rlimit rl_zero;
debug3("%s: starting Darwin sandbox", __func__);
if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
&errmsg) == -1)
fatal("%s: sandbox_init: %s", __func__, errmsg);
/*
* The kSBXProfilePureComputation still allows sockets, so
* we must disable these using rlimit.
*/
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
__func__, strerror(errno));
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
__func__, strerror(errno));
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
__func__, strerror(errno));
}
int
main(void)
{
char *er;
sandbox_init("kSBXProfilePureComputation", SANDBOX_NAMED, &er);
sandbox_free_error(er);
return(0);
}
static int
app_sandbox(void)
{
#ifdef HAVE_SANDBOX_INIT
char *errmsg;
assert(sandbox_init(kSBXProfileNoNetwork, SANDBOX_NAMED, &errmsg) == 0);
sandbox_free_error(errmsg);
#endif
assert(setrlimit(RLIMIT_NPROC,
& (struct rlimit) { .rlim_cur = 0, .rlim_max = 0 }) == 0);
int
main(void)
{
const char * comm[] = {"./hello.exe", NULL, };
sandbox_t sbox;
sandbox_init(&sbox, comm);
sandbox_execute(&sbox);
sandbox_probe(&sbox);
sandbox_fini(&sbox);
return 0;
}
int
sandboxes_pidproc(void)
{
#ifdef HAVE_SANDBOX_INIT
char *errmsg;
if (sandbox_init != NULL &&
sandbox_init(kSBXProfileNoNetwork, SANDBOX_NAMED, &errmsg) != 0) {
return -1;
}
#endif
return 0;
}
Sandbox(int argc, const char * argv[]) {
if (sandbox_init(&sandbox, argv + 1) != 0) {
fprintf(stderr, "sandbox initialization failed\n");
exit(EX_DATAERR);
}
sandbox.task.quota[S_QUOTA_WALLCLOCK] = 3000; // 3s
sandbox.task.quota[S_QUOTA_CPU] = 2000; // 2s
sandbox.task.quota[S_QUOTA_MEMORY] = 64 << 20; // 64MB
sandbox.task.quota[S_QUOTA_DISK] = 1 << 20; // 1MB
setup_policy();
}
/*!
Initialize event loop, sandbox environment, and global variables.
@return 0 if success.
*/
int core_init() {
core_evdata = new ev_data();
ev_init(core_evdata);
task_map.clear();
try {
sandbox_init();
} catch(SandboxException &e) {
return -1;
}
INFO("Initialized.\n");
return 0;
}
int
ksandbox_darwin_init_child(void *arg, enum sandtype type)
{
int rc;
char *er;
struct rlimit rl_zero;
rc = SAND_WORKER == type ?
sandbox_init(kSBXProfilePureComputation,
SANDBOX_NAMED, &er) :
sandbox_init(kSBXProfileNoWrite,
SANDBOX_NAMED, &er);
if (0 != rc) {
XWARNX("sandbox_init: %s", er);
sandbox_free_error(er);
rc = 0;
} else
rc = 1;
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
#if 0
/*
* FIXME: I've taken out the RLIMIT_NOFILE setrlimit() because
* it causes strange behaviour. On Mac OS X, it fails with
* EPERM no matter what (the same code runs fine when not run as
* a CGI instance).
*/
if (-1 == setrlimit(RLIMIT_NOFILE, &rl_zero))
XWARN("setrlimit: rlimit_fsize");
#endif
if (-1 == setrlimit(RLIMIT_FSIZE, &rl_zero))
XWARN("setrlimit: rlimit_fsize");
if (-1 == setrlimit(RLIMIT_NPROC, &rl_zero))
XWARN("setrlimit: rlimit_nproc");
return(rc);
}
static VALUE rb_sandbox_apply(VALUE self)
{
rb_sandbox_t * box;
Data_Get_Struct(self, rb_sandbox_t, box);
char *error = NULL;
if (sandbox_init(box->profile, box->flags, &error) == -1) {
rb_raise(rb_eSecurityError, "Couldn't apply sandbox: `%s`", error);
}
return Qnil;
}
int /* O - Exit status */
main(int argc, /* I - Number of command-line args */
char *argv[]) /* I - Command-line arguments */
{
#ifdef HAVE_SANDBOX_H
char *sandbox_error = NULL; /* Sandbox error, if any */
#endif /* HAVE_SANDBOX_H */
/*
* Check that we have enough arguments...
*/
if (argc < 4)
{
puts("Usage: cups-exec /path/to/profile /path/to/program argv0 argv1 ... "
"argvN");
return (1);
}
#ifdef HAVE_SANDBOX_H
/*
* Run in a separate security profile...
*/
if (strcmp(argv[1], "none") &&
sandbox_init(argv[1], SANDBOX_NAMED_EXTERNAL, &sandbox_error))
{
fprintf(stderr, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error,
strerror(errno));
sandbox_free_error(sandbox_error);
return (1);
}
#endif /* HAVE_SANDBOX_H */
/*
* Execute the program...
*/
execv(argv[2], argv + 3);
/*
* If we get here, execv() failed...
*/
fprintf(stderr, "DEBUG: execv failed: %s\n", strerror(errno));
return (1);
}
int
main(void)
{
picoev_loop* loop;
int listen_sock, flag;
/* listen to port */
assert((listen_sock = socket(AF_INET, SOCK_STREAM, 0)) != -1);
flag = 1;
assert(setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &flag, sizeof(flag)) == 0);
struct sockaddr_in listen_addr;
listen_addr.sin_family = AF_INET;
listen_addr.sin_port = htons(PORT);
listen_addr.sin_addr.s_addr = htonl(HOST);
assert(bind(listen_sock, (struct sockaddr*)&listen_addr, sizeof(listen_addr)) == 0);
assert(listen(listen_sock, 5) == 0);
setup_sock(listen_sock);
/* init picoev */
picoev_init(MAX_FDS);
/* create loop */
loop = picoev_create_loop(60);
/* add listen socket */
picoev_add(loop, listen_sock, PICOEV_READ, 0, accept_callback, NULL);
/* Seccomp sandbox setup */
sandbox_init();
sandbox_setup();
sandbox_lockdown();
/* loop */
while (1)
{
fputc('.', stdout);
fflush(stdout);
picoev_loop_once(loop, 10);
}
/* cleanup */
picoev_destroy_loop(loop);
picoev_deinit();
return 0;
}
int main(int argc, char *argv[]) {
int rv;
char sb[] =
"(version 1)\n"
"(allow default)\n"
"(deny file-read-data\n"
" (literal \"/private/var/tmp/ioshh\"))\n";
char *errbuff;
rv = sandbox_init(sb, 0, &errbuff);
if (rv != 0) {
fprintf(stderr, "sandbox_init failed: %s\n", errbuff);
sandbox_free_error(errbuff);
} else {
putenv("PS1=[SANDBOXED] \\h:\\w \\u\\$ ");
printf("pid: %d\n", getpid());
execl("/bin/sh", "sh", NULL);
}
return 0;
}
int main(int argc, const char* argv[]){
const char *task=argv[1];
const char *lang=argv[2];
sandbox_t s;
char prog[256];
const char *c[3];
long double ti;
if(strcmp(lang,"cpp")*strcmp(lang,"c")*strcmp(lang,"python2")*strcmp(lang,"python3")==0){
if(strcmp(lang,"cpp")*strcmp(lang,"c")==0){
sprintf(prog,"./%s",task);
c[0]=prog;
} else if(strcmp(lang,"python2")==0){
c[0]="/usr/bin/python2";
c[1]=task;
} else if(strcmp(lang,"python3")==0){
c[0]="/usr/bin/python3";
c[1]=task;
}
sandbox_init(&s,c);
s.task.quota[S_QUOTA_WALLCLOCK]=REAL;
s.task.quota[S_QUOTA_CPU]=CPU;
s.task.quota[S_QUOTA_MEMORY]=MEM;
s.task.quota[S_QUOTA_DISK]=DISK;
s.task.uid=getuid();
s.task.gid=getgid();
char outf[250];
sprintf(outf,"%s.out",task);
FILE *ofp=fopen(outf,"w");
s.task.ofd=fileno(ofp);
char inf[250];
sprintf(inf,"%s.in",task);
FILE *ifp=fopen(inf,"r");
s.task.ifd=fileno(ifp);
FILE *efp=fopen("../stderr","w");
s.task.efd=fileno(efp);
result_t* r=sandbox_execute(&s);
fclose(ifp);
fclose(ofp);
fclose(efp);
stat_t st=s.stat;
ti=st.cpu_info.clock.tv_sec+st.cpu_info.clock.tv_nsec/1.0e9;
if(*r!=S_RESULT_OK){
switch(*r){
case S_RESULT_RF:
printf("Wrong: restricted function\n");
return 6;
case S_RESULT_ML:
printf("Wrong: memory limit exceeded\n");
return 4;
case S_RESULT_TL:
printf("Wrong: time limit exceeded\n");
return 3;
case S_RESULT_RT:
printf("Wrong: runtime error\n");
return 5;
case S_RESULT_AT:
printf("Wrong: abnormal termination\n");
return 5;
}
}
} else if (strcmp(lang,"java")==0) {
sprintf(prog,"ulimit -t 30;/usr/bin/java -Djava.security.manager -Djava.security.policy=../policy -Xmx%d -Xms%d %s < %s.in > %s.out",MEM,MEM,task,task,task);
struct timeval start, end;
gettimeofday(&start, NULL);
system(prog);
gettimeofday(&end, NULL);
ti=(end.tv_sec-start.tv_sec)+(end.tv_usec - start.tv_usec)/1.0e6;
}
char resfile[256],corfile[256];
strcpy(resfile,task);strcat(resfile,".out");
strcpy(corfile,"../");strcat(corfile,resfile);
FILE *cor=fopen(corfile,"r");
bool good=true;
FILE *res;
if((res=fopen(resfile,"r"))!=NULL){
while(!feof(cor)&&!feof(res)){
if(fgetc(res)!=fgetc(cor)){
good=false;
break;
}
}
} else
good=false;
if(good){
printf("OK %Lf\n",ti);
return 0; // correct
} else {
printf("Wrong: incorrect output\n");
return 2; // wrong
}
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret == KRB5_CONFIG_BADFORMAT)
errx (1, "krb5_init_context failed to parse configuration file");
else if (ret)
errx (1, "krb5_init_context failed: %d", ret);
ret = krb5_kt_register(context, &hdb_kt_ops);
if (ret)
errx (1, "krb5_kt_register(HDB) failed: %d", ret);
config = configure(context, argc, argv);
#ifdef SIGPIPE
#ifdef HAVE_SIGACTION
{
struct sigaction sa;
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
sa.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &sa, NULL);
}
#else
signal(SIGPIPE, SIG_IGN);
#endif
#endif /* SIGPIPE */
#ifdef SUPPORT_DETACH
if (detach_from_console)
daemon(0, 0);
#endif
#ifdef __APPLE__
if (sandbox_flag) {
char *errorstring;
ret = sandbox_init("kdc", SANDBOX_NAMED, &errorstring);
if (ret)
errx(1, "sandbox_init failed: %d: %s", ret, errorstring);
}
bonjour_announce(get_realms);
#endif /* __APPLE__ */
pidfile(NULL);
switch_environment();
setup_listeners(context, config, listen_on_ipc, listen_on_network);
heim_sipc_signal_handler(SIGINT, terminated, "SIGINT");
heim_sipc_signal_handler(SIGTERM, terminated, "SIGTERM");
#ifdef SIGXCPU
heim_sipc_signal_handler(SIGXCPU, terminated, "CPU time limit exceeded");
#endif
heim_ipc_main();
krb5_free_context(context);
return 0;
}
int normal_excute(int run_id, int problem_id, path_info_t *pinfo,
int wallclock/* in ms */, int cputime/* in ms */,
int memory/* in byte */, int disksize/* in byte */,
config_t *pconfig, result_t *sandbox_result)
{
/* initial task */
task_t task;
int ifd, ofd, efd;
memset(&task, 0, sizeof(task_t));
/* set exe file name */
strcpy(task.exe, pinfo->exefile_name);
strcpy(task.exe_abspath, pinfo->exefile_abspath);
/* check the exe file*/
//...
/* set uid, gid */
task.uid = getuid();
task.gid = getgid();
/* set in, out, error out fds */
if((ifd = open(pinfo->infile_abspath, O_RDONLY)) < 0)
{
__TRACE_LN(__TRACE_KEY, "Internal Error : Input data file(%s) open failed", pinfo->infile_abspath);
return -1;
}
if((ofd = open(pinfo->tmpout_abspath, O_WRONLY | O_CREAT | O_TRUNC,
S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)) < 0)
{
close(ifd);
__TRACE_LN(__TRACE_KEY, "Internal Error : Tmp output data file(%s) open failed", pinfo->tmpout_abspath);
return -1;
}
if((efd = open("/dev/null", O_WRONLY)) < 0)
{
close(ifd);
close(ofd);
__TRACE_LN(__TRACE_KEY, "Internal Error : Error output file open failed");
return -1;
}
task.ifd = ifd;
task.ofd = ofd;
task.efd = efd;
/* set quota */
task.quota[QUOTA_WALLCLOCK] = wallclock;
task.quota[QUOTA_CPUTIME] = cputime;
task.quota[QUOTA_MEMORY] = memory;
task.quota[QUOTA_OUTPUT] = disksize;
sandbox_t sbox;
sandbox_init(&sbox, &task);
__TRACE_LN(__TRACE_DBG, "DBG : sandbox init done");
if(sandbox_excute(&sbox) < 0) *sandbox_result = INTERNAL_ERROR;
else *sandbox_result = sbox.result;
if(sandbox_result != PENDED)
{
float t = sbox.stat.ru.ru_utime.tv_sec * 1000 + sbox.stat.ru.ru_utime.tv_usec / 1000.0;
t += sbox.stat.ru.ru_stime.tv_sec * 1000 + sbox.stat.ru.ru_stime.tv_sec / 1000.0;
__TRACE_LN(__TRACE_DBG, "Time usage : %.2f(ms)", t);
__TRACE_LN(__TRACE_DBG, "Memory usage : %d(B)", sbox.stat.vsize_peak);
}
sandbox_fini(&sbox);
close(ifd);
close(ofd);
close(efd);
return 0;
}
/*
* Main program. Initialize us, disconnect us from the tty if necessary,
* and loop waiting for I/O and/or timer expiries.
*/
int
ntpdmain(
int argc,
char *argv[]
)
{
l_fp now;
struct recvbuf *rbuf;
#ifdef _AIX /* HMS: ifdef SIGDANGER? */
struct sigaction sa;
#endif
progname = argv[0];
initializing = 1; /* mark that we are initializing */
process_commandline_opts(&argc, &argv);
init_logging(progname, 1); /* Open the log file */
char *error = NULL;
if (sandbox_init("ntpd", SANDBOX_NAMED, &error) == -1) {
msyslog(LOG_ERR, "sandbox_init(ntpd, SANDBOX_NAMED) failed: %s", error);
sandbox_free_error(error);
}
#ifdef HAVE_UMASK
{
mode_t uv;
uv = umask(0);
if(uv)
(void) umask(uv);
else
(void) umask(022);
}
#endif
#if defined(HAVE_GETUID) && !defined(MPE) /* MPE lacks the concept of root */
{
uid_t uid;
uid = getuid();
if (uid && !HAVE_OPT( SAVECONFIGQUIT )) {
msyslog(LOG_ERR, "ntpd: must be run as root, not uid %ld", (long)uid);
printf("must be run as root, not uid %ld\n", (long)uid);
exit(1);
}
}
#endif
/* getstartup(argc, argv); / * startup configuration, may set debug */
#ifdef DEBUG
debug = DESC(DEBUG_LEVEL).optOccCt;
DPRINTF(1, ("%s\n", Version));
#endif
/* honor -l/--logfile option to log to a file */
setup_logfile();
/*
* Enable the Multi-Media Timer for Windows?
*/
#ifdef SYS_WINNT
if (HAVE_OPT( MODIFYMMTIMER ))
set_mm_timer(MM_TIMER_HIRES);
#endif
if (HAVE_OPT( NOFORK ) || HAVE_OPT( QUIT )
#ifdef DEBUG
|| debug
#endif
|| HAVE_OPT( SAVECONFIGQUIT ))
nofork = 1;
if (HAVE_OPT( NOVIRTUALIPS ))
listen_to_virtual_ips = 0;
/*
* --interface, listen on specified interfaces
*/
if (HAVE_OPT( INTERFACE )) {
int ifacect = STACKCT_OPT( INTERFACE );
const char** ifaces = STACKLST_OPT( INTERFACE );
isc_netaddr_t netaddr;
while (ifacect-- > 0) {
add_nic_rule(
is_ip_address(*ifaces, &netaddr)
? MATCH_IFADDR
: MATCH_IFNAME,
*ifaces, -1, ACTION_LISTEN);
ifaces++;
}
}
if (HAVE_OPT( NICE ))
priority_done = 0;
#if defined(HAVE_SCHED_SETSCHEDULER)
if (HAVE_OPT( PRIORITY )) {
config_priority = OPT_VALUE_PRIORITY;
config_priority_override = 1;
priority_done = 0;
}
#endif
#ifdef SYS_WINNT
/*
* Start interpolation thread, must occur before first
* get_systime()
*/
init_winnt_time();
#endif
/*
* Initialize random generator and public key pair
*/
get_systime(&now);
ntp_srandom((int)(now.l_i * now.l_uf));
#if !defined(VMS)
# ifndef NODETACH
/*
* Detach us from the terminal. May need an #ifndef GIZMO.
*/
if (!nofork) {
/*
* Install trap handlers to log errors and assertion
* failures. Default handlers print to stderr which
* doesn't work if detached.
*/
isc_assertion_setcallback(assertion_failed);
isc_error_setfatal(library_fatal_error);
isc_error_setunexpected(library_unexpected_error);
# ifndef SYS_WINNT
# ifdef HAVE_DAEMON
daemon(0, 0);
# else /* not HAVE_DAEMON */
if (fork()) /* HMS: What about a -1? */
exit(0);
{
#if !defined(F_CLOSEM)
u_long s;
int max_fd;
#endif /* !FCLOSEM */
if (syslog_file != NULL) {
fclose(syslog_file);
syslog_file = NULL;
}
#if defined(F_CLOSEM)
/*
* From 'Writing Reliable AIX Daemons,' SG24-4946-00,
* by Eric Agar (saves us from doing 32767 system
* calls)
*/
if (fcntl(0, F_CLOSEM, 0) == -1)
msyslog(LOG_ERR, "ntpd: failed to close open files(): %m");
#else /* not F_CLOSEM */
# if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX)
max_fd = sysconf(_SC_OPEN_MAX);
# else /* HAVE_SYSCONF && _SC_OPEN_MAX */
max_fd = getdtablesize();
# endif /* HAVE_SYSCONF && _SC_OPEN_MAX */
for (s = 0; s < max_fd; s++)
(void) close((int)s);
#endif /* not F_CLOSEM */
(void) open("/", 0);
(void) dup2(0, 1);
(void) dup2(0, 2);
init_logging(progname, 0);
/* we lost our logfile (if any) daemonizing */
setup_logfile();
#ifdef SYS_DOMAINOS
{
uid_$t puid;
status_$t st;
proc2_$who_am_i(&puid);
proc2_$make_server(&puid, &st);
}
#endif /* SYS_DOMAINOS */
#if defined(HAVE_SETPGID) || defined(HAVE_SETSID)
# ifdef HAVE_SETSID
if (setsid() == (pid_t)-1)
msyslog(LOG_ERR, "ntpd: setsid(): %m");
# else
if (setpgid(0, 0) == -1)
msyslog(LOG_ERR, "ntpd: setpgid(): %m");
# endif
#else /* HAVE_SETPGID || HAVE_SETSID */
{
# if defined(TIOCNOTTY)
int fid;
fid = open("/dev/tty", 2);
if (fid >= 0)
{
(void) ioctl(fid, (u_long) TIOCNOTTY, (char *) 0);
(void) close(fid);
}
# endif /* defined(TIOCNOTTY) */
# ifdef HAVE_SETPGRP_0
(void) setpgrp();
# else /* HAVE_SETPGRP_0 */
(void) setpgrp(0, getpid());
# endif /* HAVE_SETPGRP_0 */
}
#endif /* HAVE_SETPGID || HAVE_SETSID */
#ifdef _AIX
/* Don't get killed by low-on-memory signal. */
sa.sa_handler = catch_danger;
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
(void) sigaction(SIGDANGER, &sa, NULL);
#endif /* _AIX */
}
# endif /* not HAVE_DAEMON */
# endif /* SYS_WINNT */
}
# endif /* NODETACH */
#endif /* VMS */
#ifdef SCO5_CLOCK
/*
* SCO OpenServer's system clock offers much more precise timekeeping
* on the base CPU than the other CPUs (for multiprocessor systems),
* so we must lock to the base CPU.
*/
{
int fd = open("/dev/at1", O_RDONLY);
if (fd >= 0) {
int zero = 0;
if (ioctl(fd, ACPU_LOCK, &zero) < 0)
msyslog(LOG_ERR, "cannot lock to base CPU: %m");
close( fd );
} /* else ...
* If we can't open the device, this probably just isn't
* a multiprocessor system, so we're A-OK.
*/
}
#endif
#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && defined(MCL_FUTURE)
# ifdef HAVE_SETRLIMIT
/*
* Set the stack limit to something smaller, so that we don't lock a lot
* of unused stack memory.
*/
{
struct rlimit rl;
/* HMS: must make the rlim_cur amount configurable */
if (getrlimit(RLIMIT_STACK, &rl) != -1
&& (rl.rlim_cur = 50 * 4096) < rl.rlim_max)
{
if (setrlimit(RLIMIT_STACK, &rl) == -1)
{
msyslog(LOG_ERR,
"Cannot adjust stack limit for mlockall: %m");
}
}
# ifdef RLIMIT_MEMLOCK
/*
* The default RLIMIT_MEMLOCK is very low on Linux systems.
* Unless we increase this limit malloc calls are likely to
* fail if we drop root privlege. To be useful the value
* has to be larger than the largest ntpd resident set size.
*/
rl.rlim_cur = rl.rlim_max = 32*1024*1024;
if (setrlimit(RLIMIT_MEMLOCK, &rl) == -1) {
msyslog(LOG_ERR, "Cannot set RLIMIT_MEMLOCK: %m");
}
# endif /* RLIMIT_MEMLOCK */
}
# endif /* HAVE_SETRLIMIT */
/*
* lock the process into memory
*/
if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0)
msyslog(LOG_ERR, "mlockall(): %m");
#else /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */
# ifdef HAVE_PLOCK
# ifdef PROCLOCK
# ifdef _AIX
/*
* set the stack limit for AIX for plock().
* see get_aix_stack() for more info.
*/
if (ulimit(SET_STACKLIM, (get_aix_stack() - 8*4096)) < 0)
{
msyslog(LOG_ERR,"Cannot adjust stack limit for plock on AIX: %m");
}
# endif /* _AIX */
/*
* lock the process into memory
*/
if (plock(PROCLOCK) < 0)
msyslog(LOG_ERR, "plock(PROCLOCK): %m");
# else /* not PROCLOCK */
# ifdef TXTLOCK
/*
* Lock text into ram
*/
if (plock(TXTLOCK) < 0)
msyslog(LOG_ERR, "plock(TXTLOCK) error: %m");
# else /* not TXTLOCK */
msyslog(LOG_ERR, "plock() - don't know what to lock!");
# endif /* not TXTLOCK */
# endif /* not PROCLOCK */
# endif /* HAVE_PLOCK */
#endif /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */
/*
* Set up signals we pay attention to locally.
*/
#ifdef SIGDIE1
(void) signal_no_reset(SIGDIE1, finish);
#endif /* SIGDIE1 */
#ifdef SIGDIE2
(void) signal_no_reset(SIGDIE2, finish);
#endif /* SIGDIE2 */
#ifdef SIGDIE3
(void) signal_no_reset(SIGDIE3, finish);
#endif /* SIGDIE3 */
#ifdef SIGDIE4
(void) signal_no_reset(SIGDIE4, finish);
#endif /* SIGDIE4 */
#ifdef SIGBUS
(void) signal_no_reset(SIGBUS, finish);
#endif /* SIGBUS */
#if !defined(SYS_WINNT) && !defined(VMS)
# ifdef DEBUG
(void) signal_no_reset(MOREDEBUGSIG, moredebug);
(void) signal_no_reset(LESSDEBUGSIG, lessdebug);
# else
(void) signal_no_reset(MOREDEBUGSIG, no_debug);
(void) signal_no_reset(LESSDEBUGSIG, no_debug);
# endif /* DEBUG */
#endif /* !SYS_WINNT && !VMS */
/*
* Set up signals we should never pay attention to.
*/
#if defined SIGPIPE
(void) signal_no_reset(SIGPIPE, SIG_IGN);
#endif /* SIGPIPE */
/*
* Call the init_ routines to initialize the data structures.
*
* Exactly what command-line options are we expecting here?
*/
init_auth();
init_util();
init_restrict();
init_mon();
init_timer();
init_lib();
init_request();
init_control();
init_peer();
#ifdef REFCLOCK
init_refclock();
#endif
set_process_priority();
init_proto(); /* Call at high priority */
init_io();
init_loopfilter();
mon_start(MON_ON); /* monitor on by default now */
/* turn off in config if unwanted */
/*
* Get the configuration. This is done in a separate module
* since this will definitely be different for the gizmo board.
*/
getconfig(argc, argv);
NLOG(NLOG_SYSINFO) /* 'if' clause for syslog */
msyslog(LOG_NOTICE, "%s", Version);
report_event(EVNT_SYSRESTART, NULL, NULL);
loop_config(LOOP_DRIFTCOMP, old_drift);
initializing = 0;
#ifdef HAVE_DROPROOT
if( droproot ) {
/* Drop super-user privileges and chroot now if the OS supports this */
#ifdef HAVE_LINUX_CAPABILITIES
/* set flag: keep privileges accross setuid() call (we only really need cap_sys_time): */
if (prctl( PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L ) == -1) {
msyslog( LOG_ERR, "prctl( PR_SET_KEEPCAPS, 1L ) failed: %m" );
exit(-1);
}
#else
/* we need a user to switch to */
if (user == NULL) {
msyslog(LOG_ERR, "Need user name to drop root privileges (see -u flag!)" );
exit(-1);
}
#endif /* HAVE_LINUX_CAPABILITIES */
if (user != NULL) {
if (isdigit((unsigned char)*user)) {
sw_uid = (uid_t)strtoul(user, &endp, 0);
if (*endp != '\0')
goto getuser;
if ((pw = getpwuid(sw_uid)) != NULL) {
user = strdup(pw->pw_name);
if (NULL == user) {
msyslog(LOG_ERR, "strdup() failed: %m");
exit (-1);
}
sw_gid = pw->pw_gid;
} else {
errno = 0;
msyslog(LOG_ERR, "Cannot find user ID %s", user);
exit (-1);
}
} else {
getuser:
errno = 0;
if ((pw = getpwnam(user)) != NULL) {
sw_uid = pw->pw_uid;
sw_gid = pw->pw_gid;
} else {
if (errno)
msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user);
else
msyslog(LOG_ERR, "Cannot find user `%s'", user);
exit (-1);
}
}
}
if (group != NULL) {
if (isdigit((unsigned char)*group)) {
sw_gid = (gid_t)strtoul(group, &endp, 0);
if (*endp != '\0')
goto getgroup;
} else {
getgroup:
if ((gr = getgrnam(group)) != NULL) {
sw_gid = gr->gr_gid;
} else {
errno = 0;
msyslog(LOG_ERR, "Cannot find group `%s'", group);
exit (-1);
}
}
}
if (chrootdir ) {
/* make sure cwd is inside the jail: */
if (chdir(chrootdir)) {
msyslog(LOG_ERR, "Cannot chdir() to `%s': %m", chrootdir);
exit (-1);
}
if (chroot(chrootdir)) {
msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir);
exit (-1);
}
if (chdir("/")) {
msyslog(LOG_ERR, "Cannot chdir() to`root after chroot(): %m");
exit (-1);
}
}
if (user && initgroups(user, sw_gid)) {
msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
exit (-1);
}
if (group && setgid(sw_gid)) {
msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
exit (-1);
}
if (group && setegid(sw_gid)) {
msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group);
exit (-1);
}
if (user && setuid(sw_uid)) {
msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
exit (-1);
}
if (user && seteuid(sw_uid)) {
msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
exit (-1);
}
#ifndef HAVE_LINUX_CAPABILITIES
/*
* for now assume that the privilege to bind to privileged ports
* is associated with running with uid 0 - should be refined on
* ports that allow binding to NTP_PORT with uid != 0
*/
disable_dynamic_updates |= (sw_uid != 0); /* also notifies routing message listener */
#endif
if (disable_dynamic_updates && interface_interval) {
interface_interval = 0;
msyslog(LOG_INFO, "running in unprivileged mode disables dynamic interface tracking");
}
#ifdef HAVE_LINUX_CAPABILITIES
do {
/*
* We may be running under non-root uid now, but we still hold full root privileges!
* We drop all of them, except for the crucial one or two: cap_sys_time and
* cap_net_bind_service if doing dynamic interface tracking.
*/
cap_t caps;
char *captext = (interface_interval)
? "cap_sys_time,cap_net_bind_service=ipe"
: "cap_sys_time=ipe";
if( ! ( caps = cap_from_text( captext ) ) ) {
msyslog( LOG_ERR, "cap_from_text() failed: %m" );
exit(-1);
}
if( cap_set_proc( caps ) == -1 ) {
msyslog( LOG_ERR, "cap_set_proc() failed to drop root privileges: %m" );
exit(-1);
}
cap_free( caps );
} while(0);
#endif /* HAVE_LINUX_CAPABILITIES */
} /* if( droproot ) */
#endif /* HAVE_DROPROOT */
/*
* Use select() on all on all input fd's for unlimited
* time. select() will terminate on SIGALARM or on the
* reception of input. Using select() means we can't do
* robust signal handling and we get a potential race
* between checking for alarms and doing the select().
* Mostly harmless, I think.
*/
/* On VMS, I suspect that select() can't be interrupted
* by a "signal" either, so I take the easy way out and
* have select() time out after one second.
* System clock updates really aren't time-critical,
* and - lacking a hardware reference clock - I have
* yet to learn about anything else that is.
*/
#if defined(HAVE_IO_COMPLETION_PORT)
for (;;) {
GetReceivedBuffers();
#else /* normal I/O */
BLOCK_IO_AND_ALARM();
was_alarmed = 0;
for (;;)
{
# if !defined(HAVE_SIGNALED_IO)
extern fd_set activefds;
extern int maxactivefd;
fd_set rdfdes;
int nfound;
# endif
if (alarm_flag) /* alarmed? */
{
was_alarmed = 1;
alarm_flag = 0;
}
if (!was_alarmed && has_full_recv_buffer() == ISC_FALSE)
{
/*
* Nothing to do. Wait for something.
*/
# ifndef HAVE_SIGNALED_IO
rdfdes = activefds;
# if defined(VMS) || defined(SYS_VXWORKS)
/* make select() wake up after one second */
{
struct timeval t1;
t1.tv_sec = 1; t1.tv_usec = 0;
nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0,
(fd_set *)0, &t1);
}
# else
nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0,
(fd_set *)0, (struct timeval *)0);
# endif /* VMS */
if (nfound > 0)
{
l_fp ts;
get_systime(&ts);
(void)input_handler(&ts);
}
else if (nfound == -1 && errno != EINTR)
msyslog(LOG_ERR, "select() error: %m");
# ifdef DEBUG
else if (debug > 5)
msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound);
# endif /* DEBUG */
# else /* HAVE_SIGNALED_IO */
wait_for_signal();
# endif /* HAVE_SIGNALED_IO */
if (alarm_flag) /* alarmed? */
{
was_alarmed = 1;
alarm_flag = 0;
}
}
if (was_alarmed)
{
UNBLOCK_IO_AND_ALARM();
/*
* Out here, signals are unblocked. Call timer routine
* to process expiry.
*/
timer();
was_alarmed = 0;
BLOCK_IO_AND_ALARM();
}
#endif /* ! HAVE_IO_COMPLETION_PORT */
#ifdef DEBUG_TIMING
{
l_fp pts;
l_fp tsa, tsb;
int bufcount = 0;
get_systime(&pts);
tsa = pts;
#endif
rbuf = get_full_recv_buffer();
while (rbuf != NULL)
{
if (alarm_flag)
{
was_alarmed = 1;
alarm_flag = 0;
}
UNBLOCK_IO_AND_ALARM();
if (was_alarmed)
{ /* avoid timer starvation during lengthy I/O handling */
timer();
was_alarmed = 0;
}
/*
* Call the data procedure to handle each received
* packet.
*/
if (rbuf->receiver != NULL) /* This should always be true */
{
#ifdef DEBUG_TIMING
l_fp dts = pts;
L_SUB(&dts, &rbuf->recv_time);
DPRINTF(2, ("processing timestamp delta %s (with prec. fuzz)\n", lfptoa(&dts, 9)));
collect_timing(rbuf, "buffer processing delay", 1, &dts);
bufcount++;
#endif
(rbuf->receiver)(rbuf);
} else {
msyslog(LOG_ERR, "receive buffer corruption - receiver found to be NULL - ABORTING");
abort();
}
BLOCK_IO_AND_ALARM();
freerecvbuf(rbuf);
rbuf = get_full_recv_buffer();
}
#ifdef DEBUG_TIMING
get_systime(&tsb);
L_SUB(&tsb, &tsa);
if (bufcount) {
collect_timing(NULL, "processing", bufcount, &tsb);
DPRINTF(2, ("processing time for %d buffers %s\n", bufcount, lfptoa(&tsb, 9)));
}
}
#endif
/*
* Go around again
*/
#ifdef HAVE_DNSREGISTRATION
if (mdnsreg && (current_time - mdnsreg ) > 60 && mdnstries && sys_leap != LEAP_NOTINSYNC) {
mdnsreg = current_time;
msyslog(LOG_INFO, "Attemping to register mDNS");
if ( DNSServiceRegister (&mdns, 0, 0, NULL, "_ntp._udp", NULL, NULL,
htons(NTP_PORT), 0, NULL, NULL, NULL) != kDNSServiceErr_NoError ) {
if (!--mdnstries) {
msyslog(LOG_ERR, "Unable to register mDNS, giving up.");
} else {
msyslog(LOG_INFO, "Unable to register mDNS, will try later.");
}
} else {
msyslog(LOG_INFO, "mDNS service registered.");
mdnsreg = 0;
}
}
#endif /* HAVE_DNSREGISTRATION */
}
UNBLOCK_IO_AND_ALARM();
return 1;
}
#ifdef SIGDIE2
/*
* finish - exit gracefully
*/
static RETSIGTYPE
finish(
int sig
)
{
msyslog(LOG_NOTICE, "ntpd exiting on signal %d", sig);
#ifdef HAVE_DNSREGISTRATION
if (mdns != NULL)
DNSServiceRefDeallocate(mdns);
#endif
switch (sig) {
# ifdef SIGBUS
case SIGBUS:
printf("\nfinish(SIGBUS)\n");
exit(0);
# endif
case 0: /* Should never happen... */
return;
default:
exit(0);
}
}
void GenHash::calcGenHash()
{
sandbox_init();
// cannot excute execve
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
kDebug() << "execve" << execve("ls",NULL,NULL);
if (child_pid){
KParts::ReadOnlyPart * part = qobject_cast<KParts::ReadOnlyPart *>(parent());
QFile file(KFileDialog::getOpenFileName(KUrl("kfiledialog:///konqueror"), i18n("*"), part->widget(), i18n("Open File To make MD5.")));
if (!file.open(QIODevice::ReadOnly))
{
return;
}
// TODO QFile
//char s[1024];
// write file content
{
close(pipe_fd[0]);
QByteArray s = file.readAll();
char *ch = s.data();
if (write(pipe_fd[1], ch, s.size()) < 0) {
perror("write");
}
close(pipe_fd[1]);
}
//read result
{
close(pipe_result_fd[1]);
char result[128];
if (read(pipe_result_fd[0], &result[0], 128) < 0){
perror("read");
}
close(pipe_result_fd[0]);
KMessageBox::information(part->widget(),i18n("Md5 : %1").arg(QString(QByteArray(result, 128))));
}
}else{
scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_KILL);
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 3,
SCMP_A0(SCMP_CMP_EQ, (scmp_datum_t)pipe_fd[0]),
SCMP_A1(SCMP_CMP_EQ, (scmp_datum_t)buff),
SCMP_A2(SCMP_CMP_LE, 1024));
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1,
SCMP_CMP(0, SCMP_CMP_EQ, (scmp_datum_t)pipe_result_fd[1]));
seccomp_load(ctx);
seccomp_release(ctx);
calcMD5();
}
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
int optidx = 0;
int i;
krb5_keytab keytab;
krb5_socket_t sfd = rk_INVALID_SOCKET;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if (getarg(args, num_args, argc, argv, &optidx)) {
warnx("error at argument `%s'", argv[optidx]);
usage(1);
}
if (help_flag)
usage (0);
if (version_flag) {
print_version(NULL);
exit(0);
}
setup_context(context);
/*
* Now, do the same for the gssapi thread we are going to be running in
*/
{
krb5_context gssctx;
ret = _gsskrb5_init(&gssctx);
if (ret)
errx(1, "failed to setup gssapi context");
setup_context(gssctx);
krb5_gss_register_acceptor_identity("HDB:");
}
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_resolve");
kadm5_setup_passwd_quality_check (context, check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
#ifdef ___APPLE__
if (sandbox_flag) {
char *errorstring;
ret = sandbox_init("kadmind", SANDBOX_NAMED, &errorstring);
if (ret)
errx(1, "sandbox_init failed: %d: %s", ret, errorstring);
}
#endif
if(debug_flag) {
int debug_port;
if(port_str == NULL)
debug_port = krb5_getportbyname (context, "kerberos-adm",
"tcp", 749);
else
debug_port = htons(atoi(port_str));
mini_inetd(debug_port, &sfd);
} else {
#ifdef _WIN32
pidfile(NULL);
start_server(context, port_str);
#else
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
socklen_t sa_size = sizeof(__ss);
/*
* Check if we are running inside inetd or not, if not, start
* our own server.
*/
if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
rk_SOCK_ERRNO == ENOTSOCK) {
pidfile(NULL);
start_server(context, port_str);
}
#endif /* _WIN32 */
sfd = STDIN_FILENO;
}
if(realm)
krb5_set_default_realm(context, realm); /* XXX */
kadmind_loop(context, keytab, sfd);
return 0;
}
