struct sandbox *
startChild(void *data)
{
int procd, pid, sv[2];
struct sandbox *newsandbox;
if ((newsandbox = malloc(sizeof (struct sandbox))) == NULL)
err(1, "Couldn't allocate memory for sandbox");
sv[0] = sv[1] = 0;
if (socketpair(PF_LOCAL, SOCK_STREAM, 0, sv) < 0 )
err(1, "zcaplib: socketpair()");
pid = pdfork(&procd, 0);
if (pid == 0 ) {
cap_rights_t stdin_cap;
cap_rights_t stdout_cap;
cap_rights_t stderr_cap;
cap_rights_t socket_cap;
cap_rights_init(&stdin_cap, CAP_READ);
cap_rights_init(&stderr_cap, CAP_WRITE, CAP_FSTAT);
cap_rights_init(&stdout_cap, CAP_WRITE);
if (dup2(sv[0], 3) != 3)
err(1, "Couldn't duplicate fd");
closefrom(4);
cap_rights_init(&socket_cap, CAP_WRITE, CAP_READ, CAP_POLL_EVENT);
if (cap_rights_limit(STDIN_FILENO, &stdin_cap) < 0)
err(1, "Couldn't limit stdin");
if (cap_rights_limit(STDOUT_FILENO, &stdout_cap) < 0)
err(1, "Couldn't limit stdout");
if (cap_rights_limit(STDERR_FILENO, &stderr_cap) < 0)
err(1, "Couldn't limit stderr");
if (cap_rights_limit(3, &socket_cap) < 0)
err(1, "Couldn't limit sandbox socket");
/* execl() zlibworker */
if ( execl("/usr/libexec/zlibworker", "zlibworker", NULL) < 0)
err(1, "Couldn't find zlibworker.");
exit(0);
} else if (pid == -1) {
err(1, "Couldn't fork");
} else {
signal(SIGCHLD, suicide);
atexit(killChild);
newsandbox->dataptr = data;
newsandbox->pd = procd;
newsandbox->socket = sv[1];
debug("DEBUG: We have started a new sandbox.\n");
debug("\tdata: %p pd: %d, socket: %d\n", data, newsandbox->pd, newsandbox->socket);
}
return (newsandbox);
}
static int
ksandbox_capsicum_init_control(void *arg, int fd1, int fd2)
{
int rc;
struct rlimit rl_zero;
cap_rights_t rights;
cap_rights_init(&rights);
cap_rights_init(&rights, CAP_EVENT, CAP_FCNTL, CAP_ACCEPT);
if (cap_rights_limit(STDIN_FILENO, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: STDIN_FILENO");
return(0);
}
cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT);
if (cap_rights_limit(STDERR_FILENO, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: STDERR_FILENO");
return(0);
}
cap_rights_init(&rights, CAP_EVENT,
CAP_FCNTL, CAP_READ, CAP_WRITE);
if (cap_rights_limit(fd1, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: internal socket");
return(0);
}
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (-1 == setrlimit(RLIMIT_FSIZE, &rl_zero)) {
XWARNX("setrlimit: rlimit_fsize");
return(0);
} else if (-1 == setrlimit(RLIMIT_NPROC, &rl_zero)) {
XWARNX("setrlimit: rlimit_nproc");
return(0);
}
rc = cap_enter();
if (0 != rc && errno != ENOSYS) {
XWARN("cap_enter");
rc = 0;
} else
rc = 1;
return(rc);
}
/*
* XXX: I CANT INTO LATIN
*/
static void
capsicate(struct connection *conn)
{
int error;
cap_rights_t rights;
#ifdef ICL_KERNEL_PROXY
const unsigned long cmds[] = { ISCSIDCONNECT, ISCSIDSEND, ISCSIDRECEIVE,
ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD, ISCSISREMOVE
};
#else
const unsigned long cmds[] = { ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD,
ISCSISREMOVE
};
#endif
cap_rights_init(&rights, CAP_IOCTL);
error = cap_rights_limit(conn->conn_iscsi_fd, &rights);
if (error != 0 && errno != ENOSYS)
log_err(1, "cap_rights_limit");
error = cap_ioctls_limit(conn->conn_iscsi_fd, cmds,
sizeof(cmds) / sizeof(cmds[0]));
if (error != 0 && errno != ENOSYS)
log_err(1, "cap_ioctls_limit");
error = cap_enter();
if (error != 0 && errno != ENOSYS)
log_err(1, "cap_enter");
if (cap_sandboxed())
log_debugx("Capsicum capability mode enabled");
else
log_warnx("Capsicum capability mode not supported");
}
static void
ioctl_tests_2(int fd)
{
unsigned long cmds[2];
CHECK(cap_rights_limit(fd, CAP_ALL & ~CAP_IOCTL) == 0);
CHECK(cap_ioctls_get(fd, cmds, nitems(cmds)) == 0);
cmds[0] = FIOCLEX;
cmds[1] = FIONCLEX;
errno = 0;
CHECK(cap_ioctls_limit(fd, cmds, nitems(cmds)) == -1);
CHECK(errno == ENOTCAPABLE);
CHECK(cap_ioctls_get(fd, cmds, nitems(cmds)) == 0);
cmds[0] = FIOCLEX;
errno = 0;
CHECK(cap_ioctls_limit(fd, cmds, 1) == -1);
CHECK(errno == ENOTCAPABLE);
CHECK(cap_ioctls_get(fd, cmds, nitems(cmds)) == 0);
CHECK(fcntl(fd, F_GETFD) == 0);
errno = 0;
CHECK(ioctl(fd, FIOCLEX) == -1);
CHECK(errno == ENOTCAPABLE);
CHECK(fcntl(fd, F_GETFD) == 0);
CHECK(fcntl(fd, F_SETFD, FD_CLOEXEC) == 0);
CHECK(fcntl(fd, F_GETFD) == FD_CLOEXEC);
errno = 0;
CHECK(ioctl(fd, FIONCLEX) == -1);
CHECK(errno == ENOTCAPABLE);
CHECK(fcntl(fd, F_GETFD) == FD_CLOEXEC);
CHECK(fcntl(fd, F_SETFD, 0) == 0);
CHECK(fcntl(fd, F_GETFD) == 0);
}
void
ssh_sandbox_child(struct ssh_sandbox *box)
{
struct rlimit rl_zero;
cap_rights_t rights;
caph_cache_tzdata();
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
__func__, strerror(errno));
#ifndef SANDBOX_SKIP_RLIMIT_NOFILE
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
__func__, strerror(errno));
#endif
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
__func__, strerror(errno));
cap_rights_init(&rights);
if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
fatal("can't limit stdin: %m");
if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
fatal("can't limit stdout: %m");
if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
fatal("can't limit stderr: %m");
cap_rights_init(&rights, CAP_READ, CAP_WRITE);
if (cap_rights_limit(box->monitor->m_recvfd, &rights) < 0 &&
errno != ENOSYS)
fatal("%s: failed to limit the network socket", __func__);
cap_rights_init(&rights, CAP_WRITE);
if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) < 0 &&
errno != ENOSYS)
fatal("%s: failed to limit the logging socket", __func__);
if (cap_enter() < 0 && errno != ENOSYS)
fatal("%s: failed to enter capability mode", __func__);
}
static void
fcntl_tests_1(int fd)
{
uint32_t fcntlrights;
cap_rights_t rights;
CHECK(cap_fcntls_limit(fd, CAP_FCNTL_GETFL) == 0);
fcntlrights = 0;
CHECK(cap_fcntls_get(fd, &fcntlrights) == 0);
CHECK(fcntlrights == CAP_FCNTL_GETFL);
CAP_ALL(&rights);
cap_rights_clear(&rights, CAP_FCNTL);
CHECK(cap_rights_limit(fd, &rights) == 0);
fcntlrights = CAP_FCNTL_ALL;
CHECK(cap_fcntls_get(fd, &fcntlrights) == 0);
CHECK(fcntlrights == 0);
errno = 0;
CHECK(cap_fcntls_limit(fd, CAP_FCNTL_GETFL | CAP_FCNTL_SETFL) == -1);
CHECK(errno == ENOTCAPABLE);
fcntlrights = CAP_FCNTL_ALL;
CHECK(cap_fcntls_get(fd, &fcntlrights) == 0);
CHECK(fcntlrights == 0);
errno = 0;
CHECK(cap_fcntls_limit(fd, CAP_FCNTL_GETFL) == -1);
CHECK(errno == ENOTCAPABLE);
fcntlrights = CAP_FCNTL_ALL;
CHECK(cap_fcntls_get(fd, &fcntlrights) == 0);
CHECK(fcntlrights == 0);
CHECK(fcntl(fd, F_GETFD) == 0);
CHECK(fcntl(fd, F_SETFD, FD_CLOEXEC) == 0);
CHECK(fcntl(fd, F_GETFD) == FD_CLOEXEC);
CHECK(fcntl(fd, F_SETFD, 0) == 0);
CHECK(fcntl(fd, F_GETFD) == 0);
errno = 0;
CHECK(fcntl(fd, F_GETFL) == -1);
CHECK(errno == ENOTCAPABLE);
errno = 0;
CHECK(fcntl(fd, F_SETFL, O_NONBLOCK) == -1);
CHECK(errno == ENOTCAPABLE);
errno = 0;
CHECK(fcntl(fd, F_SETFL, 0) == -1);
CHECK(errno == ENOTCAPABLE);
errno = 0;
CHECK(fcntl(fd, F_GETFL) == -1);
CHECK(errno == ENOTCAPABLE);
}
int
uart_set_backend(struct uart_softc *sc, const char *opts)
{
int retval;
#ifndef WITHOUT_CAPSICUM
cap_rights_t rights;
cap_ioctl_t cmds[] = { TIOCGETA, TIOCSETA, TIOCGWINSZ };
#endif
retval = -1;
if (opts == NULL)
return (0);
if (strcmp("stdio", opts) == 0) {
if (!uart_stdio) {
sc->tty.fd = STDIN_FILENO;
sc->tty.opened = true;
uart_stdio = true;
retval = 0;
}
} else if (uart_tty_backend(sc, opts) == 0) {
retval = 0;
}
/* Make the backend file descriptor non-blocking */
if (retval == 0)
retval = fcntl(sc->tty.fd, F_SETFL, O_NONBLOCK);
#ifndef WITHOUT_CAPSICUM
cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ, CAP_WRITE);
if (cap_rights_limit(sc->tty.fd, &rights) == -1 && errno != ENOSYS)
errx(EX_OSERR, "Unable to apply rights for sandbox");
if (cap_ioctls_limit(sc->tty.fd, cmds, nitems(cmds)) == -1 && errno != ENOSYS)
errx(EX_OSERR, "Unable to apply rights for sandbox");
if (!uart_stdio) {
if (caph_limit_stdin() == -1 && errno != ENOSYS)
errx(EX_OSERR, "Unable to apply rights for sandbox");
}
#endif
if (retval == 0)
uart_opentty(sc);
return (retval);
}
int
exec_info(int argc, char **argv)
{
struct pkgdb *db = NULL;
struct pkgdb_it *it = NULL;
int query_flags;
struct pkg *pkg = NULL;
uint64_t opt = INFO_TAG_NAMEVER;
match_t match = MATCH_GLOB;
char *pkgname;
char *pkgversion = NULL, *pkgversion2 = NULL;
const char *file = NULL;
int ch, fd;
int ret = EPKG_OK;
int retcode = 0;
bool gotone = false;
int i, j;
int sign = 0;
int sign2 = 0;
int open_flags = 0;
bool pkg_exists = false;
bool origin_search = false;
bool e_flag = false;
struct pkg_manifest_key *keys = NULL;
#ifdef HAVE_CAPSICUM
cap_rights_t rights;
#endif
struct option longopts[] = {
{ "all", no_argument, NULL, 'a' },
{ "annotations", no_argument, NULL, 'A' },
{ "provided-shlibs", no_argument, NULL, 'b' },
{ "required-shlibs", no_argument, NULL, 'B' },
{ "case-sensitive", no_argument, NULL, 'C' },
{ "dependencies", no_argument, NULL, 'd' },
{ "pkg-message", no_argument, NULL, 'D' },
{ "exists", no_argument, NULL, 'e' },
{ "show-name-only", no_argument, NULL, 'E' },
{ "full", no_argument, NULL, 'f' },
{ "file", required_argument, NULL, 'F' },
{ "glob", no_argument, NULL, 'g' },
{ "case-insensitive", no_argument, NULL, 'i' },
{ "comment", no_argument, NULL, 'I' },
{ "locked", no_argument, NULL, 'k' },
{ "list-files", no_argument, NULL, 'l' },
{ "origin", no_argument, NULL, 'o' },
{ "by-origin", no_argument, NULL, 'O' },
{ "prefix", no_argument, NULL, 'p' },
{ "quiet", no_argument, NULL, 'q' },
{ "required-by", no_argument, NULL, 'r' },
{ "raw", no_argument, NULL, 'R' },
{ "size", no_argument, NULL, 's' },
{ "regex", no_argument, NULL, 'x' },
{ "raw-format", required_argument, NULL, 1 },
{ NULL, 0, NULL, 0 },
};
/* TODO: exclusive opts ? */
while ((ch = getopt_long(argc, argv, "+aAbBCdDeEfF:giIkloOpqrRsx", longopts, NULL)) != -1) {
switch (ch) {
case 'a':
match = MATCH_ALL;
break;
case 'A':
opt |= INFO_ANNOTATIONS;
break;
case 'b':
opt |= INFO_SHLIBS_PROVIDED;
break;
case 'B':
opt |= INFO_SHLIBS_REQUIRED;
break;
case 'C':
pkgdb_set_case_sensitivity(true);
break;
case 'd':
opt |= INFO_DEPS;
break;
case 'D':
opt |= INFO_MESSAGE;
break;
case 'e':
pkg_exists = true;;
retcode = 1;
break;
case 'E': /* ports compatibility */
e_flag = true;
break;
case 'f':
opt |= INFO_FULL;
break;
case 'F':
file = optarg;
break;
case 'g':
match = MATCH_GLOB;
break;
case 'i':
pkgdb_set_case_sensitivity(false);
break;
case 'I':
opt |= INFO_COMMENT;
break;
case 'k':
opt |= INFO_LOCKED;
break;
case 'l':
opt |= INFO_FILES;
break;
case 'o':
opt |= INFO_ORIGIN;
break;
case 'O':
origin_search = true; /* only for ports compat */
break;
case 'p':
opt |= INFO_PREFIX;
break;
case 'q':
quiet = true;
break;
case 'r':
opt |= INFO_RDEPS;
break;
case 'R':
opt |= INFO_RAW;
break;
case 's':
opt |= INFO_FLATSIZE;
break;
case 'x':
match = MATCH_REGEX;
break;
case 1:
if (strcasecmp(optarg, "json") == 0)
opt |= INFO_RAW_JSON;
else if (strcasecmp(optarg, "json-compact") == 0)
opt |= INFO_RAW_JSON_COMPACT;
else if (strcasecmp(optarg, "yaml") == 0)
opt |= INFO_RAW_YAML;
else if (strcasecmp(optarg, "ucl") == 0)
opt |= INFO_RAW_UCL;
else
errx(EX_USAGE, "Invalid format '%s' for the "
"raw output, expecting json, json-compact "
"or yaml", optarg);
break;
default:
usage_info();
return(EX_USAGE);
}
}
if (argc == 1 || (argc == 2 && quiet))
match = MATCH_ALL;
argc -= optind;
argv += optind;
if (argc == 0 && file == NULL && match != MATCH_ALL) {
/* which -O bsd.*.mk always execpt clean output */
if (origin_search)
return (EX_OK);
usage_info();
return (EX_USAGE);
}
/* When no other data is requested, default is to print
* 'name-ver comment' For -O, just print name-ver */
if (!origin_search && (opt & INFO_ALL) == 0 && match == MATCH_ALL &&
!quiet)
opt |= INFO_COMMENT;
/* Special compatibility: handle -O and -q -O */
if (origin_search) {
if (quiet) {
opt = INFO_TAG_NAMEVER;
quiet = false;
} else {
opt = INFO_TAG_NAMEVER|INFO_COMMENT;
}
}
if (match == MATCH_ALL && opt == INFO_TAG_NAMEVER)
quiet = false;
if (file != NULL) {
if ((fd = open(file, O_RDONLY)) == -1) {
warn("Unable to open %s", file);
return (EX_IOERR);
}
#ifdef HAVE_CAPSICUM
cap_rights_init(&rights, CAP_READ, CAP_FSTAT);
if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS ) {
warn("cap_rights_limit() failed");
close(fd);
return (EX_SOFTWARE);
}
if (cap_enter() < 0 && errno != ENOSYS) {
warn("cap_enter() failed");
close(fd);
return (EX_SOFTWARE);
}
#endif
if (opt == INFO_TAG_NAMEVER)
opt |= INFO_FULL;
pkg_manifest_keys_new(&keys);
if (opt & INFO_RAW) {
if ((opt & (INFO_RAW_JSON|INFO_RAW_JSON_COMPACT|INFO_RAW_UCL)) == 0)
opt |= INFO_RAW_YAML;
}
if ((opt & (INFO_RAW | INFO_FILES |
INFO_DIRS)) == 0)
open_flags = PKG_OPEN_MANIFEST_COMPACT;
if (pkg_open_fd(&pkg, fd, keys, open_flags) != EPKG_OK) {
close(fd);
return (1);
}
pkg_manifest_keys_free(keys);
print_info(pkg, opt);
close(fd);
pkg_free(pkg);
return (EX_OK);
}
ret = pkgdb_access(PKGDB_MODE_READ, PKGDB_DB_LOCAL);
if (ret == EPKG_ENOACCESS) {
warnx("Insufficient privileges to query the package database");
return (EX_NOPERM);
} else if (ret == EPKG_ENODB) {
if (match == MATCH_ALL)
return (EX_OK);
if (origin_search)
return (EX_OK);
if (!quiet)
warnx("No packages installed");
return (EX_UNAVAILABLE);
} else if (ret != EPKG_OK)
return (EX_IOERR);
ret = pkgdb_open(&db, PKGDB_DEFAULT);
if (ret != EPKG_OK)
return (EX_IOERR);
if (pkgdb_obtain_lock(db, PKGDB_LOCK_READONLY) != EPKG_OK) {
pkgdb_close(db);
warnx("Cannot get a read lock on a database, it is locked by another process");
return (EX_TEMPFAIL);
}
i = 0;
do {
gotone = false;
pkgname = argv[i];
/*
* allow to search for origin with a trailing /
* likes audio/linux-vsound depending on ${PORTSDIR}/audio/sox/
*/
if (argc > 0 && pkgname[strlen(pkgname) -1] == '/')
pkgname[strlen(pkgname) -1] = '\0';
if (argc > 0) {
j=0;
while (pkgname[j] != '\0') {
if (pkgname[j] == '<') {
if (pkgversion) {
pkgversion2 = pkgname + j;
sign2 = LT;
pkgversion2[0] = '\0';
pkgversion2++;
if (pkgversion2[0] == '=') {
pkgversion2++;
sign=LE;
j++;
}
} else {
pkgversion = pkgname + j;
sign = LT;
pkgversion[0] = '\0';
pkgversion++;
if (pkgversion[0] == '=') {
pkgversion++;
sign=LE;
j++;
}
}
} else if (pkgname[j] == '>') {
if (pkgversion) {
pkgversion2 = pkgname + j;
sign2 = GT;
pkgversion2[0] = '\0';
pkgversion2++;
if (pkgversion2[0] == '=') {
pkgversion2++;
sign=GE;
j++;
}
} else {
pkgversion = pkgname + j;
sign = GT;
pkgversion[0] = '\0';
pkgversion++;
if (pkgversion[0] == '=') {
pkgversion++;
sign=GE;
j++;
}
}
} else if (pkgname[j] == '=') {
if (pkgversion) {
pkgversion2 = pkgname + j;
sign2 = EQ;
pkgversion2[0] = '\0';
pkgversion2++;
if (pkgversion2[0] == '=') {
pkgversion2++;
sign=EQ;
j++;
}
} else {
pkgversion = pkgname + j;
sign = EQ;
pkgversion[0] = '\0';
pkgversion++;
if (pkgversion[0] == '=') {
pkgversion++;
sign=EQ;
j++;
}
}
}
j++;
}
}
if (match != MATCH_ALL && pkgname[0] == '\0') {
fprintf(stderr, "Pattern must not be empty.\n");
i++;
continue;
}
if ((it = pkgdb_query(db, pkgname, match)) == NULL) {
goto cleanup;
}
/* this is place for compatibility hacks */
/* ports infrastructure expects pkg info -q -O to
* always return 0 even if the ports doesn't exists */
if (origin_search)
gotone = true;
/* end of compatibility hacks */
/*
* only show full version in case of match glob with a
* single argument specified which does not contains
* any glob pattern
*/
if (argc == 1 && !origin_search && !quiet && !e_flag &&
match == MATCH_GLOB &&
strcspn(pkgname, "*[]{}()") == strlen(pkgname) &&
opt == INFO_TAG_NAMEVER)
opt |= INFO_FULL;
query_flags = info_flags(opt, false);
while ((ret = pkgdb_it_next(it, &pkg, query_flags)) == EPKG_OK) {
gotone = true;
const char *version;
pkg_get(pkg, PKG_VERSION, &version);
if (pkgversion != NULL) {
switch (pkg_version_cmp(version, pkgversion)) {
case -1:
if (sign != LT && sign != LE) {
gotone = false;
continue;
}
break;
case 0:
if (sign != LE &&
sign != GE &&
sign != EQ) {
gotone = false;
continue;
}
break;
case 1:
if (sign != GT && sign != GE) {
gotone = false;
continue;
}
break;
}
}
if (pkgversion2 != NULL) {
switch (pkg_version_cmp(version, pkgversion2)) {
case -1:
if (sign2 != LT && sign2 != LE) {
gotone = false;
continue;
}
break;
case 0:
if (sign2 != LE &&
sign2 != GE &&
sign2 != EQ) {
gotone = false;
continue;
}
break;
case 1:
if (sign2 != GT && sign2 != GE) {
gotone = false;
continue;
}
break;
}
}
if (pkg_exists)
retcode = EX_OK;
else
print_info(pkg, opt);
}
if (ret != EPKG_END) {
retcode = EX_IOERR;
}
if (retcode == EX_OK && !gotone && match != MATCH_ALL) {
if (!quiet)
warnx("No package(s) matching %s", argv[i]);
retcode = EX_SOFTWARE;
}
pkgdb_it_free(it);
i++;
} while (i < argc);
cleanup:
pkg_free(pkg);
pkgdb_release_lock(db, PKGDB_LOCK_READONLY);
pkgdb_close(db);
return (retcode);
}
int
main (int argc, char *argv[])
{
wchar_t *tprev, *tthis;
FILE *ifp, *ofp;
int ch, comp;
size_t prevbuflen, thisbuflen, b1;
char *prevline, *thisline, *p;
const char *ifn;
cap_rights_t rights;
(void) setlocale(LC_ALL, "");
obsolete(argv);
while ((ch = getopt(argc, argv, "cdif:s:u")) != -1)
switch (ch) {
case 'c':
cflag = 1;
break;
case 'd':
dflag = 1;
break;
case 'i':
iflag = 1;
break;
case 'f':
numfields = strtol(optarg, &p, 10);
if (numfields < 0 || *p)
errx(1, "illegal field skip value: %s", optarg);
break;
case 's':
numchars = strtol(optarg, &p, 10);
if (numchars < 0 || *p)
errx(1, "illegal character skip value: %s", optarg);
break;
case 'u':
uflag = 1;
break;
case '?':
default:
usage();
}
argc -= optind;
argv += optind;
/* If no flags are set, default is -d -u. */
if (cflag) {
if (dflag || uflag)
usage();
} else if (!dflag && !uflag)
dflag = uflag = 1;
if (argc > 2)
usage();
ifp = stdin;
ifn = "stdin";
ofp = stdout;
if (argc > 0 && strcmp(argv[0], "-") != 0)
ifp = file(ifn = argv[0], "r");
cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
if (cap_rights_limit(fileno(ifp), &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for %s", ifn);
cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
if (argc > 1)
ofp = file(argv[1], "w");
else
cap_rights_set(&rights, CAP_IOCTL);
if (cap_rights_limit(fileno(ofp), &rights) < 0 && errno != ENOSYS) {
err(1, "unable to limit rights for %s",
argc > 1 ? argv[1] : "stdout");
}
if (cap_rights_is_set(&rights, CAP_IOCTL)) {
unsigned long cmd;
cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
if (cap_ioctls_limit(fileno(ofp), &cmd, 1) < 0 &&
errno != ENOSYS) {
err(1, "unable to limit ioctls for %s",
argc > 1 ? argv[1] : "stdout");
}
}
strerror_init();
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
prevbuflen = thisbuflen = 0;
prevline = thisline = NULL;
if (getline(&prevline, &prevbuflen, ifp) < 0) {
if (ferror(ifp))
err(1, "%s", ifn);
exit(0);
}
tprev = convert(prevline);
if (!cflag && uflag && dflag)
show(ofp, prevline);
tthis = NULL;
while (getline(&thisline, &thisbuflen, ifp) >= 0) {
if (tthis != NULL)
free(tthis);
tthis = convert(thisline);
if (tthis == NULL && tprev == NULL)
comp = inlcmp(thisline, prevline);
else if (tthis == NULL || tprev == NULL)
comp = 1;
else
comp = wcscoll(tthis, tprev);
if (comp) {
/* If different, print; set previous to new value. */
if (cflag || !dflag || !uflag)
show(ofp, prevline);
p = prevline;
b1 = prevbuflen;
prevline = thisline;
prevbuflen = thisbuflen;
if (tprev != NULL)
free(tprev);
tprev = tthis;
if (!cflag && uflag && dflag)
show(ofp, prevline);
thisline = p;
thisbuflen = b1;
tthis = NULL;
repeats = 0;
} else
++repeats;
}
if (ferror(ifp))
err(1, "%s", ifn);
if (cflag || !dflag || !uflag)
show(ofp, prevline);
exit(0);
}
int
drop_privs(const struct hast_resource *res)
{
char jailhost[sizeof(res->hr_name) * 2];
struct jail jailst;
struct passwd *pw;
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
gid_t gidset[1];
bool capsicum, jailed;
/*
* According to getpwnam(3) we have to clear errno before calling the
* function to be able to distinguish between an error and missing
* entry (with is not treated as error by getpwnam(3)).
*/
errno = 0;
pw = getpwnam(HAST_USER);
if (pw == NULL) {
if (errno != 0) {
pjdlog_errno(LOG_ERR,
"Unable to find info about '%s' user", HAST_USER);
return (-1);
} else {
pjdlog_error("'%s' user doesn't exist.", HAST_USER);
errno = ENOENT;
return (-1);
}
}
bzero(&jailst, sizeof(jailst));
jailst.version = JAIL_API_VERSION;
jailst.path = pw->pw_dir;
if (res == NULL) {
(void)snprintf(jailhost, sizeof(jailhost), "hastctl");
} else {
(void)snprintf(jailhost, sizeof(jailhost), "hastd: %s (%s)",
res->hr_name, role2str(res->hr_role));
}
jailst.hostname = jailhost;
jailst.jailname = NULL;
jailst.ip4s = 0;
jailst.ip4 = NULL;
jailst.ip6s = 0;
jailst.ip6 = NULL;
if (jail(&jailst) >= 0) {
jailed = true;
} else {
jailed = false;
pjdlog_errno(LOG_WARNING,
"Unable to jail to directory to %s", pw->pw_dir);
if (chroot(pw->pw_dir) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to change root directory to %s",
pw->pw_dir);
return (-1);
}
}
PJDLOG_VERIFY(chdir("/") == 0);
gidset[0] = pw->pw_gid;
if (setgroups(1, gidset) == -1) {
pjdlog_errno(LOG_ERR, "Unable to set groups to gid %u",
(unsigned int)pw->pw_gid);
return (-1);
}
if (setgid(pw->pw_gid) == -1) {
pjdlog_errno(LOG_ERR, "Unable to set gid to %u",
(unsigned int)pw->pw_gid);
return (-1);
}
if (setuid(pw->pw_uid) == -1) {
pjdlog_errno(LOG_ERR, "Unable to set uid to %u",
(unsigned int)pw->pw_uid);
return (-1);
}
#ifdef HAVE_CAPSICUM
capsicum = (cap_enter() == 0);
if (!capsicum) {
pjdlog_common(LOG_DEBUG, 1, errno,
"Unable to sandbox using capsicum");
} else if (res != NULL) {
cap_rights_t rights;
static const unsigned long geomcmds[] = {
DIOCGDELETE,
DIOCGFLUSH
};
PJDLOG_ASSERT(res->hr_role == HAST_ROLE_PRIMARY ||
res->hr_role == HAST_ROLE_SECONDARY);
cap_rights_init(&rights, CAP_FLOCK, CAP_IOCTL, CAP_PREAD,
CAP_PWRITE);
if (cap_rights_limit(res->hr_localfd, &rights) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to limit capability rights on local descriptor");
}
if (cap_ioctls_limit(res->hr_localfd, geomcmds,
sizeof(geomcmds) / sizeof(geomcmds[0])) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to limit allowed GEOM ioctls");
}
if (res->hr_role == HAST_ROLE_PRIMARY) {
static const unsigned long ggatecmds[] = {
G_GATE_CMD_MODIFY,
G_GATE_CMD_START,
G_GATE_CMD_DONE,
G_GATE_CMD_DESTROY
};
cap_rights_init(&rights, CAP_IOCTL);
if (cap_rights_limit(res->hr_ggatefd, &rights) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to limit capability rights to CAP_IOCTL on ggate descriptor");
}
if (cap_ioctls_limit(res->hr_ggatefd, ggatecmds,
sizeof(ggatecmds) / sizeof(ggatecmds[0])) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to limit allowed ggate ioctls");
}
}
}
#else
capsicum = false;
#endif
/*
* Better be sure that everything succeeded.
*/
PJDLOG_VERIFY(getresuid(&ruid, &euid, &suid) == 0);
PJDLOG_VERIFY(ruid == pw->pw_uid);
PJDLOG_VERIFY(euid == pw->pw_uid);
PJDLOG_VERIFY(suid == pw->pw_uid);
PJDLOG_VERIFY(getresgid(&rgid, &egid, &sgid) == 0);
PJDLOG_VERIFY(rgid == pw->pw_gid);
PJDLOG_VERIFY(egid == pw->pw_gid);
PJDLOG_VERIFY(sgid == pw->pw_gid);
PJDLOG_VERIFY(getgroups(0, NULL) == 1);
PJDLOG_VERIFY(getgroups(1, gidset) == 1);
PJDLOG_VERIFY(gidset[0] == pw->pw_gid);
pjdlog_debug(1,
"Privileges successfully dropped using %s%s+setgid+setuid.",
capsicum ? "capsicum+" : "", jailed ? "jail" : "chroot");
return (0);
}
int
main(int argc, char *argv[])
{
int ch;
struct dirent *dp;
int width;
ssize_t cc;
struct whod *w;
struct whoent *we;
struct myutmp *mp;
cap_rights_t rights;
int f, n, i;
int d_first;
int dfd;
time_t ct;
w = &wd;
(void) setlocale(LC_TIME, "");
d_first = (*nl_langinfo(D_MD_ORDER) == 'd');
while ((ch = getopt(argc, argv, "a")) != -1) {
switch ((char)ch) {
case 'a':
aflg = 1;
break;
case '?':
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc != 0)
usage();
if (chdir(_PATH_RWHODIR) < 0)
err(1, "chdir(%s)", _PATH_RWHODIR);
if ((dirp = opendir(".")) == NULL)
err(1, "opendir(%s)", _PATH_RWHODIR);
dfd = dirfd(dirp);
mp = myutmp;
cap_rights_init(&rights, CAP_READ, CAP_LOOKUP);
if (cap_rights_limit(dfd, &rights) < 0 && errno != ENOSYS)
err(1, "cap_rights_limit failed: %s", _PATH_RWHODIR);
/*
* Cache files required for time(3) and localtime(3) before entering
* capability mode.
*/
(void) time(&ct);
(void) localtime(&ct);
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "cap_enter");
(void) time(&now);
cap_rights_init(&rights, CAP_READ);
while ((dp = readdir(dirp)) != NULL) {
if (dp->d_ino == 0 || strncmp(dp->d_name, "whod.", 5) != 0)
continue;
f = openat(dfd, dp->d_name, O_RDONLY);
if (f < 0)
continue;
if (cap_rights_limit(f, &rights) < 0 && errno != ENOSYS)
err(1, "cap_rights_limit failed: %s", dp->d_name);
cc = read(f, (char *)&wd, sizeof(struct whod));
if (cc < WHDRSIZE) {
(void) close(f);
continue;
}
if (down(w, now) != 0) {
(void) close(f);
continue;
}
cc -= WHDRSIZE;
we = w->wd_we;
for (n = cc / sizeof(struct whoent); n > 0; n--) {
if (aflg == 0 && we->we_idle >= 60 * 60) {
we++;
continue;
}
if (nusers >= NUSERS)
errx(1, "too many users");
mp->myutmp = we->we_utmp;
mp->myidle = we->we_idle;
(void) strcpy(mp->myhost, w->wd_hostname);
nusers++;
we++;
mp++;
}
(void) close(f);
}
qsort((char *)myutmp, nusers, sizeof(struct myutmp), utmpcmp);
mp = myutmp;
width = 0;
for (i = 0; i < nusers; i++) {
/* append one for the blank and use 8 for the out_line */
int j;
j = strlen(mp->myhost) + 1 + sizeof(mp->myutmp.out_line);
if (j > width)
width = j;
mp++;
}
mp = myutmp;
for (i = 0; i < nusers; i++) {
char buf[BUFSIZ], cbuf[80];
time_t t;
t = _int_to_time(mp->myutmp.out_time);
strftime(cbuf, sizeof(cbuf), d_first ? "%e %b %R" : "%b %e %R",
localtime(&t));
(void) sprintf(buf, "%s:%-.*s", mp->myhost,
(int)sizeof(mp->myutmp.out_line), mp->myutmp.out_line);
printf("%-*.*s %-*s %s",
(int)sizeof(mp->myutmp.out_name),
(int)sizeof(mp->myutmp.out_name),
mp->myutmp.out_name, width, buf, cbuf);
mp->myidle /= 60;
if (mp->myidle != 0) {
if (aflg != 0) {
if (mp->myidle >= 100 * 60)
mp->myidle = 100 * 60 - 1;
if (mp->myidle >= 60)
printf(" %2d", mp->myidle / 60);
else
printf(" ");
} else {
printf(" ");
}
printf(":%02d", mp->myidle % 60);
}
printf("\n");
mp++;
}
exit(0);
}
int
main(int argc, char **argv)
{
cap_rights_t rights;
bool have_format = false;
bool infinity = false;
bool nofinalnl = false;
bool randomize = false;
bool use_random = false;
int ch;
int mask = 0;
int n = 0;
double begin = BEGIN_DEF;
double divisor;
double ender = ENDER_DEF;
double s = STEP_DEF;
double x, y;
long i;
long reps = REPS_DEF;
if (caph_limit_stdio() < 0)
err(1, "unable to limit rights for stdio");
cap_rights_init(&rights);
if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stdin");
/*
* Cache NLS data, for strerror, for err(3), before entering capability
* mode.
*/
caph_cache_catpages();
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
while ((ch = getopt(argc, argv, "b:cnp:rs:w:")) != -1)
switch (ch) {
case 'b':
boring = true;
/* FALLTHROUGH */
case 'w':
if (strlcpy(format, optarg, sizeof(format)) >=
sizeof(format))
errx(1, "-%c word too long", ch);
have_format = true;
break;
case 'c':
chardata = true;
break;
case 'n':
nofinalnl = true;
break;
case 'p':
prec = atoi(optarg);
if (prec < 0)
errx(1, "bad precision value");
have_format = true;
break;
case 'r':
randomize = true;
break;
case 's':
sepstring = optarg;
break;
default:
usage();
}
argc -= optind;
argv += optind;
switch (argc) { /* examine args right to left, falling thru cases */
case 4:
if (!is_default(argv[3])) {
if (!sscanf(argv[3], "%lf", &s))
errx(1, "bad s value: %s", argv[3]);
mask |= HAVE_STEP;
if (randomize)
use_random = true;
}
/* FALLTHROUGH */
case 3:
if (!is_default(argv[2])) {
if (!sscanf(argv[2], "%lf", &ender))
ender = argv[2][strlen(argv[2])-1];
mask |= HAVE_ENDER;
if (prec < 0)
n = getprec(argv[2]);
}
/* FALLTHROUGH */
case 2:
if (!is_default(argv[1])) {
if (!sscanf(argv[1], "%lf", &begin))
begin = argv[1][strlen(argv[1])-1];
mask |= HAVE_BEGIN;
if (prec < 0)
prec = getprec(argv[1]);
if (n > prec) /* maximum precision */
prec = n;
}
/* FALLTHROUGH */
case 1:
if (!is_default(argv[0])) {
if (!sscanf(argv[0], "%ld", &reps))
errx(1, "bad reps value: %s", argv[0]);
mask |= HAVE_REPS;
}
break;
case 0:
usage();
default:
errx(1, "too many arguments. What do you mean by %s?",
argv[4]);
}
getformat();
if (prec == -1)
prec = 0;
while (mask) /* 4 bit mask has 1's where last 4 args were given */
switch (mask) { /* fill in the 0's by default or computation */
case HAVE_STEP:
case HAVE_ENDER:
case HAVE_ENDER | HAVE_STEP:
case HAVE_BEGIN:
case HAVE_BEGIN | HAVE_STEP:
reps = REPS_DEF;
mask |= HAVE_REPS;
break;
case HAVE_BEGIN | HAVE_ENDER:
s = ender > begin ? 1 : -1;
mask |= HAVE_STEP;
break;
case HAVE_BEGIN | HAVE_ENDER | HAVE_STEP:
if (randomize)
reps = REPS_DEF;
else if (s == 0.0)
reps = 0;
else
reps = (ender - begin + s) / s;
if (reps <= 0)
errx(1, "impossible stepsize");
mask = 0;
break;
case HAVE_REPS:
case HAVE_REPS | HAVE_STEP:
begin = BEGIN_DEF;
mask |= HAVE_BEGIN;
break;
case HAVE_REPS | HAVE_ENDER:
s = STEP_DEF;
mask = HAVE_REPS | HAVE_ENDER | HAVE_STEP;
break;
case HAVE_REPS | HAVE_ENDER | HAVE_STEP:
if (randomize)
begin = BEGIN_DEF;
else if (reps == 0)
errx(1, "must specify begin if reps == 0");
begin = ender - reps * s + s;
mask = 0;
break;
case HAVE_REPS | HAVE_BEGIN:
s = STEP_DEF;
mask = HAVE_REPS | HAVE_BEGIN | HAVE_STEP;
break;
case HAVE_REPS | HAVE_BEGIN | HAVE_STEP:
if (randomize)
ender = ENDER_DEF;
else
ender = begin + reps * s - s;
mask = 0;
break;
case HAVE_REPS | HAVE_BEGIN | HAVE_ENDER:
if (reps == 0)
errx(1, "infinite sequences cannot be bounded");
else if (reps == 1)
s = 0.0;
else
s = (ender - begin) / (reps - 1);
mask = 0;
break;
case HAVE_REPS | HAVE_BEGIN | HAVE_ENDER | HAVE_STEP:
/* if reps given and implied, */
if (!randomize && s != 0.0) {
long t = (ender - begin + s) / s;
if (t <= 0)
errx(1, "impossible stepsize");
if (t < reps) /* take lesser */
reps = t;
}
mask = 0;
break;
default:
errx(1, "bad mask");
}
if (reps == 0)
infinity = true;
if (randomize) {
if (use_random) {
srandom((unsigned long)s);
divisor = (double)INT32_MAX + 1;
} else
divisor = (double)UINT32_MAX + 1;
/*
* Attempt to DWIM when the user has specified an
* integer range within that of the random number
* generator: distribute the numbers equally in
* the range [begin .. ender]. Jot's default %.0f
* format would make the appearance of the first and
* last specified value half as likely as the rest.
*/
if (!have_format && prec == 0 &&
begin >= 0 && begin < divisor &&
ender >= 0 && ender < divisor) {
if (begin <= ender)
ender += 1;
else
begin += 1;
nosign = true;
intdata = true;
(void)strlcpy(format,
chardata ? "%c" : "%u", sizeof(format));
}
x = ender - begin;
for (i = 1; i <= reps || infinity; i++) {
if (use_random)
y = random() / divisor;
else
y = arc4random() / divisor;
if (putdata(y * x + begin, !(reps - i)))
errx(1, "range error in conversion");
}
} else
for (i = 1, x = begin; i <= reps || infinity; i++, x += s)
if (putdata(x, !(reps - i)))
errx(1, "range error in conversion");
if (!nofinalnl)
putchar('\n');
exit(0);
}
int
main(int argc, char **argv)
{
cap_rights_t rights;
int dec_ind; /* current indentation for declarations */
int di_stack[20]; /* a stack of structure indentation levels */
int force_nl; /* when true, code must be broken */
int hd_type = 0; /* used to store type of stmt for if (...),
* for (...), etc */
int i; /* local loop counter */
int scase; /* set to true when we see a case, so we will
* know what to do with the following colon */
int sp_sw; /* when true, we are in the expression of
* if(...), while(...), etc. */
int squest; /* when this is positive, we have seen a ?
* without the matching : in a <c>?<s>:<s>
* construct */
const char *t_ptr; /* used for copying tokens */
int tabs_to_var; /* true if using tabs to indent to var name */
int type_code; /* the type of token, returned by lexi */
int last_else = 0; /* true iff last keyword was an else */
const char *profile_name = NULL;
const char *envval = NULL;
struct parser_state transient_state; /* a copy for lookup */
/*-----------------------------------------------*\
| INITIALIZATION |
\*-----------------------------------------------*/
found_err = 0;
ps.p_stack[0] = stmt; /* this is the parser's stack */
ps.last_nl = true; /* this is true if the last thing scanned was
* a newline */
ps.last_token = semicolon;
combuf = (char *) malloc(bufsize);
if (combuf == NULL)
err(1, NULL);
labbuf = (char *) malloc(bufsize);
if (labbuf == NULL)
err(1, NULL);
codebuf = (char *) malloc(bufsize);
if (codebuf == NULL)
err(1, NULL);
tokenbuf = (char *) malloc(bufsize);
if (tokenbuf == NULL)
err(1, NULL);
alloc_typenames();
l_com = combuf + bufsize - 5;
l_lab = labbuf + bufsize - 5;
l_code = codebuf + bufsize - 5;
l_token = tokenbuf + bufsize - 5;
combuf[0] = codebuf[0] = labbuf[0] = ' '; /* set up code, label, and
* comment buffers */
combuf[1] = codebuf[1] = labbuf[1] = '\0';
ps.else_if = 1; /* Default else-if special processing to on */
s_lab = e_lab = labbuf + 1;
s_code = e_code = codebuf + 1;
s_com = e_com = combuf + 1;
s_token = e_token = tokenbuf + 1;
in_buffer = (char *) malloc(10);
if (in_buffer == NULL)
err(1, NULL);
in_buffer_limit = in_buffer + 8;
buf_ptr = buf_end = in_buffer;
line_no = 1;
had_eof = ps.in_decl = ps.decl_on_line = break_comma = false;
sp_sw = force_nl = false;
ps.in_or_st = false;
ps.bl_line = true;
dec_ind = 0;
di_stack[ps.dec_nest = 0] = 0;
ps.want_blank = ps.in_stmt = ps.ind_stmt = false;
scase = ps.pcase = false;
squest = 0;
sc_end = NULL;
bp_save = NULL;
be_save = NULL;
output = NULL;
tabs_to_var = 0;
envval = getenv("SIMPLE_BACKUP_SUFFIX");
if (envval)
simple_backup_suffix = envval;
/*--------------------------------------------------*\
| COMMAND LINE SCAN |
\*--------------------------------------------------*/
#ifdef undef
max_col = 78; /* -l78 */
lineup_to_parens = 1; /* -lp */
lineup_to_parens_always = 0; /* -nlpl */
ps.ljust_decl = 0; /* -ndj */
ps.com_ind = 33; /* -c33 */
star_comment_cont = 1; /* -sc */
ps.ind_size = 8; /* -i8 */
verbose = 0;
ps.decl_indent = 16; /* -di16 */
ps.local_decl_indent = -1; /* if this is not set to some nonnegative value
* by an arg, we will set this equal to
* ps.decl_ind */
ps.indent_parameters = 1; /* -ip */
ps.decl_com_ind = 0; /* if this is not set to some positive value
* by an arg, we will set this equal to
* ps.com_ind */
btype_2 = 1; /* -br */
cuddle_else = 1; /* -ce */
ps.unindent_displace = 0; /* -d0 */
ps.case_indent = 0; /* -cli0 */
format_block_comments = 1; /* -fcb */
format_col1_comments = 1; /* -fc1 */
procnames_start_line = 1; /* -psl */
proc_calls_space = 0; /* -npcs */
comment_delimiter_on_blankline = 1; /* -cdb */
ps.leave_comma = 1; /* -nbc */
#endif
for (i = 1; i < argc; ++i)
if (strcmp(argv[i], "-npro") == 0)
break;
else if (argv[i][0] == '-' && argv[i][1] == 'P' && argv[i][2] != '\0')
profile_name = argv[i]; /* non-empty -P (set profile) */
set_defaults();
if (i >= argc)
set_profile(profile_name);
for (i = 1; i < argc; ++i) {
/*
* look thru args (if any) for changes to defaults
*/
if (argv[i][0] != '-') {/* no flag on parameter */
if (input == NULL) { /* we must have the input file */
in_name = argv[i]; /* remember name of input file */
input = fopen(in_name, "r");
if (input == NULL) /* check for open error */
err(1, "%s", in_name);
continue;
}
else if (output == NULL) { /* we have the output file */
out_name = argv[i]; /* remember name of output file */
if (strcmp(in_name, out_name) == 0) { /* attempt to overwrite
* the file */
errx(1, "input and output files must be different");
}
output = fopen(out_name, "w");
if (output == NULL) /* check for create error */
err(1, "%s", out_name);
continue;
}
errx(1, "unknown parameter: %s", argv[i]);
}
else
set_option(argv[i]);
} /* end of for */
if (input == NULL)
input = stdin;
if (output == NULL) {
if (input == stdin)
output = stdout;
else {
out_name = in_name;
bakcopy();
}
}
/* Restrict input/output descriptors and enter Capsicum sandbox. */
cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
if (cap_rights_limit(fileno(output), &rights) < 0 && errno != ENOSYS)
err(EXIT_FAILURE, "unable to limit rights for %s", out_name);
cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
if (cap_rights_limit(fileno(input), &rights) < 0 && errno != ENOSYS)
err(EXIT_FAILURE, "unable to limit rights for %s", in_name);
if (cap_enter() < 0 && errno != ENOSYS)
err(EXIT_FAILURE, "unable to enter capability mode");
if (ps.com_ind <= 1)
ps.com_ind = 2; /* dont put normal comments before column 2 */
if (block_comment_max_col <= 0)
block_comment_max_col = max_col;
if (ps.local_decl_indent < 0) /* if not specified by user, set this */
ps.local_decl_indent = ps.decl_indent;
if (ps.decl_com_ind <= 0) /* if not specified by user, set this */
ps.decl_com_ind = ps.ljust_decl ? (ps.com_ind <= 10 ? 2 : ps.com_ind - 8) : ps.com_ind;
if (continuation_indent == 0)
continuation_indent = ps.ind_size;
fill_buffer(); /* get first batch of stuff into input buffer */
parse(semicolon);
{
char *p = buf_ptr;
int col = 1;
while (1) {
if (*p == ' ')
col++;
else if (*p == '\t')
col = tabsize * (1 + (col - 1) / tabsize) + 1;
else
break;
p++;
}
if (col > ps.ind_size)
ps.ind_level = ps.i_l_follow = col / ps.ind_size;
}
/*
* START OF MAIN LOOP
*/
while (1) { /* this is the main loop. it will go until we
* reach eof */
int comment_buffered = false;
type_code = lexi(&ps); /* lexi reads one token. The actual
* characters read are stored in "token". lexi
* returns a code indicating the type of token */
/*
* The following code moves newlines and comments following an if (),
* while (), else, etc. up to the start of the following stmt to
* a buffer. This allows proper handling of both kinds of brace
* placement (-br, -bl) and cuddling "else" (-ce).
*/
while (ps.search_brace) {
switch (type_code) {
case newline:
if (sc_end == NULL) {
save_com = sc_buf;
save_com[0] = save_com[1] = ' ';
sc_end = &save_com[2];
}
*sc_end++ = '\n';
/*
* We may have inherited a force_nl == true from the previous
* token (like a semicolon). But once we know that a newline
* has been scanned in this loop, force_nl should be false.
*
* However, the force_nl == true must be preserved if newline
* is never scanned in this loop, so this assignment cannot be
* done earlier.
*/
force_nl = false;
case form_feed:
break;
case comment:
if (sc_end == NULL) {
/*
* Copy everything from the start of the line, because
* pr_comment() will use that to calculate original
* indentation of a boxed comment.
*/
memcpy(sc_buf, in_buffer, buf_ptr - in_buffer - 4);
save_com = sc_buf + (buf_ptr - in_buffer - 4);
save_com[0] = save_com[1] = ' ';
sc_end = &save_com[2];
}
comment_buffered = true;
*sc_end++ = '/'; /* copy in start of comment */
*sc_end++ = '*';
for (;;) { /* loop until we get to the end of the comment */
*sc_end = *buf_ptr++;
if (buf_ptr >= buf_end)
fill_buffer();
if (*sc_end++ == '*' && *buf_ptr == '/')
break; /* we are at end of comment */
if (sc_end >= &save_com[sc_size]) { /* check for temp buffer
* overflow */
diag2(1, "Internal buffer overflow - Move big comment from right after if, while, or whatever");
fflush(output);
exit(1);
}
}
*sc_end++ = '/'; /* add ending slash */
if (++buf_ptr >= buf_end) /* get past / in buffer */
fill_buffer();
break;
case lbrace:
/*
* Put KNF-style lbraces before the buffered up tokens and
* jump out of this loop in order to avoid copying the token
* again under the default case of the switch below.
*/
if (sc_end != NULL && btype_2) {
save_com[0] = '{';
/*
* Originally the lbrace may have been alone on its own
* line, but it will be moved into "the else's line", so
* if there was a newline resulting from the "{" before,
* it must be scanned now and ignored.
*/
while (isspace((unsigned char)*buf_ptr)) {
if (++buf_ptr >= buf_end)
fill_buffer();
if (*buf_ptr == '\n')
break;
}
goto sw_buffer;
}
/* FALLTHROUGH */
default: /* it is the start of a normal statement */
{
int remove_newlines;
remove_newlines =
/* "} else" */
(type_code == sp_nparen && *token == 'e' &&
e_code != s_code && e_code[-1] == '}')
/* "else if" */
|| (type_code == sp_paren && *token == 'i' &&
last_else && ps.else_if);
if (remove_newlines)
force_nl = false;
if (sc_end == NULL) { /* ignore buffering if
* comment wasn't saved up */
ps.search_brace = false;
goto check_type;
}
while (sc_end > save_com && isblank((unsigned char)sc_end[-1])) {
sc_end--;
}
if (swallow_optional_blanklines ||
(!comment_buffered && remove_newlines)) {
force_nl = !remove_newlines;
while (sc_end > save_com && sc_end[-1] == '\n') {
sc_end--;
}
}
if (force_nl) { /* if we should insert a nl here, put
* it into the buffer */
force_nl = false;
--line_no; /* this will be re-increased when the
* newline is read from the buffer */
*sc_end++ = '\n';
*sc_end++ = ' ';
if (verbose) /* print error msg if the line was
* not already broken */
diag2(0, "Line broken");
}
for (t_ptr = token; *t_ptr; ++t_ptr)
*sc_end++ = *t_ptr;
sw_buffer:
ps.search_brace = false; /* stop looking for start of
* stmt */
bp_save = buf_ptr; /* save current input buffer */
be_save = buf_end;
buf_ptr = save_com; /* fix so that subsequent calls to
* lexi will take tokens out of
* save_com */
*sc_end++ = ' ';/* add trailing blank, just in case */
buf_end = sc_end;
sc_end = NULL;
break;
}
} /* end of switch */
/*
* We must make this check, just in case there was an unexpected
* EOF.
*/
if (type_code != 0) {
/*
* The only intended purpose of calling lexi() below is to
* categorize the next token in order to decide whether to
* continue buffering forthcoming tokens. Once the buffering
* is over, lexi() will be called again elsewhere on all of
* the tokens - this time for normal processing.
*
* Calling it for this purpose is a bug, because lexi() also
* changes the parser state and discards leading whitespace,
* which is needed mostly for comment-related considerations.
*
* Work around the former problem by giving lexi() a copy of
* the current parser state and discard it if the call turned
* out to be just a look ahead.
*
* Work around the latter problem by copying all whitespace
* characters into the buffer so that the later lexi() call
* will read them.
*/
if (sc_end != NULL) {
while (*buf_ptr == ' ' || *buf_ptr == '\t') {
*sc_end++ = *buf_ptr++;
if (sc_end >= &save_com[sc_size]) {
errx(1, "input too long");
}
}
if (buf_ptr >= buf_end) {
fill_buffer();
}
}
transient_state = ps;
type_code = lexi(&transient_state); /* read another token */
if (type_code != newline && type_code != form_feed &&
type_code != comment && !transient_state.search_brace) {
ps = transient_state;
}
}
} /* end of while (search_brace) */
last_else = 0;
check_type:
if (type_code == 0) { /* we got eof */
if (s_lab != e_lab || s_code != e_code
|| s_com != e_com) /* must dump end of line */
dump_line();
if (ps.tos > 1) /* check for balanced braces */
diag2(1, "Stuff missing from end of file");
if (verbose) {
printf("There were %d output lines and %d comments\n",
ps.out_lines, ps.out_coms);
printf("(Lines with comments)/(Lines with code): %6.3f\n",
(1.0 * ps.com_lines) / code_lines);
}
fflush(output);
exit(found_err);
}
if (
(type_code != comment) &&
(type_code != newline) &&
(type_code != preesc) &&
(type_code != form_feed)) {
if (force_nl &&
(type_code != semicolon) &&
(type_code != lbrace || !btype_2)) {
/* we should force a broken line here */
if (verbose)
diag2(0, "Line broken");
dump_line();
ps.want_blank = false; /* dont insert blank at line start */
force_nl = false;
}
ps.in_stmt = true; /* turn on flag which causes an extra level of
* indentation. this is turned off by a ; or
* '}' */
if (s_com != e_com) { /* the turkey has embedded a comment
* in a line. fix it */
int len = e_com - s_com;
CHECK_SIZE_CODE(len + 3);
*e_code++ = ' ';
memcpy(e_code, s_com, len);
e_code += len;
*e_code++ = ' ';
*e_code = '\0'; /* null terminate code sect */
ps.want_blank = false;
e_com = s_com;
}
}
else if (type_code != comment) /* preserve force_nl thru a comment */
force_nl = false; /* cancel forced newline after newline, form
* feed, etc */
/*-----------------------------------------------------*\
| do switch on type of token scanned |
\*-----------------------------------------------------*/
CHECK_SIZE_CODE(3); /* maximum number of increments of e_code
* before the next CHECK_SIZE_CODE or
* dump_line() is 2. After that there's the
* final increment for the null character. */
switch (type_code) { /* now, decide what to do with the token */
case form_feed: /* found a form feed in line */
ps.use_ff = true; /* a form feed is treated much like a newline */
dump_line();
ps.want_blank = false;
break;
case newline:
if (ps.last_token != comma || ps.p_l_follow > 0
|| !ps.leave_comma || ps.block_init || !break_comma || s_com != e_com) {
dump_line();
ps.want_blank = false;
}
++line_no; /* keep track of input line number */
break;
case lparen: /* got a '(' or '[' */
/* count parens to make Healy happy */
if (++ps.p_l_follow == nitems(ps.paren_indents)) {
diag3(0, "Reached internal limit of %d unclosed parens",
nitems(ps.paren_indents));
ps.p_l_follow--;
}
if (*token == '[')
/* not a function pointer declaration or a function call */;
else if (ps.in_decl && !ps.block_init && !ps.dumped_decl_indent &&
ps.procname[0] == '\0' && ps.paren_level == 0) {
/* function pointer declarations */
indent_declaration(dec_ind, tabs_to_var);
ps.dumped_decl_indent = true;
}
else if (ps.want_blank &&
((ps.last_token != ident && ps.last_token != funcname) ||
proc_calls_space ||
/* offsetof (1) is never allowed a space; sizeof (2) gets
* one iff -bs; all other keywords (>2) always get a space
* before lparen */
ps.keyword + Bill_Shannon > 2))
*e_code++ = ' ';
ps.want_blank = false;
*e_code++ = token[0];
ps.paren_indents[ps.p_l_follow - 1] = count_spaces_until(1, s_code, e_code) - 1;
if (sp_sw && ps.p_l_follow == 1 && extra_expression_indent
&& ps.paren_indents[0] < 2 * ps.ind_size)
ps.paren_indents[0] = 2 * ps.ind_size;
if (ps.in_or_st && *token == '(' && ps.tos <= 2) {
/*
* this is a kluge to make sure that declarations will be
* aligned right if proc decl has an explicit type on it, i.e.
* "int a(x) {..."
*/
parse(semicolon); /* I said this was a kluge... */
ps.in_or_st = false; /* turn off flag for structure decl or
* initialization */
}
/* parenthesized type following sizeof or offsetof is not a cast */
if (ps.keyword == 1 || ps.keyword == 2)
ps.not_cast_mask |= 1 << ps.p_l_follow;
break;
case rparen: /* got a ')' or ']' */
if (ps.cast_mask & (1 << ps.p_l_follow) & ~ps.not_cast_mask) {
ps.last_u_d = true;
ps.cast_mask &= (1 << ps.p_l_follow) - 1;
ps.want_blank = space_after_cast;
} else
ps.want_blank = true;
ps.not_cast_mask &= (1 << ps.p_l_follow) - 1;
if (--ps.p_l_follow < 0) {
ps.p_l_follow = 0;
diag3(0, "Extra %c", *token);
}
if (e_code == s_code) /* if the paren starts the line */
ps.paren_level = ps.p_l_follow; /* then indent it */
*e_code++ = token[0];
if (sp_sw && (ps.p_l_follow == 0)) { /* check for end of if
* (...), or some such */
sp_sw = false;
force_nl = true;/* must force newline after if */
ps.last_u_d = true; /* inform lexi that a following
* operator is unary */
ps.in_stmt = false; /* dont use stmt continuation
* indentation */
parse(hd_type); /* let parser worry about if, or whatever */
}
ps.search_brace = btype_2; /* this should insure that constructs
* such as main(){...} and int[]{...}
* have their braces put in the right
* place */
break;
case unary_op: /* this could be any unary operation */
if (!ps.dumped_decl_indent && ps.in_decl && !ps.block_init &&
ps.procname[0] == '\0' && ps.paren_level == 0) {
/* pointer declarations */
/*
* if this is a unary op in a declaration, we should indent
* this token
*/
for (i = 0; token[i]; ++i)
/* find length of token */;
indent_declaration(dec_ind - i, tabs_to_var);
ps.dumped_decl_indent = true;
}
else if (ps.want_blank)
*e_code++ = ' ';
{
int len = e_token - s_token;
CHECK_SIZE_CODE(len);
memcpy(e_code, token, len);
e_code += len;
}
ps.want_blank = false;
break;
case binary_op: /* any binary operation */
{
int len = e_token - s_token;
CHECK_SIZE_CODE(len + 1);
if (ps.want_blank)
*e_code++ = ' ';
memcpy(e_code, token, len);
e_code += len;
}
ps.want_blank = true;
break;
case postop: /* got a trailing ++ or -- */
*e_code++ = token[0];
*e_code++ = token[1];
ps.want_blank = true;
break;
case question: /* got a ? */
squest++; /* this will be used when a later colon
* appears so we can distinguish the
* <c>?<n>:<n> construct */
if (ps.want_blank)
*e_code++ = ' ';
*e_code++ = '?';
ps.want_blank = true;
break;
case casestmt: /* got word 'case' or 'default' */
scase = true; /* so we can process the later colon properly */
goto copy_id;
case colon: /* got a ':' */
if (squest > 0) { /* it is part of the <c>?<n>: <n> construct */
--squest;
if (ps.want_blank)
*e_code++ = ' ';
*e_code++ = ':';
ps.want_blank = true;
break;
}
if (ps.in_or_st) {
*e_code++ = ':';
ps.want_blank = false;
break;
}
ps.in_stmt = false; /* seeing a label does not imply we are in a
* stmt */
/*
* turn everything so far into a label
*/
{
int len = e_code - s_code;
CHECK_SIZE_LAB(len + 3);
memcpy(e_lab, s_code, len);
e_lab += len;
*e_lab++ = ':';
*e_lab = '\0';
e_code = s_code;
}
force_nl = ps.pcase = scase; /* ps.pcase will be used by
* dump_line to decide how to
* indent the label. force_nl
* will force a case n: to be
* on a line by itself */
scase = false;
ps.want_blank = false;
break;
case semicolon: /* got a ';' */
if (ps.dec_nest == 0)
ps.in_or_st = false;/* we are not in an initialization or
* structure declaration */
scase = false; /* these will only need resetting in an error */
squest = 0;
if (ps.last_token == rparen)
ps.in_parameter_declaration = 0;
ps.cast_mask = 0;
ps.not_cast_mask = 0;
ps.block_init = 0;
ps.block_init_level = 0;
ps.just_saw_decl--;
if (ps.in_decl && s_code == e_code && !ps.block_init &&
!ps.dumped_decl_indent && ps.paren_level == 0) {
/* indent stray semicolons in declarations */
indent_declaration(dec_ind - 1, tabs_to_var);
ps.dumped_decl_indent = true;
}
ps.in_decl = (ps.dec_nest > 0); /* if we were in a first level
* structure declaration, we
* arent any more */
if ((!sp_sw || hd_type != forstmt) && ps.p_l_follow > 0) {
/*
* This should be true iff there were unbalanced parens in the
* stmt. It is a bit complicated, because the semicolon might
* be in a for stmt
*/
diag2(1, "Unbalanced parens");
ps.p_l_follow = 0;
if (sp_sw) { /* this is a check for an if, while, etc. with
* unbalanced parens */
sp_sw = false;
parse(hd_type); /* dont lose the if, or whatever */
}
}
*e_code++ = ';';
ps.want_blank = true;
ps.in_stmt = (ps.p_l_follow > 0); /* we are no longer in the
* middle of a stmt */
if (!sp_sw) { /* if not if for (;;) */
parse(semicolon); /* let parser know about end of stmt */
force_nl = true;/* force newline after an end of stmt */
}
break;
case lbrace: /* got a '{' */
ps.in_stmt = false; /* dont indent the {} */
if (!ps.block_init)
force_nl = true;/* force other stuff on same line as '{' onto
* new line */
else if (ps.block_init_level <= 0)
ps.block_init_level = 1;
else
ps.block_init_level++;
if (s_code != e_code && !ps.block_init) {
if (!btype_2) {
dump_line();
ps.want_blank = false;
}
else if (ps.in_parameter_declaration && !ps.in_or_st) {
ps.i_l_follow = 0;
if (function_brace_split) { /* dump the line prior to the
* brace ... */
dump_line();
ps.want_blank = false;
} else /* add a space between the decl and brace */
ps.want_blank = true;
}
}
if (ps.in_parameter_declaration)
prefix_blankline_requested = 0;
if (ps.p_l_follow > 0) { /* check for preceding unbalanced
* parens */
diag2(1, "Unbalanced parens");
ps.p_l_follow = 0;
if (sp_sw) { /* check for unclosed if, for, etc. */
sp_sw = false;
parse(hd_type);
ps.ind_level = ps.i_l_follow;
}
}
if (s_code == e_code)
ps.ind_stmt = false; /* dont put extra indentation on line
* with '{' */
if (ps.in_decl && ps.in_or_st) { /* this is either a structure
* declaration or an init */
di_stack[ps.dec_nest] = dec_ind;
if (++ps.dec_nest == nitems(di_stack)) {
diag3(0, "Reached internal limit of %d struct levels",
nitems(di_stack));
ps.dec_nest--;
}
/* ? dec_ind = 0; */
}
else {
ps.decl_on_line = false; /* we can't be in the middle of
* a declaration, so don't do
* special indentation of
* comments */
if (blanklines_after_declarations_at_proctop
&& ps.in_parameter_declaration)
postfix_blankline_requested = 1;
ps.in_parameter_declaration = 0;
ps.in_decl = false;
}
dec_ind = 0;
parse(lbrace); /* let parser know about this */
if (ps.want_blank) /* put a blank before '{' if '{' is not at
* start of line */
*e_code++ = ' ';
ps.want_blank = false;
*e_code++ = '{';
ps.just_saw_decl = 0;
break;
case rbrace: /* got a '}' */
if (ps.p_stack[ps.tos] == decl && !ps.block_init) /* semicolons can be
* omitted in
* declarations */
parse(semicolon);
if (ps.p_l_follow) {/* check for unclosed if, for, else. */
diag2(1, "Unbalanced parens");
ps.p_l_follow = 0;
sp_sw = false;
}
ps.just_saw_decl = 0;
ps.block_init_level--;
if (s_code != e_code && !ps.block_init) { /* '}' must be first on
* line */
if (verbose)
diag2(0, "Line broken");
dump_line();
}
*e_code++ = '}';
ps.want_blank = true;
ps.in_stmt = ps.ind_stmt = false;
if (ps.dec_nest > 0) { /* we are in multi-level structure
* declaration */
dec_ind = di_stack[--ps.dec_nest];
if (ps.dec_nest == 0 && !ps.in_parameter_declaration)
ps.just_saw_decl = 2;
ps.in_decl = true;
}
prefix_blankline_requested = 0;
parse(rbrace); /* let parser know about this */
ps.search_brace = cuddle_else && ps.p_stack[ps.tos] == ifhead
&& ps.il[ps.tos] >= ps.ind_level;
if (ps.tos <= 1 && blanklines_after_procs && ps.dec_nest <= 0)
postfix_blankline_requested = 1;
break;
case swstmt: /* got keyword "switch" */
sp_sw = true;
hd_type = swstmt; /* keep this for when we have seen the
* expression */
goto copy_id; /* go move the token into buffer */
case sp_paren: /* token is if, while, for */
sp_sw = true; /* the interesting stuff is done after the
* expression is scanned */
hd_type = (*token == 'i' ? ifstmt :
(*token == 'w' ? whilestmt : forstmt));
/*
* remember the type of header for later use by parser
*/
goto copy_id; /* copy the token into line */
case sp_nparen: /* got else, do */
ps.in_stmt = false;
if (*token == 'e') {
if (e_code != s_code && (!cuddle_else || e_code[-1] != '}')) {
if (verbose)
diag2(0, "Line broken");
dump_line();/* make sure this starts a line */
ps.want_blank = false;
}
force_nl = true;/* also, following stuff must go onto new line */
last_else = 1;
parse(elselit);
}
else {
if (e_code != s_code) { /* make sure this starts a line */
if (verbose)
diag2(0, "Line broken");
dump_line();
ps.want_blank = false;
}
force_nl = true;/* also, following stuff must go onto new line */
last_else = 0;
parse(dolit);
}
goto copy_id; /* move the token into line */
case type_def:
case storage:
prefix_blankline_requested = 0;
goto copy_id;
case structure:
if (ps.p_l_follow > 0)
goto copy_id;
case decl: /* we have a declaration type (int, etc.) */
parse(decl); /* let parser worry about indentation */
if (ps.last_token == rparen && ps.tos <= 1) {
if (s_code != e_code) {
dump_line();
ps.want_blank = 0;
}
}
if (ps.in_parameter_declaration && ps.indent_parameters && ps.dec_nest == 0) {
ps.ind_level = ps.i_l_follow = 1;
ps.ind_stmt = 0;
}
ps.in_or_st = true; /* this might be a structure or initialization
* declaration */
ps.in_decl = ps.decl_on_line = ps.last_token != type_def;
if ( /* !ps.in_or_st && */ ps.dec_nest <= 0)
ps.just_saw_decl = 2;
prefix_blankline_requested = 0;
for (i = 0; token[i++];); /* get length of token */
if (ps.ind_level == 0 || ps.dec_nest > 0) {
/* global variable or struct member in local variable */
dec_ind = ps.decl_indent > 0 ? ps.decl_indent : i;
tabs_to_var = (use_tabs ? ps.decl_indent > 0 : 0);
} else {
/* local variable */
dec_ind = ps.local_decl_indent > 0 ? ps.local_decl_indent : i;
tabs_to_var = (use_tabs ? ps.local_decl_indent > 0 : 0);
}
goto copy_id;
case funcname:
case ident: /* got an identifier or constant */
if (ps.in_decl) {
if (type_code == funcname) {
ps.in_decl = false;
if (procnames_start_line && s_code != e_code) {
*e_code = '\0';
dump_line();
}
else if (ps.want_blank) {
*e_code++ = ' ';
}
ps.want_blank = false;
}
else if (!ps.block_init && !ps.dumped_decl_indent &&
ps.paren_level == 0) { /* if we are in a declaration, we
* must indent identifier */
indent_declaration(dec_ind, tabs_to_var);
ps.dumped_decl_indent = true;
ps.want_blank = false;
}
}
else if (sp_sw && ps.p_l_follow == 0) {
sp_sw = false;
force_nl = true;
ps.last_u_d = true;
ps.in_stmt = false;
parse(hd_type);
}
copy_id:
{
int len = e_token - s_token;
CHECK_SIZE_CODE(len + 1);
if (ps.want_blank)
*e_code++ = ' ';
memcpy(e_code, s_token, len);
e_code += len;
}
if (type_code != funcname)
ps.want_blank = true;
break;
case strpfx:
{
int len = e_token - s_token;
CHECK_SIZE_CODE(len + 1);
if (ps.want_blank)
*e_code++ = ' ';
memcpy(e_code, token, len);
e_code += len;
}
ps.want_blank = false;
break;
case period: /* treat a period kind of like a binary
* operation */
*e_code++ = '.'; /* move the period into line */
ps.want_blank = false; /* dont put a blank after a period */
break;
case comma:
ps.want_blank = (s_code != e_code); /* only put blank after comma
* if comma does not start the
* line */
if (ps.in_decl && ps.procname[0] == '\0' && !ps.block_init &&
!ps.dumped_decl_indent && ps.paren_level == 0) {
/* indent leading commas and not the actual identifiers */
indent_declaration(dec_ind - 1, tabs_to_var);
ps.dumped_decl_indent = true;
}
*e_code++ = ',';
if (ps.p_l_follow == 0) {
if (ps.block_init_level <= 0)
ps.block_init = 0;
if (break_comma && (!ps.leave_comma ||
count_spaces_until(compute_code_target(), s_code, e_code) >
max_col - tabsize))
force_nl = true;
}
break;
case preesc: /* got the character '#' */
if ((s_com != e_com) ||
(s_lab != e_lab) ||
(s_code != e_code))
dump_line();
CHECK_SIZE_LAB(1);
*e_lab++ = '#'; /* move whole line to 'label' buffer */
{
int in_comment = 0;
int com_start = 0;
char quote = 0;
int com_end = 0;
while (*buf_ptr == ' ' || *buf_ptr == '\t') {
buf_ptr++;
if (buf_ptr >= buf_end)
fill_buffer();
}
while (*buf_ptr != '\n' || (in_comment && !had_eof)) {
CHECK_SIZE_LAB(2);
*e_lab = *buf_ptr++;
if (buf_ptr >= buf_end)
fill_buffer();
switch (*e_lab++) {
case BACKSLASH:
if (!in_comment) {
*e_lab++ = *buf_ptr++;
if (buf_ptr >= buf_end)
fill_buffer();
}
break;
case '/':
if (*buf_ptr == '*' && !in_comment && !quote) {
in_comment = 1;
*e_lab++ = *buf_ptr++;
com_start = e_lab - s_lab - 2;
}
break;
case '"':
if (quote == '"')
quote = 0;
break;
case '\'':
if (quote == '\'')
quote = 0;
break;
case '*':
if (*buf_ptr == '/' && in_comment) {
in_comment = 0;
*e_lab++ = *buf_ptr++;
com_end = e_lab - s_lab;
}
break;
}
}
while (e_lab > s_lab && (e_lab[-1] == ' ' || e_lab[-1] == '\t'))
e_lab--;
if (e_lab - s_lab == com_end && bp_save == NULL) {
/* comment on preprocessor line */
if (sc_end == NULL) { /* if this is the first comment,
* we must set up the buffer */
save_com = sc_buf;
sc_end = &save_com[0];
}
else {
*sc_end++ = '\n'; /* add newline between
* comments */
*sc_end++ = ' ';
--line_no;
}
if (sc_end - save_com + com_end - com_start > sc_size)
errx(1, "input too long");
memmove(sc_end, s_lab + com_start, com_end - com_start);
sc_end += com_end - com_start;
e_lab = s_lab + com_start;
while (e_lab > s_lab && (e_lab[-1] == ' ' || e_lab[-1] == '\t'))
e_lab--;
bp_save = buf_ptr; /* save current input buffer */
be_save = buf_end;
buf_ptr = save_com; /* fix so that subsequent calls to
* lexi will take tokens out of
* save_com */
*sc_end++ = ' '; /* add trailing blank, just in case */
buf_end = sc_end;
sc_end = NULL;
}
CHECK_SIZE_LAB(1);
*e_lab = '\0'; /* null terminate line */
ps.pcase = false;
}
if (strncmp(s_lab, "#if", 3) == 0) { /* also ifdef, ifndef */
if ((size_t)ifdef_level < nitems(state_stack)) {
match_state[ifdef_level].tos = -1;
state_stack[ifdef_level++] = ps;
}
else
diag2(1, "#if stack overflow");
}
else if (strncmp(s_lab, "#el", 3) == 0) { /* else, elif */
if (ifdef_level <= 0)
diag2(1, s_lab[3] == 'i' ? "Unmatched #elif" : "Unmatched #else");
else {
match_state[ifdef_level - 1] = ps;
ps = state_stack[ifdef_level - 1];
}
}
else if (strncmp(s_lab, "#endif", 6) == 0) {
if (ifdef_level <= 0)
diag2(1, "Unmatched #endif");
else
ifdef_level--;
} else {
struct directives {
int size;
const char *string;
}
recognized[] = {
{7, "include"},
{6, "define"},
{5, "undef"},
{4, "line"},
{5, "error"},
{6, "pragma"}
};
int d = nitems(recognized);
while (--d >= 0)
if (strncmp(s_lab + 1, recognized[d].string, recognized[d].size) == 0)
break;
if (d < 0) {
diag2(1, "Unrecognized cpp directive");
break;
}
}
if (blanklines_around_conditional_compilation) {
postfix_blankline_requested++;
n_real_blanklines = 0;
}
else {
postfix_blankline_requested = 0;
prefix_blankline_requested = 0;
}
break; /* subsequent processing of the newline
* character will cause the line to be printed */
case comment: /* we have gotten a / followed by * this is a biggie */
pr_comment();
break;
} /* end of big switch stmt */
*e_code = '\0'; /* make sure code section is null terminated */
if (type_code != comment && type_code != newline && type_code != preesc)
ps.last_token = type_code;
} /* end of main while (1) loop */
}
int
main(int argc, char **argv)
{
#if USE_CAPSICUM
cap_rights_t rights;
#endif
const char *user;
struct passwd *pw;
struct group *gr;
uid_t user_uid;
gid_t mail_gid;
int f, maildirfd;
/*
* Open log fd now for capability sandbox.
*/
openlog("dma-mbox-create", LOG_NDELAY, LOG_MAIL);
errno = 0;
gr = getgrnam(DMA_GROUP);
if (!gr)
logfail(EX_CONFIG, "cannot find dma group `%s'", DMA_GROUP);
mail_gid = gr->gr_gid;
if (setgid(mail_gid) != 0)
logfail(EX_NOPERM, "cannot set gid to %d (%s)", mail_gid, DMA_GROUP);
if (getegid() != mail_gid)
logfail(EX_NOPERM, "cannot set gid to %d (%s), still at %d", mail_gid, DMA_GROUP, getegid());
/*
* We take exactly one argument: the username.
*/
if (argc != 2) {
errno = 0;
logfail(EX_USAGE, "no arguments");
}
user = argv[1];
syslog(LOG_NOTICE, "creating mbox for `%s'", user);
/* the username may not contain a pathname separator */
if (strchr(user, '/')) {
errno = 0;
logfail(EX_DATAERR, "path separator in username `%s'", user);
exit(1);
}
/* verify the user exists */
errno = 0;
pw = getpwnam(user);
if (!pw)
logfail(EX_NOUSER, "cannot find user `%s'", user);
maildirfd = open(_PATH_MAILDIR, O_RDONLY);
if (maildirfd < 0)
logfail(EX_NOINPUT, "cannot open maildir %s", _PATH_MAILDIR);
/*
* Cache NLS data, for strerror, for err(3), before entering capability
* mode.
*/
caph_cache_catpages();
/*
* Cache local time before entering Capsicum capability sandbox.
*/
caph_cache_tzdata();
#if USE_CAPSICUM
cap_rights_init(&rights, CAP_CREATE, CAP_FCHMOD, CAP_FCHOWN,
CAP_LOOKUP, CAP_READ);
if (cap_rights_limit(maildirfd, &rights) < 0 && errno != ENOSYS)
err(EX_OSERR, "can't limit maildirfd rights");
/* Enter Capsicum capability sandbox */
if (caph_enter() < 0)
err(EX_OSERR, "cap_enter");
#endif
user_uid = pw->pw_uid;
f = openat(maildirfd, user, O_RDONLY|O_CREAT|O_NOFOLLOW, 0600);
if (f < 0)
logfail(EX_NOINPUT, "cannot open mbox `%s'", user);
if (fchown(f, user_uid, mail_gid))
logfail(EX_OSERR, "cannot change owner of mbox `%s'", user);
if (fchmod(f, 0620))
logfail(EX_OSERR, "cannot change permissions of mbox `%s'",
user);
/* file should be present with the right owner and permissions */
syslog(LOG_NOTICE, "successfully created mbox for `%s'", user);
return (0);
}
static int
ksandbox_capsicum_init_control(void *arg,
int worker, int fdfiled, int fdaccept)
{
int rc;
struct rlimit rl_zero;
cap_rights_t rights;
cap_rights_init(&rights);
if (-1 != fdaccept) {
/*
* If we have old-style accept FastCGI sockets, then
* mark us as accepting on it.
*/
cap_rights_init(&rights,
CAP_EVENT, CAP_FCNTL, CAP_ACCEPT);
if (cap_rights_limit(fdaccept, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: accept socket");
return(0);
}
} else {
/* New-style descriptor-passing socket. */
assert(-1 != fdfiled);
cap_rights_init(&rights, CAP_EVENT,
CAP_FCNTL, CAP_READ, CAP_WRITE);
if (cap_rights_limit(fdfiled, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: descriptor socket");
return(0);
}
}
/* Always pass through write-only stderr. */
cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT);
if (cap_rights_limit(STDERR_FILENO, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: STDERR_FILENO");
return(0);
}
/* Interface to worker. */
cap_rights_init(&rights, CAP_EVENT,
CAP_FCNTL, CAP_READ, CAP_WRITE);
if (cap_rights_limit(worker, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: internal socket");
return(0);
}
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (-1 == setrlimit(RLIMIT_FSIZE, &rl_zero)) {
XWARNX("setrlimit: rlimit_fsize");
return(0);
} else if (-1 == setrlimit(RLIMIT_NPROC, &rl_zero)) {
XWARNX("setrlimit: rlimit_nproc");
return(0);
}
rc = cap_enter();
if (0 != rc && errno != ENOSYS) {
XWARN("cap_enter");
rc = 0;
} else
rc = 1;
return(rc);
}
static int
ksandbox_capsicum_init_worker(void *arg, int fd1, int fd2)
{
int rc;
struct rlimit rl_zero;
cap_rights_t rights;
cap_rights_init(&rights);
/*
* Test for EBADF because STDIN_FILENO is usually closed by the
* caller.
*/
cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_FSTAT);
if (cap_rights_limit(STDIN_FILENO, &rights) < 0 &&
errno != ENOSYS && errno != EBADF) {
XWARN("cap_rights_limit: STDIN_FILENO");
return(0);
}
cap_rights_init(&rights, CAP_EVENT, CAP_WRITE, CAP_FSTAT);
if (cap_rights_limit(STDERR_FILENO, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: STDERR_FILENO");
return(0);
}
cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE, CAP_FSTAT);
if (-1 != fd1 && cap_rights_limit(fd1, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: internal socket");
return(0);
}
if (-1 != fd2 && cap_rights_limit(fd2, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: internal socket");
return(0);
}
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (-1 == setrlimit(RLIMIT_NOFILE, &rl_zero)) {
XWARNX("setrlimit: rlimit_fsize");
return(0);
} else if (-1 == setrlimit(RLIMIT_FSIZE, &rl_zero)) {
XWARNX("setrlimit: rlimit_fsize");
return(0);
} else if (-1 == setrlimit(RLIMIT_NPROC, &rl_zero)) {
XWARNX("setrlimit: rlimit_nproc");
return(0);
}
rc = cap_enter();
if (0 != rc && errno != ENOSYS) {
XWARN("cap_enter");
rc = 0;
} else
rc = 1;
return(rc);
}
int
exec_clean(int argc, char **argv)
{
struct pkgdb *db = NULL;
kh_sum_t *sumlist = NULL;
dl_list dl;
const char *cachedir;
bool all = false;
int retcode;
int ch;
int cachefd = -1;
size_t total = 0;
char size[8];
char *cksum;
struct pkg_manifest_key *keys = NULL;
#ifdef HAVE_CAPSICUM
cap_rights_t rights;
#endif
struct option longopts[] = {
{ "all", no_argument, NULL, 'a' },
{ "dry-run", no_argument, NULL, 'n' },
{ "quiet", no_argument, NULL, 'q' },
{ "yes", no_argument, NULL, 'y' },
{ NULL, 0, NULL, 0 },
};
while ((ch = getopt_long(argc, argv, "+anqy", longopts, NULL)) != -1) {
switch (ch) {
case 'a':
all = true;
break;
case 'n':
dry_run = true;
break;
case 'q':
quiet = true;
break;
case 'y':
yes = true;
break;
default:
usage_clean();
return (EX_USAGE);
}
}
argc -= optind;
argv += optind;
cachedir = pkg_object_string(pkg_config_get("PKG_CACHEDIR"));
cachefd = open(cachedir, O_DIRECTORY);
if (cachefd == -1) {
warn("Impossible to open %s", cachedir);
return (EX_IOERR);
}
retcode = pkgdb_access(PKGDB_MODE_READ, PKGDB_DB_REPO);
if (retcode == EPKG_ENOACCESS) {
warnx("Insufficient privileges to clean old packages");
close(cachefd);
return (EX_NOPERM);
} else if (retcode == EPKG_ENODB) {
warnx("No package database installed. Nothing to do!");
close(cachefd);
return (EX_OK);
} else if (retcode != EPKG_OK) {
warnx("Error accessing the package database");
close(cachefd);
return (EX_SOFTWARE);
}
retcode = EX_SOFTWARE;
if (pkgdb_open(&db, PKGDB_REMOTE) != EPKG_OK) {
close(cachefd);
return (EX_IOERR);
}
if (pkgdb_obtain_lock(db, PKGDB_LOCK_READONLY) != EPKG_OK) {
pkgdb_close(db);
close(cachefd);
warnx("Cannot get a read lock on a database, it is locked by "
"another process");
return (EX_TEMPFAIL);
}
#ifdef HAVE_CAPSICUM
cap_rights_init(&rights, CAP_READ, CAP_LOOKUP, CAP_FSTATFS,
CAP_FSTAT, CAP_UNLINKAT);
if (cap_rights_limit(cachefd, &rights) < 0 && errno != ENOSYS ) {
warn("cap_rights_limit() failed");
close(cachefd);
return (EX_SOFTWARE);
}
if (cap_enter() < 0 && errno != ENOSYS) {
warn("cap_enter() failed");
close(cachefd);
return (EX_SOFTWARE);
}
#endif
kv_init(dl);
/* Build the list of out-of-date or obsolete packages */
pkg_manifest_keys_new(&keys);
recursive_analysis(cachefd, db, cachedir, cachedir, &dl, &sumlist, all,
&total);
if (sumlist != NULL) {
kh_foreach_value(sumlist, cksum, free(cksum));
kh_destroy_sum(sumlist);
}
if (kv_size(dl) == 0) {
if (!quiet)
printf("Nothing to do.\n");
retcode = EX_OK;
goto cleanup;
}
humanize_number(size, sizeof(size), total, "B",
HN_AUTOSCALE, HN_IEC_PREFIXES);
if (!quiet)
printf("The cleanup will free %s\n", size);
if (!dry_run) {
if (query_yesno(false,
"\nProceed with cleaning the cache? ")) {
retcode = delete_dellist(cachefd, cachedir, &dl, kv_size(dl));
}
} else {
retcode = EX_OK;
}
cleanup:
pkgdb_release_lock(db, PKGDB_LOCK_READONLY);
pkgdb_close(db);
pkg_manifest_keys_free(keys);
free_dellist(&dl);
if (cachefd != -1)
close(cachefd);
return (retcode);
}
struct pidfh *
pidfile_open(const char *pathp, mode_t mode, pid_t *pidptr)
{
char path[MAXPATHLEN];
struct pidfh *pfh;
struct stat sb;
int error, fd, dirfd, dirlen, filenamelen, count;
struct timespec rqtp;
cap_rights_t caprights;
pfh = malloc(sizeof(*pfh));
if (pfh == NULL)
return (NULL);
if (pathp == NULL) {
dirlen = snprintf(pfh->pf_dir, sizeof(pfh->pf_dir),
"/var/run/");
filenamelen = snprintf(pfh->pf_filename,
sizeof(pfh->pf_filename), "%s.pid", getprogname());
} else {
if (strlcpy(path, pathp, sizeof(path)) >= sizeof(path)) {
free(pfh);
errno = ENAMETOOLONG;
return (NULL);
}
dirlen = strlcpy(pfh->pf_dir, dirname(path),
sizeof(pfh->pf_dir));
(void)strlcpy(path, pathp, sizeof(path));
filenamelen = strlcpy(pfh->pf_filename, basename(path),
sizeof(pfh->pf_filename));
}
if (dirlen >= (int)sizeof(pfh->pf_dir) ||
filenamelen >= (int)sizeof(pfh->pf_filename)) {
free(pfh);
errno = ENAMETOOLONG;
return (NULL);
}
dirfd = open(pfh->pf_dir, O_CLOEXEC | O_DIRECTORY | O_NONBLOCK);
if (dirfd == -1) {
error = errno;
free(pfh);
errno = error;
return (NULL);
}
/*
* Open the PID file and obtain exclusive lock.
* We truncate PID file here only to remove old PID immediately,
* PID file will be truncated again in pidfile_write(), so
* pidfile_write() can be called multiple times.
*/
fd = flopenat(dirfd, pfh->pf_filename,
O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC | O_NONBLOCK, mode);
if (fd == -1) {
if (errno == EWOULDBLOCK) {
if (pidptr == NULL) {
errno = EEXIST;
} else {
count = 20;
rqtp.tv_sec = 0;
rqtp.tv_nsec = 5000000;
for (;;) {
errno = pidfile_read(dirfd,
pfh->pf_filename, pidptr);
if (errno != EAGAIN || --count == 0)
break;
nanosleep(&rqtp, 0);
}
if (errno == EAGAIN)
*pidptr = -1;
if (errno == 0 || errno == EAGAIN)
errno = EEXIST;
}
}
error = errno;
close(dirfd);
free(pfh);
errno = error;
return (NULL);
}
/*
* Remember file information, so in pidfile_write() we are sure we write
* to the proper descriptor.
*/
if (fstat(fd, &sb) == -1) {
goto failed;
}
if (cap_rights_limit(dirfd,
cap_rights_init(&caprights, CAP_UNLINKAT)) < 0 && errno != ENOSYS) {
goto failed;
}
if (cap_rights_limit(fd, cap_rights_init(&caprights, CAP_PWRITE,
CAP_FSTAT, CAP_FTRUNCATE)) < 0 &&
errno != ENOSYS) {
goto failed;
}
pfh->pf_dirfd = dirfd;
pfh->pf_fd = fd;
pfh->pf_dev = sb.st_dev;
pfh->pf_ino = sb.st_ino;
return (pfh);
failed:
error = errno;
unlinkat(dirfd, pfh->pf_filename, 0);
close(dirfd);
close(fd);
free(pfh);
errno = error;
return (NULL);
}
int
main(int argc, char *argv[])
{
struct stat sb1, sb2;
off_t skip1, skip2;
int ch, fd1, fd2, oflag, special;
const char *file1, *file2;
cap_rights_t rights;
uint32_t fcntls;
oflag = O_RDONLY;
while ((ch = getopt(argc, argv, "hlsxz")) != -1)
switch (ch) {
case 'h': /* Don't follow symlinks */
oflag |= O_NOFOLLOW;
break;
case 'l': /* print all differences */
lflag = 1;
break;
case 's': /* silent run */
sflag = 1;
zflag = 1;
break;
case 'x': /* hex output */
lflag = 1;
xflag = 1;
break;
case 'z': /* compare size first */
zflag = 1;
break;
case '?':
default:
usage();
}
argv += optind;
argc -= optind;
if (lflag && sflag)
errx(ERR_EXIT, "specifying -s with -l or -x is not permitted");
if (argc < 2 || argc > 4)
usage();
/* Backward compatibility -- handle "-" meaning stdin. */
special = 0;
if (strcmp(file1 = argv[0], "-") == 0) {
special = 1;
fd1 = 0;
file1 = "stdin";
}
else if ((fd1 = open(file1, oflag, 0)) < 0 && errno != EMLINK) {
if (!sflag)
err(ERR_EXIT, "%s", file1);
else
exit(ERR_EXIT);
}
if (strcmp(file2 = argv[1], "-") == 0) {
if (special)
errx(ERR_EXIT,
"standard input may only be specified once");
special = 1;
fd2 = 0;
file2 = "stdin";
}
else if ((fd2 = open(file2, oflag, 0)) < 0 && errno != EMLINK) {
if (!sflag)
err(ERR_EXIT, "%s", file2);
else
exit(ERR_EXIT);
}
skip1 = argc > 2 ? strtol(argv[2], NULL, 0) : 0;
skip2 = argc == 4 ? strtol(argv[3], NULL, 0) : 0;
if (fd1 == -1) {
if (fd2 == -1) {
c_link(file1, skip1, file2, skip2);
exit(0);
} else if (!sflag)
errx(ERR_EXIT, "%s: Not a symbolic link", file2);
else
exit(ERR_EXIT);
} else if (fd2 == -1) {
if (!sflag)
errx(ERR_EXIT, "%s: Not a symbolic link", file1);
else
exit(ERR_EXIT);
}
cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_MMAP_R);
if (cap_rights_limit(fd1, &rights) < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to limit rights for %s", file1);
if (cap_rights_limit(fd2, &rights) < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to limit rights for %s", file2);
/* Required for fdopen(3). */
fcntls = CAP_FCNTL_GETFL;
if (cap_fcntls_limit(fd1, fcntls) < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to limit fcntls for %s", file1);
if (cap_fcntls_limit(fd2, fcntls) < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to limit fcntls for %s", file2);
if (!special) {
cap_rights_init(&rights);
if (cap_rights_limit(STDIN_FILENO, &rights) < 0 &&
errno != ENOSYS) {
err(ERR_EXIT, "unable to limit stdio");
}
}
if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1)
err(ERR_EXIT, "unable to limit stdio");
caph_cache_catpages();
if (cap_enter() < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to enter capability mode");
if (!special) {
if (fstat(fd1, &sb1)) {
if (!sflag)
err(ERR_EXIT, "%s", file1);
else
exit(ERR_EXIT);
}
if (!S_ISREG(sb1.st_mode))
special = 1;
else {
if (fstat(fd2, &sb2)) {
if (!sflag)
err(ERR_EXIT, "%s", file2);
else
exit(ERR_EXIT);
}
if (!S_ISREG(sb2.st_mode))
special = 1;
}
}
if (special)
c_special(fd1, file1, skip1, fd2, file2, skip2);
else {
if (zflag && sb1.st_size != sb2.st_size) {
if (!sflag)
(void) printf("%s %s differ: size\n",
file1, file2);
exit(DIFF_EXIT);
}
c_regular(fd1, file1, skip1, sb1.st_size,
fd2, file2, skip2, sb2.st_size);
}
exit(0);
}
void
receiver_process(void)
{
struct sockaddr_in from;
struct stat st;
cap_rights_t rights;
char path[64];
int dirfd;
struct whod wd;
socklen_t len;
int cc, whod;
time_t t;
len = sizeof(from);
dirfd = open(".", O_RDONLY | O_DIRECTORY);
if (dirfd < 0) {
syslog(LOG_WARNING, "%s: %m", _PATH_RWHODIR);
exit(1);
}
cap_rights_init(&rights, CAP_CREATE, CAP_FSTAT, CAP_FTRUNCATE,
CAP_LOOKUP, CAP_SEEK, CAP_WRITE);
if (cap_rights_limit(dirfd, &rights) < 0 && errno != ENOSYS) {
syslog(LOG_WARNING, "cap_rights_limit: %m");
exit(1);
}
if (cap_enter() < 0 && errno != ENOSYS) {
syslog(LOG_ERR, "cap_enter: %m");
exit(1);
}
for (;;) {
cc = recvfrom(s, &wd, sizeof(wd), 0, (struct sockaddr *)&from,
&len);
if (cc <= 0) {
if (cc < 0 && errno != EINTR)
syslog(LOG_WARNING, "recv: %m");
continue;
}
if (from.sin_port != sp->s_port && !insecure_mode) {
syslog(LOG_WARNING, "%d: bad source port from %s",
ntohs(from.sin_port), inet_ntoa(from.sin_addr));
continue;
}
if (cc < WHDRSIZE) {
syslog(LOG_WARNING, "short packet from %s",
inet_ntoa(from.sin_addr));
continue;
}
if (wd.wd_vers != WHODVERSION)
continue;
if (wd.wd_type != WHODTYPE_STATUS)
continue;
if (!verify(wd.wd_hostname, sizeof(wd.wd_hostname))) {
syslog(LOG_WARNING, "malformed host name from %s",
inet_ntoa(from.sin_addr));
continue;
}
(void) snprintf(path, sizeof(path), "whod.%s", wd.wd_hostname);
/*
* Rather than truncating and growing the file each time,
* use ftruncate if size is less than previous size.
*/
whod = openat(dirfd, path, O_WRONLY | O_CREAT, 0644);
if (whod < 0) {
syslog(LOG_WARNING, "%s: %m", path);
continue;
}
cap_rights_init(&rights, CAP_FSTAT, CAP_FTRUNCATE, CAP_WRITE);
if (cap_rights_limit(whod, &rights) < 0 && errno != ENOSYS) {
syslog(LOG_WARNING, "cap_rights_limit: %m");
exit(1);
}
#if ENDIAN != BIG_ENDIAN
{
struct whoent *we;
int i, n;
n = (cc - WHDRSIZE) / sizeof(struct whoent);
/* undo header byte swapping before writing to file */
wd.wd_sendtime = ntohl(wd.wd_sendtime);
for (i = 0; i < 3; i++)
wd.wd_loadav[i] = ntohl(wd.wd_loadav[i]);
wd.wd_boottime = ntohl(wd.wd_boottime);
we = wd.wd_we;
for (i = 0; i < n; i++) {
we->we_idle = ntohl(we->we_idle);
we->we_utmp.out_time =
ntohl(we->we_utmp.out_time);
we++;
}
}
#endif
(void) time(&t);
wd.wd_recvtime = _time_to_int(t);
(void) write(whod, (char *)&wd, cc);
if (fstat(whod, &st) < 0 || st.st_size > cc)
ftruncate(whod, cc);
(void) close(whod);
}
(void) close(dirfd);
}
int
main(int ac, char **av)
{
cap_rights_t rights;
u_int64_t phoff;
u_int64_t shoff;
u_int64_t phentsize;
u_int64_t phnum;
u_int64_t shentsize;
u_int64_t shnum;
u_int64_t shstrndx;
u_int64_t offset;
u_int64_t name;
u_int64_t type;
struct stat sb;
u_int flags;
Elf32_Ehdr *e;
void *p;
void *sh;
void *v;
int fd;
int ch;
int i;
out = stdout;
flags = 0;
while ((ch = getopt(ac, av, "acdeiGhnprsw:")) != -1)
switch (ch) {
case 'a':
flags = ED_ALL;
break;
case 'c':
flags |= ED_SHDR;
break;
case 'd':
flags |= ED_DYN;
break;
case 'e':
flags |= ED_EHDR;
break;
case 'i':
flags |= ED_INTERP;
break;
case 'G':
flags |= ED_GOT;
break;
case 'h':
flags |= ED_HASH;
break;
case 'n':
flags |= ED_NOTE;
break;
case 'p':
flags |= ED_PHDR;
break;
case 'r':
flags |= ED_REL;
break;
case 's':
flags |= ED_SYMTAB;
break;
case 'w':
if ((out = fopen(optarg, "w")) == NULL)
err(1, "%s", optarg);
cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
if (cap_rights_limit(fileno(out), &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for %s", optarg);
break;
case '?':
default:
usage();
}
ac -= optind;
av += optind;
if (ac == 0 || flags == 0)
usage();
if ((fd = open(*av, O_RDONLY)) < 0 ||
fstat(fd, &sb) < 0)
err(1, "%s", *av);
cap_rights_init(&rights, CAP_MMAP_R);
if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for %s", *av);
close(STDIN_FILENO);
cap_rights_init(&rights, CAP_WRITE);
if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stdout");
if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stderr");
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
e = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
if (e == MAP_FAILED)
err(1, NULL);
if (!IS_ELF(*(Elf32_Ehdr *)e))
errx(1, "not an elf file");
phoff = elf_get_off(e, e, E_PHOFF);
shoff = elf_get_off(e, e, E_SHOFF);
phentsize = elf_get_quarter(e, e, E_PHENTSIZE);
phnum = elf_get_quarter(e, e, E_PHNUM);
shentsize = elf_get_quarter(e, e, E_SHENTSIZE);
p = (char *)e + phoff;
if (shoff > 0) {
sh = (char *)e + shoff;
shnum = elf_get_shnum(e, sh);
shstrndx = elf_get_shstrndx(e, sh);
offset = elf_get_off(e, (char *)sh + shstrndx * shentsize,
SH_OFFSET);
shstrtab = (char *)e + offset;
} else {
sh = NULL;
shnum = 0;
shstrndx = 0;
shstrtab = NULL;
}
for (i = 0; (u_int64_t)i < shnum; i++) {
name = elf_get_word(e, (char *)sh + i * shentsize, SH_NAME);
offset = elf_get_off(e, (char *)sh + i * shentsize, SH_OFFSET);
if (strcmp(shstrtab + name, ".strtab") == 0)
strtab = (char *)e + offset;
if (strcmp(shstrtab + name, ".dynstr") == 0)
dynstr = (char *)e + offset;
}
if (flags & ED_EHDR)
elf_print_ehdr(e, sh);
if (flags & ED_PHDR)
elf_print_phdr(e, p);
if (flags & ED_SHDR)
elf_print_shdr(e, sh);
for (i = 0; (u_int64_t)i < phnum; i++) {
v = (char *)p + i * phentsize;
type = elf_get_word(e, v, P_TYPE);
switch (type) {
case PT_INTERP:
if (flags & ED_INTERP)
elf_print_interp(e, v);
break;
case PT_NULL:
case PT_LOAD:
case PT_DYNAMIC:
case PT_NOTE:
case PT_SHLIB:
case PT_PHDR:
break;
}
}
for (i = 0; (u_int64_t)i < shnum; i++) {
v = (char *)sh + i * shentsize;
type = elf_get_word(e, v, SH_TYPE);
switch (type) {
case SHT_SYMTAB:
if (flags & ED_SYMTAB)
elf_print_symtab(e, v, strtab);
break;
case SHT_DYNAMIC:
if (flags & ED_DYN)
elf_print_dynamic(e, v);
break;
case SHT_RELA:
if (flags & ED_REL)
elf_print_rela(e, v);
break;
case SHT_REL:
if (flags & ED_REL)
elf_print_rel(e, v);
break;
case SHT_NOTE:
name = elf_get_word(e, v, SH_NAME);
if (flags & ED_NOTE &&
strcmp(shstrtab + name, ".note.ABI-tag") == 0)
elf_print_note(e, v);
break;
case SHT_DYNSYM:
if (flags & ED_SYMTAB)
elf_print_symtab(e, v, dynstr);
break;
case SHT_PROGBITS:
name = elf_get_word(e, v, SH_NAME);
if (flags & ED_GOT &&
strcmp(shstrtab + name, ".got") == 0)
elf_print_got(e, v);
break;
case SHT_HASH:
if (flags & ED_HASH)
elf_print_hash(e, v);
break;
case SHT_NULL:
case SHT_STRTAB:
case SHT_NOBITS:
case SHT_SHLIB:
break;
}
}
return 0;
}
static struct vmctx *
do_open(const char *vmname)
{
struct vmctx *ctx;
int error;
bool reinit, romboot;
#ifndef WITHOUT_CAPSICUM
cap_rights_t rights;
const cap_ioctl_t *cmds;
size_t ncmds;
#endif
reinit = romboot = false;
if (lpc_bootrom())
romboot = true;
error = vm_create(vmname);
if (error) {
if (errno == EEXIST) {
if (romboot) {
reinit = true;
} else {
/*
* The virtual machine has been setup by the
* userspace bootloader.
*/
}
} else {
perror("vm_create");
exit(1);
}
} else {
if (!romboot) {
/*
* If the virtual machine was just created then a
* bootrom must be configured to boot it.
*/
fprintf(stderr, "virtual machine cannot be booted\n");
exit(1);
}
}
ctx = vm_open(vmname);
if (ctx == NULL) {
perror("vm_open");
exit(1);
}
#ifndef WITHOUT_CAPSICUM
cap_rights_init(&rights, CAP_IOCTL, CAP_MMAP_RW);
if (cap_rights_limit(vm_get_device_fd(ctx), &rights) == -1 &&
errno != ENOSYS)
errx(EX_OSERR, "Unable to apply rights for sandbox");
vm_get_ioctls(&ncmds);
cmds = vm_get_ioctls(NULL);
if (cmds == NULL)
errx(EX_OSERR, "out of memory");
if (cap_ioctls_limit(vm_get_device_fd(ctx), cmds, ncmds) == -1 &&
errno != ENOSYS)
errx(EX_OSERR, "Unable to apply rights for sandbox");
free((cap_ioctl_t *)cmds);
#endif
if (reinit) {
error = vm_reinit(ctx);
if (error) {
perror("vm_reinit");
exit(1);
}
}
error = vm_set_topology(ctx, sockets, cores, threads, maxcpus);
if (error)
errx(EX_OSERR, "vm_set_topology");
return (ctx);
}
