2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
7 * This code is derived from software contributed to Berkeley by
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/capsicum.h>
36 #include <sys/param.h>
38 #ifndef NO_UDOM_SUPPORT
39 #include <sys/socket.h>
44 #include <capsicum_helpers.h>
57 #include <libcasper.h>
58 #include <casper/cap_fileargs.h>
59 #include <casper/cap_net.h>
61 static int bflag, eflag, lflag, nflag, sflag, tflag, vflag;
63 static const char *filename;
64 static fileargs_t *fa;
66 static void usage(void) __dead2;
67 static void scanfiles(char *argv[], int cooked);
69 static void cook_cat(FILE *);
70 static ssize_t in_kernel_copy(int);
72 static void raw_cat(int);
74 #ifndef NO_UDOM_SUPPORT
75 static cap_channel_t *capnet;
77 static int udom_open(const char *path, int flags);
81 * Memory strategy threshold, in pages: if physmem is larger than this,
84 #define PHYSPAGES_THRESHOLD (32 * 1024)
86 /* Maximum buffer size in bytes - do not allow it to grow larger than this. */
87 #define BUFSIZE_MAX (2 * 1024 * 1024)
90 * Small (default) buffer size in bytes. It's inefficient for this to be
91 * smaller than MAXPHYS.
93 #define BUFSIZE_SMALL (MAXPHYS)
97 * For the bootstrapped cat binary (needed for locked appending to METALOG), we
98 * disable all flags except -l and -u to avoid non-portable function calls.
99 * In the future we may instead want to write a small portable bootstrap tool
100 * that locks the output file before writing to it. However, for now
101 * bootstrapping cat without multibyte support is the simpler solution.
104 #define SUPPORTED_FLAGS "lu"
106 #define SUPPORTED_FLAGS "belnstuv"
109 #ifndef NO_UDOM_SUPPORT
111 init_casper_net(cap_channel_t *casper)
113 cap_net_limit_t *limit;
116 capnet = cap_service_open(casper, "system.net");
118 err(EXIT_FAILURE, "unable to create network service");
120 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR |
123 err(EXIT_FAILURE, "unable to create limits");
125 familylimit = AF_LOCAL;
126 cap_net_limit_name2addr_family(limit, &familylimit, 1);
128 if (cap_net_limit(limit) < 0)
129 err(EXIT_FAILURE, "unable to apply limits");
134 init_casper(int argc, char *argv[])
136 cap_channel_t *casper;
141 err(EXIT_FAILURE, "unable to create Casper");
143 fa = fileargs_cinit(casper, argc, argv, O_RDONLY, 0,
144 cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_FCNTL, CAP_SEEK),
145 FA_OPEN | FA_REALPATH);
147 err(EXIT_FAILURE, "unable to create fileargs");
149 #ifndef NO_UDOM_SUPPORT
150 init_casper_net(casper);
157 main(int argc, char *argv[])
160 struct flock stdout_lock;
162 setlocale(LC_CTYPE, "");
164 while ((ch = getopt(argc, argv, SUPPORTED_FLAGS)) != -1)
167 bflag = nflag = 1; /* -b implies -n */
170 eflag = vflag = 1; /* -e implies -v */
182 tflag = vflag = 1; /* -t implies -v */
185 setbuf(stdout, NULL);
197 stdout_lock.l_len = 0;
198 stdout_lock.l_start = 0;
199 stdout_lock.l_type = F_WRLCK;
200 stdout_lock.l_whence = SEEK_SET;
201 if (fcntl(STDOUT_FILENO, F_SETLKW, &stdout_lock) == -1)
202 err(EXIT_FAILURE, "stdout");
205 init_casper(argc, argv);
207 caph_cache_catpages();
209 if (caph_enter_casper() < 0)
210 err(EXIT_FAILURE, "capsicum");
212 if (bflag || eflag || nflag || sflag || tflag || vflag)
226 fprintf(stderr, "usage: cat [-" SUPPORTED_FLAGS "] [file ...]\n");
232 scanfiles(char *argv[], int cooked __unused)
236 #ifndef BOOTSTRAP_CAT
242 while ((path = argv[i]) != NULL || i == 0) {
243 if (path == NULL || strcmp(path, "-") == 0) {
248 fd = fileargs_open(fa, path);
249 #ifndef NO_UDOM_SUPPORT
250 if (fd < 0 && errno == EOPNOTSUPP)
251 fd = udom_open(path, O_RDONLY);
257 #ifndef BOOTSTRAP_CAT
259 if (fd == STDIN_FILENO)
262 fp = fdopen(fd, "r");
268 #ifndef BOOTSTRAP_CAT
269 if (in_kernel_copy(fd) == -1) {
270 if (errno == EINVAL || errno == EBADF ||
279 if (fd != STDIN_FILENO)
288 #ifndef BOOTSTRAP_CAT
292 int ch, gobble, line, prev;
295 /* Reset EOF condition on stdin. */
296 if (fp == stdin && feof(stdin))
300 for (prev = '\n'; (ch = getc(fp)) != EOF; prev = ch) {
311 if (!bflag || ch != '\n') {
312 (void)fprintf(stdout, "%6d\t", ++line);
316 (void)fprintf(stdout, "%6s\t", "");
323 if (eflag && putchar('$') == EOF)
325 } else if (ch == '\t') {
327 if (putchar('^') == EOF || putchar('I') == EOF)
332 (void)ungetc(ch, fp);
334 * Our getwc(3) doesn't change file position
337 if ((wch = getwc(fp)) == WEOF) {
338 if (ferror(fp) && errno == EILSEQ) {
340 /* Resync attempt. */
341 memset(&fp->_mbstate, 0, sizeof(mbstate_t));
342 if ((ch = getc(fp)) == EOF)
349 if (!iswascii(wch) && !iswprint(wch)) {
351 if (putchar('M') == EOF || putchar('-') == EOF)
357 ch = (ch == '\177') ? '?' : (ch | 0100);
358 if (putchar('^') == EOF || putchar(ch) == EOF)
362 if (putwchar(wch) == WEOF)
367 if (putchar(ch) == EOF)
371 warn("%s", filename);
380 in_kernel_copy(int rfd)
385 wfd = fileno(stdout);
389 ret = copy_file_range(rfd, NULL, wfd, NULL, SSIZE_MAX, 0);
393 #endif /* BOOTSTRAP_CAT */
402 static char *buf = NULL;
405 wfd = fileno(stdout);
407 if (fstat(wfd, &sbuf))
409 if (S_ISREG(sbuf.st_mode)) {
410 /* If there's plenty of RAM, use a large copy buffer */
411 if (sysconf(_SC_PHYS_PAGES) > PHYSPAGES_THRESHOLD)
412 bsize = MIN(BUFSIZE_MAX, MAXPHYS * 8);
414 bsize = BUFSIZE_SMALL;
416 bsize = sbuf.st_blksize;
417 pagesize = sysconf(_SC_PAGESIZE);
419 bsize = MAX(bsize, (size_t)pagesize);
421 if ((buf = malloc(bsize)) == NULL)
422 err(1, "malloc() failure of IO buffer");
424 while ((nr = read(rfd, buf, bsize)) > 0)
425 for (off = 0; nr; nr -= nw, off += nw)
426 if ((nw = write(wfd, buf + off, (size_t)nr)) < 0)
429 warn("%s", filename);
434 #ifndef NO_UDOM_SUPPORT
437 udom_open(const char *path, int flags)
439 struct addrinfo hints, *res, *res0;
440 char rpath[PATH_MAX];
441 int error, fd, serrno;
445 * Construct the unix domain socket address and attempt to connect.
447 bzero(&hints, sizeof(hints));
448 hints.ai_family = AF_LOCAL;
450 if (fileargs_realpath(fa, path, rpath) == NULL)
453 error = cap_getaddrinfo(capnet, rpath, NULL, &hints, &res0);
455 warn("%s", gai_strerror(error));
459 cap_rights_init(&rights, CAP_CONNECT, CAP_READ, CAP_WRITE,
460 CAP_SHUTDOWN, CAP_FSTAT, CAP_FCNTL);
462 /* Default error if something goes wrong. */
465 for (res = res0; res != NULL; res = res->ai_next) {
466 fd = socket(res->ai_family, res->ai_socktype,
474 if (caph_rights_limit(fd, &rights) < 0) {
481 error = cap_connect(capnet, fd, res->ai_addr, res->ai_addrlen);
497 * handle the open flags by shutting down appropriate directions
500 switch (flags & O_ACCMODE) {
502 cap_rights_clear(&rights, CAP_WRITE);
503 if (shutdown(fd, SHUT_WR) == -1)
507 cap_rights_clear(&rights, CAP_READ);
508 if (shutdown(fd, SHUT_RD) == -1)
515 cap_rights_clear(&rights, CAP_CONNECT, CAP_SHUTDOWN);
516 if (caph_rights_limit(fd, &rights) < 0) {