2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2018-2021 Mariusz Zaborski <oshogbo@FreeBSD.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/types.h>
30 #include <sys/capsicum.h>
31 #include <sys/sysctl.h>
43 #include <libcasper.h>
44 #include <libcasper_service.h>
46 #include "cap_fileargs.h"
48 #define CACHE_SIZE 128
50 #define FILEARGS_MAGIC 0xFA00FA00
55 cap_channel_t *fa_chann;
60 fileargs_get_lstat_cache(fileargs_t *fa, const char *name, struct stat *sb)
67 assert(fa->fa_magic == FILEARGS_MAGIC);
70 if (fa->fa_cache == NULL)
73 nvl = dnvlist_get_nvlist(fa->fa_cache, name, NULL);
77 if (!nvlist_exists_binary(nvl, "stat")) {
81 buf = nvlist_get_binary(nvl, "stat", &size);
82 assert(size == sizeof(*sb));
83 memcpy(sb, buf, size);
89 fileargs_get_fd_cache(fileargs_t *fa, const char *name)
96 assert(fa->fa_magic == FILEARGS_MAGIC);
99 if (fa->fa_cache == NULL)
102 if ((fa->fa_fdflags & O_CREAT) != 0)
105 nvl = dnvlist_get_nvlist(fa->fa_cache, name, NULL);
109 tnvl = nvlist_take_nvlist(fa->fa_cache, name);
111 if (!nvlist_exists_descriptor(tnvl, "fd")) {
112 nvlist_destroy(tnvl);
116 fd = nvlist_take_descriptor(tnvl, "fd");
117 nvlist_destroy(tnvl);
119 if ((fa->fa_fdflags & O_CLOEXEC) != O_CLOEXEC) {
120 if (fcntl(fd, F_SETFD, fa->fa_fdflags) == -1) {
130 fileargs_set_cache(fileargs_t *fa, nvlist_t *nvl)
133 nvlist_destroy(fa->fa_cache);
138 fileargs_fetch(fileargs_t *fa, const char *name, const char *cmd)
144 assert(name != NULL);
146 nvl = nvlist_create(NV_FLAG_NO_UNIQUE);
147 nvlist_add_string(nvl, "cmd", cmd);
148 nvlist_add_string(nvl, "name", name);
150 nvl = cap_xfer_nvlist(fa->fa_chann, nvl);
154 if (nvlist_get_number(nvl, "error") != 0) {
155 serrno = (int)nvlist_get_number(nvl, "error");
165 fileargs_create_limit(int argc, const char * const *argv, int flags,
166 mode_t mode, cap_rights_t *rightsp, int operations)
171 limits = nvlist_create(NV_FLAG_NO_UNIQUE);
175 nvlist_add_number(limits, "flags", flags);
176 nvlist_add_number(limits, "operations", operations);
177 if (rightsp != NULL) {
178 nvlist_add_binary(limits, "cap_rights", rightsp,
181 if ((flags & O_CREAT) != 0)
182 nvlist_add_number(limits, "mode", (uint64_t)mode);
184 for (i = 0; i < argc; i++) {
185 if (strlen(argv[i]) >= MAXPATHLEN) {
186 nvlist_destroy(limits);
187 errno = ENAMETOOLONG;
190 nvlist_add_null(limits, argv[i]);
197 fileargs_create(cap_channel_t *chan, int fdflags)
201 fa = malloc(sizeof(*fa));
205 fa->fa_fdflags = fdflags;
206 fa->fa_magic = FILEARGS_MAGIC;
213 fileargs_init(int argc, char *argv[], int flags, mode_t mode,
214 cap_rights_t *rightsp, int operations)
218 if (argc <= 0 || argv == NULL) {
219 return (fileargs_create(NULL, 0));
222 limits = fileargs_create_limit(argc, (const char * const *)argv, flags,
223 mode, rightsp, operations);
227 return (fileargs_initnv(limits));
231 fileargs_cinit(cap_channel_t *cas, int argc, char *argv[], int flags,
232 mode_t mode, cap_rights_t *rightsp, int operations)
236 if (argc <= 0 || argv == NULL) {
237 return (fileargs_create(NULL, 0));
240 limits = fileargs_create_limit(argc, (const char * const *)argv, flags,
241 mode, rightsp, operations);
245 return (fileargs_cinitnv(cas, limits));
249 fileargs_initnv(nvlist_t *limits)
254 if (limits == NULL) {
255 return (fileargs_create(NULL, 0));
260 nvlist_destroy(limits);
264 fa = fileargs_cinitnv(cas, limits);
271 fileargs_cinitnv(cap_channel_t *cas, nvlist_t *limits)
273 cap_channel_t *chann;
275 int flags, ret, serrno;
279 if (limits == NULL) {
280 return (fileargs_create(NULL, 0));
286 chann = cap_service_open(cas, "system.fileargs");
288 nvlist_destroy(limits);
292 flags = nvlist_get_number(limits, "flags");
293 (void)nvlist_get_number(limits, "operations");
295 /* Limits are consumed no need to free them. */
296 ret = cap_limit_set(chann, limits);
300 fa = fileargs_create(chann, flags);
314 fileargs_open(fileargs_t *fa, const char *name)
321 assert(fa->fa_magic == FILEARGS_MAGIC);
328 if (fa->fa_chann == NULL) {
333 fd = fileargs_get_fd_cache(fa, name);
337 nvl = fileargs_fetch(fa, name, "open");
341 fd = nvlist_take_descriptor(nvl, "fd");
342 cmd = nvlist_take_string(nvl, "cmd");
343 if (strcmp(cmd, "cache") == 0)
344 fileargs_set_cache(fa, nvl);
353 fileargs_fopen(fileargs_t *fa, const char *name, const char *mode)
357 if ((fd = fileargs_open(fa, name)) < 0) {
361 return (fdopen(fd, mode));
365 fileargs_lstat(fileargs_t *fa, const char *name, struct stat *sb)
373 assert(fa->fa_magic == FILEARGS_MAGIC);
385 if (fa->fa_chann == NULL) {
390 if (fileargs_get_lstat_cache(fa, name, sb) != -1)
393 nvl = fileargs_fetch(fa, name, "lstat");
397 buf = nvlist_get_binary(nvl, "stat", &size);
398 assert(size == sizeof(*sb));
399 memcpy(sb, buf, size);
401 cmd = nvlist_take_string(nvl, "cmd");
402 if (strcmp(cmd, "cache") == 0)
403 fileargs_set_cache(fa, nvl);
412 fileargs_realpath(fileargs_t *fa, const char *pathname, char *reserved_path)
418 assert(fa->fa_magic == FILEARGS_MAGIC);
420 if (pathname == NULL) {
425 if (fa->fa_chann == NULL) {
430 nvl = fileargs_fetch(fa, pathname, "realpath");
434 if (reserved_path != NULL) {
436 strcpy(reserved_path,
437 nvlist_get_string(nvl, "realpath"));
439 ret = nvlist_take_string(nvl, "realpath");
447 fileargs_free(fileargs_t *fa)
453 assert(fa->fa_magic == FILEARGS_MAGIC);
455 nvlist_destroy(fa->fa_cache);
456 if (fa->fa_chann != NULL) {
457 cap_close(fa->fa_chann);
459 explicit_bzero(&fa->fa_magic, sizeof(fa->fa_magic));
464 fileargs_unwrap(fileargs_t *fa, int *flags)
471 assert(fa->fa_magic == FILEARGS_MAGIC);
475 *flags = fa->fa_fdflags;
478 nvlist_destroy(fa->fa_cache);
479 explicit_bzero(&fa->fa_magic, sizeof(fa->fa_magic));
486 fileargs_wrap(cap_channel_t *chan, int fdflags)
493 return (fileargs_create(chan, fdflags));
500 static const char *lastname;
501 static void *cacheposition;
502 static bool allcached;
503 static const cap_rights_t *caprightsp;
505 static int allowed_operations;
506 static mode_t capmode;
509 open_file(const char *name)
513 if ((capflags & O_CREAT) == 0)
514 fd = open(name, capflags);
516 fd = open(name, capflags, capmode);
520 if (caprightsp != NULL) {
521 if (cap_rights_limit(fd, caprightsp) < 0 && errno != ENOSYS) {
533 fileargs_add_cache(nvlist_t *nvlout, const nvlist_t *limits,
534 const char *current_name)
542 if ((capflags & O_CREAT) != 0) {
547 cookie = cacheposition;
548 for (i = 0; i < CACHE_SIZE + 1; i++) {
549 fname = nvlist_next(limits, &type, &cookie);
551 cacheposition = NULL;
556 /* We doing that to catch next element name. */
557 if (i == CACHE_SIZE) {
561 if (type != NV_TYPE_NULL) {
565 if (current_name != NULL &&
566 strcmp(fname, current_name) == 0) {
572 new = nvlist_create(NV_FLAG_NO_UNIQUE);
573 if ((allowed_operations & FA_OPEN) != 0) {
574 fd = open_file(fname);
580 nvlist_move_descriptor(new, "fd", fd);
582 if ((allowed_operations & FA_LSTAT) != 0) {
583 if (lstat(fname, &sb) < 0) {
588 nvlist_add_binary(new, "stat", &sb, sizeof(sb));
591 nvlist_move_nvlist(nvlout, fname, new);
593 cacheposition = cookie;
598 fileargs_allowed(const nvlist_t *limits, const nvlist_t *request, int operation)
602 if ((allowed_operations & operation) == 0)
605 name = dnvlist_get_string(request, "name", NULL);
610 if (lastname != NULL && strcmp(name, lastname) == 0)
613 if (!nvlist_exists_null(limits, name))
620 fileargs_limit(const nvlist_t *oldlimits, const nvlist_t *newlimits)
623 if (oldlimits != NULL)
624 return (ENOTCAPABLE);
626 capflags = (int)dnvlist_get_number(newlimits, "flags", 0);
627 allowed_operations = (int)dnvlist_get_number(newlimits, "operations", 0);
628 if ((capflags & O_CREAT) != 0)
629 capmode = (mode_t)nvlist_get_number(newlimits, "mode");
633 caprightsp = dnvlist_get_binary(newlimits, "cap_rights", NULL, NULL, 0);
639 fileargs_command_lstat(const nvlist_t *limits, nvlist_t *nvlin,
647 return (ENOTCAPABLE);
649 if (!fileargs_allowed(limits, nvlin, FA_LSTAT))
650 return (ENOTCAPABLE);
652 name = nvlist_get_string(nvlin, "name");
654 error = lstat(name, &sb);
658 if (!allcached && (lastname == NULL ||
659 strcmp(name, lastname) == 0)) {
660 nvlist_add_string(nvlout, "cmd", "cache");
661 fileargs_add_cache(nvlout, limits, name);
663 nvlist_add_string(nvlout, "cmd", "lstat");
665 nvlist_add_binary(nvlout, "stat", &sb, sizeof(sb));
670 fileargs_command_realpath(const nvlist_t *limits, nvlist_t *nvlin,
673 const char *pathname;
677 return (ENOTCAPABLE);
679 if (!fileargs_allowed(limits, nvlin, FA_REALPATH))
680 return (ENOTCAPABLE);
682 pathname = nvlist_get_string(nvlin, "name");
683 resolvedpath = realpath(pathname, NULL);
684 if (resolvedpath == NULL)
687 nvlist_move_string(nvlout, "realpath", resolvedpath);
692 fileargs_command_open(const nvlist_t *limits, nvlist_t *nvlin,
699 return (ENOTCAPABLE);
701 if (!fileargs_allowed(limits, nvlin, FA_OPEN))
702 return (ENOTCAPABLE);
704 name = nvlist_get_string(nvlin, "name");
706 fd = open_file(name);
710 if (!allcached && (lastname == NULL ||
711 strcmp(name, lastname) == 0)) {
712 nvlist_add_string(nvlout, "cmd", "cache");
713 fileargs_add_cache(nvlout, limits, name);
715 nvlist_add_string(nvlout, "cmd", "open");
717 nvlist_move_descriptor(nvlout, "fd", fd);
722 fileargs_command(const char *cmd, const nvlist_t *limits,
723 nvlist_t *nvlin, nvlist_t *nvlout)
726 if (strcmp(cmd, "open") == 0)
727 return (fileargs_command_open(limits, nvlin, nvlout));
728 if (strcmp(cmd, "lstat") == 0)
729 return (fileargs_command_lstat(limits, nvlin, nvlout));
730 if (strcmp(cmd, "realpath") == 0)
731 return (fileargs_command_realpath(limits, nvlin, nvlout));
736 CREATE_SERVICE("system.fileargs", fileargs_limit, fileargs_command,
737 CASPER_SERVICE_FD | CASPER_SERVICE_STDIO | CASPER_SERVICE_NO_UNIQ_LIMITS);