POTD skeleton #41.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

6 files changed, 78 insertions, 26 deletions

diff --git a/src/jail.c b/src/jail.c
index 1b5cb5b..e879c2c 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -12,6 +12,7 @@
 #include "jail.h"
 #include "socket.h"
 #include "server.h"
+#include "pterm.h"
 #include "utils.h"
 #include "log.h"
 
@@ -211,7 +212,7 @@ static int jail_accept_client(jail_ctx *ctx[],
     size_t i, rc = 0;
     int s;
     pid_t prisoner_pid;
-    jail_prisoner_process *args;
+    static jail_prisoner_process *args;
 
     for (i = 0; i < siz; ++i) {
         if (ctx[i]->sock.fd == event->data.fd) {
@@ -250,6 +251,7 @@ static int jail_accept_client(jail_ctx *ctx[],
 error:
             socket_close(&args->client_psock);
             free(args);
+            args = NULL;
             return rc;
         }
     }
@@ -262,9 +264,10 @@ static int jail_childfn(void *arg)
     jail_prisoner_process *args;
     const char *path_dev = "/dev";
     const char *path_devpts = "/dev/pts";
-    int s, term_fd;
-    struct termios *term = NULL;
-    struct winsize *win = NULL;
+    const char *path_proc = "/proc";
+    const char *path_shell = "/bin/sh";
+    char tty_name[TTYSZ+sizeof(long)];
+    int s, pty_fd, tty_fd;
     int unshare_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|
         CLONE_NEWNS|CLONE_NEWNET;
     pid_t self_pid, child_pid;
@@ -307,6 +310,15 @@ static int jail_childfn(void *arg)
     if (!dir_is_mountpoint(path_devpts) && mount_pts(path_devpts))
         FATAL("Mount devpts to '%s%s'", args->newroot, path_devpts);
 
+    D2("Mounting proc to '%s%s'", args->newroot, path_proc);
+    s = mkdir(path_proc, S_IRUSR|S_IWUSR|S_IXUSR|
+                         S_IRGRP|S_IXGRP|
+                         S_IROTH|S_IXOTH);
+    if (s && errno != EEXIST)
+        FATAL("Create directory '%s'", path_proc);
+    if (!dir_is_mountpoint(path_proc) && mount_proc(path_proc))
+        FATAL("Mount devpts to '%s%s'", args->newroot, path_proc)
+
     D2("Creating device files in '%s%s'", args->newroot, path_dev);
     if (create_device_files(path_dev)) {
         E2("Device file creation failed for rootfs '%s%s'",
@@ -314,16 +326,22 @@ static int jail_childfn(void *arg)
         exit(EXIT_FAILURE);
     }
 
-    D2("%s", "Forking a new pseudo terminal");
-    child_pid = forkpty(&term_fd, NULL, term, win);
+    if (pty_allocate(&pty_fd, &tty_fd, tty_name, TTYSZ))
+        FATAL("%s", "TTY allocation");
+
+    D2("Forking a new process for the slave tty from "
+       "parent pty with pid %d",
+       self_pid);
+    child_pid = fork();
     switch (child_pid) {
         case -1:
-            FATAL("Forking a new pseudo terminal for pid %d",
-                self_pid);
+            FATAL("Forking a new process for the slave tty from "
+                  "parent pty with pid %d",
+                  self_pid);
             break;
         case 0:
-            D2("Executing '%s'", "/bin/bash");
-            if (execl("/bin(bash", "/bin/bash", (char *) NULL))
+            D2("Executing '%s'", path_shell);
+            if (execl(path_shell, path_shell, (char *) NULL))
                 FATAL("Execute a shell for pid %d", self_pid);
             break;
         default:
diff --git a/src/pterm.c b/src/pterm.c
index 47f433c..050e9b2 100644
--- a/src/pterm.c
+++ b/src/pterm.c
@@ -102,12 +102,14 @@ pty_make_controlling_tty(int *ttyfd, const char *tty)
 /* Changes the window size associated with the pty. */
 
 void
-pty_change_window_size(int ptyfd, u_int row, u_int col,
-                       u_int xpixel, u_int ypixel)
+pty_change_window_size(int ptyfd, unsigned int row,
+                       unsigned int col,
+                       unsigned int xpixel,
+                       unsigned int ypixel)
 {
     struct winsize w;
 
-    /* may truncate u_int -> u_short */
+    /* may truncate unsigned int -> unsigned short */
     w.ws_row = row;
     w.ws_col = col;
     w.ws_xpixel = xpixel;
diff --git a/src/pterm.h b/src/pterm.h
index 734bab1..87ce8bc 100644
--- a/src/pterm.h
+++ b/src/pterm.h
@@ -1,15 +1,24 @@
 #ifndef POTD_PTY_H
 #define POTD_PTY_H 1
 
-int pty_allocate(int *, int *, char *, size_t);
+#include <stdlib.h>
+#include <pwd.h>
 
-void pty_release(const char *);
+#define TTYSZ 64
 
-void pty_make_controlling_tty(int *, const char *);
 
-void pty_change_window_size(int, u_int, u_int, u_int, u_int);
+int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen);
 
-void pty_setowner(struct passwd *, const char *);
+void pty_release(const char *tty);
+
+void pty_make_controlling_tty(int *ttyfd, const char *tty);
+
+void pty_change_window_size(int ptyfd, unsigned int row,
+                            unsigned int col,
+                            unsigned int xpixel,
+                            unsigned int ypixel);
+
+void pty_setowner(struct passwd *pw, const char *tty);
 
 void disconnect_controlling_tty(void);
 
diff --git a/src/server_ssh.c b/src/server_ssh.c
index ff747fd..7e86096 100644
--- a/src/server_ssh.c
+++ b/src/server_ssh.c
@@ -110,8 +110,10 @@ int ssh_on_listen(struct forward_ctx *ctx, const char *host,
                              port))
         return 1;
 
-    if (ssh_bind_listen(d->sshbind) < 0) {
-        E("Error listening to SSH socket: %s", ssh_get_error(d->sshbind));
+    s = ssh_bind_listen(d->sshbind);
+    if (s < 0) {
+        E_STRERR("Error listening to SSH socket: %s", ssh_get_error(d->sshbind));
+        return s;
     }
     N("SSH bind and listen on %s:%s fd %d", host, port,
         ssh_bind_get_fd(d->sshbind));
diff --git a/src/utils.c b/src/utils.c
index 0959cee..9e09216 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -311,6 +311,20 @@ int mount_pts(const char *mount_path)
     return 0;
 }
 
+int mount_proc(const char *mount_path)
+{
+    int s;
+
+    s = mount("proc", mount_path, "proc",
+              MS_RELATIME, "rw");
+    if (s) {
+        E_STRERR("Mount proc filesystem to %s", mount_path);
+        return 1;
+    }
+
+    return 0;
+}
+
 int create_device_file_checked(const char *mount_path, const char *device_file,
                                mode_t mode, int add_mode, dev_t dev)
 {
@@ -321,14 +335,17 @@ int create_device_file_checked(const char *mount_path, const char *device_file,
     size_t plen = strnlen(mount_path, PATH_MAX);
     size_t dlen = strnlen(device_file, PATH_MAX);
     struct stat devbuf = {0};
-    char devpath[plen+dlen+1];
+    char devpath[plen+dlen+2];
 
-    snprintf(devpath, plen+dlen+1, "%s/%s", mount_path, device_file);
+    snprintf(devpath, plen+dlen+2, "%s/%s", mount_path, device_file);
     s = stat(devpath, &devbuf);
 
-    if (s && errno != EEXIST) {
+    if (s && errno != EEXIST && errno != ENOENT) {
         return 1;
-    } else if (s && errno == EEXIST) {
+    }
+    if (errno == EEXIST) {
+        if (remove(devpath))
+            return 1;
     }
 
     D2("Create device file: %s", devpath);
@@ -345,7 +362,9 @@ int create_device_file_checked(const char *mount_path, const char *device_file,
 
 int create_device_files(const char *mount_path)
 {
-    create_device_file_checked(mount_path, "ptmx", 0, 1, makedev(5,2));
+    int s = 0;
 
-    return 0;
+    s |= create_device_file_checked(mount_path, "ptmx", S_IFCHR, 1, makedev(5,2));
+
+    return s;
 }
diff --git a/src/utils.h b/src/utils.h
index ce679e4..fb6f28c 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -32,6 +32,8 @@ int mount_dev(const char *mount_path);
 
 int mount_pts(const char *mount_path);
 
+int mount_proc(const char *mount_path);
+
 int create_device_file_checked(const char *mount_path, const char *device_file,
                                mode_t mode, int add_mode, dev_t dev);