diff options
author | Toni Uhlig <matzeton@googlemail.com> | 2018-05-02 20:59:34 +0200 |
---|---|---|
committer | Toni Uhlig <matzeton@googlemail.com> | 2018-05-02 20:59:34 +0200 |
commit | 4f66937b2bfadfa54aa099ea9bbb9f2f0dc2416f (patch) | |
tree | c8512ec9d9bd91c3171248f65d619e2e6014c006 | |
parent | e6d9e7073ea1e23a3b22440fa69ce92691ca328d (diff) |
POTD skeleton #41.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
-rw-r--r-- | src/jail.c | 38 | ||||
-rw-r--r-- | src/pterm.c | 8 | ||||
-rw-r--r-- | src/pterm.h | 19 | ||||
-rw-r--r-- | src/server_ssh.c | 6 | ||||
-rw-r--r-- | src/utils.c | 31 | ||||
-rw-r--r-- | src/utils.h | 2 |
6 files changed, 78 insertions, 26 deletions
@@ -12,6 +12,7 @@ #include "jail.h" #include "socket.h" #include "server.h" +#include "pterm.h" #include "utils.h" #include "log.h" @@ -211,7 +212,7 @@ static int jail_accept_client(jail_ctx *ctx[], size_t i, rc = 0; int s; pid_t prisoner_pid; - jail_prisoner_process *args; + static jail_prisoner_process *args; for (i = 0; i < siz; ++i) { if (ctx[i]->sock.fd == event->data.fd) { @@ -250,6 +251,7 @@ static int jail_accept_client(jail_ctx *ctx[], error: socket_close(&args->client_psock); free(args); + args = NULL; return rc; } } @@ -262,9 +264,10 @@ static int jail_childfn(void *arg) jail_prisoner_process *args; const char *path_dev = "/dev"; const char *path_devpts = "/dev/pts"; - int s, term_fd; - struct termios *term = NULL; - struct winsize *win = NULL; + const char *path_proc = "/proc"; + const char *path_shell = "/bin/sh"; + char tty_name[TTYSZ+sizeof(long)]; + int s, pty_fd, tty_fd; int unshare_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC| CLONE_NEWNS|CLONE_NEWNET; pid_t self_pid, child_pid; @@ -307,6 +310,15 @@ static int jail_childfn(void *arg) if (!dir_is_mountpoint(path_devpts) && mount_pts(path_devpts)) FATAL("Mount devpts to '%s%s'", args->newroot, path_devpts); + D2("Mounting proc to '%s%s'", args->newroot, path_proc); + s = mkdir(path_proc, S_IRUSR|S_IWUSR|S_IXUSR| + S_IRGRP|S_IXGRP| + S_IROTH|S_IXOTH); + if (s && errno != EEXIST) + FATAL("Create directory '%s'", path_proc); + if (!dir_is_mountpoint(path_proc) && mount_proc(path_proc)) + FATAL("Mount devpts to '%s%s'", args->newroot, path_proc) + D2("Creating device files in '%s%s'", args->newroot, path_dev); if (create_device_files(path_dev)) { E2("Device file creation failed for rootfs '%s%s'", @@ -314,16 +326,22 @@ static int jail_childfn(void *arg) exit(EXIT_FAILURE); } - D2("%s", "Forking a new pseudo terminal"); - child_pid = forkpty(&term_fd, NULL, term, win); + if (pty_allocate(&pty_fd, &tty_fd, tty_name, TTYSZ)) + FATAL("%s", "TTY allocation"); + + D2("Forking a new process for the slave tty from " + "parent pty with pid %d", + self_pid); + child_pid = fork(); switch (child_pid) { case -1: - FATAL("Forking a new pseudo terminal for pid %d", - self_pid); + FATAL("Forking a new process for the slave tty from " + "parent pty with pid %d", + self_pid); break; case 0: - D2("Executing '%s'", "/bin/bash"); - if (execl("/bin(bash", "/bin/bash", (char *) NULL)) + D2("Executing '%s'", path_shell); + if (execl(path_shell, path_shell, (char *) NULL)) FATAL("Execute a shell for pid %d", self_pid); break; default: diff --git a/src/pterm.c b/src/pterm.c index 47f433c..050e9b2 100644 --- a/src/pterm.c +++ b/src/pterm.c @@ -102,12 +102,14 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) /* Changes the window size associated with the pty. */ void -pty_change_window_size(int ptyfd, u_int row, u_int col, - u_int xpixel, u_int ypixel) +pty_change_window_size(int ptyfd, unsigned int row, + unsigned int col, + unsigned int xpixel, + unsigned int ypixel) { struct winsize w; - /* may truncate u_int -> u_short */ + /* may truncate unsigned int -> unsigned short */ w.ws_row = row; w.ws_col = col; w.ws_xpixel = xpixel; diff --git a/src/pterm.h b/src/pterm.h index 734bab1..87ce8bc 100644 --- a/src/pterm.h +++ b/src/pterm.h @@ -1,15 +1,24 @@ #ifndef POTD_PTY_H #define POTD_PTY_H 1 -int pty_allocate(int *, int *, char *, size_t); +#include <stdlib.h> +#include <pwd.h> -void pty_release(const char *); +#define TTYSZ 64 -void pty_make_controlling_tty(int *, const char *); -void pty_change_window_size(int, u_int, u_int, u_int, u_int); +int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen); -void pty_setowner(struct passwd *, const char *); +void pty_release(const char *tty); + +void pty_make_controlling_tty(int *ttyfd, const char *tty); + +void pty_change_window_size(int ptyfd, unsigned int row, + unsigned int col, + unsigned int xpixel, + unsigned int ypixel); + +void pty_setowner(struct passwd *pw, const char *tty); void disconnect_controlling_tty(void); diff --git a/src/server_ssh.c b/src/server_ssh.c index ff747fd..7e86096 100644 --- a/src/server_ssh.c +++ b/src/server_ssh.c @@ -110,8 +110,10 @@ int ssh_on_listen(struct forward_ctx *ctx, const char *host, port)) return 1; - if (ssh_bind_listen(d->sshbind) < 0) { - E("Error listening to SSH socket: %s", ssh_get_error(d->sshbind)); + s = ssh_bind_listen(d->sshbind); + if (s < 0) { + E_STRERR("Error listening to SSH socket: %s", ssh_get_error(d->sshbind)); + return s; } N("SSH bind and listen on %s:%s fd %d", host, port, ssh_bind_get_fd(d->sshbind)); diff --git a/src/utils.c b/src/utils.c index 0959cee..9e09216 100644 --- a/src/utils.c +++ b/src/utils.c @@ -311,6 +311,20 @@ int mount_pts(const char *mount_path) return 0; } +int mount_proc(const char *mount_path) +{ + int s; + + s = mount("proc", mount_path, "proc", + MS_RELATIME, "rw"); + if (s) { + E_STRERR("Mount proc filesystem to %s", mount_path); + return 1; + } + + return 0; +} + int create_device_file_checked(const char *mount_path, const char *device_file, mode_t mode, int add_mode, dev_t dev) { @@ -321,14 +335,17 @@ int create_device_file_checked(const char *mount_path, const char *device_file, size_t plen = strnlen(mount_path, PATH_MAX); size_t dlen = strnlen(device_file, PATH_MAX); struct stat devbuf = {0}; - char devpath[plen+dlen+1]; + char devpath[plen+dlen+2]; - snprintf(devpath, plen+dlen+1, "%s/%s", mount_path, device_file); + snprintf(devpath, plen+dlen+2, "%s/%s", mount_path, device_file); s = stat(devpath, &devbuf); - if (s && errno != EEXIST) { + if (s && errno != EEXIST && errno != ENOENT) { return 1; - } else if (s && errno == EEXIST) { + } + if (errno == EEXIST) { + if (remove(devpath)) + return 1; } D2("Create device file: %s", devpath); @@ -345,7 +362,9 @@ int create_device_file_checked(const char *mount_path, const char *device_file, int create_device_files(const char *mount_path) { - create_device_file_checked(mount_path, "ptmx", 0, 1, makedev(5,2)); + int s = 0; - return 0; + s |= create_device_file_checked(mount_path, "ptmx", S_IFCHR, 1, makedev(5,2)); + + return s; } diff --git a/src/utils.h b/src/utils.h index ce679e4..fb6f28c 100644 --- a/src/utils.h +++ b/src/utils.h @@ -32,6 +32,8 @@ int mount_dev(const char *mount_path); int mount_pts(const char *mount_path); +int mount_proc(const char *mount_path); + int create_device_file_checked(const char *mount_path, const char *device_file, mode_t mode, int add_mode, dev_t dev); |