diff options
Diffstat (limited to 'src/jail.c')
-rw-r--r-- | src/jail.c | 56 |
1 files changed, 52 insertions, 4 deletions
@@ -26,8 +26,12 @@ typedef struct server_event { } server_event; typedef struct client_event { - const psocket *client_sock; - const int tty_fd; + psocket *client_sock; + int tty_fd; + char tty_logbuf[BUFSIZ]; + size_t off_logbuf; + char *tty_logbuf_escaped; + size_t tty_logbuf_size; } client_event; static int jail_mainloop(event_ctx **ev_ctx, const jail_ctx *ctx[], size_t siz) @@ -37,6 +41,8 @@ static int jail_childfn(prisoner_process *ctx) __attribute__((noreturn)); static int jail_socket_tty(prisoner_process *ctx, int tty_fd); static int jail_socket_tty_io(event_ctx *ev_ctx, int src_fd, void *user_data); +static int jail_log_input(event_ctx *ev_ctx, int src_fd, int dst_fd, + char *buf, size_t siz, void *user_data); void jail_init_ctx(jail_ctx **ctx, size_t stacksize) @@ -251,6 +257,7 @@ static int jail_childfn(prisoner_process *ctx) FATAL("Clearing ENV for pid %d", self_pid); caps_drop_dac_override(0); + caps_drop_all(); D2("Unshare prisoner %d", self_pid); if (unshare(unshare_flags)) @@ -321,6 +328,7 @@ static int jail_childfn(prisoner_process *ctx) */ if (close_fds_except(0, 1, 2, -1)) exit(EXIT_FAILURE); + printf("%s", " _______ ________ __\n" " | |.-----.-----.-----.| | | |.----.| |_\n" @@ -339,6 +347,7 @@ static int jail_childfn(prisoner_process *ctx) " * 1 splash Cranberry juice\n" " -----------------------------------------------------\n" ); + if (execl(path_shell, path_shell, (char *) NULL)) exit(EXIT_FAILURE); default: @@ -359,11 +368,12 @@ static int jail_childfn(prisoner_process *ctx) static int jail_socket_tty(prisoner_process *ctx, int tty_fd) { - client_event ev_cli = {NULL, tty_fd}; + static client_event ev_cli = {NULL, 0, {0}, 0, 0, 0}; int s, rc = 1; event_ctx *ev_ctx = NULL; assert(ctx); + ev_cli.tty_fd = tty_fd; event_init(&ev_ctx); if (event_setup(ev_ctx)) { @@ -412,7 +422,8 @@ jail_socket_tty_io(event_ctx *ev_ctx, int src_fd, void *user_data) dest_fd = ev_cli->client_sock->fd; } else return 0; - fwd_state = event_forward_connection(ev_ctx, dest_fd); + fwd_state = event_forward_connection(ev_ctx, dest_fd, jail_log_input, + user_data); switch (fwd_state) { case CON_IN_TERMINATED: @@ -428,3 +439,40 @@ jail_socket_tty_io(event_ctx *ev_ctx, int src_fd, void *user_data) return 1; } + +static int jail_log_input(event_ctx *ev_ctx, int src_fd, int dst_fd, + char *buf, size_t siz, void *user_data) +{ + size_t idx = 0, slen, ssiz = siz; + client_event *ev_cli = (client_event *) user_data; + + (void) ev_ctx; + (void) src_fd; + + if (ev_cli->tty_fd == dst_fd) { + while (ssiz > 0) { + slen = MIN(sizeof(ev_cli->tty_logbuf) - ev_cli->off_logbuf, ssiz); + if (slen == 0) { + escape_ascii_string(ev_cli->tty_logbuf, ev_cli->off_logbuf, + &ev_cli->tty_logbuf_escaped, &ev_cli->tty_logbuf_size); + C("%s", ev_cli->tty_logbuf_escaped); + ev_cli->off_logbuf = 0; + ev_cli->tty_logbuf[0] = 0; + continue; + } + strncat(ev_cli->tty_logbuf, buf+idx, slen); + ssiz -= slen; + idx += slen; + ev_cli->off_logbuf += slen; + } + if (buf[siz-1] == '\r' || buf[siz-1] == '\n') { + escape_ascii_string(ev_cli->tty_logbuf, ev_cli->off_logbuf, + &ev_cli->tty_logbuf_escaped, &ev_cli->tty_logbuf_size); + C("%s", ev_cli->tty_logbuf_escaped); + ev_cli->off_logbuf = 0; + ev_cli->tty_logbuf[0] = 0; + } + } + + return 0; +} |