1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
#include <stdio.h>
#include <sys/types.h>
#include <sys/wait.h>
#include "pseccomp.h"
#include "capabilities.h"
#include "log.h"
#include "log_colored.h"
#include "utils.h"
#include "redirector.h"
#include "protocol_ssh.h"
#include "forward.h"
#include "jail.h"
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
int main(int argc, char *argv[])
{
const size_t rdr_siz = 3;
const size_t proto_siz = 2;
const size_t jail_siz = 2;
const char *rdr_ports[rdr_siz];
const char *proto_ports[proto_siz];
const char *jail_ports[jail_siz];
redirector_ctx *rdr[rdr_siz];
protocol_ctx *ssh_proto[proto_siz];
jail_ctx *jail[jail_siz];
event_ctx *rdr_event = NULL;
event_ctx *jail_event = NULL;
int proc_status;
pid_t daemon_pid, rdr_pid, jail_pid, child_pid;
(void) argc;
(void) argv;
arg0 = argv[0];
LOG_SET_FUNCS_VA(LOG_COLORED_FUNCS);
N("%s (C) 2018 Toni Uhlig (%s)", PACKAGE_STRING, PACKAGE_BUGREPORT);
pseccomp_init();
pseccomp_set_immutable();
caps_default_filter();
D("%s", "Forking into background/foreground");
daemon_pid = daemonize(1);
ABORT_ON_FATAL( daemon_pid > 0, "Forking" );
if (daemon_pid == 0) {
set_procname("[potd] main");
} else {
FATAL("Forking (fork returned %d)", daemon_pid);
}
D2("Master pid: %d", getpid());
memset(jail, 0, sizeof(jail));
jail_ports[0] = "33333";
jail_ports[1] = "33334";
for (size_t i = 0; i < jail_siz; ++i) {
D("Initialising jail service on port %s", jail_ports[i]);
jail_init_ctx(&jail[i], MAX_STACKSIZE);
//jail[i]->newroot = strdup("/home/lns/git/busybox/sysroot");
jail[i]->newroot = strdup("/home/toni/git/busybox/_install");
ABORT_ON_FATAL( jail_setup(jail[i], "127.0.0.1", jail_ports[i]),
"Jail daemon setup" );
ABORT_ON_FATAL( jail_validate_ctx(jail[i]),
"Jail validation" );
}
ABORT_ON_FATAL( jail_setup_event( jail, jail_siz, &jail_event ),
"Jail daemon epoll setup" );
jail_pid = jail_daemonize(&jail_event, jail, jail_siz);
ABORT_ON_FATAL( jail_pid < 1, "Jail daemon startup" );
memset(ssh_proto, 0, sizeof(proto_ports));
proto_ports[0] = "22222";
proto_ports[1] = "22223";
for (size_t i = 0; i < proto_siz; ++i) {
ABORT_ON_FATAL( proto_init_ctx(&ssh_proto[i], ssh_init_cb),
"SSH Protocol init" );
ABORT_ON_FATAL( proto_setup(ssh_proto[i], "127.0.0.1", proto_ports[i],
"127.0.0.1", jail_ports[i]), "SSH Protocol setup" );
ABORT_ON_FATAL( proto_validate_ctx(ssh_proto[i]),
"SSH validation" );
}
memset(rdr, 0, sizeof(rdr));
rdr_ports[0] = "2222";
rdr_ports[1] = "2223";
rdr_ports[2] = "22050";
for (size_t i = 0; i < rdr_siz; ++i) {
D("Initialising redirector service on port %s", rdr_ports[i]);
ABORT_ON_FATAL( redirector_init_ctx(&rdr[i]),
"Redirector init" );
ABORT_ON_FATAL( redirector_setup(rdr[i], NULL, rdr_ports[i],
"127.0.0.1", "22222"), "Redirector setup" );
ABORT_ON_FATAL( redirector_validate_ctx(rdr[i]),
"Redirector validation" );
}
D2("%s", "Redirector event setup");
ABORT_ON_FATAL( redirector_setup_event( rdr, rdr_siz, &rdr_event ),
"Redirector event setup" );
D2("Main process is dropping privileges to %s:%s", "nobody", "NULL");
ABORT_ON_FATAL( change_user_group("nobody", NULL),
"Main process dropping privileges" );
N("%s", "Redirector epoll mainloop");
rdr_pid = redirector_daemonize( rdr_event, rdr, rdr_siz );
ABORT_ON_FATAL( rdr_pid < 1, "Server epoll mainloop" );
while (1) {
child_pid = wait(&proc_status);
if (child_pid == jail_pid ||
child_pid == rdr_pid) {
E2("%s daemon with pid %d terminated, exiting",
(child_pid == jail_pid ? "Jail" : "Server"),
(child_pid == jail_pid ? jail_pid : rdr_pid));
break;
}
}
return 0;
}
|