GCOV - Varnish Cache


/*-
 * Copyright (c) 2015 Varnish Software AS
 * All rights reserved.
 *
 * Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * Jailing
 *
 */

#include "config.h"

#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
//lint -efile(766, sys/statvfs.h)
#include <sys/statvfs.h>

#include "mgt/mgt.h"
#include "common/heritage.h"
#include "vav.h"

/**********************************************************************
 * A "none" jail implementation which doesn't do anything.
 */

static int v_matchproto_(jail_init_f)
vjn_init(char **args)
{
        if (args != NULL && *args != NULL)
                ARGV_ERR("-jnone takes no arguments.\n");
        return (0);
}

static void v_matchproto_(jail_master_f)
vjn_master(enum jail_master_e jme)
{
        (void)jme;
}

static void v_matchproto_(jail_subproc_f)
vjn_subproc(enum jail_subproc_e jse)
{
        (void)jse;
}

static const struct jail_tech jail_tech_none = {
        .magic =        JAIL_TECH_MAGIC,
        .name =         "none",
        .init =         vjn_init,
        .master =       vjn_master,
        .subproc =      vjn_subproc,
};

/**********************************************************************/

static const struct jail_tech *vjt;

static const struct choice vj_choice[] = {
#ifdef HAVE_SETPPRIV
        { "solaris",    &jail_tech_solaris },
#endif
        { "unix",       &jail_tech_unix },
        { "none",       &jail_tech_none },
        { NULL,         NULL },
};

void
VJ_Init(const char *j_arg)
{
        char **av;
        int i;

        if (j_arg != NULL) {
                av = VAV_Parse(j_arg, NULL, ARGV_COMMA);
                AN(av);
                if (av[0] != NULL)
                        ARGV_ERR("-j argument: %s\n", av[0]);
                if (av[1] == NULL)
                        ARGV_ERR("-j argument is empty\n");
                vjt = MGT_Pick(vj_choice, av[1], "jail");
                CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
                (void)vjt->init(av + 2);
                VAV_Free(av);
        } else {
                /*
                 * Go through list of jail technologies until one
                 * succeeds, falling back to "none".
                 */
                for (i = 0; vj_choice[i].name != NULL; i++) {
                        vjt = vj_choice[i].ptr;
                        CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
                        if (!vjt->init(NULL))
                                break;
                }
        }
        VSB_printf(vident, ",-j%s", vjt->name);
}

void
VJ_master(enum jail_master_e jme)
{
        CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
        vjt->master(jme);
}

void
VJ_subproc(enum jail_subproc_e jse)
{
        CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
        vjt->subproc(jse);
}

int
VJ_make_workdir(const char *dname)
{
        int i;

        AN(dname);
        CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
        if (vjt->make_workdir != NULL) {
                i = vjt->make_workdir(dname, NULL, NULL);
                if (i)
                        return (i);
                VJ_master(JAIL_MASTER_FILE);
        } else {
                VJ_master(JAIL_MASTER_FILE);
                if (mkdir(dname, 0755) < 0 && errno != EEXIST)
                        ARGV_ERR("Cannot create working directory '%s': %s\n",
                                 dname, VAS_errtxt(errno));
        }

        if (chdir(dname) < 0)
                ARGV_ERR("Cannot change to working directory '%s': %s\n",
                    dname, VAS_errtxt(errno));

        i = open("_.testfile", O_RDWR|O_CREAT|O_EXCL, 0600);
        if (i < 0)
                ARGV_ERR("Cannot create test-file in %s (%s)\n"
                    "Check permissions (or delete old directory)\n",
                    dname, VAS_errtxt(errno));

#ifdef ST_NOEXEC
        struct statvfs vfs[1];

        /* deliberately ignore fstatvfs errors */
        if (! fstatvfs(i, vfs) && vfs->f_flag & ST_NOEXEC) {
                closefd(&i);
                AZ(unlink("_.testfile"));
                ARGV_ERR("Working directory %s (-n argument) "
                    "can not reside on a file system mounted noexec\n", dname);
        }
#endif

        closefd(&i);
        AZ(unlink("_.testfile"));
        VJ_master(JAIL_MASTER_LOW);
        return (0);
}

int
VJ_make_subdir(const char *dname, const char *what, struct vsb *vsb)
{
        int e;

        AN(dname);
        AN(what);
        CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
        if (vjt->make_subdir != NULL)
                return (vjt->make_subdir(dname, what, vsb));

        VJ_master(JAIL_MASTER_FILE);
        if (mkdir(dname, 0755) < 0 && errno != EEXIST) {
                e = errno;
                if (vsb != NULL) {
                        VSB_printf(vsb,
                            "Cannot create %s directory '%s': %s\n",
                            what, dname, VAS_errtxt(e));
                } else {
                        MGT_Complain(C_ERR,
                            "Cannot create %s directory '%s': %s",
                            what, dname, VAS_errtxt(e));
                }
                return (1);
        }
        VJ_master(JAIL_MASTER_LOW);
        return (0);
}

void
VJ_unlink(const char *fname, int ignore_enoent)
{
        VJ_master(JAIL_MASTER_FILE);
        if (unlink(fname)) {
                if (errno != ENOENT || !ignore_enoent)
                    fprintf(stderr, "Could not delete '%s': %s\n",
                        fname, strerror(errno));
        }
        VJ_master(JAIL_MASTER_LOW);
}

void
VJ_rmdir(const char *dname)
{
        VJ_master(JAIL_MASTER_FILE);
        if (rmdir(dname)) {
                fprintf(stderr, "Could not rmdir '%s': %s\n",
                    dname, strerror(errno));
        }
        VJ_master(JAIL_MASTER_LOW);
}

void
VJ_fix_fd(int fd, enum jail_fixfd_e what)
{

        CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
        if (vjt->fixfd != NULL)
                vjt->fixfd(fd, what);
}

		varnish-cache/bin/varnishd/mgt/mgt_jail.c
0		/*-
1		* Copyright (c) 2015 Varnish Software AS
2		* All rights reserved.
3		*
4		* Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
5		*
6		* SPDX-License-Identifier: BSD-2-Clause
7		*
8		* Redistribution and use in source and binary forms, with or without
9		* modification, are permitted provided that the following conditions
10		* are met:
11		* 1. Redistributions of source code must retain the above copyright
12		* notice, this list of conditions and the following disclaimer.
13		* 2. Redistributions in binary form must reproduce the above copyright
14		* notice, this list of conditions and the following disclaimer in the
15		* documentation and/or other materials provided with the distribution.
16		*
17		* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20		* ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27		* SUCH DAMAGE.
28		*
29		* Jailing
30		*
31		*/
32
33		#include "config.h"
34
35		#include <fcntl.h>
36		#include <stdio.h>
37		#include <stdlib.h>
38		#include <string.h>
39		#include <unistd.h>
40		#include <sys/stat.h>
41		//lint -efile(766, sys/statvfs.h)
42		#include <sys/statvfs.h>
43
44		#include "mgt/mgt.h"
45		#include "common/heritage.h"
46		#include "vav.h"
47
48		/**********************************************************************
49		* A "none" jail implementation which doesn't do anything.
50		*/
51
52		static int v_matchproto_(jail_init_f)
53	23725	vjn_init(char **args)
54		{
55	23725	if (args != NULL && *args != NULL)
56	0	ARGV_ERR("-jnone takes no arguments.\n");
57	23725	return (0);
58		}
59
60		static void v_matchproto_(jail_master_f)
61	1355809	vjn_master(enum jail_master_e jme)
62		{
63	1355809	(void)jme;
64	1355809	}
65
66		static void v_matchproto_(jail_subproc_f)
67	116197	vjn_subproc(enum jail_subproc_e jse)
68		{
69	116197	(void)jse;
70	116197	}
71
72		static const struct jail_tech jail_tech_none = {
73		.magic = JAIL_TECH_MAGIC,
74		.name = "none",
75		.init = vjn_init,
76		.master = vjn_master,
77		.subproc = vjn_subproc,
78		};
79
80		/**********************************************************************/
81
82		static const struct jail_tech *vjt;
83
84		static const struct choice vj_choice[] = {
85		#ifdef HAVE_SETPPRIV
86		{ "solaris", &jail_tech_solaris },
87		#endif
88		{ "unix", &jail_tech_unix },
89		{ "none", &jail_tech_none },
90		{ NULL, NULL },
91		};
92
93		void
94	24200	VJ_Init(const char *j_arg)
95		{
96		char **av;
97		int i;
98
99	24200	if (j_arg != NULL) {
100	225	av = VAV_Parse(j_arg, NULL, ARGV_COMMA);
101	225	AN(av);
102	225	if (av[0] != NULL)
103	0	ARGV_ERR("-j argument: %s\n", av[0]);
104	225	if (av[1] == NULL)
105	0	ARGV_ERR("-j argument is empty\n");
106	225	vjt = MGT_Pick(vj_choice, av[1], "jail");
107	225	CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
108	225	(void)vjt->init(av + 2);
109	225	VAV_Free(av);
110	225	} else {
111		/*
112		* Go through list of jail technologies until one
113		* succeeds, falling back to "none".
114		*/
115	47700	for (i = 0; vj_choice[i].name != NULL; i++) {
116	47700	vjt = vj_choice[i].ptr;
117	47700	CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
118	47700	if (!vjt->init(NULL))
119	23975	break;
120	23725	}
121		}
122	24200	VSB_printf(vident, ",-j%s", vjt->name);
123	24200	}
124
125		void
126	1373134	VJ_master(enum jail_master_e jme)
127		{
128	1373134	CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
129	1373134	vjt->master(jme);
130	1373134	}
131
132		void
133	116897	VJ_subproc(enum jail_subproc_e jse)
134		{
135	116897	CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
136	116897	vjt->subproc(jse);
137	116897	}
138
139		int
140	23125	VJ_make_workdir(const char *dname)
141		{
142		int i;
143
144	23125	AN(dname);
145	23125	CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
146	23125	if (vjt->make_workdir != NULL) {
147	350	i = vjt->make_workdir(dname, NULL, NULL);
148	350	if (i)
149	0	return (i);
150	350	VJ_master(JAIL_MASTER_FILE);
151	350	} else {
152	22775	VJ_master(JAIL_MASTER_FILE);
153	22775	if (mkdir(dname, 0755) < 0 && errno != EEXIST)
154	0	ARGV_ERR("Cannot create working directory '%s': %s\n",
155		dname, VAS_errtxt(errno));
156		}
157
158	23125	if (chdir(dname) < 0)
159	0	ARGV_ERR("Cannot change to working directory '%s': %s\n",
160		dname, VAS_errtxt(errno));
161
162	23125	i = open("_.testfile", O_RDWR\|O_CREAT\|O_EXCL, 0600);
163	23125	if (i < 0)
164	0	ARGV_ERR("Cannot create test-file in %s (%s)\n"
165		"Check permissions (or delete old directory)\n",
166		dname, VAS_errtxt(errno));
167
168		#ifdef ST_NOEXEC
169		struct statvfs vfs[1];
170
171		/* deliberately ignore fstatvfs errors */
172		if (! fstatvfs(i, vfs) && vfs->f_flag & ST_NOEXEC) {
173		closefd(&i);
174		AZ(unlink("_.testfile"));
175		ARGV_ERR("Working directory %s (-n argument) "
176		"can not reside on a file system mounted noexec\n", dname);
177		}
178		#endif
179
180	23125	closefd(&i);
181	23125	AZ(unlink("_.testfile"));
182	23125	VJ_master(JAIL_MASTER_LOW);
183	23125	return (0);
184	23125	}
185
186		int
187	59650	VJ_make_subdir(const char dname, const char what, struct vsb *vsb)
188		{
189		int e;
190
191	59650	AN(dname);
192	59650	AN(what);
193	59650	CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
194	59650	if (vjt->make_subdir != NULL)
195	700	return (vjt->make_subdir(dname, what, vsb));
196
197	58950	VJ_master(JAIL_MASTER_FILE);
198	58950	if (mkdir(dname, 0755) < 0 && errno != EEXIST) {
199	0	e = errno;
200	0	if (vsb != NULL) {
201	0	VSB_printf(vsb,
202		"Cannot create %s directory '%s': %s\n",
203	0	what, dname, VAS_errtxt(e));
204	0	} else {
205	0	MGT_Complain(C_ERR,
206		"Cannot create %s directory '%s': %s",
207	0	what, dname, VAS_errtxt(e));
208		}
209	0	return (1);
210		}
211	58950	VJ_master(JAIL_MASTER_LOW);
212	58950	return (0);
213	59650	}
214
215		void
216	80050	VJ_unlink(const char *fname, int ignore_enoent)
217		{
218	80050	VJ_master(JAIL_MASTER_FILE);
219	80050	if (unlink(fname)) {
220	7200	if (errno != ENOENT \|\| !ignore_enoent)
221	0	fprintf(stderr, "Could not delete '%s': %s\n",
222	0	fname, strerror(errno));
223	7200	}
224	80050	VJ_master(JAIL_MASTER_LOW);
225	80050	}
226
227		void
228	7500	VJ_rmdir(const char *dname)
229		{
230	7500	VJ_master(JAIL_MASTER_FILE);
231	7500	if (rmdir(dname)) {
232	50	fprintf(stderr, "Could not rmdir '%s': %s\n",
233	25	dname, strerror(errno));
234	25	}
235	7500	VJ_master(JAIL_MASTER_LOW);
236	7500	}
237
238		void
239	46800	VJ_fix_fd(int fd, enum jail_fixfd_e what)
240		{
241
242	46800	CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
243	46800	if (vjt->fixfd != NULL)
244	775	vjt->fixfd(fd, what);
245	46800	}