merge with 0.30.213

[util-vserver.git] / src / capchroot.c

// $Id: capchroot.c 2403 2006-11-24 23:06:08Z dhozac $

// Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
// based on capchroot.cc by Jacques Gelinas
//  
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2, or (at your option)
// any later version.
//  
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//  
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

/*
        This chroot command does very little. Once the chroot
        system call is executed, it (option) remove the CAP_SYS_CHROOT
        capability. Then it executes its argument
*/

#ifdef HAVE_CONFIG_H
#  include <config.h>
#endif

#include "vserver.h"
#include "util.h"

#include <stdio.h>
#include <string.h>
#include <pwd.h>
#include <grp.h>
#include <errno.h>
#include <unistd.h>
#include <stdbool.h>
#include <stdlib.h>
#include <getopt.h>
#include <libgen.h>

#define ENSC_WRAPPERS_PREFIX    "capchroot: "
#define ENSC_WRAPPERS_UNISTD    1
#define ENSC_WRAPPERS_VSERVER   1
#include <wrappers.h>

#define CMD_HELP                0x1000
#define CMD_VERSION             0x1001
#define CMD_NOCHROOT            0x2000
#define CMD_SUID                0x2001

int                     wrapper_exit_code = 255;

static struct option const
CMDLINE_OPTIONS[] = {
  { "help",        no_argument,       0, CMD_HELP },
  { "version",     no_argument,       0, CMD_VERSION },
  { "nochroot",    no_argument,       0, CMD_NOCHROOT },
  { "suid",        required_argument, 0, CMD_SUID },
  {0,0,0,0}
};

static void
showHelp(int fd, char const *cmd, int res)
{
  VSERVER_DECLARE_CMD(cmd);

#if !defined(VC_ENABLE_API_COMPAT) && !defined(VC_ENABLE_API_LEGACY)
  WRITE_MSG(1, "ERROR: tools were built without legacy API support; capchroot will not work!\n\n");
#endif
  
  WRITE_MSG(fd, "Usage:  ");
  WRITE_STR(fd, cmd);
  WRITE_MSG(fd,
            " --nochroot [--suid <user>] [--] <directory> <command> <args>*\n"
            "\n"
            "Options:\n"
            "    --nochroot     ... remove the CAP_SYS_CHROOT capability\n"
            "                       after the chroot system call.\n"
            "    --suid <user>  ... switch to a different user (in the vserver\n"
            "                       context) before executing the command.\n"
            "\n"
            "Please report bugs to " PACKAGE_BUGREPORT "\n");
  exit(res);
}

static void
showVersion()
{
  WRITE_MSG(1,
            "capchroot " VERSION " -- a capability aware chroot\n"
            "This program is part of " PACKAGE_STRING "\n\n"
            "Copyright (C) 2004 Enrico Scholz\n"
            VERSION_COPYRIGHT_DISCLAIMER);
  exit(0);
}

static UNUSED void
setUser(char const *user)
{
  struct passwd         *p = 0;
  if (user!=0 && strcmp(user, "root")!=0 && strcmp(user, "0")!=0) {
    errno = 0;
    p     = getpwnam(user);
    if (p==0) {
      if (errno==0) errno = ENOENT;
      PERROR_Q(ENSC_WRAPPERS_PREFIX "getpwnam", user);
      exit(wrapper_exit_code);
    }
  }

  if (p!=0) {
    Esetgroups(1, &p->pw_gid);
    Esetgid(p->pw_gid);
    Esetuid(p->pw_uid);

    if (getuid()!=p->pw_uid || getgid()!=p->pw_gid) {
      WRITE_MSG(2, ENSC_WRAPPERS_PREFIX "Something went wrong while changing uid; expected uid/gid do not match the actual one\n");
      exit(wrapper_exit_code);
    }
  }
}
    
int main (int argc, char *argv[])
{
  bool                  nochroot  = false;
  char const *          suid_user = 0;
  
  while (1) {
    int         c = getopt_long(argc, argv, "+", CMDLINE_OPTIONS, 0);
    if (c==-1) break;

    switch (c) {
      case CMD_HELP     :  showHelp(1, argv[0], 0);
      case CMD_VERSION  :  showVersion();
      case CMD_NOCHROOT :  nochroot  = true;   break;
      case CMD_SUID     :  suid_user = optarg; break;
      default           :
        WRITE_MSG(2, "Try '");
        WRITE_STR(2, argv[0]);
        WRITE_MSG(2, " --help' for more information.\n");
        return EXIT_FAILURE;
        break;
    }
  }

#if defined(VC_ENABLE_API_COMPAT) || defined(VC_ENABLE_API_LEGACY)
  if (optind==argc)
    WRITE_MSG(2, "No directory specified; try '--help' for more information\n");
  else if (optind+1==argc)
    WRITE_MSG(2, "No command specified; try '--help' for more information\n");
  else {
      // We resolve the UID before doing the chroot.
      // If we do the getpwnam after the chroot, we will end
      // up loading shared object from the vserver.
      // This is causing two kind of problem: Incompatibilities
      // and also a security flaw. The shared objects in the vserver
      // may be tweaked to get control of the root server ...
    getpwnam("root");
    Echroot(argv[optind]);
    if (nochroot)
      Evc_new_s_context(VC_SAMECTX, 1<<VC_CAP_SYS_CHROOT,0);
    setUser(suid_user);
    EexecvpD(argv[optind+1], argv+optind+1);
  }
#else
  WRITE_MSG(2, "capchroot: tools were built without legacy API support; can not continue\n");
#endif
  
  return EXIT_FAILURE;
}