From owner-svn-src-head@FreeBSD.ORG  Sun Dec 15 23:09:06 2013
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9A8F5494;
 Sun, 15 Dec 2013 23:09:06 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 79D131940;
 Sun, 15 Dec 2013 23:09:06 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rBFN96aC032129;
 Sun, 15 Dec 2013 23:09:06 GMT (envelope-from pjd@svn.freebsd.org)
Received: (from pjd@localhost)
 by svn.freebsd.org (8.14.7/8.14.7/Submit) id rBFN96Z9032127;
 Sun, 15 Dec 2013 23:09:06 GMT (envelope-from pjd@svn.freebsd.org)
Message-Id: <201312152309.rBFN96Z9032127@svn.freebsd.org>
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Sun, 15 Dec 2013 23:09:06 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r259434 - head/usr.bin/kdump
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Dec 2013 23:09:06 -0000

Author: pjd
Date: Sun Dec 15 23:09:05 2013
New Revision: 259434
URL: http://svnweb.freebsd.org/changeset/base/259434

Log:
  Make use of Casper's system.pwd and system.grp services when the -r option
  is given to convert uids and gids to user names and group names even when
  running in capability mode sandbox.
  
  While here log on stderr when we successfully enter the sandbox.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/usr.bin/kdump/Makefile
  head/usr.bin/kdump/kdump.c

Modified: head/usr.bin/kdump/Makefile
==============================================================================
--- head/usr.bin/kdump/Makefile	Sun Dec 15 23:05:19 2013	(r259433)
+++ head/usr.bin/kdump/Makefile	Sun Dec 15 23:09:05 2013	(r259434)
@@ -12,6 +12,12 @@ SRCS=		kdump_subr.c kdump.c ioctl.c subr
 DPSRCS=		kdump_subr.h 
 CFLAGS+=	-I${.CURDIR}/../ktrace -I${.CURDIR} -I${.CURDIR}/../.. -I.
 
+.if ${MK_CASPER} != "no"
+DPADD+=	${LIBCAPSICUM} ${LIBNV}
+LDADD+=	-lcapsicum -lnv
+CFLAGS+=-DHAVE_LIBCAPSICUM
+.endif
+
 .if ${MACHINE_ARCH} == "amd64" || ${MACHINE_ARCH} == "i386"
 SRCS+=		linux_syscalls.c
 .endif

Modified: head/usr.bin/kdump/kdump.c
==============================================================================
--- head/usr.bin/kdump/kdump.c	Sun Dec 15 23:05:19 2013	(r259433)
+++ head/usr.bin/kdump/kdump.c	Sun Dec 15 23:09:05 2013	(r259434)
@@ -74,9 +74,18 @@ extern int errno;
 #include <err.h>
 #include <grp.h>
 #include <inttypes.h>
+#ifdef HAVE_LIBCAPSICUM
+#include <libcapsicum.h>
+#include <libcapsicum_grp.h>
+#include <libcapsicum_pwd.h>
+#include <libcapsicum_service.h>
+#endif
 #include <locale.h>
 #include <netdb.h>
 #include <nl_types.h>
+#ifdef HAVE_LIBCAPSICUM
+#include <nv.h>
+#endif
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -167,6 +176,10 @@ struct proc_info
 
 TAILQ_HEAD(trace_procs, proc_info) trace_procs;
 
+#ifdef HAVE_LIBCAPSICUM
+static cap_channel_t *cappwd, *capgrp;
+#endif
+
 static void
 strerror_init(void)
 {
@@ -192,6 +205,64 @@ localtime_init(void)
 	(void)localtime(&ltime);
 }
 
+#ifdef HAVE_LIBCAPSICUM
+static int
+cappwdgrp_setup(cap_channel_t **cappwdp, cap_channel_t **capgrpp)
+{
+	cap_channel_t *capcas, *cappwdloc, *capgrploc;
+	const char *cmds[1], *fields[1];
+
+	capcas = cap_init();
+	if (capcas == NULL) {
+		warn("unable to contact casperd");
+		return (NULL);
+	}
+	cappwdloc = cap_service_open(capcas, "system.pwd");
+	capgrploc = cap_service_open(capcas, "system.grp");
+	/* Casper capability no longer needed. */
+	cap_close(capcas);
+	if (cappwdloc == NULL || capgrploc == NULL) {
+		if (cappwdloc == NULL)
+			warn("unable to open system.pwd service");
+		if (capgrploc == NULL)
+			warn("unable to open system.grp service");
+		goto fail;
+	}
+	/* Limit system.pwd to only getpwuid() function and pw_name field. */
+	cmds[0] = "getpwuid";
+	if (cap_pwd_limit_cmds(cappwdloc, cmds, 1) < 0) {
+		warn("unable to limit access to system.pwd service");
+		goto fail;
+	}
+	fields[0] = "pw_name";
+	if (cap_pwd_limit_fields(cappwdloc, fields, 1) < 0) {
+		warn("unable to limit access to system.pwd service");
+		goto fail;
+	}
+	/* Limit system.grp to only getgrgid() function and gr_name field. */
+	cmds[0] = "getgrgid";
+	if (cap_grp_limit_cmds(capgrploc, cmds, 1) < 0) {
+		warn("unable to limit access to system.grp service");
+		goto fail;
+	}
+	fields[0] = "gr_name";
+	if (cap_grp_limit_fields(capgrploc, fields, 1) < 0) {
+		warn("unable to limit access to system.grp service");
+		goto fail;
+	}
+
+	*cappwdp = cappwdloc;
+	*capgrpp = capgrploc;
+	return (0);
+fail:
+	if (capgrploc == NULL)
+		cap_close(cappwdloc);
+	if (capgrploc == NULL)
+		cap_close(capgrploc);
+	return (-1);
+}
+#endif	/* HAVE_LIBCAPSICUM */
+
 int
 main(int argc, char *argv[])
 {
@@ -265,14 +336,28 @@ main(int argc, char *argv[])
 
 	strerror_init();
 	localtime_init();
-
+#ifdef HAVE_LIBCAPSICUM
+	if (resolv != 0) {
+		if (cappwdgrp_setup(&cappwd, &capgrp) < 0) {
+			cappwd = NULL;
+			capgrp = NULL;
+		}
+	}
+	if (resolv == 0 || (cappwd != NULL && capgrp != NULL)) {
+		if (cap_enter() < 0 && errno != ENOSYS)
+			err(1, "unable to enter capability mode");
+	}
+#else
 	if (resolv == 0) {
 		if (cap_enter() < 0 && errno != ENOSYS)
 			err(1, "unable to enter capability mode");
 	}
+#endif
 	limitfd(STDIN_FILENO);
 	limitfd(STDOUT_FILENO);
 	limitfd(STDERR_FILENO);
+	if (cap_sandboxed())
+		fprintf(stderr, "capability mode sandbox enabled\n");
 
 	TAILQ_INIT(&trace_procs);
 	drop_logged = 0;
@@ -1664,11 +1749,31 @@ ktrstat(struct stat *statp)
 		printf("mode=%s, ", mode);
 	}
 	printf("nlink=%ju, ", (uintmax_t)statp->st_nlink);
-	if (resolv == 0 || (pwd = getpwuid(statp->st_uid)) == NULL)
+	if (resolv == 0) {
+		pwd = NULL;
+	} else {
+#ifdef HAVE_LIBCAPSICUM
+		if (cappwd != NULL)
+			pwd = cap_getpwuid(cappwd, statp->st_uid);
+		else
+#endif
+			pwd = getpwuid(statp->st_uid);
+	}
+	if (pwd == NULL)
 		printf("uid=%ju, ", (uintmax_t)statp->st_uid);
 	else
 		printf("uid=\"%s\", ", pwd->pw_name);
-	if (resolv == 0 || (grp = getgrgid(statp->st_gid)) == NULL)
+	if (resolv == 0) {
+		grp = NULL;
+	} else {
+#ifdef HAVE_LIBCAPSICUM
+		if (capgrp != NULL)
+			grp = cap_getgrgid(capgrp, statp->st_gid);
+		else
+#endif
+			grp = getgrgid(statp->st_gid);
+	}
+	if (grp == NULL)
 		printf("gid=%ju, ", (uintmax_t)statp->st_gid);
 	else
 		printf("gid=\"%s\", ", grp->gr_name);