From clsung@going04.iis.sinica.edu.tw  Sat Apr 15 02:37:31 2006
Return-Path: <clsung@going04.iis.sinica.edu.tw>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 02D6716A400
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 15 Apr 2006 02:37:31 +0000 (UTC)
	(envelope-from clsung@going04.iis.sinica.edu.tw)
Received: from going04.iis.sinica.edu.tw (going04.iis.sinica.edu.tw [140.109.19.154])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A5B9943D45
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 15 Apr 2006 02:37:30 +0000 (GMT)
	(envelope-from clsung@going04.iis.sinica.edu.tw)
Received: by going04.iis.sinica.edu.tw (Postfix, from userid 1002)
	id 5D1C628493; Sat, 15 Apr 2006 10:37:43 +0800 (CST)
Message-Id: <20060415023743.5D1C628493@going04.iis.sinica.edu.tw>
Date: Sat, 15 Apr 2006 10:37:43 +0800 (CST)
From: Cheng-Lung Sung <clsung@FreeBSD.org>
Reply-To: Cheng-Lung Sung <clsung@tw.FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] -u|-U options in jexec 
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         95777
>Category:       bin
>Synopsis:       [patch] -u|-U options in jexec
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Apr 15 02:40:17 GMT 2006
>Closed-Date:    Thu Jun 08 17:32:25 GMT 2006
>Last-Modified:  Thu Jun 08 17:32:25 GMT 2006
>Originator:     Cheng-Lung Sung
>Release:        FreeBSD 6.1-PRERELEASE i386
>Organization:
FreeBSD @ Taiwan
>Environment:
System: FreeBSD going04.iis.sinica.edu.tw 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #2: Fri Apr 7 12:57:51 CST 2006 root@going04.iis.sinica.edu.tw:/usr/obj/usr/src/sys/GENERIC i386


>Description:
    I think jexec command should be executed in different user,
just like what jail(8) do.

also refer to 
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/94730
>How-To-Repeat:
    jexec <jid> cmd...
    jexec -u|-U username <jid> cmd...
>Fix:

--- /usr/src/usr.sbin/jexec/jexec.c	Sat Jul  5 03:14:27 2003
+++ jexec/jexec.c	Sat Apr 15 01:12:12 2006
@@ -30,26 +30,84 @@
 #include <sys/jail.h>
 
 #include <err.h>
+#include <errno.h>
+#include <login_cap.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <pwd.h>
 #include <unistd.h>
 
 static void	usage(void);
 
+#define GET_USER_INFO do {						\
+	pwd = getpwnam(username);					\
+	if (pwd == NULL) {						\
+		if (errno)						\
+			err(1, "getpwnam: %s", username);		\
+		else							\
+			errx(1, "%s: no such user", username);		\
+	}								\
+	lcap = login_getpwclass(pwd);					\
+	if (lcap == NULL)						\
+		err(1, "getpwclass: %s", username);			\
+	ngroups = NGROUPS;						\
+	if (getgrouplist(username, pwd->pw_gid, groups, &ngroups) != 0)	\
+		err(1, "getgrouplist: %s", username);			\
+} while (0)
+
 int
 main(int argc, char *argv[])
 {
 	int jid;
+	login_cap_t *lcap = NULL;
+	struct passwd *pwd = NULL;
+	gid_t groups[NGROUPS];
+	int ch, ngroups, uflag, Uflag;
+	char *username;
+	ch = uflag = Uflag = 0;
+	username = NULL;
 
-	if (argc < 3)
+	while ((ch = getopt(argc, argv, "u:U:")) != -1) {
+		switch (ch) {
+		case 'u':
+			username = optarg;
+			uflag = 1;
+			break;
+		case 'U':
+			username = optarg;
+			Uflag = 1;
+			break;
+		default:
+			usage();
+		}
+	}
+	argc -= optind;
+	argv += optind;
+	if (argc < 2)
+		usage();
+	if (uflag && Uflag)
 		usage();
-	jid = (int)strtol(argv[1], NULL, 10);
+	if (uflag)
+		GET_USER_INFO;
+	jid = (int)strtol(argv[0], NULL, 10);
 	if (jail_attach(jid) == -1)
 		err(1, "jail_attach(): %d", jid);
 	if (chdir("/") == -1)
 		err(1, "chdir(): /");
-	if (execvp(argv[2], argv + 2) == -1)
-		err(1, "execvp(): %s", argv[2]);
+	if (username != NULL) {
+		if (Uflag)
+			GET_USER_INFO;
+		if (setgroups(ngroups, groups) != 0)
+			err(1, "setgroups");
+		if (setgid(pwd->pw_gid) != 0)
+			err(1, "setgid");
+		if (setusercontext(lcap, pwd, pwd->pw_uid,
+		    LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN) != 0)
+			err(1, "setusercontext");
+		login_close(lcap);
+	}
+	if (execvp(argv[1], argv + 1) == -1)
+		err(1, "execvp(): %s", argv[1]);
 	exit(0);
 }
 
@@ -57,6 +115,8 @@
 usage(void)
 {
 
-	fprintf(stderr, "usage: jexec jid command [...]\n");
+	fprintf(stderr, "%s%s\n",
+		"usage: jexec [-u username | -U username]",
+		" jid command [...]");
 	exit(1); 
 }
>Release-Note:
>Audit-Trail:
Adding to audit trail from misfiled PR bin/95978:

Date: Mon, 17 Apr 2006 22:52:29 -0300
From: "Roberto Lima" <smuxinho@gmail.com>

 I'm trying this patch in freebsd 6.0-release and i got this errors:
 
 cc -O2 -fno-strict-aliasing -pipe  -Wsystem-headers -Werror -Wall
 -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes
 -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual
 -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter
 -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls  -o
 jexec jexec.o
 jexec.o(.text+0xea): In function `main':
 : undefined reference to `login_getpwclass'
 jexec.o(.text+0x1ab): In function `main':
 : undefined reference to `setusercontext'
 jexec.o(.text+0x1c1): In function `main':
 : undefined reference to `login_close'
 jexec.o(.text+0x22c): In function `main':
 : undefined reference to `login_getpwclass'
 *** Error code 1
 
 Stop in /usr/src/usr.sbin/jexec.
 
 What's this can be?
 
 Sorry for my bad english.

Adding to audit trail from misfiled PR bin/95980:

Date: Tue, 18 Apr 2006 11:02:19 +0800
From: Cheng-Lung Sung <clsung@FreeBSD.org>
 
 Sorry, I forgot provide diff of jexec/Makefile
 
 ======= patch.Makefile ====
 --- /usr/src/usr.sbin/jexec/Makefile    Wed Apr  9 11:04:12 2003
 +++ Makefile    Sat Apr 15 01:01:18 2006
 @@ -2,6 +2,8 @@
  
  PROG=  jexec
  MAN=   jexec.8
 +DPADD= ${LIBUTIL}
 +LDADD= -lutil
  WARNS?=        6
      
 .include <bsd.prog.mk>

 On Mon, Apr 17, 2006 at 10:52:29PM -0300, Roberto Lima wrote:
 > Hi there,
 > I'm trying this patch in freebsd 6.0-release and i got this errors:
 > 
 > cc -O2 -fno-strict-aliasing -pipe  -Wsystem-headers -Werror -Wall
 > -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes
 > -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual
 > -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter
 > -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls  -o
 > jexec jexec.o
 > jexec.o(.text+0xea): In function `main':
 > : undefined reference to `login_getpwclass'
 > jexec.o(.text+0x1ab): In function `main':
 > : undefined reference to `setusercontext'
 > jexec.o(.text+0x1c1): In function `main':
 > : undefined reference to `login_close'
 > jexec.o(.text+0x22c): In function `main':
 > : undefined reference to `login_getpwclass'
 > *** Error code 1
 > 
 > Stop in /usr/src/usr.sbin/jexec.
 > 
 > What's this can be?
 > 
 > Sorry for my bad english.
 
 -- 
 Cheng-Lung Sung - clsung@
 
 --Qxx1br4bt0+wmkIi
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.3 (FreeBSD)
 
 iD8DBQFERFa6+AeJ85Vui8ERAgYwAJ9x0edy6cPIZdsb7S2jPhaIiOjMRQCfUe/A
 pND4JigsggAPlhsB/epYwOs=
 =UHX7
 -----END PGP SIGNATURE-----
 
 --Qxx1br4bt0+wmkIi--
State-Changed-From-To: open->patched 
State-Changed-By: delphij 
State-Changed-When: Wed Apr 19 10:15:54 UTC 2006 
State-Changed-Why:  
Patch applied (with minor tweaks and manpage update), MFC 
reminder.  Thanks for your submission! 


Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Wed Apr 19 10:15:54 UTC 2006 
Responsible-Changed-Why:  
Patch applied (with minor tweaks and manpage update), MFC 
reminder.  Thanks for your submission! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=95777 
State-Changed-From-To: patched->closed 
State-Changed-By: delphij 
State-Changed-When: Thu Jun 8 17:32:05 UTC 2006 
State-Changed-Why:  
MFC done.  Thanks for your submission! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=95777 
>Unformatted:
