1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1989, 1993
5 *	The Regents of the University of California.  All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Kevin Fall.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 *    may be used to endorse or promote products derived from this software
20 *    without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34
35#include <sys/capsicum.h>
36#include <sys/param.h>
37#include <sys/stat.h>
38#ifndef NO_UDOM_SUPPORT
39#include <sys/socket.h>
40#include <sys/un.h>
41#include <netdb.h>
42#endif
43
44#include <capsicum_helpers.h>
45#include <ctype.h>
46#include <err.h>
47#include <errno.h>
48#include <fcntl.h>
49#include <locale.h>
50#include <stdio.h>
51#include <stdlib.h>
52#include <string.h>
53#include <unistd.h>
54#include <wchar.h>
55#include <wctype.h>
56
57#include <libcasper.h>
58#include <casper/cap_fileargs.h>
59#include <casper/cap_net.h>
60
61static int bflag, eflag, lflag, nflag, sflag, tflag, vflag;
62static int rval;
63static const char *filename;
64static fileargs_t *fa;
65
66static void usage(void) __dead2;
67static void scanfiles(char *argv[], int cooked);
68#ifndef BOOTSTRAP_CAT
69static void cook_cat(FILE *);
70static ssize_t in_kernel_copy(int);
71#endif
72static void raw_cat(int);
73
74#ifndef NO_UDOM_SUPPORT
75static cap_channel_t *capnet;
76
77static int udom_open(const char *path, int flags);
78#endif
79
80/*
81 * Memory strategy threshold, in pages: if physmem is larger than this,
82 * use a large buffer.
83 */
84#define	PHYSPAGES_THRESHOLD (32 * 1024)
85
86/* Maximum buffer size in bytes - do not allow it to grow larger than this. */
87#define	BUFSIZE_MAX (2 * 1024 * 1024)
88
89/*
90 * Small (default) buffer size in bytes. It's inefficient for this to be
91 * smaller than MAXPHYS.
92 */
93#define	BUFSIZE_SMALL (MAXPHYS)
94
95
96/*
97 * For the bootstrapped cat binary (needed for locked appending to METALOG), we
98 * disable all flags except -l and -u to avoid non-portable function calls.
99 * In the future we may instead want to write a small portable bootstrap tool
100 * that locks the output file before writing to it. However, for now
101 * bootstrapping cat without multibyte support is the simpler solution.
102 */
103#ifdef BOOTSTRAP_CAT
104#define SUPPORTED_FLAGS "lu"
105#else
106#define SUPPORTED_FLAGS "belnstuv"
107#endif
108
109#ifndef NO_UDOM_SUPPORT
110static void
111init_casper_net(cap_channel_t *casper)
112{
113	cap_net_limit_t *limit;
114	int familylimit;
115
116	capnet = cap_service_open(casper, "system.net");
117	if (capnet == NULL)
118		err(EXIT_FAILURE, "unable to create network service");
119
120	limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR |
121	    CAPNET_CONNECTDNS);
122	if (limit == NULL)
123		err(EXIT_FAILURE, "unable to create limits");
124
125	familylimit = AF_LOCAL;
126	cap_net_limit_name2addr_family(limit, &familylimit, 1);
127
128	if (cap_net_limit(limit) != 0)
129		err(EXIT_FAILURE, "unable to apply limits");
130}
131#endif
132
133static void
134init_casper(int argc, char *argv[])
135{
136	cap_channel_t *casper;
137	cap_rights_t rights;
138
139	casper = cap_init();
140	if (casper == NULL)
141		err(EXIT_FAILURE, "unable to create Casper");
142
143	fa = fileargs_cinit(casper, argc, argv, O_RDONLY, 0,
144	    cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_FCNTL, CAP_SEEK),
145	    FA_OPEN | FA_REALPATH);
146	if (fa == NULL)
147		err(EXIT_FAILURE, "unable to create fileargs");
148
149#ifndef NO_UDOM_SUPPORT
150	init_casper_net(casper);
151#endif
152
153	cap_close(casper);
154}
155
156int
157main(int argc, char *argv[])
158{
159	int ch;
160	struct flock stdout_lock;
161
162	setlocale(LC_CTYPE, "");
163
164	while ((ch = getopt(argc, argv, SUPPORTED_FLAGS)) != -1)
165		switch (ch) {
166		case 'b':
167			bflag = nflag = 1;	/* -b implies -n */
168			break;
169		case 'e':
170			eflag = vflag = 1;	/* -e implies -v */
171			break;
172		case 'l':
173			lflag = 1;
174			break;
175		case 'n':
176			nflag = 1;
177			break;
178		case 's':
179			sflag = 1;
180			break;
181		case 't':
182			tflag = vflag = 1;	/* -t implies -v */
183			break;
184		case 'u':
185			setbuf(stdout, NULL);
186			break;
187		case 'v':
188			vflag = 1;
189			break;
190		default:
191			usage();
192		}
193	argv += optind;
194	argc -= optind;
195
196	if (lflag) {
197		stdout_lock.l_len = 0;
198		stdout_lock.l_start = 0;
199		stdout_lock.l_type = F_WRLCK;
200		stdout_lock.l_whence = SEEK_SET;
201		if (fcntl(STDOUT_FILENO, F_SETLKW, &stdout_lock) != 0)
202			err(EXIT_FAILURE, "stdout");
203	}
204
205	init_casper(argc, argv);
206
207	caph_cache_catpages();
208
209	if (caph_enter_casper() != 0)
210		err(EXIT_FAILURE, "capsicum");
211
212	if (bflag || eflag || nflag || sflag || tflag || vflag)
213		scanfiles(argv, 1);
214	else
215		scanfiles(argv, 0);
216	if (fclose(stdout))
217		err(1, "stdout");
218	exit(rval);
219	/* NOTREACHED */
220}
221
222static void
223usage(void)
224{
225
226	fprintf(stderr, "usage: cat [-" SUPPORTED_FLAGS "] [file ...]\n");
227	exit(1);
228	/* NOTREACHED */
229}
230
231static void
232scanfiles(char *argv[], int cooked __unused)
233{
234	int fd, i;
235	char *path;
236#ifndef BOOTSTRAP_CAT
237	FILE *fp;
238#endif
239
240	i = 0;
241	fd = -1;
242	while ((path = argv[i]) != NULL || i == 0) {
243		if (path == NULL || strcmp(path, "-") == 0) {
244			filename = "stdin";
245			fd = STDIN_FILENO;
246		} else {
247			filename = path;
248			fd = fileargs_open(fa, path);
249#ifndef NO_UDOM_SUPPORT
250			if (fd < 0 && errno == EOPNOTSUPP)
251				fd = udom_open(path, O_RDONLY);
252#endif
253		}
254		if (fd < 0) {
255			warn("%s", path);
256			rval = 1;
257#ifndef BOOTSTRAP_CAT
258		} else if (cooked) {
259			if (fd == STDIN_FILENO)
260				cook_cat(stdin);
261			else {
262				fp = fdopen(fd, "r");
263				cook_cat(fp);
264				fclose(fp);
265			}
266#endif
267		} else {
268#ifndef BOOTSTRAP_CAT
269			if (in_kernel_copy(fd) != 0) {
270				if (errno == EINVAL || errno == EBADF ||
271				    errno == EISDIR)
272					raw_cat(fd);
273				else
274					err(1, "stdout");
275			}
276#else
277			raw_cat(fd);
278#endif
279			if (fd != STDIN_FILENO)
280				close(fd);
281		}
282		if (path == NULL)
283			break;
284		++i;
285	}
286}
287
288#ifndef BOOTSTRAP_CAT
289static void
290cook_cat(FILE *fp)
291{
292	int ch, gobble, line, prev;
293	wint_t wch;
294
295	/* Reset EOF condition on stdin. */
296	if (fp == stdin && feof(stdin))
297		clearerr(stdin);
298
299	line = gobble = 0;
300	for (prev = '\n'; (ch = getc(fp)) != EOF; prev = ch) {
301		if (prev == '\n') {
302			if (sflag) {
303				if (ch == '\n') {
304					if (gobble)
305						continue;
306					gobble = 1;
307				} else
308					gobble = 0;
309			}
310			if (nflag) {
311				if (!bflag || ch != '\n') {
312					(void)fprintf(stdout, "%6d\t", ++line);
313					if (ferror(stdout))
314						break;
315				} else if (eflag) {
316					(void)fprintf(stdout, "%6s\t", "");
317					if (ferror(stdout))
318						break;
319				}
320			}
321		}
322		if (ch == '\n') {
323			if (eflag && putchar('$') == EOF)
324				break;
325		} else if (ch == '\t') {
326			if (tflag) {
327				if (putchar('^') == EOF || putchar('I') == EOF)
328					break;
329				continue;
330			}
331		} else if (vflag) {
332			(void)ungetc(ch, fp);
333			/*
334			 * Our getwc(3) doesn't change file position
335			 * on error.
336			 */
337			if ((wch = getwc(fp)) == WEOF) {
338				if (ferror(fp) && errno == EILSEQ) {
339					clearerr(fp);
340					/* Resync attempt. */
341					memset(&fp->_mbstate, 0, sizeof(mbstate_t));
342					if ((ch = getc(fp)) == EOF)
343						break;
344					wch = ch;
345					goto ilseq;
346				} else
347					break;
348			}
349			if (!iswascii(wch) && !iswprint(wch)) {
350ilseq:
351				if (putchar('M') == EOF || putchar('-') == EOF)
352					break;
353				wch = toascii(wch);
354			}
355			if (iswcntrl(wch)) {
356				ch = toascii(wch);
357				ch = (ch == '\177') ? '?' : (ch | 0100);
358				if (putchar('^') == EOF || putchar(ch) == EOF)
359					break;
360				continue;
361			}
362			if (putwchar(wch) == WEOF)
363				break;
364			ch = -1;
365			continue;
366		}
367		if (putchar(ch) == EOF)
368			break;
369	}
370	if (ferror(fp)) {
371		warn("%s", filename);
372		rval = 1;
373		clearerr(fp);
374	}
375	if (ferror(stdout))
376		err(1, "stdout");
377}
378
379static ssize_t
380in_kernel_copy(int rfd)
381{
382	int wfd;
383	ssize_t ret;
384
385	wfd = fileno(stdout);
386	ret = 1;
387
388	while (ret > 0)
389		ret = copy_file_range(rfd, NULL, wfd, NULL, SSIZE_MAX, 0);
390
391	return (ret);
392}
393#endif /* BOOTSTRAP_CAT */
394
395static void
396raw_cat(int rfd)
397{
398	long pagesize;
399	int off, wfd;
400	ssize_t nr, nw;
401	static size_t bsize;
402	static char *buf = NULL;
403	struct stat sbuf;
404
405	wfd = fileno(stdout);
406	if (buf == NULL) {
407		if (fstat(wfd, &sbuf))
408			err(1, "stdout");
409		if (S_ISREG(sbuf.st_mode)) {
410			/* If there's plenty of RAM, use a large copy buffer */
411			if (sysconf(_SC_PHYS_PAGES) > PHYSPAGES_THRESHOLD)
412				bsize = MIN(BUFSIZE_MAX, MAXPHYS * 8);
413			else
414				bsize = BUFSIZE_SMALL;
415		} else {
416			bsize = sbuf.st_blksize;
417			pagesize = sysconf(_SC_PAGESIZE);
418			if (pagesize > 0)
419				bsize = MAX(bsize, (size_t)pagesize);
420		}
421		if ((buf = malloc(bsize)) == NULL)
422			err(1, "malloc() failure of IO buffer");
423	}
424	while ((nr = read(rfd, buf, bsize)) > 0)
425		for (off = 0; nr; nr -= nw, off += nw)
426			if ((nw = write(wfd, buf + off, (size_t)nr)) < 0)
427				err(1, "stdout");
428	if (nr < 0) {
429		warn("%s", filename);
430		rval = 1;
431	}
432}
433
434#ifndef NO_UDOM_SUPPORT
435
436static int
437udom_open(const char *path, int flags)
438{
439	struct addrinfo hints, *res, *res0;
440	char rpath[PATH_MAX];
441	int error, fd, serrno;
442	cap_rights_t rights;
443
444	/*
445	 * Construct the unix domain socket address and attempt to connect.
446	 */
447	bzero(&hints, sizeof(hints));
448	hints.ai_family = AF_LOCAL;
449
450	if (fileargs_realpath(fa, path, rpath) == NULL)
451		return (-1);
452
453	error = cap_getaddrinfo(capnet, rpath, NULL, &hints, &res0);
454	if (error) {
455		warn("%s", gai_strerror(error));
456		errno = EINVAL;
457		return (-1);
458	}
459	cap_rights_init(&rights, CAP_CONNECT, CAP_READ, CAP_WRITE,
460	    CAP_SHUTDOWN, CAP_FSTAT, CAP_FCNTL);
461
462	/* Default error if something goes wrong. */
463	serrno = EINVAL;
464
465	for (res = res0; res != NULL; res = res->ai_next) {
466		fd = socket(res->ai_family, res->ai_socktype,
467		    res->ai_protocol);
468		if (fd < 0) {
469			serrno = errno;
470			freeaddrinfo(res0);
471			errno = serrno;
472			return (-1);
473		}
474		if (caph_rights_limit(fd, &rights) != 0) {
475			serrno = errno;
476			close(fd);
477			freeaddrinfo(res0);
478			errno = serrno;
479			return (-1);
480		}
481		error = cap_connect(capnet, fd, res->ai_addr, res->ai_addrlen);
482		if (error == 0)
483			break;
484		else {
485			serrno = errno;
486			close(fd);
487		}
488	}
489	freeaddrinfo(res0);
490
491	if (res == NULL) {
492		errno = serrno;
493		return (-1);
494	}
495
496	/*
497	 * handle the open flags by shutting down appropriate directions
498	 */
499
500	switch (flags & O_ACCMODE) {
501	case O_RDONLY:
502		cap_rights_clear(&rights, CAP_WRITE);
503		if (shutdown(fd, SHUT_WR) != 0)
504			warn(NULL);
505		break;
506	case O_WRONLY:
507		cap_rights_clear(&rights, CAP_READ);
508		if (shutdown(fd, SHUT_RD) != 0)
509			warn(NULL);
510		break;
511	default:
512		break;
513	}
514
515	cap_rights_clear(&rights, CAP_CONNECT, CAP_SHUTDOWN);
516	if (caph_rights_limit(fd, &rights) != 0) {
517		serrno = errno;
518		close(fd);
519		errno = serrno;
520		return (-1);
521	}
522	return (fd);
523}
524
525#endif
526