--ls

6 files changed, 342 insertions, 6 deletions

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 87db4d08e..b526b5e00 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -530,5 +530,9 @@ int x11_display(void);
 // return 1 if xpra is installed on the system
 int x11_check_xpra(void);
 
+// ls.c
+void ls_name(const char *name, const char *path);
+void ls(pid_t pid, const char *path);
+
 #endif
 
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c
index 058bcc1c9..227a66cd7 100644
--- a/src/firejail/fs_logger.c
+++ b/src/firejail/fs_logger.c
@@ -157,27 +157,27 @@ void fs_logger_print_log(pid_t pid) {
         if (uid != 0) {
                 uid_t sandbox_uid = pid_get_uid(pid);
                 if (uid != sandbox_uid) {
-                        fprintf(stderr, "Error: permission denied.\n");
+                        fprintf(stderr, "Error: permission denied\n");
                         exit(1);
                 }
         }
 
         // print RUN_FSLOGGER_FILE
-        EUID_ROOT();
         char *fname;
         if (asprintf(&fname, "/proc/%d/root%s", pid, RUN_FSLOGGER_FILE) == -1)
                 errExit("asprintf");
 
+        EUID_ROOT();
         struct stat s;
         if (stat(fname, &s) == -1) {
-                printf("Cannot access filesystem log.\n");
+                fprintf(stderr, "Error: Cannot access filesystem log\n");
                 exit(1);
         }
 
         /* coverity[toctou] */
         FILE *fp = fopen(fname, "r");
         if (!fp) {
-                printf("Cannot open filesystem log.\n");
+                fprintf(stderr, "Error: Cannot open filesystem log\n");
                 exit(1);
         }
         
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
new file mode 100644
index 000000000..bd4a4e347
--- /dev/null
+++ b/src/firejail/ls.c
@@ -0,0 +1,307 @@
+/*
+ * Copyright (C) 2014-2016 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+        
+#include "firejail.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <dirent.h>
+#include <pwd.h>
+#include <grp.h>
+
+// uid/gid cache
+static uid_t c_uid = 0;
+static char *c_uid_name = NULL;
+static gid_t c_gid = 0;
+static char *g_uid_name = NULL;
+
+static void print_file_or_dir(const char *path, const char *fname, int separator) {
+        assert(fname);
+        
+        char *name;
+        if (separator) {
+                if (asprintf(&name, "%s/%s", path, fname) == -1)
+                        errExit("asprintf");
+        }
+        else {
+                if (asprintf(&name, "%s%s", path, fname) == -1)
+                        errExit("asprintf");
+        }
+        
+        struct stat s;
+        int is_broken_link = 0;
+        if (stat(name, &s) == -1) {
+                is_broken_link = 1;
+                if (lstat(name, &s) == -1) {
+                        printf("Error: cannot access %s\n", name);
+                        return;
+                }
+        }
+
+        // permissions
+        if (S_ISLNK(s.st_mode))
+                printf("l");
+        else if (S_ISDIR(s.st_mode))
+                printf("d");
+        else if (S_ISCHR(s.st_mode))
+                printf("c");
+        else if (S_ISBLK(s.st_mode))
+                printf("b");
+        else if (S_ISSOCK(s.st_mode))
+                printf("s");
+        else
+                printf("-");
+        printf( (s.st_mode & S_IRUSR) ? "r" : "-");
+        printf( (s.st_mode & S_IWUSR) ? "w" : "-");
+        printf( (s.st_mode & S_IXUSR) ? "x" : "-");
+        printf( (s.st_mode & S_IRGRP) ? "r" : "-");
+        printf( (s.st_mode & S_IWGRP) ? "w" : "-");
+        printf( (s.st_mode & S_IXGRP) ? "x" : "-");
+        printf( (s.st_mode & S_IROTH) ? "r" : "-");
+        printf( (s.st_mode & S_IWOTH) ? "w" : "-");
+        printf( (s.st_mode & S_IXOTH) ? "x" : "-");
+        printf(" ");
+                
+        // user name
+        char *username;
+        int allocated = 0;
+        if (s.st_uid == 0)
+                username = "root";
+        else if (s.st_uid == c_uid) {
+                assert(c_uid_name);
+                username = c_uid_name;
+        }
+        else {
+                struct passwd *pw = getpwuid(s.st_uid);
+                allocated = 1;
+                if (!pw) {
+                        if (asprintf(&username, "%d", s.st_uid) == -1)
+                                errExit("asprintf");
+                }
+                else {
+                        username = strdup(pw->pw_name);
+                        if (!username)
+                                errExit("asprintf");
+                }
+                
+                if (c_uid == 0) {
+                        c_uid = s.st_uid;
+                        c_uid_name = strdup(username);
+                        if (!c_uid_name)
+                                errExit("asprintf");
+                }
+        }
+        
+        // print user name, 8 chars maximum
+        int len = strlen(username);
+        if (len > 8) {
+                username[8] = '\0';
+                len = 8;
+        }
+        printf("%s ", username);
+        int i;
+        for (i = len; i < 8; i++)
+                printf(" ");
+        if (allocated)
+                free(username);
+        
+
+        // group name
+        char *groupname;
+        allocated = 0;
+        if (s.st_uid == 0)
+                groupname = "root";
+        else {
+                struct group *g = getgrgid(s.st_gid);
+                allocated = 1;
+                if (!g) {
+                        if (asprintf(&groupname, "%d", s.st_gid) == -1)
+                                errExit("asprintf");
+                }
+                else {
+                        groupname = strdup(g->gr_name);
+                        if (!groupname)
+                                errExit("asprintf");
+                }
+        }
+        
+        // print grup name, 8 chars maximum
+        len = strlen(groupname);
+        if (len > 8) {
+                groupname[8] = '\0';
+                len = 8;
+        }
+        printf("%s ", groupname);
+        for (i = len; i < 8; i++)
+                printf(" ");
+        if (allocated)
+                free(groupname);
+
+        char *sz;
+        if (asprintf(&sz, "%d", (int) s.st_size) == -1)
+                errExit("asprintf");
+        printf("%11.10s %s\n", sz, fname);
+        free(sz);
+        
+}
+
+static void print_directory(const char *path) {
+        assert(path);
+        struct stat s;
+        if (stat(path, &s) == -1)
+                return;
+        assert(S_ISDIR(s.st_mode));
+        
+        DIR *dir;
+        if (!(dir = opendir(path))) {
+                // sleep 2 seconds and try again
+                sleep(2);
+                if (!(dir = opendir(path))) {
+                        fprintf(stderr, "Error: cannot open directory %s\n", path);
+                        exit(1);
+                }
+        }
+        
+        struct dirent *entry;           
+        while ((entry = readdir(dir))) {
+                if (strcmp(entry->d_name, ".") == 0)
+                        continue;
+                if (strcmp(entry->d_name, "..") == 0)
+                        continue;
+                
+                print_file_or_dir(path, entry->d_name, 0);
+        }
+        
+        closedir(dir);
+}
+
+void ls_name(const char *name, const char *path) {
+        EUID_ASSERT();
+        
+        if (!name || strlen(name) == 0) {
+                fprintf(stderr, "Error: invalid sandbox name\n");
+                exit(1);
+        }
+        pid_t pid;
+        if (name2pid(name, &pid)) {
+                fprintf(stderr, "Error: cannot find sandbox %s\n", name);
+                exit(1);
+        }
+
+        ls(pid, path);
+}
+
+void ls(pid_t pid, const char *path) {
+        EUID_ASSERT();
+
+        // if the pid is that of a firejail  process, use the pid of the first child process
+        char *comm = pid_proc_comm(pid);
+        if (comm) {
+                if (strcmp(comm, "firejail") == 0) {
+                        pid_t child;
+                        if (find_child(pid, &child) == 0) {
+                                pid = child;
+                        }
+                }
+                free(comm);
+        }
+
+        // check privileges for non-root users
+        uid_t uid = getuid();
+        if (uid != 0) {
+                uid_t sandbox_uid = pid_get_uid(pid);
+                if (uid != sandbox_uid) {
+                        fprintf(stderr, "Error: permission denied.\n");
+                        exit(1);
+                }
+        }
+
+        EUID_ROOT();
+        // chroot
+        char *rootdir;
+        if (asprintf(&rootdir, "/proc/%d/root", pid) == -1)
+                errExit("asprintf");
+        if (chroot(rootdir) < 0)
+                errExit("chroot");
+        if (chdir("/") < 0)
+                errExit("chdir");
+        
+        // full path or file in current directory?
+        char *fname;
+        if (*path == '/') {
+                fname = strdup(path);
+                if (!fname)
+                        errExit("strdup");
+        }
+        else if (*path == '~') {
+                if (asprintf(&fname, "%s%s", cfg.homedir, path + 1) == -1)
+                        errExit("asprintf");
+        }
+        else {
+                fprintf(stderr, "Error: Cannot access file %s\n", path);
+                exit(1);
+        }
+
+        // list directory contents
+        struct stat s;
+        if (stat(fname, &s) == -1) {
+                fprintf(stderr, "Error: Cannot access file %s\n", fname);
+                exit(1);
+        }
+        if (S_ISDIR(s.st_mode)) {
+                char *rp = realpath(fname, NULL);
+                if (!rp) {
+                        fprintf(stderr, "Error: Cannot access file %s\n", fname);
+                        exit(1);
+                }
+                if (arg_debug)
+                        printf("realpath %s\n", rp);
+
+                char *dir;
+                if (asprintf(&dir, "%s/", rp) == -1)
+                        errExit("asprintf");
+                
+                print_directory(dir);
+                free(rp);
+                free(dir);
+        }
+        else {
+                char *rp = realpath(fname, NULL);
+                if (!rp) {
+                        fprintf(stderr, "Error: Cannot access file %s\n", fname);
+                        exit(1);
+                }
+                if (arg_debug)
+                        printf("realpath %s\n", rp);
+                char *split = strrchr(rp, '/');
+                if (split) {
+                        *split = '\0';
+                        char *rp2 = split + 1;
+                        if (arg_debug)
+                                printf("path %s, file %s\n", rp, rp2);
+                        print_file_or_dir(rp, rp2, 1);
+                }
+                free(rp);
+        }
+
+        free(fname);
+
+        exit(0);
+}
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 925cd3022..68606a313 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -426,6 +426,29 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                 exit(0);
         }
 #endif  
+        else if (strncmp(argv[i], "--ls=", 5) == 0) {
+                logargs(argc, argv);
+                
+                // verify path
+                if ((i + 2) != argc) {
+                        fprintf(stderr, "Error: invalid --ls option, path expected\n");
+                        exit(1);
+                }
+                char *path = argv[i + 1];
+                 invalid_filename(path);
+                 if (strstr(path, "..")) {
+                        fprintf(stderr, "Error: invalid file name %s\n", path);
+                        exit(1);
+                 }
+                 
+                // list directory contents
+                pid_t pid;
+                if (read_pid(argv[i] + 5, &pid) == 0)           
+                        ls(pid, path);
+                else
+                        ls_name(argv[i] + 5, path);
+                exit(0);
+        }
         else if (strncmp(argv[i], "--join=", 7) == 0) {
                 logargs(argc, argv);
                 
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 3463095f9..5c5e7d9e8 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -566,6 +566,7 @@ const char *gnu_basename(const char *path) {
 uid_t pid_get_uid(pid_t pid) {
         EUID_ASSERT();
         uid_t rv = 0;
+printf("here %d, pid %d\n", __LINE__, pid);
         
         // open status file
         char *file;
diff --git a/src/lib/pid.c b/src/lib/pid.c
index 6251f8b61..a89ac434b 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -136,13 +136,14 @@ char *pid_get_user_name(uid_t uid) {
 
 uid_t pid_get_uid(pid_t pid) {
         uid_t rv = 0;
-        
-        // open statua file
+
+        // open status file
         char *file;
         if (asprintf(&file, "/proc/%u/status", pid) == -1) {
                 perror("asprintf");
                 exit(1);
         }
+
         FILE *fp = fopen(file, "r");
         if (!fp) {
                 free(file);