[jail] removal by jid doesn't trigger pre/post stop scripts

This commit fixes bug: command "jail -r" didn't trigger pre/post stop
commands (and others) defined in config file if jid is specified insted of
name. Also it adds basic tests for usr.sbin/jail to avoid regression.

Reviewed by:	jamie, kevans, ray
MFC after:      5 days
Differential Revision: https://reviews.freebsd.org/D21328

6 files changed, 196 insertions, 23 deletions

diff --git a/etc/mtree/BSD.tests.dist b/etc/mtree/BSD.tests.dist
index d0092241edae..d9f4897e026e 100644
--- a/etc/mtree/BSD.tests.dist
+++ b/etc/mtree/BSD.tests.dist
@@ -1082,6 +1082,8 @@
         ..
         fstyp
         ..
+        jail
+        ..
         makefs
         ..
         mixer
diff --git a/usr.sbin/jail/Makefile b/usr.sbin/jail/Makefile
index 668733fc21fa..14266be83932 100644
--- a/usr.sbin/jail/Makefile
+++ b/usr.sbin/jail/Makefile
@@ -24,4 +24,7 @@ CFLAGS+= -DINET
 
 CLEANFILES= y.output
 
+HAS_TESTS=
+SUBDIR.${MK_TESTS}+= tests
+
 .include <bsd.prog.mk>
diff --git a/usr.sbin/jail/state.c b/usr.sbin/jail/state.c
index 0989c86b1739..2bb93d8054b2 100644
--- a/usr.sbin/jail/state.c
+++ b/usr.sbin/jail/state.c
@@ -44,7 +44,7 @@ static void dep_add(struct cfjail *from, struct cfjail *to, unsigned flags);
 static int cmp_jailptr(const void *a, const void *b);
 static int cmp_jailptr_name(const void *a, const void *b);
 static struct cfjail *find_jail(const char *name);
-static int running_jid(const char *name, int flags);
+static struct cfjail *running_jail(const char *name, int flags);
 
 static struct cfjail **jails_byname;
 static size_t njails;
@@ -72,7 +72,7 @@ dep_setup(int docf)
 		if ((j = TAILQ_FIRST(&cfjails)) &&
 		    (p = j->intparams[IP_DEPEND])) {
 			TAILQ_FOREACH(s, &p->val, tq) {
-				if (running_jid(s->s, 0) < 0) {
+				if (running_jail(s->s, 0) == NULL) {
 					warnx("depends on nonexistent jail "
 					    "\"%s\"", s->s);
 					j->flags |= JF_FAILED;
@@ -369,11 +369,7 @@ start_state(const char *target, int docf, unsigned state, int running)
 		j = find_jail(target);
 		if (j == NULL && state == JF_STOP) {
 			/* Allow -[rR] to specify a currently running jail. */
-			if ((jid = running_jid(target, JAIL_DYING)) > 0) {
-				j = add_jail();
-				j->name = estrdup(target);
-				j->jid = jid;
-			}
+			j = running_jail(target, JAIL_DYING);
 		}
 		if (j == NULL) {
 			warnx("\"%s\" not found", target);
@@ -446,6 +442,9 @@ static struct cfjail *
 find_jail(const char *name)
 {
 	struct cfjail **jp;
+	
+	if (jails_byname == NULL)
+		return NULL;
 
 	jp = bsearch(name, jails_byname, njails, sizeof(struct cfjail *),
 	    cmp_jailptr_name);
@@ -453,26 +452,43 @@ find_jail(const char *name)
 }
 
 /*
- * Return the named jail's jid if it is running, and -1 if it isn't.
+ * Return jail if it is running, and NULL if it isn't.
  */
-static int
-running_jid(const char *name, int flags)
+static struct cfjail *
+running_jail(const char *name, int flags)
 {
-	struct iovec jiov[2];
+	struct iovec jiov[4];
+	struct cfjail *jail;
 	char *ep;
-	int jid;
-
+	char jailname[MAXHOSTNAMELEN];
+	int jid, ret, len;
+	
 	if ((jid = strtol(name, &ep, 10)) && !*ep) {
-		jiov[0].iov_base = __DECONST(char *, "jid");
-		jiov[0].iov_len = sizeof("jid");
-		jiov[1].iov_base = &jid;
-		jiov[1].iov_len = sizeof(jid);
+		memset(jailname,0,sizeof(jailname));
+		len = sizeof(jailname);
 	} else {
-		jiov[0].iov_base = __DECONST(char *, "name");
-		jiov[0].iov_len = sizeof("name");
-		jiov[1].iov_len = strlen(name) + 1;
-		jiov[1].iov_base = alloca(jiov[1].iov_len);
-		strcpy(jiov[1].iov_base, name);
+		strncpy(jailname, name,sizeof(jailname));
+		len = strlen(name) + 1; 
+		jid = 0;
+	}
+	
+	jiov[0].iov_base = __DECONST(char *, "jid");
+	jiov[0].iov_len = sizeof("jid");
+	jiov[1].iov_base = &jid;
+	jiov[1].iov_len = sizeof(jid);
+	jiov[2].iov_base = __DECONST(char *, "name");
+	jiov[2].iov_len = sizeof("name");
+	jiov[3].iov_base = &jailname;
+	jiov[3].iov_len = len;
+
+	if ((ret = jail_get(jiov, 4, flags)) < 0)
+		return (NULL);
+
+	if ((jail = find_jail(jailname)) == NULL) {
+		jail = add_jail();
+		jail->name = estrdup(jailname);
+		jail->jid = ret;
 	}
-	return jail_get(jiov, 2, flags);
+
+	return (jail);
 }
diff --git a/usr.sbin/jail/tests/Makefile b/usr.sbin/jail/tests/Makefile
new file mode 100644
index 000000000000..24c0c6c05194
--- /dev/null
+++ b/usr.sbin/jail/tests/Makefile
@@ -0,0 +1,9 @@
+# $FreeBSD$
+
+PACKAGE=        tests
+
+ATF_TESTS_SH+=  jail_basic_test
+
+${PACKAGE}FILES+=	commands.jail.conf
+
+.include <bsd.test.mk>
diff --git a/usr.sbin/jail/tests/commands.jail.conf b/usr.sbin/jail/tests/commands.jail.conf
new file mode 100644
index 000000000000..8787af49eba0
--- /dev/null
+++ b/usr.sbin/jail/tests/commands.jail.conf
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+exec.prestop = "echo STOP";
+exec.prestart = "echo START";
+persist;
+
+basejail {}
diff --git a/usr.sbin/jail/tests/jail_basic_test.sh b/usr.sbin/jail/tests/jail_basic_test.sh
new file mode 100755
index 000000000000..f9d52cf8a780
--- /dev/null
+++ b/usr.sbin/jail/tests/jail_basic_test.sh
@@ -0,0 +1,136 @@
+#
+# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+#
+# Copyright (c) 2019 Michael Zhilin 
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+# $FreeBSD$
+
+atf_test_case "basic" "cleanup"
+atf_test_case "nested" "cleanup"
+atf_test_case "commands" "cleanup"
+
+basic_head()
+{
+	atf_set descr 'Basic jail test'
+	atf_set require.user root
+}
+
+basic_body()
+{
+	# Create the jail
+	atf_check -s exit:0 -o ignore jail -c name=basejail persist ip4.addr=192.0.1.1
+	# Check output of jls
+	atf_check -s exit:0 -o ignore jls
+	atf_check -s exit:0 -o ignore jls -v
+	atf_check -s exit:0 -o ignore jls -n
+	# Stop jail
+	atf_check -s exit:0 -o ignore jail -r basejail
+	jail -c name=basejail persist ip4.addr=192.0.1.1
+	# Stop jail by jid
+	atf_check -s exit:0 -o ignore jail -r `jls -j basejail jid`
+	# Recreate
+	atf_check -s exit:0 -o ignore jail -cm name=basejail persist ip4.addr=192.0.1.1
+	# Restart
+	atf_check -s exit:0 -o ignore jail -rc name=basejail persist ip4.addr=192.0.1.1
+}
+
+basic_cleanup()
+{
+	jail -r basejail
+}
+
+nested_head()
+{
+	atf_set descr 'Hierarchical jails test'
+	atf_set require.user root
+}
+
+nested_body()
+{
+	# Create the first jail
+	jail -c name=basejail persist ip4.addr=192.0.1.1 children.max=1
+	atf_check -s exit:0 -o empty \
+		jexec basejail \
+			jail -c name=nestedjail persist ip4.addr=192.0.1.1
+
+	atf_check -s exit:1 -o empty -e inline:"jail: prison limit exceeded\n"\
+		jexec basejail \
+			jail -c name=secondnestedjail persist ip4.addr=192.0.1.1 
+	# Check output of jls
+	atf_check -s exit:0 -o ignore \
+		jexec basejail jls
+	atf_check -s exit:0 -o ignore \
+		jexec basejail jls -v
+	atf_check -s exit:0 -o ignore \
+		jexec basejail jls -n
+	# Create jail with no child - children.max should be 0 by default
+	jail -c name=basejail_nochild persist ip4.addr=192.0.1.1
+	atf_check -s exit:1 -o empty \
+		-e inline:"jail: jail_set: Operation not permitted\n" \
+		jexec basejail_nochild \
+			jail -c name=nestedjail persist ip4.addr=192.0.1.1 
+}
+
+nested_cleanup()
+{
+	jail -r nestedjail
+	jail -r basejail
+	jail -r basejail_nochild
+}
+
+commands_header()
+{
+	atf_set descr 'Commands jail test'
+	atf_set require.user root
+}
+
+commands_body()
+{
+	# exec.prestart
+	atf_check -s exit:0 -o inline:"START\n" \
+		jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail
+	# exec.prestop by jailname
+	atf_check -s exit:0 -o inline:"STOP\n" \
+		jail -f $(atf_get_srcdir)/commands.jail.conf -qr basejail 
+	# exec.prestop by jid
+	jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail
+	atf_check -s exit:0 -o inline:"STOP\n" \
+		jail -f $(atf_get_srcdir)/commands.jail.conf -qr `jls -j basejail jid`
+}
+
+commands_cleanup() 
+{
+	jls -j basejail > /dev/null 2>&1
+	if [ $? -e 0 ] 
+	then
+	    jail -r basejail
+	fi
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "basic"
+	atf_add_test_case "nested"
+	atf_add_test_case "commands"
+}