2 * ----------------------------------------------------------------------------
3 * "THE BEER-WARE LICENSE" (Revision 42):
4 * <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
5 * can do whatever you want with this stuff. If we meet some day, and you think
6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
7 * ----------------------------------------------------------------------------
11 * Copyright (c) 2006 Victor Balada Diaz <victor@bsdes.net>
12 * All rights reserved.
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * $FreeBSD: src/sys/kern/kern_jail.c,v 1.6.2.3 2001/08/17 01:00:26 rwatson Exp $
39 * $DragonFly: src/sys/kern/kern_jail.c,v 1.17 2007/01/18 12:34:46 victor Exp $
43 #include <sys/param.h>
44 #include <sys/types.h>
45 #include <sys/kernel.h>
46 #include <sys/systm.h>
47 #include <sys/errno.h>
48 #include <sys/sysproto.h>
49 #include <sys/malloc.h>
50 #include <sys/nlookup.h>
51 #include <sys/namecache.h>
54 #include <sys/socket.h>
55 #include <sys/sysctl.h>
56 #include <sys/kern_syscall.h>
58 #include <netinet/in.h>
59 #include <netinet6/in6_var.h>
61 static struct prison *prison_find(int);
62 static void prison_ipcache_init(struct prison *);
64 MALLOC_DEFINE(M_PRISON, "prison", "Prison structures");
66 SYSCTL_NODE(, OID_AUTO, jail, CTLFLAG_RW, 0,
69 int jail_set_hostname_allowed = 1;
70 SYSCTL_INT(_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
71 &jail_set_hostname_allowed, 0,
72 "Processes in jail can set their hostnames");
74 int jail_socket_unixiproute_only = 1;
75 SYSCTL_INT(_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
76 &jail_socket_unixiproute_only, 0,
77 "Processes in jail are limited to creating UNIX/IPv[46]/route sockets only");
79 int jail_sysvipc_allowed = 0;
80 SYSCTL_INT(_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
81 &jail_sysvipc_allowed, 0,
82 "Processes in jail can use System V IPC primitives");
84 int jail_chflags_allowed = 0;
85 SYSCTL_INT(_jail, OID_AUTO, chflags_allowed, CTLFLAG_RW,
86 &jail_chflags_allowed, 0,
87 "Process in jail can set chflags(1)");
92 LIST_HEAD(prisonlist, prison);
93 struct prisonlist allprison = LIST_HEAD_INITIALIZER(&allprison);
96 kern_jail_attach(int jid)
98 struct proc *p = curthread->td_proc;
102 pr = prison_find(jid);
106 error = kern_chroot(&pr->pr_root);
112 p->p_ucred->cr_prison = pr;
113 p->p_flag |= P_JAILED;
121 * jail_args(syscallarg(struct jail *) jail)
124 sys_jail(struct jail_args *uap)
126 struct prison *pr, *tpr;
129 struct thread *td = curthread;
130 int error, tryprid, i;
132 struct nlookupdata nd;
134 struct sockaddr_storage *uips; /* Userland ips */
135 struct sockaddr_in ip4addr;
136 struct jail_ip_storage *jip;
141 uap->sysmsg_result = -1;
144 error = copyin(uap->jail, &jversion, sizeof jversion);
146 uap->sysmsg_result = -1;
149 pr = kmalloc(sizeof *pr , M_PRISON, M_WAITOK | M_ZERO);
150 SLIST_INIT(&pr->pr_ips);
154 error = copyin(uap->jail, &jv0, sizeof(struct jail_v0));
157 jip = kmalloc(sizeof(*jip), M_PRISON, M_WAITOK | M_ZERO);
158 ip4addr.sin_family = AF_INET;
159 ip4addr.sin_addr.s_addr = htonl(jv0.ip_number);
160 memcpy(&jip->ip, &ip4addr, sizeof(ip4addr));
161 SLIST_INSERT_HEAD(&pr->pr_ips, jip, entries);
164 error = copyin(uap->jail, &j, sizeof(j));
167 uips = kmalloc((sizeof(*uips) * j.n_ips), M_PRISON,
169 error = copyin(j.ips, uips, (sizeof(*uips) * j.n_ips));
171 kfree(uips, M_PRISON);
174 for (i = 0; i < j.n_ips; i++) {
175 jip = kmalloc(sizeof(*jip), M_PRISON,
177 memcpy(&jip->ip, &uips[i], sizeof(*uips));
178 SLIST_INSERT_HEAD(&pr->pr_ips, jip, entries);
180 kfree(uips, M_PRISON);
187 error = copyinstr(j.hostname, &pr->pr_host, sizeof pr->pr_host, 0);
190 error = nlookup_init(&nd, j.path, UIO_USERSPACE, NLC_FOLLOW);
192 goto nlookup_init_clean;
193 error = nlookup(&nd);
195 goto nlookup_init_clean;
196 cache_copy(&nd.nl_nch, &pr->pr_root);
198 varsymset_init(&pr->pr_varsymset, NULL);
199 prison_ipcache_init(pr);
201 tryprid = lastprid + 1;
202 if (tryprid == JAIL_MAX)
205 LIST_FOREACH(tpr, &allprison, pr_list) {
206 if (tpr->pr_id != tryprid)
209 if (tryprid == JAIL_MAX) {
215 pr->pr_id = lastprid = tryprid;
216 LIST_INSERT_HEAD(&allprison, pr, pr_list);
219 error = kern_jail_attach(pr->pr_id);
221 goto jail_attach_clean;
224 uap->sysmsg_result = pr->pr_id;
228 LIST_REMOVE(pr, pr_list);
230 varsymset_clean(&pr->pr_varsymset);
235 while (!SLIST_EMPTY(&pr->pr_ips)) {
236 jip = SLIST_FIRST(&pr->pr_ips);
237 SLIST_REMOVE_HEAD(&pr->pr_ips, entries);
245 * int jail_attach(int jid);
248 sys_jail_attach(struct jail_attach_args *uap)
250 struct thread *td = curthread;
257 return(kern_jail_attach(uap->jid));
261 prison_ipcache_init(struct prison *pr)
263 struct jail_ip_storage *jis;
264 struct sockaddr_in *ip4;
265 struct sockaddr_in6 *ip6;
267 SLIST_FOREACH(jis, &pr->pr_ips, entries) {
268 switch (jis->ip.ss_family) {
270 ip4 = (struct sockaddr_in *)&jis->ip;
271 if ((ntohl(ip4->sin_addr.s_addr) >> IN_CLASSA_NSHIFT) ==
273 /* loopback address */
274 if (pr->local_ip4 == NULL)
278 if (pr->nonlocal_ip4 == NULL)
279 pr->nonlocal_ip4 = ip4;
284 ip6 = (struct sockaddr_in6 *)&jis->ip;
285 if (IN6_IS_ADDR_LOOPBACK(&ip6->sin6_addr)) {
286 /* loopback address */
287 if (pr->local_ip6 == NULL)
291 if (pr->nonlocal_ip6 == NULL)
292 pr->nonlocal_ip6 = ip6;
300 * Changes INADDR_LOOPBACK for a valid jail address.
301 * ip is in network byte order.
302 * Returns 1 if the ip is among jail valid ips.
303 * Returns 0 if is not among jail valid ips or
304 * if couldn't replace INADDR_LOOPBACK for a valid
308 prison_replace_wildcards(struct thread *td, struct sockaddr *ip)
310 struct sockaddr_in *ip4 = (struct sockaddr_in *)ip;
311 struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *)ip;
314 if (td->td_proc == NULL)
316 if ((pr = td->td_proc->p_ucred->cr_prison) == NULL)
319 if ((ip->sa_family == AF_INET &&
320 ip4->sin_addr.s_addr == htonl(INADDR_ANY)) ||
321 (ip->sa_family == AF_INET6 &&
322 IN6_IS_ADDR_UNSPECIFIED(&ip6->sin6_addr)))
324 if ((ip->sa_family == AF_INET &&
325 ip4->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) ||
326 (ip->sa_family == AF_INET6 &&
327 IN6_IS_ADDR_LOOPBACK(&ip6->sin6_addr))) {
328 if (!prison_get_local(pr, ip->sa_family, ip) &&
329 !prison_get_nonlocal(pr, ip->sa_family, ip))
334 if (jailed_ip(pr, ip))
340 prison_remote_ip(struct thread *td, struct sockaddr *ip)
342 struct sockaddr_in *ip4 = (struct sockaddr_in *)ip;
343 struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *)ip;
346 if (td == NULL || td->td_proc == NULL)
348 if ((pr = td->td_proc->p_ucred->cr_prison) == NULL)
350 if ((ip->sa_family == AF_INET &&
351 ip4->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) ||
352 (ip->sa_family == AF_INET6 &&
353 IN6_IS_ADDR_LOOPBACK(&ip6->sin6_addr))) {
354 if (!prison_get_local(pr, ip->sa_family, ip) &&
355 !prison_get_nonlocal(pr, ip->sa_family, ip))
364 * Prison get non loopback ip:
365 * - af is the address family of the ip we want (AF_INET|AF_INET6).
366 * - If ip != NULL, put the first IP address that is not a loopback address
369 * ip is in network by order and we don't touch it unless we find a valid ip.
370 * No matter if ip == NULL or not, we return either a valid struct sockaddr *,
371 * or NULL. This struct may not be modified.
374 prison_get_nonlocal(struct prison *pr, sa_family_t af, struct sockaddr *ip)
376 struct sockaddr_in *ip4 = (struct sockaddr_in *)ip;
377 struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *)ip;
379 /* Check if it is cached */
382 if (ip4 != NULL && pr->nonlocal_ip4 != NULL)
383 ip4->sin_addr.s_addr = pr->nonlocal_ip4->sin_addr.s_addr;
384 return (struct sockaddr *)pr->nonlocal_ip4;
387 if (ip6 != NULL && pr->nonlocal_ip6 != NULL)
388 ip6->sin6_addr = pr->nonlocal_ip6->sin6_addr;
389 return (struct sockaddr *)pr->nonlocal_ip6;
397 * Prison get loopback ip.
398 * - af is the address family of the ip we want (AF_INET|AF_INET6).
399 * - If ip != NULL, put the first IP address that is not a loopback address
402 * ip is in network by order and we don't touch it unless we find a valid ip.
403 * No matter if ip == NULL or not, we return either a valid struct sockaddr *,
404 * or NULL. This struct may not be modified.
407 prison_get_local(struct prison *pr, sa_family_t af, struct sockaddr *ip)
409 struct sockaddr_in *ip4 = (struct sockaddr_in *)ip;
410 struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *)ip;
412 /* Check if it is cached */
415 if (ip4 != NULL && pr->local_ip4 != NULL)
416 ip4->sin_addr.s_addr = pr->local_ip4->sin_addr.s_addr;
417 return (struct sockaddr *)pr->local_ip4;
420 if (ip6 != NULL && pr->local_ip6 != NULL)
421 ip6->sin6_addr = pr->local_ip6->sin6_addr;
422 return (struct sockaddr *)pr->local_ip6;
429 /* Check if the IP is among ours, if it is return 1, else 0 */
431 jailed_ip(struct prison *pr, struct sockaddr *ip)
433 struct jail_ip_storage *jis;
434 struct sockaddr_in *jip4, *ip4;
435 struct sockaddr_in6 *jip6, *ip6;
439 ip4 = (struct sockaddr_in *)ip;
440 ip6 = (struct sockaddr_in6 *)ip;
441 SLIST_FOREACH(jis, &pr->pr_ips, entries) {
442 switch (ip->sa_family) {
444 jip4 = (struct sockaddr_in *) &jis->ip;
445 if (jip4->sin_family == AF_INET &&
446 ip4->sin_addr.s_addr == jip4->sin_addr.s_addr)
450 jip6 = (struct sockaddr_in6 *) &jis->ip;
451 if (jip6->sin6_family == AF_INET6 &&
452 IN6_ARE_ADDR_EQUAL(&ip6->sin6_addr,
463 prison_if(struct ucred *cred, struct sockaddr *sa)
466 struct sockaddr_in *sai = (struct sockaddr_in*) sa;
468 pr = cred->cr_prison;
470 if (((sai->sin_family != AF_INET) && (sai->sin_family != AF_INET6))
471 && jail_socket_unixiproute_only)
473 else if ((sai->sin_family != AF_INET) && (sai->sin_family != AF_INET6))
475 else if (jailed_ip(pr, sa))
481 * Returns a prison instance, or NULL on failure.
483 static struct prison *
484 prison_find(int prid)
488 LIST_FOREACH(pr, &allprison, pr_list) {
489 if (pr->pr_id == prid)
496 sysctl_jail_list(SYSCTL_HANDLER_ARGS)
498 struct jail_ip_storage *jip;
500 struct sockaddr_in6 *jsin6;
502 struct sockaddr_in *jsin;
505 unsigned int jlssize, jlsused;
507 char *jls; /* Jail list */
508 char *oip; /* Output ip */
509 char *fullpath, *freepath;
512 p = curthread->td_proc;
514 if (jailed(p->p_ucred))
522 jlssize = (count * 1024);
523 jls = kmalloc(jlssize + 1, M_TEMP, M_WAITOK | M_ZERO);
524 if (count < prisoncount) {
530 LIST_FOREACH(pr, &allprison, pr_list) {
531 error = cache_fullpath(p, &pr->pr_root, &fullpath, &freepath);
534 if (jlsused && jlsused < jlssize)
535 jls[jlsused++] = '\n';
536 count = ksnprintf(jls + jlsused, (jlssize - jlsused),
538 pr->pr_id, pr->pr_host, fullpath);
539 kfree(freepath, M_TEMP);
545 SLIST_FOREACH(jip, &pr->pr_ips, entries) {
546 jsin = (struct sockaddr_in *)&jip->ip;
548 switch(jsin->sin_family) {
550 oip = inet_ntoa(jsin->sin_addr);
554 jsin6 = (struct sockaddr_in6 *)&jip->ip;
555 oip = ip6_sprintf(&jsin6->sin6_addr);
563 if ((jlssize - jlsused) < (strlen(oip) + 1)) {
567 count = ksnprintf(jls + jlsused, (jlssize - jlsused),
577 * pr_id <SPC> hostname1 <SPC> PATH1 <SPC> IP1 <SPC> IP2\npr_id...
579 error = SYSCTL_OUT(req, jls, jlsused);
585 SYSCTL_OID(_jail, OID_AUTO, list, CTLTYPE_STRING | CTLFLAG_RD, NULL, 0,
586 sysctl_jail_list, "A", "List of active jails");
589 prison_hold(struct prison *pr)
595 prison_free(struct prison *pr)
597 struct jail_ip_storage *jls;
598 KKASSERT(pr->pr_ref >= 1);
600 if (--pr->pr_ref > 0)
604 while (!SLIST_EMPTY(&pr->pr_ips)) {
605 jls = SLIST_FIRST(&pr->pr_ips);
606 SLIST_REMOVE_HEAD(&pr->pr_ips, entries);
609 LIST_REMOVE(pr, pr_list);
612 if (pr->pr_linux != NULL)
613 kfree(pr->pr_linux, M_PRISON);
614 varsymset_clean(&pr->pr_varsymset);
615 cache_drop(&pr->pr_root);
projects / dragonfly.git / blob