107901f22SPoul-Henning Kamp /* 207901f22SPoul-Henning Kamp * ---------------------------------------------------------------------------- 307901f22SPoul-Henning Kamp * "THE BEER-WARE LICENSE" (Revision 42): 407901f22SPoul-Henning Kamp * <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 507901f22SPoul-Henning Kamp * can do whatever you want with this stuff. If we meet some day, and you think 607901f22SPoul-Henning Kamp * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 707901f22SPoul-Henning Kamp * ---------------------------------------------------------------------------- 807901f22SPoul-Henning Kamp * 907901f22SPoul-Henning Kamp * $Id: malloc.c,v 1.44 1999/03/28 14:16:05 phk Exp $ 1007901f22SPoul-Henning Kamp * 1107901f22SPoul-Henning Kamp */ 1275c13541SPoul-Henning Kamp 1375c13541SPoul-Henning Kamp #include <sys/param.h> 1475c13541SPoul-Henning Kamp #include <sys/types.h> 1575c13541SPoul-Henning Kamp #include <sys/kernel.h> 1675c13541SPoul-Henning Kamp #include <sys/systm.h> 1775c13541SPoul-Henning Kamp #include <sys/errno.h> 1875c13541SPoul-Henning Kamp #include <sys/sysproto.h> 1975c13541SPoul-Henning Kamp #include <sys/malloc.h> 2075c13541SPoul-Henning Kamp #include <sys/proc.h> 2175c13541SPoul-Henning Kamp #include <sys/jail.h> 2275c13541SPoul-Henning Kamp #include <sys/socket.h> 2375c13541SPoul-Henning Kamp #include <net/if.h> 2475c13541SPoul-Henning Kamp #include <netinet/in.h> 2575c13541SPoul-Henning Kamp 2675c13541SPoul-Henning Kamp MALLOC_DEFINE(M_PRISON, "prison", "Prison structures"); 2775c13541SPoul-Henning Kamp 2875c13541SPoul-Henning Kamp int 2975c13541SPoul-Henning Kamp jail(p, uap) 3075c13541SPoul-Henning Kamp struct proc *p; 3175c13541SPoul-Henning Kamp struct jail_args /* { 3275c13541SPoul-Henning Kamp syscallarg(struct jail *) jail; 3375c13541SPoul-Henning Kamp } */ *uap; 3475c13541SPoul-Henning Kamp { 3575c13541SPoul-Henning Kamp int error; 3675c13541SPoul-Henning Kamp struct prison *pr; 3775c13541SPoul-Henning Kamp struct jail j; 3875c13541SPoul-Henning Kamp struct chroot_args ca; 3975c13541SPoul-Henning Kamp 4075c13541SPoul-Henning Kamp error = suser(p); 4175c13541SPoul-Henning Kamp if (error) 4275c13541SPoul-Henning Kamp return (error); 4375c13541SPoul-Henning Kamp error = copyin(uap->jail, &j, sizeof j); 4475c13541SPoul-Henning Kamp if (error) 4575c13541SPoul-Henning Kamp return (error); 4675c13541SPoul-Henning Kamp MALLOC(pr, struct prison *, sizeof *pr , M_PRISON, M_WAITOK); 4775c13541SPoul-Henning Kamp bzero((caddr_t)pr, sizeof *pr); 4875c13541SPoul-Henning Kamp error = copyinstr(j.hostname, &pr->pr_host, sizeof pr->pr_host, 0); 4975c13541SPoul-Henning Kamp if (error) 5075c13541SPoul-Henning Kamp goto bail; 5175c13541SPoul-Henning Kamp pr->pr_ip = j.ip_number; 5275c13541SPoul-Henning Kamp 5375c13541SPoul-Henning Kamp ca.path = j.path; 5475c13541SPoul-Henning Kamp error = chroot(p, &ca); 5575c13541SPoul-Henning Kamp if (error) 5675c13541SPoul-Henning Kamp goto bail; 5775c13541SPoul-Henning Kamp 5875c13541SPoul-Henning Kamp pr->pr_ref++; 5975c13541SPoul-Henning Kamp p->p_prison = pr; 6075c13541SPoul-Henning Kamp p->p_flag |= P_JAILED; 6175c13541SPoul-Henning Kamp return (0); 6275c13541SPoul-Henning Kamp 6375c13541SPoul-Henning Kamp bail: 6475c13541SPoul-Henning Kamp FREE(pr, M_PRISON); 6575c13541SPoul-Henning Kamp return (error); 6675c13541SPoul-Henning Kamp } 6775c13541SPoul-Henning Kamp 6875c13541SPoul-Henning Kamp int 6975c13541SPoul-Henning Kamp prison_ip(struct proc *p, int flag, u_int32_t *ip) 7075c13541SPoul-Henning Kamp { 7175c13541SPoul-Henning Kamp u_int32_t tmp; 7275c13541SPoul-Henning Kamp 7375c13541SPoul-Henning Kamp if (!p->p_prison) 7475c13541SPoul-Henning Kamp return (0); 7575c13541SPoul-Henning Kamp if (flag) 7675c13541SPoul-Henning Kamp tmp = *ip; 7775c13541SPoul-Henning Kamp else 7875c13541SPoul-Henning Kamp tmp = ntohl(*ip); 7975c13541SPoul-Henning Kamp if (tmp == INADDR_ANY) { 8075c13541SPoul-Henning Kamp if (flag) 8175c13541SPoul-Henning Kamp *ip = p->p_prison->pr_ip; 8275c13541SPoul-Henning Kamp else 8375c13541SPoul-Henning Kamp *ip = htonl(p->p_prison->pr_ip); 8475c13541SPoul-Henning Kamp return (0); 8575c13541SPoul-Henning Kamp } 8675c13541SPoul-Henning Kamp if (p->p_prison->pr_ip != tmp) 8775c13541SPoul-Henning Kamp return (1); 8875c13541SPoul-Henning Kamp return (0); 8975c13541SPoul-Henning Kamp } 9075c13541SPoul-Henning Kamp 9175c13541SPoul-Henning Kamp void 9275c13541SPoul-Henning Kamp prison_remote_ip(struct proc *p, int flag, u_int32_t *ip) 9375c13541SPoul-Henning Kamp { 9475c13541SPoul-Henning Kamp u_int32_t tmp; 9575c13541SPoul-Henning Kamp 96430210c0SPoul-Henning Kamp if (!p || !p->p_prison) 9775c13541SPoul-Henning Kamp return; 9875c13541SPoul-Henning Kamp if (flag) 9975c13541SPoul-Henning Kamp tmp = *ip; 10075c13541SPoul-Henning Kamp else 10175c13541SPoul-Henning Kamp tmp = ntohl(*ip); 10275c13541SPoul-Henning Kamp if (tmp == 0x7f000001) { 10375c13541SPoul-Henning Kamp if (flag) 10475c13541SPoul-Henning Kamp *ip = p->p_prison->pr_ip; 10575c13541SPoul-Henning Kamp else 10675c13541SPoul-Henning Kamp *ip = htonl(p->p_prison->pr_ip); 10775c13541SPoul-Henning Kamp return; 10875c13541SPoul-Henning Kamp } 10975c13541SPoul-Henning Kamp return; 11075c13541SPoul-Henning Kamp } 11175c13541SPoul-Henning Kamp 11275c13541SPoul-Henning Kamp int 11375c13541SPoul-Henning Kamp prison_if(struct proc *p, struct sockaddr *sa) 11475c13541SPoul-Henning Kamp { 11575c13541SPoul-Henning Kamp struct sockaddr_in *sai = (struct sockaddr_in*) sa; 11675c13541SPoul-Henning Kamp int ok; 11775c13541SPoul-Henning Kamp 11875c13541SPoul-Henning Kamp if (sai->sin_family != AF_INET) 11975c13541SPoul-Henning Kamp ok = 0; 12075c13541SPoul-Henning Kamp else if (p->p_prison->pr_ip != ntohl(sai->sin_addr.s_addr)) 12175c13541SPoul-Henning Kamp ok = 1; 12275c13541SPoul-Henning Kamp else 12375c13541SPoul-Henning Kamp ok = 0; 12475c13541SPoul-Henning Kamp return (ok); 12575c13541SPoul-Henning Kamp } 126