xref: /freebsd/sys/kern/kern_jail.c (revision 8fa113e5fc65fe6abc757f0089f477a87ee4d185) 
1 /*
2  * ----------------------------------------------------------------------------
3  * "THE BEER-WARE LICENSE" (Revision 42):
4  * <phk@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
5  * can do whatever you want with this stuff. If we meet some day, and you think
6  * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
7  * ----------------------------------------------------------------------------
8  *
9  * $FreeBSD$
10  *
11  */
12 
13 #include <sys/param.h>
14 #include <sys/types.h>
15 #include <sys/kernel.h>
16 #include <sys/systm.h>
17 #include <sys/errno.h>
18 #include <sys/sysproto.h>
19 #include <sys/malloc.h>
20 #include <sys/proc.h>
21 #include <sys/jail.h>
22 #include <sys/socket.h>
23 #include <sys/sysctl.h>
24 #include <net/if.h>
25 #include <netinet/in.h>
26 
27 MALLOC_DEFINE(M_PRISON, "prison", "Prison structures");
28 
29 SYSCTL_NODE(, OID_AUTO, jail, CTLFLAG_RW, 0,
30     "Jail rules");
31 
32 mp_fixme("these variables need a lock")
33 
34 int	jail_set_hostname_allowed = 1;
35 SYSCTL_INT(_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
36     &jail_set_hostname_allowed, 0,
37     "Processes in jail can set their hostnames");
38 
39 int	jail_socket_unixiproute_only = 1;
40 SYSCTL_INT(_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
41     &jail_socket_unixiproute_only, 0,
42     "Processes in jail are limited to creating UNIX/IPv4/route sockets only");
43 
44 int	jail_sysvipc_allowed = 0;
45 SYSCTL_INT(_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
46     &jail_sysvipc_allowed, 0,
47     "Processes in jail can use System V IPC primitives");
48 
49 /*
50  * MPSAFE
51  */
52 int
53 jail(td, uap)
54 	struct thread *td;
55 	struct jail_args /* {
56 		syscallarg(struct jail *) jail;
57 	} */ *uap;
58 {
59 	struct proc *p = td->td_proc;
60 	int error;
61 	struct prison *pr;
62 	struct jail j;
63 	struct chroot_args ca;
64 	struct ucred *newcred = NULL, *oldcred;
65 
66 	error = copyin(uap->jail, &j, sizeof j);
67 	if (error)
68 		return (error);
69 	if (j.version != 0)
70 		return (EINVAL);
71 
72 	mtx_lock(&Giant);
73 	MALLOC(pr, struct prison *, sizeof *pr , M_PRISON, M_WAITOK | M_ZERO);
74 	pr->pr_securelevel = securelevel;
75 	error = copyinstr(j.hostname, &pr->pr_host, sizeof pr->pr_host, 0);
76 	if (error)
77 		goto bail;
78 	ca.path = j.path;
79 	error = chroot(td, &ca);
80 	if (error)
81 		goto bail;
82 	newcred = crget();
83 	pr->pr_ip = j.ip_number;
84 	PROC_LOCK(p);
85 	/* Implicitly fail if already in jail.  */
86 	error = suser_xxx(p->p_ucred, NULL, 0);
87 	if (error)
88 		goto badcred;
89 	oldcred = p->p_ucred;
90 	crcopy(newcred, oldcred);
91 	p->p_ucred = newcred;
92 	p->p_ucred->cr_prison = pr;
93 	pr->pr_ref = 1;
94 	PROC_UNLOCK(p);
95 	crfree(oldcred);
96 	mtx_unlock(&Giant);
97 	return (0);
98 badcred:
99 	PROC_UNLOCK(p);
100 	crfree(newcred);
101 bail:
102 	FREE(pr, M_PRISON);
103 	mtx_unlock(&Giant);
104 	return (error);
105 }
106 
107 void
108 prison_free(struct prison *pr)
109 {
110 
111 	pr->pr_ref--;
112 	if (pr->pr_ref == 0) {
113 		if (pr->pr_linux != NULL)
114 			FREE(pr->pr_linux, M_PRISON);
115 		FREE(pr, M_PRISON);
116 	}
117 }
118 
119 void
120 prison_hold(struct prison *pr)
121 {
122 
123 	pr->pr_ref++;
124 }
125 
126 int
127 prison_ip(struct ucred *cred, int flag, u_int32_t *ip)
128 {
129 	u_int32_t tmp;
130 
131 	if (!jailed(cred))
132 		return (0);
133 	if (flag)
134 		tmp = *ip;
135 	else
136 		tmp = ntohl(*ip);
137 	if (tmp == INADDR_ANY) {
138 		if (flag)
139 			*ip = cred->cr_prison->pr_ip;
140 		else
141 			*ip = htonl(cred->cr_prison->pr_ip);
142 		return (0);
143 	}
144 	if (tmp == INADDR_LOOPBACK) {
145 		if (flag)
146 			*ip = cred->cr_prison->pr_ip;
147 		else
148 			*ip = htonl(cred->cr_prison->pr_ip);
149 		return (0);
150 	}
151 	if (cred->cr_prison->pr_ip != tmp)
152 		return (1);
153 	return (0);
154 }
155 
156 void
157 prison_remote_ip(struct ucred *cred, int flag, u_int32_t *ip)
158 {
159 	u_int32_t tmp;
160 
161 	if (!jailed(cred))
162 		return;
163 	if (flag)
164 		tmp = *ip;
165 	else
166 		tmp = ntohl(*ip);
167 	if (tmp == INADDR_LOOPBACK) {
168 		if (flag)
169 			*ip = cred->cr_prison->pr_ip;
170 		else
171 			*ip = htonl(cred->cr_prison->pr_ip);
172 		return;
173 	}
174 	return;
175 }
176 
177 int
178 prison_if(struct ucred *cred, struct sockaddr *sa)
179 {
180 	struct sockaddr_in *sai = (struct sockaddr_in*) sa;
181 	int ok;
182 
183 	if ((sai->sin_family != AF_INET) && jail_socket_unixiproute_only)
184 		ok = 1;
185 	else if (sai->sin_family != AF_INET)
186 		ok = 0;
187 	else if (cred->cr_prison->pr_ip != ntohl(sai->sin_addr.s_addr))
188 		ok = 1;
189 	else
190 		ok = 0;
191 	return (ok);
192 }
193 
194 /*
195  * Return 0 if jails permit p1 to frob p2, otherwise ESRCH.
196  */
197 int
198 prison_check(cred1, cred2)
199 	struct ucred *cred1, *cred2;
200 {
201 
202 	if (jailed(cred1)) {
203 		if (!jailed(cred2))
204 			return (ESRCH);
205 		if (cred2->cr_prison != cred1->cr_prison)
206 			return (ESRCH);
207 	}
208 
209 	return (0);
210 }
211 
212 /*
213  * Return 1 if the passed credential is in a jail, otherwise 0.
214  */
215 int
216 jailed(cred)
217 	struct ucred *cred;
218 {
219 
220 	return (cred->cr_prison != NULL);
221 }
222