1 /*-
2 * Copyright (c) 1999 Poul-Henning Kamp.
3 * Copyright (c) 2008 Bjoern A. Zeeb.
4 * Copyright (c) 2009 James Gritton.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <sys/cdefs.h>
30 #include "opt_ddb.h"
31 #include "opt_inet.h"
32 #include "opt_inet6.h"
33
34 #include <sys/param.h>
35 #include <sys/types.h>
36 #include <sys/kernel.h>
37 #include <sys/systm.h>
38 #include <sys/errno.h>
39 #include <sys/sysproto.h>
40 #include <sys/malloc.h>
41 #include <sys/osd.h>
42 #include <sys/priv.h>
43 #include <sys/proc.h>
44 #include <sys/taskqueue.h>
45 #include <sys/fcntl.h>
46 #include <sys/jail.h>
47 #include <sys/lock.h>
48 #include <sys/mutex.h>
49 #include <sys/racct.h>
50 #include <sys/refcount.h>
51 #include <sys/sx.h>
52 #include <sys/namei.h>
53 #include <sys/mount.h>
54 #include <sys/queue.h>
55 #include <sys/socket.h>
56 #include <sys/syscallsubr.h>
57 #include <sys/sysctl.h>
58 #include <sys/vnode.h>
59
60 #include <net/if.h>
61 #include <net/vnet.h>
62
63 #include <netinet/in.h>
64
65 static in_addr_t
prison_primary_ip4(const struct prison * pr)66 prison_primary_ip4(const struct prison *pr)
67 {
68
69 return (((const struct in_addr *)prison_ip_get0(pr, PR_INET))->s_addr);
70 }
71
72 int
prison_qcmp_v4(const void * ip1,const void * ip2)73 prison_qcmp_v4(const void *ip1, const void *ip2)
74 {
75 in_addr_t iaa, iab;
76
77 /*
78 * We need to compare in HBO here to get the list sorted as expected
79 * by the result of the code. Sorting NBO addresses gives you
80 * interesting results. If you do not understand, do not try.
81 */
82 iaa = ntohl(((const struct in_addr *)ip1)->s_addr);
83 iab = ntohl(((const struct in_addr *)ip2)->s_addr);
84
85 /*
86 * Do not simply return the difference of the two numbers, the int is
87 * not wide enough.
88 */
89 if (iaa > iab)
90 return (1);
91 else if (iaa < iab)
92 return (-1);
93 else
94 return (0);
95 }
96
97 bool
prison_valid_v4(const void * ip)98 prison_valid_v4(const void *ip)
99 {
100 return (!in_broadcast(*(const struct in_addr *)ip));
101 }
102
103 /*
104 * Pass back primary IPv4 address of this jail.
105 *
106 * If not restricted return success but do not alter the address. Caller has
107 * to make sure to initialize it correctly (e.g. INADDR_ANY).
108 *
109 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
110 * Address returned in NBO.
111 */
112 int
prison_get_ip4(struct ucred * cred,struct in_addr * ia)113 prison_get_ip4(struct ucred *cred, struct in_addr *ia)
114 {
115 struct prison *pr;
116
117 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
118 KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
119
120 pr = cred->cr_prison;
121 if (!(pr->pr_flags & PR_IP4))
122 return (0);
123 mtx_lock(&pr->pr_mtx);
124 if (!(pr->pr_flags & PR_IP4)) {
125 mtx_unlock(&pr->pr_mtx);
126 return (0);
127 }
128 if (pr->pr_addrs[PR_INET] == NULL) {
129 mtx_unlock(&pr->pr_mtx);
130 return (EAFNOSUPPORT);
131 }
132
133 ia->s_addr = prison_primary_ip4(pr);
134 mtx_unlock(&pr->pr_mtx);
135 return (0);
136 }
137
138 /*
139 * Return true if we should do proper source address selection or are not jailed.
140 * We will return false if we should bypass source address selection in favour
141 * of the primary jail IPv4 address. Only in this case *ia will be updated and
142 * returned in NBO.
143 * Return true, even in case this jail does not allow IPv4.
144 */
145 bool
prison_saddrsel_ip4(struct ucred * cred,struct in_addr * ia)146 prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia)
147 {
148 struct prison *pr;
149 struct in_addr lia;
150
151 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
152 KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
153
154 if (!jailed(cred))
155 return (true);
156
157 pr = cred->cr_prison;
158 if (pr->pr_flags & PR_IP4_SADDRSEL)
159 return (true);
160
161 lia.s_addr = INADDR_ANY;
162 if (prison_get_ip4(cred, &lia) != 0)
163 return (true);
164 if (lia.s_addr == INADDR_ANY)
165 return (true);
166
167 ia->s_addr = lia.s_addr;
168 return (false);
169 }
170
171 /*
172 * Return true if pr1 and pr2 have the same IPv4 address restrictions.
173 */
174 bool
prison_equal_ip4(struct prison * pr1,struct prison * pr2)175 prison_equal_ip4(struct prison *pr1, struct prison *pr2)
176 {
177
178 if (pr1 == pr2)
179 return (true);
180
181 /*
182 * No need to lock since the PR_IP4_USER flag can't be altered for
183 * existing prisons.
184 */
185 while (pr1 != &prison0 &&
186 #ifdef VIMAGE
187 !(pr1->pr_flags & PR_VNET) &&
188 #endif
189 !(pr1->pr_flags & PR_IP4_USER))
190 pr1 = pr1->pr_parent;
191 while (pr2 != &prison0 &&
192 #ifdef VIMAGE
193 !(pr2->pr_flags & PR_VNET) &&
194 #endif
195 !(pr2->pr_flags & PR_IP4_USER))
196 pr2 = pr2->pr_parent;
197 return (pr1 == pr2);
198 }
199
200 /*
201 * Make sure our (source) address is set to something meaningful to this
202 * jail.
203 *
204 * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
205 * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
206 * doesn't allow IPv4. Address passed in in NBO and returned in NBO.
207 */
208 int
prison_local_ip4(struct ucred * cred,struct in_addr * ia)209 prison_local_ip4(struct ucred *cred, struct in_addr *ia)
210 {
211 struct prison *pr;
212 struct in_addr ia0;
213 int error;
214
215 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
216 KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
217
218 pr = cred->cr_prison;
219 if (!(pr->pr_flags & PR_IP4))
220 return (0);
221 mtx_lock(&pr->pr_mtx);
222 if (!(pr->pr_flags & PR_IP4)) {
223 mtx_unlock(&pr->pr_mtx);
224 return (0);
225 }
226 if (pr->pr_addrs[PR_INET] == NULL) {
227 mtx_unlock(&pr->pr_mtx);
228 return (EAFNOSUPPORT);
229 }
230
231 ia0.s_addr = ntohl(ia->s_addr);
232
233 if (ia0.s_addr == INADDR_ANY) {
234 /*
235 * In case there is only 1 IPv4 address, bind directly.
236 */
237 if (prison_ip_cnt(pr, PR_INET) == 1)
238 ia->s_addr = prison_primary_ip4(pr);
239 mtx_unlock(&pr->pr_mtx);
240 return (0);
241 }
242
243 error = prison_check_ip4_locked(pr, ia);
244 if (error == EADDRNOTAVAIL && ia0.s_addr == INADDR_LOOPBACK) {
245 ia->s_addr = prison_primary_ip4(pr);
246 error = 0;
247 }
248
249 mtx_unlock(&pr->pr_mtx);
250 return (error);
251 }
252
253 /*
254 * Rewrite destination address in case we will connect to loopback address.
255 *
256 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
257 * Address passed in in NBO and returned in NBO.
258 */
259 int
prison_remote_ip4(struct ucred * cred,struct in_addr * ia)260 prison_remote_ip4(struct ucred *cred, struct in_addr *ia)
261 {
262 struct prison *pr;
263
264 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
265 KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
266
267 pr = cred->cr_prison;
268 if (!(pr->pr_flags & PR_IP4))
269 return (0);
270 mtx_lock(&pr->pr_mtx);
271 if (!(pr->pr_flags & PR_IP4)) {
272 mtx_unlock(&pr->pr_mtx);
273 return (0);
274 }
275 if (pr->pr_addrs[PR_INET] == NULL) {
276 mtx_unlock(&pr->pr_mtx);
277 return (EAFNOSUPPORT);
278 }
279
280 if (ntohl(ia->s_addr) == INADDR_LOOPBACK &&
281 prison_check_ip4_locked(pr, ia) == EADDRNOTAVAIL) {
282 ia->s_addr = prison_primary_ip4(pr);
283 mtx_unlock(&pr->pr_mtx);
284 return (0);
285 }
286
287 /*
288 * Return success because nothing had to be changed.
289 */
290 mtx_unlock(&pr->pr_mtx);
291 return (0);
292 }
293
294 /*
295 * Check if given address belongs to the jail referenced by cred/prison.
296 *
297 * Returns 0 if address belongs to jail,
298 * EADDRNOTAVAIL if the address doesn't belong to the jail.
299 */
300 int
prison_check_ip4_locked(const struct prison * pr,const struct in_addr * ia)301 prison_check_ip4_locked(const struct prison *pr, const struct in_addr *ia)
302 {
303
304 if (!(pr->pr_flags & PR_IP4))
305 return (0);
306
307 return (prison_ip_check(pr, PR_INET, ia));
308 }
309
310 int
prison_check_ip4(const struct ucred * cred,const struct in_addr * ia)311 prison_check_ip4(const struct ucred *cred, const struct in_addr *ia)
312 {
313 struct prison *pr;
314 int error;
315
316 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
317 KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
318
319 pr = cred->cr_prison;
320 if (!(pr->pr_flags & PR_IP4))
321 return (0);
322 mtx_lock(&pr->pr_mtx);
323 if (!(pr->pr_flags & PR_IP4)) {
324 mtx_unlock(&pr->pr_mtx);
325 return (0);
326 }
327 if (pr->pr_addrs[PR_INET] == NULL) {
328 mtx_unlock(&pr->pr_mtx);
329 return (EAFNOSUPPORT);
330 }
331
332 error = prison_check_ip4_locked(pr, ia);
333 mtx_unlock(&pr->pr_mtx);
334 return (error);
335 }
336