xref: /freebsd/usr.sbin/jail/jail.c (revision bb15ca603fa442c72dde3f3cb8b46db6970e3950)
1 /*-
2  * Copyright (c) 1999 Poul-Henning Kamp.
3  * Copyright (c) 2009 James Gritton
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
30 
31 #include <sys/param.h>
32 #include <sys/jail.h>
33 #include <sys/socket.h>
34 #include <sys/sysctl.h>
35 
36 #include <arpa/inet.h>
37 #include <netinet/in.h>
38 
39 #include <ctype.h>
40 #include <err.h>
41 #include <errno.h>
42 #include <grp.h>
43 #include <jail.h>
44 #include <login_cap.h>
45 #include <netdb.h>
46 #include <paths.h>
47 #include <pwd.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <string.h>
51 #include <unistd.h>
52 
53 static struct jailparam *params;
54 static char **param_values;
55 static int nparams;
56 
57 #ifdef INET6
58 static int ip6_ok;
59 static char *ip6_addr;
60 #endif
61 #ifdef INET
62 static int ip4_ok;
63 static char *ip4_addr;
64 #endif
65 
66 #if defined(INET6) || defined(INET)
67 static void add_ip_addr(char **addrp, char *newaddr);
68 #endif
69 #ifdef INET6
70 static void add_ip_addr46(char *newaddr);
71 #endif
72 static void add_ip_addrinfo(int ai_flags, char *value);
73 static void quoted_print(FILE *fp, char *str);
74 static void set_param(const char *name, char *value);
75 static void usage(void);
76 
77 static const char *perm_sysctl[][3] = {
78 	{ "security.jail.set_hostname_allowed",
79 	  "allow.noset_hostname", "allow.set_hostname" },
80 	{ "security.jail.sysvipc_allowed",
81 	  "allow.nosysvipc", "allow.sysvipc" },
82 	{ "security.jail.allow_raw_sockets",
83 	  "allow.noraw_sockets", "allow.raw_sockets" },
84 	{ "security.jail.chflags_allowed",
85 	  "allow.nochflags", "allow.chflags" },
86 	{ "security.jail.mount_allowed",
87 	  "allow.nomount", "allow.mount" },
88 	{ "security.jail.socket_unixiproute_only",
89 	  "allow.socket_af", "allow.nosocket_af" },
90 };
91 
92 extern char **environ;
93 
94 #define GET_USER_INFO do {						\
95 	pwd = getpwnam(username);					\
96 	if (pwd == NULL) {						\
97 		if (errno)						\
98 			err(1, "getpwnam: %s", username);		\
99 		else							\
100 			errx(1, "%s: no such user", username);		\
101 	}								\
102 	lcap = login_getpwclass(pwd);					\
103 	if (lcap == NULL)						\
104 		err(1, "getpwclass: %s", username);			\
105 	ngroups = ngroups_max;						\
106 	if (getgrouplist(username, pwd->pw_gid, groups, &ngroups) != 0)	\
107 		err(1, "getgrouplist: %s", username);			\
108 } while (0)
109 
110 int
111 main(int argc, char **argv)
112 {
113 	login_cap_t *lcap = NULL;
114 	struct passwd *pwd = NULL;
115 	gid_t *groups;
116 	size_t sysvallen;
117 	int ch, cmdarg, i, jail_set_flags, jid, ngroups, sysval;
118 	int hflag, iflag, Jflag, lflag, rflag, uflag, Uflag;
119 	long ngroups_max;
120 	unsigned pi;
121 	char *jailname, *securelevel, *username, *JidFile;
122 	char enforce_statfs[4];
123 	static char *cleanenv;
124 	const char *shell, *p = NULL;
125 	FILE *fp;
126 
127 	hflag = iflag = Jflag = lflag = rflag = uflag = Uflag =
128 	    jail_set_flags = 0;
129 	cmdarg = jid = -1;
130 	jailname = securelevel = username = JidFile = cleanenv = NULL;
131 	fp = NULL;
132 
133 	ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
134 	if ((groups = malloc(sizeof(gid_t) * ngroups_max)) == NULL)
135 		err(1, "malloc");
136 
137 	while ((ch = getopt(argc, argv, "cdhilmn:r:s:u:U:J:")) != -1) {
138 		switch (ch) {
139 		case 'd':
140 			jail_set_flags |= JAIL_DYING;
141 			break;
142 		case 'h':
143 			hflag = 1;
144 			break;
145 		case 'i':
146 			iflag = 1;
147 			break;
148 		case 'J':
149 			JidFile = optarg;
150 			Jflag = 1;
151 			break;
152 		case 'n':
153 			jailname = optarg;
154 			break;
155 		case 's':
156 			securelevel = optarg;
157 			break;
158 		case 'u':
159 			username = optarg;
160 			uflag = 1;
161 			break;
162 		case 'U':
163 			username = optarg;
164 			Uflag = 1;
165 			break;
166 		case 'l':
167 			lflag = 1;
168 			break;
169 		case 'c':
170 			jail_set_flags |= JAIL_CREATE;
171 			break;
172 		case 'm':
173 			jail_set_flags |= JAIL_UPDATE;
174 			break;
175 		case 'r':
176 			jid = jail_getid(optarg);
177 			if (jid < 0)
178 				errx(1, "%s", jail_errmsg);
179 			rflag = 1;
180 			break;
181 		default:
182 			usage();
183 		}
184 	}
185 	argc -= optind;
186 	argv += optind;
187 	if (rflag) {
188 		if (argc > 0 || iflag || Jflag || lflag || uflag || Uflag)
189 			usage();
190 		if (jail_remove(jid) < 0)
191 			err(1, "jail_remove");
192 		exit (0);
193 	}
194 	if (argc == 0)
195 		usage();
196 	if (uflag && Uflag)
197 		usage();
198 	if (lflag && username == NULL)
199 		usage();
200 	if (uflag)
201 		GET_USER_INFO;
202 
203 #ifdef INET6
204 	ip6_ok = feature_present("inet6");
205 #endif
206 #ifdef INET
207 	ip4_ok = feature_present("inet");
208 #endif
209 
210 	if (jailname)
211 		set_param("name", jailname);
212 	if (securelevel)
213 		set_param("securelevel", securelevel);
214 	if (jail_set_flags) {
215 		for (i = 0; i < argc; i++) {
216 			if (!strncmp(argv[i], "command=", 8)) {
217 				cmdarg = i;
218 				argv[cmdarg] += 8;
219 				jail_set_flags |= JAIL_ATTACH;
220 				break;
221 			}
222 			if (hflag) {
223 #ifdef INET
224 				if (!strncmp(argv[i], "ip4.addr=", 9)) {
225 					add_ip_addr(&ip4_addr, argv[i] + 9);
226 					break;
227 				}
228 #endif
229 #ifdef INET6
230 				if (!strncmp(argv[i], "ip6.addr=", 9)) {
231 					add_ip_addr(&ip6_addr, argv[i] + 9);
232 					break;
233 				}
234 #endif
235 				if (!strncmp(argv[i], "host.hostname=", 14))
236 					add_ip_addrinfo(0, argv[i] + 14);
237 			}
238 			set_param(NULL, argv[i]);
239 		}
240 	} else {
241 		if (argc < 4 || argv[0][0] != '/')
242 			errx(1, "%s\n%s",
243 			   "no -c or -m, so this must be an old-style command.",
244 			   "But it doesn't look like one.");
245 		set_param("path", argv[0]);
246 		set_param("host.hostname", argv[1]);
247 		if (hflag)
248 			add_ip_addrinfo(0, argv[1]);
249 #if defined(INET6) || defined(INET)
250 		if (argv[2][0] != '\0')
251 #ifdef INET6
252 			add_ip_addr46(argv[2]);
253 #else
254 			add_ip_addr(&ip4_addr, argv[2]);
255 #endif
256 #endif
257 		cmdarg = 3;
258 		/* Emulate the defaults from security.jail.* sysctls */
259 		sysvallen = sizeof(sysval);
260 		if (sysctlbyname("security.jail.jailed", &sysval, &sysvallen,
261 		    NULL, 0) == 0 && sysval == 0) {
262 			for (pi = 0; pi < sizeof(perm_sysctl) /
263 			     sizeof(perm_sysctl[0]); pi++) {
264 				sysvallen = sizeof(sysval);
265 				if (sysctlbyname(perm_sysctl[pi][0],
266 				    &sysval, &sysvallen, NULL, 0) == 0)
267 					set_param(perm_sysctl[pi]
268 					    [sysval ? 2 : 1], NULL);
269 			}
270 			sysvallen = sizeof(sysval);
271 			if (sysctlbyname("security.jail.enforce_statfs",
272 			    &sysval, &sysvallen, NULL, 0) == 0) {
273 				snprintf(enforce_statfs,
274 				    sizeof(enforce_statfs), "%d", sysval);
275 				set_param("enforce_statfs", enforce_statfs);
276 			}
277 		}
278 	}
279 #ifdef INET
280 	if (ip4_addr != NULL)
281 		set_param("ip4.addr", ip4_addr);
282 #endif
283 #ifdef INET6
284 	if (ip6_addr != NULL)
285 		set_param("ip6.addr", ip6_addr);
286 #endif
287 
288 	if (Jflag) {
289 		fp = fopen(JidFile, "w");
290 		if (fp == NULL)
291 			errx(1, "Could not create JidFile: %s", JidFile);
292 	}
293 	jid = jailparam_set(params, nparams,
294 	    jail_set_flags ? jail_set_flags : JAIL_CREATE | JAIL_ATTACH);
295 	if (jid < 0)
296 		errx(1, "%s", jail_errmsg);
297 	if (iflag) {
298 		printf("%d\n", jid);
299 		fflush(stdout);
300 	}
301 	if (Jflag) {
302 		if (jail_set_flags) {
303 			fprintf(fp, "jid=%d", jid);
304 			for (i = 0; i < nparams; i++)
305 				if (strcmp(params[i].jp_name, "jid")) {
306 					fprintf(fp, " %s",
307 					    (char *)params[i].jp_name);
308 					if (param_values[i]) {
309 						putc('=', fp);
310 						quoted_print(fp,
311 						    param_values[i]);
312 					}
313 				}
314 			fprintf(fp, "\n");
315 		} else {
316 			for (i = 0; i < nparams; i++)
317 				if (!strcmp(params[i].jp_name, "path"))
318 					break;
319 #if defined(INET6) && defined(INET)
320 			fprintf(fp, "%d\t%s\t%s\t%s%s%s\t%s\n",
321 			    jid, i < nparams
322 			    ? (char *)params[i].jp_value : argv[0],
323 			    argv[1], ip4_addr ? ip4_addr : "",
324 			    ip4_addr && ip4_addr[0] && ip6_addr && ip6_addr[0]
325 			    ? "," : "", ip6_addr ? ip6_addr : "", argv[3]);
326 #elif defined(INET6)
327 			fprintf(fp, "%d\t%s\t%s\t%s\t%s\n",
328 			    jid, i < nparams
329 			    ?  (char *)params[i].jp_value : argv[0],
330 			    argv[1], ip6_addr ? ip6_addr : "", argv[3]);
331 #elif defined(INET)
332 			fprintf(fp, "%d\t%s\t%s\t%s\t%s\n",
333 			    jid, i < nparams
334 			    ? (char *)params[i].jp_value : argv[0],
335 			    argv[1], ip4_addr ? ip4_addr : "", argv[3]);
336 #endif
337 		}
338 		(void)fclose(fp);
339 	}
340 	if (cmdarg < 0)
341 		exit(0);
342 	if (username != NULL) {
343 		if (Uflag)
344 			GET_USER_INFO;
345 		if (lflag) {
346 			p = getenv("TERM");
347 			environ = &cleanenv;
348 		}
349 		if (setgroups(ngroups, groups) != 0)
350 			err(1, "setgroups");
351 		if (setgid(pwd->pw_gid) != 0)
352 			err(1, "setgid");
353 		if (setusercontext(lcap, pwd, pwd->pw_uid,
354 		    LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN) != 0)
355 			err(1, "setusercontext");
356 		login_close(lcap);
357 	}
358 	if (lflag) {
359 		if (*pwd->pw_shell)
360 			shell = pwd->pw_shell;
361 		else
362 			shell = _PATH_BSHELL;
363 		if (chdir(pwd->pw_dir) < 0)
364 			errx(1, "no home directory");
365 		setenv("HOME", pwd->pw_dir, 1);
366 		setenv("SHELL", shell, 1);
367 		setenv("USER", pwd->pw_name, 1);
368 		if (p)
369 			setenv("TERM", p, 1);
370 	}
371 	execvp(argv[cmdarg], argv + cmdarg);
372 	err(1, "execvp: %s", argv[cmdarg]);
373 }
374 
375 #if defined(INET6) || defined(INET)
376 static void
377 add_ip_addr(char **addrp, char *value)
378 {
379 	int addrlen;
380 	char *addr;
381 
382 	if (!*addrp) {
383 		*addrp = strdup(value);
384 		if (!*addrp)
385 			err(1, "malloc");
386 	} else if (value[0]) {
387 		addrlen = strlen(*addrp) + strlen(value) + 2;
388 		addr = malloc(addrlen);
389 		if (!addr)
390 			err(1, "malloc");
391 		snprintf(addr, addrlen, "%s,%s", *addrp, value);
392 		free(*addrp);
393 		*addrp = addr;
394 	}
395 }
396 #endif
397 
398 #ifdef INET6
399 static void
400 add_ip_addr46(char *value)
401 {
402 	char *p, *np;
403 
404 	for (p = value;; p = np + 1)
405 	{
406 		np = strchr(p, ',');
407 		if (np)
408 			*np = '\0';
409 		add_ip_addrinfo(AI_NUMERICHOST, p);
410 		if (!np)
411 			break;
412 	}
413 }
414 #endif
415 
416 static void
417 add_ip_addrinfo(int ai_flags, char *value)
418 {
419 	struct addrinfo hints, *ai0, *ai;
420 	int error;
421 #ifdef INET
422 	char avalue4[INET_ADDRSTRLEN];
423 	struct in_addr addr4;
424 #endif
425 #ifdef INET6
426 	char avalue6[INET6_ADDRSTRLEN];
427 	struct in6_addr addr6;
428 #endif
429 
430 	/* Look up the hostname (or get the address) */
431 	memset(&hints, 0, sizeof(hints));
432 	hints.ai_socktype = SOCK_STREAM;
433 #if defined(INET6) && defined(INET)
434 	hints.ai_family = PF_UNSPEC;
435 #elif defined(INET6)
436 	hints.ai_family = PF_INET6;
437 #elif defined(INET)
438 	hints.ai_family = PF_INET;
439 #endif
440 	hints.ai_flags = ai_flags;
441 	error = getaddrinfo(value, NULL, &hints, &ai0);
442 	if (error != 0)
443 		errx(1, "hostname %s: %s", value, gai_strerror(error));
444 
445 	/* Convert the addresses to ASCII so set_param can convert them back. */
446 	for (ai = ai0; ai; ai = ai->ai_next)
447 		switch (ai->ai_family) {
448 #ifdef INET
449 		case AF_INET:
450 			if (!ip4_ok && (ai_flags & AI_NUMERICHOST) == 0)
451 				break;
452 			memcpy(&addr4, &((struct sockaddr_in *)
453 			    (void *)ai->ai_addr)->sin_addr, sizeof(addr4));
454 			if (inet_ntop(AF_INET, &addr4, avalue4,
455 			    INET_ADDRSTRLEN) == NULL)
456 				err(1, "inet_ntop");
457 			add_ip_addr(&ip4_addr, avalue4);
458 			break;
459 #endif
460 #ifdef INET6
461 		case AF_INET6:
462 			if (!ip6_ok && (ai_flags & AI_NUMERICHOST) == 0)
463 				break;
464 			memcpy(&addr6, &((struct sockaddr_in6 *)
465 			    (void *)ai->ai_addr)->sin6_addr, sizeof(addr6));
466 			if (inet_ntop(AF_INET6, &addr6, avalue6,
467 			    INET6_ADDRSTRLEN) == NULL)
468 				err(1, "inet_ntop");
469 			add_ip_addr(&ip6_addr, avalue6);
470 			break;
471 #endif
472 		}
473 	freeaddrinfo(ai0);
474 }
475 
476 static void
477 quoted_print(FILE *fp, char *str)
478 {
479 	int c, qc;
480 	char *p = str;
481 
482 	/* An empty string needs quoting. */
483 	if (!*p) {
484 		fputs("\"\"", fp);
485 		return;
486 	}
487 
488 	/*
489 	 * The value will be surrounded by quotes if it contains spaces
490 	 * or quotes.
491 	 */
492 	qc = strchr(p, '\'') ? '"'
493 	    : strchr(p, '"') ? '\''
494 	    : strchr(p, ' ') || strchr(p, '\t') ? '"'
495 	    : 0;
496 	if (qc)
497 		putc(qc, fp);
498 	while ((c = *p++)) {
499 		if (c == '\\' || c == qc)
500 			putc('\\', fp);
501 		putc(c, fp);
502 	}
503 	if (qc)
504 		putc(qc, fp);
505 }
506 
507 static void
508 set_param(const char *name, char *value)
509 {
510 	struct jailparam *param;
511 	int i;
512 
513 	static int paramlistsize;
514 
515 	/* Separate the name from the value, if not done already. */
516 	if (name == NULL) {
517 		name = value;
518 		if ((value = strchr(value, '=')))
519 			*value++ = '\0';
520 	}
521 
522 	/* jail_set won't chdir along with its chroot, so do it here. */
523 	if (!strcmp(name, "path") && chdir(value) < 0)
524 		err(1, "chdir: %s", value);
525 
526 	/* Check for repeat parameters */
527 	for (i = 0; i < nparams; i++)
528 		if (!strcmp(name, params[i].jp_name)) {
529 			jailparam_free(params + i, 1);
530 			memcpy(params + i, params + i + 1,
531 			    (--nparams - i) * sizeof(struct jailparam));
532 			break;
533 		}
534 
535 	/* Make sure there is room for the new param record. */
536 	if (!nparams) {
537 		paramlistsize = 32;
538 		params = malloc(paramlistsize * sizeof(*params));
539 		param_values = malloc(paramlistsize * sizeof(*param_values));
540 		if (params == NULL || param_values == NULL)
541 			err(1, "malloc");
542 	} else if (nparams >= paramlistsize) {
543 		paramlistsize *= 2;
544 		params = realloc(params, paramlistsize * sizeof(*params));
545 		param_values = realloc(param_values,
546 		    paramlistsize * sizeof(*param_values));
547 		if (params == NULL)
548 			err(1, "realloc");
549 	}
550 
551 	/* Look up the paramter. */
552 	param_values[nparams] = value;
553 	param = params + nparams++;
554 	if (jailparam_init(param, name) < 0 ||
555 	    jailparam_import(param, value) < 0)
556 		errx(1, "%s", jail_errmsg);
557 }
558 
559 static void
560 usage(void)
561 {
562 
563 	(void)fprintf(stderr,
564 	    "usage: jail [-d] [-h] [-i] [-J jid_file] "
565 			"[-l -u username | -U username]\n"
566 	    "            [-c | -m] param=value ... [command=command ...]\n"
567 	    "       jail [-r jail]\n");
568 	exit(1);
569 }
570