sys/kern/kern_jail.c

46197Sphk/*
46197Sphk * ----------------------------------------------------------------------------
46197Sphk * "THE BEER-WARE LICENSE" (Revision 42):
46197Sphk * <phk@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
46197Sphk * can do whatever you want with this stuff. If we meet some day, and you think
46197Sphk * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
46197Sphk * ----------------------------------------------------------------------------
46197Sphk *
50477Speter * $FreeBSD: head/sys/kern/kern_jail.c 57163 2000-02-12 13:41:56Z rwatson $
46197Sphk *
46197Sphk */
46155Sphk
46155Sphk#include <sys/param.h>
46155Sphk#include <sys/types.h>
46155Sphk#include <sys/kernel.h>
46155Sphk#include <sys/systm.h>
46155Sphk#include <sys/errno.h>
46155Sphk#include <sys/sysproto.h>
46155Sphk#include <sys/malloc.h>
46155Sphk#include <sys/proc.h>
46155Sphk#include <sys/jail.h>
46155Sphk#include <sys/socket.h>
57163Srwatson#include <sys/sysctl.h>
46155Sphk#include <net/if.h>
46155Sphk#include <netinet/in.h>
46155Sphk
46155SphkMALLOC_DEFINE(M_PRISON, "prison", "Prison structures");
46155Sphk
57163SrwatsonSYSCTL_NODE(, OID_AUTO, jail, CTLFLAG_RW, 0,
57163Srwatson    "Jail rules");
57163Srwatson
57163Srwatsonint	jail_set_hostname_allowed = 1;
57163SrwatsonSYSCTL_INT(_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
57163Srwatson    &jail_set_hostname_allowed, 0,
57163Srwatson    "Processes in jail can set their hostnames");
57163Srwatson
46155Sphkint
46155Sphkjail(p, uap)
46155Sphk        struct proc *p;
46155Sphk        struct jail_args /* {
46155Sphk                syscallarg(struct jail *) jail;
46155Sphk        } */ *uap;
46155Sphk{
46155Sphk	int error;
46155Sphk	struct prison *pr;
46155Sphk	struct jail j;
46155Sphk	struct chroot_args ca;
46155Sphk
46155Sphk	error = suser(p);
46155Sphk	if (error)
46155Sphk		return (error);
46155Sphk	error = copyin(uap->jail, &j, sizeof j);
46155Sphk	if (error)
46155Sphk		return (error);
51398Sphk	if (j.version != 0)
51398Sphk		return (EINVAL);
46155Sphk	MALLOC(pr, struct prison *, sizeof *pr , M_PRISON, M_WAITOK);
46155Sphk	bzero((caddr_t)pr, sizeof *pr);
46155Sphk	error = copyinstr(j.hostname, &pr->pr_host, sizeof pr->pr_host, 0);
46155Sphk	if (error)
46155Sphk		goto bail;
46155Sphk	pr->pr_ip = j.ip_number;
46155Sphk
46155Sphk	ca.path = j.path;
46155Sphk	error = chroot(p, &ca);
46155Sphk	if (error)
46155Sphk		goto bail;
46155Sphk
46155Sphk	pr->pr_ref++;
46155Sphk	p->p_prison = pr;
46155Sphk	p->p_flag |= P_JAILED;
46155Sphk	return (0);
46155Sphk
46155Sphkbail:
46155Sphk	FREE(pr, M_PRISON);
46155Sphk	return (error);
46155Sphk}
46155Sphk
46155Sphkint
46155Sphkprison_ip(struct proc *p, int flag, u_int32_t *ip)
46155Sphk{
46155Sphk	u_int32_t tmp;
46155Sphk
46155Sphk	if (!p->p_prison)
46155Sphk		return (0);
46155Sphk	if (flag)
46155Sphk		tmp = *ip;
46155Sphk	else
46155Sphk		tmp = ntohl(*ip);
46155Sphk	if (tmp == INADDR_ANY) {
46155Sphk		if (flag)
46155Sphk			*ip = p->p_prison->pr_ip;
46155Sphk		else
46155Sphk			*ip = htonl(p->p_prison->pr_ip);
46155Sphk		return (0);
46155Sphk	}
46155Sphk	if (p->p_prison->pr_ip != tmp)
46155Sphk		return (1);
46155Sphk	return (0);
46155Sphk}
46155Sphk
46155Sphkvoid
46155Sphkprison_remote_ip(struct proc *p, int flag, u_int32_t *ip)
46155Sphk{
46155Sphk	u_int32_t tmp;
46155Sphk
46194Sphk	if (!p || !p->p_prison)
46155Sphk		return;
46155Sphk	if (flag)
46155Sphk		tmp = *ip;
46155Sphk	else
46155Sphk		tmp = ntohl(*ip);
46155Sphk	if (tmp == 0x7f000001) {
46155Sphk		if (flag)
46155Sphk			*ip = p->p_prison->pr_ip;
46155Sphk		else
46155Sphk			*ip = htonl(p->p_prison->pr_ip);
46155Sphk		return;
46155Sphk	}
46155Sphk	return;
46155Sphk}
46155Sphk
46155Sphkint
46155Sphkprison_if(struct proc *p, struct sockaddr *sa)
46155Sphk{
46155Sphk	struct sockaddr_in *sai = (struct sockaddr_in*) sa;
46155Sphk	int ok;
46155Sphk
46155Sphk	if (sai->sin_family != AF_INET)
46155Sphk		ok = 0;
46155Sphk	else if (p->p_prison->pr_ip != ntohl(sai->sin_addr.s_addr))
46155Sphk		ok = 1;
46155Sphk	else
46155Sphk		ok = 0;
46155Sphk	return (ok);
46155Sphk}