jailp.h revision 236198 
1290001Sglebius/*-
2290001Sglebius * Copyright (c) 2011 James Gritton.
3290001Sglebius * All rights reserved.
4290001Sglebius *
5290001Sglebius * Redistribution and use in source and binary forms, with or without
6290001Sglebius * modification, are permitted provided that the following conditions
7290001Sglebius * are met:
8290001Sglebius * 1. Redistributions of source code must retain the above copyright
9290001Sglebius *    notice, this list of conditions and the following disclaimer.
10290001Sglebius * 2. Redistributions in binary form must reproduce the above copyright
11290001Sglebius *    notice, this list of conditions and the following disclaimer in the
12290001Sglebius *    documentation and/or other materials provided with the distribution.
13290001Sglebius *
14290001Sglebius * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15290001Sglebius * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16290001Sglebius * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17290001Sglebius * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18290001Sglebius * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19290001Sglebius * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20290001Sglebius * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21290001Sglebius * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22290001Sglebius * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23290001Sglebius * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24290001Sglebius * SUCH DAMAGE.
25290001Sglebius *
26290001Sglebius * $FreeBSD: head/usr.sbin/jail/jailp.h 236198 2012-05-28 20:44:11Z jamie $
27290001Sglebius */
28290001Sglebius
29290001Sglebius#include <sys/param.h>
30290001Sglebius#include <sys/types.h>
31290001Sglebius#include <sys/jail.h>
32290001Sglebius#include <sys/queue.h>
33290001Sglebius#include <sys/time.h>
34290001Sglebius
35290001Sglebius#include <jail.h>
36290001Sglebius
37290001Sglebius#define CONF_FILE	"/etc/jail.conf"
38290001Sglebius
39290001Sglebius#define DEP_FROM	0
40290001Sglebius#define DEP_TO		1
41290001Sglebius
42290001Sglebius#define DF_SEEN		0x01	/* Dependency has been followed */
43290001Sglebius#define DF_LIGHT	0x02	/* Implied dependency on jail existence only */
44290001Sglebius#define DF_NOFAIL	0x04	/* Don't propigate failed jails */
45290001Sglebius
46290001Sglebius#define PF_VAR		0x01	/* This is a variable, not a true parameter */
47290001Sglebius#define PF_APPEND	0x02	/* Append to existing parameter list */
48290001Sglebius#define PF_BAD		0x04	/* Unable to resolve parameter value */
49290001Sglebius#define PF_INTERNAL	0x08	/* Internal parameter, not passed to kernel */
50290001Sglebius#define PF_BOOL		0x10	/* Boolean parameter */
51290001Sglebius#define PF_INT		0x20	/* Integer parameter */
52290001Sglebius#define PF_CONV		0x40	/* Parameter duplicated in converted form */
53290001Sglebius
54290001Sglebius#define JF_START	0x0001	/* -c */
55290001Sglebius#define JF_SET		0x0002	/* -m */
56290001Sglebius#define JF_STOP		0x0004	/* -r */
57290001Sglebius#define JF_DEPEND	0x0008	/* Operation required by dependency */
58290001Sglebius#define JF_WILD		0x0010	/* Not specified on the command line */
59290001Sglebius#define JF_FAILED	0x0020	/* Operation failed */
60290001Sglebius#define JF_PARAMS	0x0040	/* Parameters checked and imported */
61290001Sglebius#define JF_RDTUN	0x0080	/* Create-only parameter check has been done */
62290001Sglebius#define JF_PERSIST	0x0100	/* Jail is temporarily persistent */
63290001Sglebius#define JF_TIMEOUT	0x0200	/* A command (or process kill) timed out */
64290001Sglebius#define JF_SLEEPQ	0x0400	/* Waiting on a command and/or timeout */
65290001Sglebius
66290001Sglebius#define JF_OP_MASK		(JF_START | JF_SET | JF_STOP)
67290001Sglebius#define JF_RESTART		(JF_START | JF_STOP)
68290001Sglebius#define JF_START_SET		(JF_START | JF_SET)
69290001Sglebius#define JF_SET_RESTART		(JF_SET | JF_STOP)
70290001Sglebius#define JF_START_SET_RESTART	(JF_START | JF_SET | JF_STOP)
71290001Sglebius#define JF_DO_STOP(js)		(((js) & (JF_SET | JF_STOP)) == JF_STOP)
72290001Sglebius
73290001Sglebiusenum intparam {
74290001Sglebius	IP__NULL = 0,		/* Null command */
75290001Sglebius	IP_ALLOW_DYING,		/* Allow making changes to a dying jail */
76290001Sglebius	IP_COMMAND,		/* Command run inside jail at creation */
77290001Sglebius	IP_DEPEND,		/* Jail starts after (stops before) another */
78290001Sglebius	IP_EXEC_CLEAN,		/* Run commands in a clean environment */
79290001Sglebius	IP_EXEC_CONSOLELOG,	/* Redirect optput for commands run in jail */
80290001Sglebius	IP_EXEC_FIB,		/* Run jailed commands with this FIB */
81290001Sglebius	IP_EXEC_JAIL_USER,	/* Run jailed commands as this user */
82290001Sglebius	IP_EXEC_POSTSTART,	/* Commands run outside jail after creating */
83290001Sglebius	IP_EXEC_POSTSTOP,	/* Commands run outside jail after removing */
84290001Sglebius	IP_EXEC_PRESTART,	/* Commands run outside jail before creating */
85290001Sglebius	IP_EXEC_PRESTOP,	/* Commands run outside jail before removing */
86290001Sglebius	IP_EXEC_START,		/* Commands run inside jail on creation */
87290001Sglebius	IP_EXEC_STOP,		/* Commands run inside jail on removal */
88290001Sglebius	IP_EXEC_SYSTEM_JAIL_USER,/* Get jail_user from system passwd file */
89290001Sglebius	IP_EXEC_SYSTEM_USER,	/* Run non-jailed commands as this user */
90290001Sglebius	IP_EXEC_TIMEOUT,	/* Time to wait for a command to complete */
91290001Sglebius#if defined(INET) || defined(INET6)
92290001Sglebius	IP_INTERFACE,		/* Add IP addresses to this interface */
93290001Sglebius	IP_IP_HOSTNAME,		/* Get jail IP address(es) from hostname */
94290001Sglebius#endif
95290001Sglebius	IP_MOUNT,		/* Mount points in fstab(5) form */
96290001Sglebius	IP_MOUNT_DEVFS,		/* Mount /dev under prison root */
97290001Sglebius	IP_MOUNT_FSTAB,		/* A standard fstab(5) file */
98290001Sglebius	IP_STOP_TIMEOUT,	/* Time to wait after sending SIGTERM */
99290001Sglebius	IP_VNET_INTERFACE,	/* Assign interface(s) to vnet jail */
100290001Sglebius#ifdef INET
101290001Sglebius	IP__IP4_IFADDR,		/* Copy of ip4.addr with interface/netmask */
102290001Sglebius#endif
103290001Sglebius#ifdef INET6
104290001Sglebius	IP__IP6_IFADDR,		/* Copy of ip6.addr with interface/prefixlen */
105290001Sglebius#endif
106290001Sglebius	IP__MOUNT_FROM_FSTAB,	/* Line from mount.fstab file */
107290001Sglebius	IP__OP,			/* Placeholder for requested operation */
108290001Sglebius	KP_ALLOW_CHFLAGS,
109290001Sglebius	KP_ALLOW_MOUNT,
110290001Sglebius	KP_ALLOW_RAW_SOCKETS,
111290001Sglebius	KP_ALLOW_SET_HOSTNAME,
112290001Sglebius	KP_ALLOW_SOCKET_AF,
113290001Sglebius	KP_ALLOW_SYSVIPC,
114290001Sglebius	KP_DEVFS_RULESET,
115290001Sglebius	KP_ENFORCE_STATFS,
116290001Sglebius	KP_HOST_HOSTNAME,
117290001Sglebius#ifdef INET
118290001Sglebius	KP_IP4_ADDR,
119290001Sglebius#endif
120290001Sglebius#ifdef INET6
121290001Sglebius	KP_IP6_ADDR,
122290001Sglebius#endif
123290001Sglebius	KP_JID,
124290001Sglebius	KP_NAME,
125290001Sglebius	KP_PATH,
126290001Sglebius	KP_PERSIST,
127290001Sglebius	KP_SECURELEVEL,
128290001Sglebius	KP_VNET,
129290001Sglebius	IP_NPARAM
130290001Sglebius};
131290001Sglebius
132290001SglebiusSTAILQ_HEAD(cfvars, cfvar);
133290001Sglebius
134290001Sglebiusstruct cfvar {
135290001Sglebius	STAILQ_ENTRY(cfvar)	tq;
136290001Sglebius	char			*name;
137290001Sglebius	size_t			pos;
138290001Sglebius};
139290001Sglebius
140290001SglebiusTAILQ_HEAD(cfstrings, cfstring);
141290001Sglebius
142290001Sglebiusstruct cfstring {
143290001Sglebius	TAILQ_ENTRY(cfstring)	tq;
144290001Sglebius	char			*s;
145290001Sglebius	size_t			len;
146290001Sglebius	struct cfvars		vars;
147290001Sglebius};
148290001Sglebius
149290001SglebiusTAILQ_HEAD(cfparams, cfparam);
150290001Sglebius
151290001Sglebiusstruct cfparam {
152290001Sglebius	TAILQ_ENTRY(cfparam)	tq;
153290001Sglebius	char			*name;
154290001Sglebius	struct cfstrings	val;
155290001Sglebius	unsigned		flags;
156290001Sglebius	int			gen;
157290001Sglebius};
158290001Sglebius
159290001SglebiusTAILQ_HEAD(cfjails, cfjail);
160290001SglebiusSTAILQ_HEAD(cfdepends, cfdepend);
161290001Sglebius
162290001Sglebiusstruct cfjail {
163290001Sglebius	TAILQ_ENTRY(cfjail)	tq;
164290001Sglebius	char			*name;
165290001Sglebius	char			*comline;
166290001Sglebius	struct cfparams		params;
167290001Sglebius	struct cfdepends	dep[2];
168290001Sglebius	struct cfjails		*queue;
169290001Sglebius	struct cfparam		*intparams[IP_NPARAM];
170290001Sglebius	struct cfstring		*comstring;
171290001Sglebius	struct jailparam	*jp;
172290001Sglebius	struct timespec		timeout;
173290001Sglebius	const enum intparam	*comparam;
174290001Sglebius	unsigned		flags;
175290001Sglebius	int			jid;
176290001Sglebius	int			seq;
177290001Sglebius	int			pstatus;
178290001Sglebius	int			ndeps;
179290001Sglebius	int			njp;
180290001Sglebius	int			nprocs;
181290001Sglebius};
182290001Sglebius
183290001Sglebiusstruct cfdepend {
184290001Sglebius	STAILQ_ENTRY(cfdepend)	tq[2];
185290001Sglebius	struct cfjail		*j[2];
186290001Sglebius	unsigned		flags;
187290001Sglebius};
188290001Sglebius
189290001Sglebiusextern void *emalloc(size_t);
190290001Sglebiusextern void *erealloc(void *, size_t);
191290001Sglebiusextern char *estrdup(const char *);
192290001Sglebiusextern int create_jail(struct cfjail *j);
193290001Sglebiusextern void failed(struct cfjail *j);
194290001Sglebiusextern void jail_note(const struct cfjail *j, const char *fmt, ...);
195290001Sglebiusextern void jail_warnx(const struct cfjail *j, const char *fmt, ...);
196290001Sglebius
197290001Sglebiusextern int next_command(struct cfjail *j);
198290001Sglebiusextern int finish_command(struct cfjail *j);
199290001Sglebiusextern struct cfjail *next_proc(int nonblock);
200290001Sglebius
201290001Sglebiusextern void load_config(void);
202290001Sglebiusextern struct cfjail *add_jail(void);
203290001Sglebiusextern void add_param(struct cfjail *j, const struct cfparam *p,
204290001Sglebius    enum intparam ipnum, const char *value);
205290001Sglebiusextern int bool_param(const struct cfparam *p);
206290001Sglebiusextern int int_param(const struct cfparam *p, int *ip);
207290001Sglebiusextern const char *string_param(const struct cfparam *p);
208290001Sglebiusextern int check_intparams(struct cfjail *j);
209290001Sglebiusextern int import_params(struct cfjail *j);
210290001Sglebiusextern int equalopts(const char *opt1, const char *opt2);
211290001Sglebiusextern int wild_jail_name(const char *wname);
212290001Sglebiusextern int wild_jail_match(const char *jname, const char *wname);
213290001Sglebius
214290001Sglebiusextern void dep_setup(int docf);
215290001Sglebiusextern int dep_check(struct cfjail *j);
216290001Sglebiusextern void dep_done(struct cfjail *j, unsigned flags);
217290001Sglebiusextern void dep_reset(struct cfjail *j);
218290001Sglebiusextern struct cfjail *next_jail(void);
219290001Sglebiusextern int start_state(const char *target, int docf, unsigned state,
220290001Sglebius    int running);
221290001Sglebiusextern void requeue(struct cfjail *j, struct cfjails *queue);
222290001Sglebius
223290001Sglebiusextern void yyerror(const char *);
224290001Sglebiusextern int yylex(void);
225290001Sglebius
226290001Sglebiusextern struct cfjails cfjails;
227290001Sglebiusextern struct cfjails ready;
228290001Sglebiusextern struct cfjails depend;
229290001Sglebiusextern const char *cfname;
230290001Sglebiusextern int iflag;
231290001Sglebiusextern int note_remove;
232290001Sglebiusextern int paralimit;
233290001Sglebiusextern int verbose;
234290001Sglebius