1 /*-
2 * Copyright (c) 1999 Poul-Henning Kamp.
3 * Copyright (c) 2008 Bjoern A. Zeeb.
4 * Copyright (c) 2009 James Gritton.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
31
32 #include "opt_ddb.h"
33 #include "opt_inet.h"
34 #include "opt_inet6.h"
35
36 #include <sys/param.h>
37 #include <sys/types.h>
38 #include <sys/kernel.h>
39 #include <sys/systm.h>
40 #include <sys/errno.h>
41 #include <sys/sysproto.h>
42 #include <sys/malloc.h>
43 #include <sys/osd.h>
44 #include <sys/priv.h>
45 #include <sys/proc.h>
46 #include <sys/taskqueue.h>
47 #include <sys/fcntl.h>
48 #include <sys/jail.h>
49 #include <sys/lock.h>
50 #include <sys/mutex.h>
51 #include <sys/racct.h>
52 #include <sys/refcount.h>
53 #include <sys/sx.h>
54 #include <sys/namei.h>
55 #include <sys/mount.h>
56 #include <sys/queue.h>
57 #include <sys/socket.h>
58 #include <sys/syscallsubr.h>
59 #include <sys/sysctl.h>
60 #include <sys/vnode.h>
61
62 #include <net/if.h>
63 #include <net/vnet.h>
64
65 #include <netinet/in.h>
66
67 int
68 prison_qcmp_v6(const void *ip1, const void *ip2)
69 {
70 const struct in6_addr *ia6a, *ia6b;
71 int i, rc;
72
73 ia6a = (const struct in6_addr *)ip1;
74 ia6b = (const struct in6_addr *)ip2;
75
76 rc = 0;
77 for (i = 0; rc == 0 && i < sizeof(struct in6_addr); i++) {
78 if (ia6a->s6_addr[i] > ia6b->s6_addr[i])
79 rc = 1;
80 else if (ia6a->s6_addr[i] < ia6b->s6_addr[i])
81 rc = -1;
82 }
83 return (rc);
84 }
85
86 int
87 prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6)
88 {
89 int ii, ij, used;
90 struct prison *ppr;
91
92 ppr = pr->pr_parent;
93 if (!(pr->pr_flags & PR_IP6_USER)) {
94 /* This has no user settings, so just copy the parent's list. */
95 if (pr->pr_ip6s < ppr->pr_ip6s) {
96 /*
97 * There's no room for the parent's list. Use the
98 * new list buffer, which is assumed to be big enough
99 * (if it was passed). If there's no buffer, try to
100 * allocate one.
101 */
102 used = 1;
103 if (newip6 == NULL) {
104 newip6 = malloc(ppr->pr_ip6s * sizeof(*newip6),
105 M_PRISON, M_NOWAIT);
106 if (newip6 != NULL)
107 used = 0;
108 }
109 if (newip6 != NULL) {
110 bcopy(ppr->pr_ip6, newip6,
111 ppr->pr_ip6s * sizeof(*newip6));
112 free(pr->pr_ip6, M_PRISON);
113 pr->pr_ip6 = newip6;
114 pr->pr_ip6s = ppr->pr_ip6s;
115 }
116 return (used);
117 }
118 pr->pr_ip6s = ppr->pr_ip6s;
119 if (pr->pr_ip6s > 0)
120 bcopy(ppr->pr_ip6, pr->pr_ip6,
121 pr->pr_ip6s * sizeof(*newip6));
122 else if (pr->pr_ip6 != NULL) {
123 free(pr->pr_ip6, M_PRISON);
124 pr->pr_ip6 = NULL;
125 }
126 } else if (pr->pr_ip6s > 0) {
127 /* Remove addresses that aren't in the parent. */
128 for (ij = 0; ij < ppr->pr_ip6s; ij++)
129 if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0],
130 &ppr->pr_ip6[ij]))
131 break;
132 if (ij < ppr->pr_ip6s)
133 ii = 1;
134 else {
135 bcopy(pr->pr_ip6 + 1, pr->pr_ip6,
136 --pr->pr_ip6s * sizeof(*pr->pr_ip6));
137 ii = 0;
138 }
139 for (ij = 1; ii < pr->pr_ip6s; ) {
140 if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[ii],
141 &ppr->pr_ip6[0])) {
142 ii++;
143 continue;
144 }
145 switch (ij >= ppr->pr_ip6s ? -1 :
146 prison_qcmp_v6(&pr->pr_ip6[ii], &ppr->pr_ip6[ij])) {
147 case -1:
148 bcopy(pr->pr_ip6 + ii + 1, pr->pr_ip6 + ii,
149 (--pr->pr_ip6s - ii) * sizeof(*pr->pr_ip6));
150 break;
151 case 0:
152 ii++;
153 ij++;
154 break;
155 case 1:
156 ij++;
157 break;
158 }
159 }
160 if (pr->pr_ip6s == 0) {
161 free(pr->pr_ip6, M_PRISON);
162 pr->pr_ip6 = NULL;
163 }
164 }
165 return 0;
166 }
167
168 /*
169 * Pass back primary IPv6 address for this jail.
170 *
171 * If not restricted return success but do not alter the address. Caller has
172 * to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT).
173 *
174 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
175 */
176 int
177 prison_get_ip6(struct ucred *cred, struct in6_addr *ia6)
178 {
179 struct prison *pr;
180
181 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
182 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
183
184 pr = cred->cr_prison;
185 if (!(pr->pr_flags & PR_IP6))
186 return (0);
187 mtx_lock(&pr->pr_mtx);
188 if (!(pr->pr_flags & PR_IP6)) {
189 mtx_unlock(&pr->pr_mtx);
190 return (0);
191 }
192 if (pr->pr_ip6 == NULL) {
193 mtx_unlock(&pr->pr_mtx);
194 return (EAFNOSUPPORT);
195 }
196
197 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
198 mtx_unlock(&pr->pr_mtx);
199 return (0);
200 }
201
202 /*
203 * Return 1 if we should do proper source address selection or are not jailed.
204 * We will return 0 if we should bypass source address selection in favour
205 * of the primary jail IPv6 address. Only in this case *ia will be updated and
206 * returned in NBO.
207 * Return EAFNOSUPPORT, in case this jail does not allow IPv6.
208 */
209 int
210 prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
211 {
212 struct prison *pr;
213 struct in6_addr lia6;
214 int error;
215
216 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
217 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
218
219 if (!jailed(cred))
220 return (1);
221
222 pr = cred->cr_prison;
223 if (pr->pr_flags & PR_IP6_SADDRSEL)
224 return (1);
225
226 lia6 = in6addr_any;
227 error = prison_get_ip6(cred, &lia6);
228 if (error)
229 return (error);
230 if (IN6_IS_ADDR_UNSPECIFIED(&lia6))
231 return (1);
232
233 bcopy(&lia6, ia6, sizeof(struct in6_addr));
234 return (0);
235 }
236
237 /*
238 * Return true if pr1 and pr2 have the same IPv6 address restrictions.
239 */
240 int
241 prison_equal_ip6(struct prison *pr1, struct prison *pr2)
242 {
243
244 if (pr1 == pr2)
245 return (1);
246
247 while (pr1 != &prison0 &&
248 #ifdef VIMAGE
249 !(pr1->pr_flags & PR_VNET) &&
250 #endif
251 !(pr1->pr_flags & PR_IP6_USER))
252 pr1 = pr1->pr_parent;
253 while (pr2 != &prison0 &&
254 #ifdef VIMAGE
255 !(pr2->pr_flags & PR_VNET) &&
256 #endif
257 !(pr2->pr_flags & PR_IP6_USER))
258 pr2 = pr2->pr_parent;
259 return (pr1 == pr2);
260 }
261
262 /*
263 * Make sure our (source) address is set to something meaningful to this jail.
264 *
265 * v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0)
266 * when needed while binding.
267 *
268 * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
269 * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
270 * doesn't allow IPv6.
271 */
272 int
273 prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only)
274 {
275 struct prison *pr;
276 int error;
277
278 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
279 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
280
281 pr = cred->cr_prison;
282 if (!(pr->pr_flags & PR_IP6))
283 return (0);
284 mtx_lock(&pr->pr_mtx);
285 if (!(pr->pr_flags & PR_IP6)) {
286 mtx_unlock(&pr->pr_mtx);
287 return (0);
288 }
289 if (pr->pr_ip6 == NULL) {
290 mtx_unlock(&pr->pr_mtx);
291 return (EAFNOSUPPORT);
292 }
293
294 if (IN6_IS_ADDR_UNSPECIFIED(ia6)) {
295 /*
296 * In case there is only 1 IPv6 address, and v6only is true,
297 * then bind directly.
298 */
299 if (v6only != 0 && pr->pr_ip6s == 1)
300 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
301 mtx_unlock(&pr->pr_mtx);
302 return (0);
303 }
304
305 error = prison_check_ip6_locked(pr, ia6);
306 if (error == EADDRNOTAVAIL && IN6_IS_ADDR_LOOPBACK(ia6)) {
307 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
308 error = 0;
309 }
310
311 mtx_unlock(&pr->pr_mtx);
312 return (error);
313 }
314
315 /*
316 * Rewrite destination address in case we will connect to loopback address.
317 *
318 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
319 */
320 int
321 prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6)
322 {
323 struct prison *pr;
324
325 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
326 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
327
328 pr = cred->cr_prison;
329 if (!(pr->pr_flags & PR_IP6))
330 return (0);
331 mtx_lock(&pr->pr_mtx);
332 if (!(pr->pr_flags & PR_IP6)) {
333 mtx_unlock(&pr->pr_mtx);
334 return (0);
335 }
336 if (pr->pr_ip6 == NULL) {
337 mtx_unlock(&pr->pr_mtx);
338 return (EAFNOSUPPORT);
339 }
340
341 if (IN6_IS_ADDR_LOOPBACK(ia6) &&
342 prison_check_ip6_locked(pr, ia6) == EADDRNOTAVAIL) {
343 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
344 mtx_unlock(&pr->pr_mtx);
345 return (0);
346 }
347
348 /*
349 * Return success because nothing had to be changed.
350 */
351 mtx_unlock(&pr->pr_mtx);
352 return (0);
353 }
354
355 /*
356 * Check if given address belongs to the jail referenced by cred/prison.
357 *
358 * Returns 0 if address belongs to jail,
359 * EADDRNOTAVAIL if the address doesn't belong to the jail.
360 */
361 int
362 prison_check_ip6_locked(const struct prison *pr, const struct in6_addr *ia6)
363 {
364 int i, a, z, d;
365
366 /*
367 * Check the primary IP.
368 */
369 if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0], ia6))
370 return (0);
371
372 /*
373 * All the other IPs are sorted so we can do a binary search.
374 */
375 a = 0;
376 z = pr->pr_ip6s - 2;
377 while (a <= z) {
378 i = (a + z) / 2;
379 d = prison_qcmp_v6(&pr->pr_ip6[i+1], ia6);
380 if (d > 0)
381 z = i - 1;
382 else if (d < 0)
383 a = i + 1;
384 else
385 return (0);
386 }
387
388 return (EADDRNOTAVAIL);
389 }
390
391 int
392 prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6)
393 {
394 struct prison *pr;
395 int error;
396
397 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
398 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
399
400 pr = cred->cr_prison;
401 if (!(pr->pr_flags & PR_IP6))
402 return (0);
403 mtx_lock(&pr->pr_mtx);
404 if (!(pr->pr_flags & PR_IP6)) {
405 mtx_unlock(&pr->pr_mtx);
406 return (0);
407 }
408 if (pr->pr_ip6 == NULL) {
409 mtx_unlock(&pr->pr_mtx);
410 return (EAFNOSUPPORT);
411 }
412
413 error = prison_check_ip6_locked(pr, ia6);
414 mtx_unlock(&pr->pr_mtx);
415 return (error);
416 }
Cache object: 5101c21c155c0fbfdb3bdbc4fe28cd46
|