Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netinet6/in6_jail.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1999 Poul-Henning Kamp. 3 * Copyright (c) 2008 Bjoern A. Zeeb. 4 * Copyright (c) 2009 James Gritton. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 __FBSDID("$FreeBSD$"); 31 32 #include "opt_ddb.h" 33 #include "opt_inet.h" 34 #include "opt_inet6.h" 35 36 #include <sys/param.h> 37 #include <sys/types.h> 38 #include <sys/kernel.h> 39 #include <sys/systm.h> 40 #include <sys/errno.h> 41 #include <sys/sysproto.h> 42 #include <sys/malloc.h> 43 #include <sys/osd.h> 44 #include <sys/priv.h> 45 #include <sys/proc.h> 46 #include <sys/taskqueue.h> 47 #include <sys/fcntl.h> 48 #include <sys/jail.h> 49 #include <sys/lock.h> 50 #include <sys/mutex.h> 51 #include <sys/racct.h> 52 #include <sys/refcount.h> 53 #include <sys/sx.h> 54 #include <sys/namei.h> 55 #include <sys/mount.h> 56 #include <sys/queue.h> 57 #include <sys/socket.h> 58 #include <sys/syscallsubr.h> 59 #include <sys/sysctl.h> 60 #include <sys/vnode.h> 61 62 #include <net/if.h> 63 #include <net/vnet.h> 64 65 #include <netinet/in.h> 66 67 int 68 prison_qcmp_v6(const void *ip1, const void *ip2) 69 { 70 const struct in6_addr *ia6a, *ia6b; 71 int i, rc; 72 73 ia6a = (const struct in6_addr *)ip1; 74 ia6b = (const struct in6_addr *)ip2; 75 76 rc = 0; 77 for (i = 0; rc == 0 && i < sizeof(struct in6_addr); i++) { 78 if (ia6a->s6_addr[i] > ia6b->s6_addr[i]) 79 rc = 1; 80 else if (ia6a->s6_addr[i] < ia6b->s6_addr[i]) 81 rc = -1; 82 } 83 return (rc); 84 } 85 86 int 87 prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6) 88 { 89 int ii, ij, used; 90 struct prison *ppr; 91 92 ppr = pr->pr_parent; 93 if (!(pr->pr_flags & PR_IP6_USER)) { 94 /* This has no user settings, so just copy the parent's list. */ 95 if (pr->pr_ip6s < ppr->pr_ip6s) { 96 /* 97 * There's no room for the parent's list. Use the 98 * new list buffer, which is assumed to be big enough 99 * (if it was passed). If there's no buffer, try to 100 * allocate one. 101 */ 102 used = 1; 103 if (newip6 == NULL) { 104 newip6 = malloc(ppr->pr_ip6s * sizeof(*newip6), 105 M_PRISON, M_NOWAIT); 106 if (newip6 != NULL) 107 used = 0; 108 } 109 if (newip6 != NULL) { 110 bcopy(ppr->pr_ip6, newip6, 111 ppr->pr_ip6s * sizeof(*newip6)); 112 free(pr->pr_ip6, M_PRISON); 113 pr->pr_ip6 = newip6; 114 pr->pr_ip6s = ppr->pr_ip6s; 115 } 116 return (used); 117 } 118 pr->pr_ip6s = ppr->pr_ip6s; 119 if (pr->pr_ip6s > 0) 120 bcopy(ppr->pr_ip6, pr->pr_ip6, 121 pr->pr_ip6s * sizeof(*newip6)); 122 else if (pr->pr_ip6 != NULL) { 123 free(pr->pr_ip6, M_PRISON); 124 pr->pr_ip6 = NULL; 125 } 126 } else if (pr->pr_ip6s > 0) { 127 /* Remove addresses that aren't in the parent. */ 128 for (ij = 0; ij < ppr->pr_ip6s; ij++) 129 if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0], 130 &ppr->pr_ip6[ij])) 131 break; 132 if (ij < ppr->pr_ip6s) 133 ii = 1; 134 else { 135 bcopy(pr->pr_ip6 + 1, pr->pr_ip6, 136 --pr->pr_ip6s * sizeof(*pr->pr_ip6)); 137 ii = 0; 138 } 139 for (ij = 1; ii < pr->pr_ip6s; ) { 140 if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[ii], 141 &ppr->pr_ip6[0])) { 142 ii++; 143 continue; 144 } 145 switch (ij >= ppr->pr_ip6s ? -1 : 146 prison_qcmp_v6(&pr->pr_ip6[ii], &ppr->pr_ip6[ij])) { 147 case -1: 148 bcopy(pr->pr_ip6 + ii + 1, pr->pr_ip6 + ii, 149 (--pr->pr_ip6s - ii) * sizeof(*pr->pr_ip6)); 150 break; 151 case 0: 152 ii++; 153 ij++; 154 break; 155 case 1: 156 ij++; 157 break; 158 } 159 } 160 if (pr->pr_ip6s == 0) { 161 free(pr->pr_ip6, M_PRISON); 162 pr->pr_ip6 = NULL; 163 } 164 } 165 return 0; 166 } 167 168 /* 169 * Pass back primary IPv6 address for this jail. 170 * 171 * If not restricted return success but do not alter the address. Caller has 172 * to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT). 173 * 174 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6. 175 */ 176 int 177 prison_get_ip6(struct ucred *cred, struct in6_addr *ia6) 178 { 179 struct prison *pr; 180 181 KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); 182 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); 183 184 pr = cred->cr_prison; 185 if (!(pr->pr_flags & PR_IP6)) 186 return (0); 187 mtx_lock(&pr->pr_mtx); 188 if (!(pr->pr_flags & PR_IP6)) { 189 mtx_unlock(&pr->pr_mtx); 190 return (0); 191 } 192 if (pr->pr_ip6 == NULL) { 193 mtx_unlock(&pr->pr_mtx); 194 return (EAFNOSUPPORT); 195 } 196 197 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); 198 mtx_unlock(&pr->pr_mtx); 199 return (0); 200 } 201 202 /* 203 * Return 1 if we should do proper source address selection or are not jailed. 204 * We will return 0 if we should bypass source address selection in favour 205 * of the primary jail IPv6 address. Only in this case *ia will be updated and 206 * returned in NBO. 207 * Return EAFNOSUPPORT, in case this jail does not allow IPv6. 208 */ 209 int 210 prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6) 211 { 212 struct prison *pr; 213 struct in6_addr lia6; 214 int error; 215 216 KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); 217 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); 218 219 if (!jailed(cred)) 220 return (1); 221 222 pr = cred->cr_prison; 223 if (pr->pr_flags & PR_IP6_SADDRSEL) 224 return (1); 225 226 lia6 = in6addr_any; 227 error = prison_get_ip6(cred, &lia6); 228 if (error) 229 return (error); 230 if (IN6_IS_ADDR_UNSPECIFIED(&lia6)) 231 return (1); 232 233 bcopy(&lia6, ia6, sizeof(struct in6_addr)); 234 return (0); 235 } 236 237 /* 238 * Return true if pr1 and pr2 have the same IPv6 address restrictions. 239 */ 240 int 241 prison_equal_ip6(struct prison *pr1, struct prison *pr2) 242 { 243 244 if (pr1 == pr2) 245 return (1); 246 247 while (pr1 != &prison0 && 248 #ifdef VIMAGE 249 !(pr1->pr_flags & PR_VNET) && 250 #endif 251 !(pr1->pr_flags & PR_IP6_USER)) 252 pr1 = pr1->pr_parent; 253 while (pr2 != &prison0 && 254 #ifdef VIMAGE 255 !(pr2->pr_flags & PR_VNET) && 256 #endif 257 !(pr2->pr_flags & PR_IP6_USER)) 258 pr2 = pr2->pr_parent; 259 return (pr1 == pr2); 260 } 261 262 /* 263 * Make sure our (source) address is set to something meaningful to this jail. 264 * 265 * v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0) 266 * when needed while binding. 267 * 268 * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail, 269 * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail 270 * doesn't allow IPv6. 271 */ 272 int 273 prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only) 274 { 275 struct prison *pr; 276 int error; 277 278 KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); 279 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); 280 281 pr = cred->cr_prison; 282 if (!(pr->pr_flags & PR_IP6)) 283 return (0); 284 mtx_lock(&pr->pr_mtx); 285 if (!(pr->pr_flags & PR_IP6)) { 286 mtx_unlock(&pr->pr_mtx); 287 return (0); 288 } 289 if (pr->pr_ip6 == NULL) { 290 mtx_unlock(&pr->pr_mtx); 291 return (EAFNOSUPPORT); 292 } 293 294 if (IN6_IS_ADDR_UNSPECIFIED(ia6)) { 295 /* 296 * In case there is only 1 IPv6 address, and v6only is true, 297 * then bind directly. 298 */ 299 if (v6only != 0 && pr->pr_ip6s == 1) 300 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); 301 mtx_unlock(&pr->pr_mtx); 302 return (0); 303 } 304 305 error = prison_check_ip6_locked(pr, ia6); 306 if (error == EADDRNOTAVAIL && IN6_IS_ADDR_LOOPBACK(ia6)) { 307 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); 308 error = 0; 309 } 310 311 mtx_unlock(&pr->pr_mtx); 312 return (error); 313 } 314 315 /* 316 * Rewrite destination address in case we will connect to loopback address. 317 * 318 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6. 319 */ 320 int 321 prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6) 322 { 323 struct prison *pr; 324 325 KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); 326 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); 327 328 pr = cred->cr_prison; 329 if (!(pr->pr_flags & PR_IP6)) 330 return (0); 331 mtx_lock(&pr->pr_mtx); 332 if (!(pr->pr_flags & PR_IP6)) { 333 mtx_unlock(&pr->pr_mtx); 334 return (0); 335 } 336 if (pr->pr_ip6 == NULL) { 337 mtx_unlock(&pr->pr_mtx); 338 return (EAFNOSUPPORT); 339 } 340 341 if (IN6_IS_ADDR_LOOPBACK(ia6) && 342 prison_check_ip6_locked(pr, ia6) == EADDRNOTAVAIL) { 343 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); 344 mtx_unlock(&pr->pr_mtx); 345 return (0); 346 } 347 348 /* 349 * Return success because nothing had to be changed. 350 */ 351 mtx_unlock(&pr->pr_mtx); 352 return (0); 353 } 354 355 /* 356 * Check if given address belongs to the jail referenced by cred/prison. 357 * 358 * Returns 0 if address belongs to jail, 359 * EADDRNOTAVAIL if the address doesn't belong to the jail. 360 */ 361 int 362 prison_check_ip6_locked(const struct prison *pr, const struct in6_addr *ia6) 363 { 364 int i, a, z, d; 365 366 /* 367 * Check the primary IP. 368 */ 369 if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0], ia6)) 370 return (0); 371 372 /* 373 * All the other IPs are sorted so we can do a binary search. 374 */ 375 a = 0; 376 z = pr->pr_ip6s - 2; 377 while (a <= z) { 378 i = (a + z) / 2; 379 d = prison_qcmp_v6(&pr->pr_ip6[i+1], ia6); 380 if (d > 0) 381 z = i - 1; 382 else if (d < 0) 383 a = i + 1; 384 else 385 return (0); 386 } 387 388 return (EADDRNOTAVAIL); 389 } 390 391 int 392 prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6) 393 { 394 struct prison *pr; 395 int error; 396 397 KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); 398 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); 399 400 pr = cred->cr_prison; 401 if (!(pr->pr_flags & PR_IP6)) 402 return (0); 403 mtx_lock(&pr->pr_mtx); 404 if (!(pr->pr_flags & PR_IP6)) { 405 mtx_unlock(&pr->pr_mtx); 406 return (0); 407 } 408 if (pr->pr_ip6 == NULL) { 409 mtx_unlock(&pr->pr_mtx); 410 return (EAFNOSUPPORT); 411 } 412 413 error = prison_check_ip6_locked(pr, ia6); 414 mtx_unlock(&pr->pr_mtx); 415 return (error); 416 }
Cache object: 5101c21c155c0fbfdb3bdbc4fe28cd46
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]