HardenedBSD/sys/netinet6/in6_jail.c
Warner Losh 685dc743dc sys: Remove $FreeBSD$: one-line .c pattern
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
2023-08-16 11:54:36 -06:00

326 lines
8.0 KiB
C

/*-
* Copyright (c) 1999 Poul-Henning Kamp.
* Copyright (c) 2008 Bjoern A. Zeeb.
* Copyright (c) 2009 James Gritton.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
#include "opt_ddb.h"
#include "opt_inet.h"
#include "opt_inet6.h"
#include <sys/param.h>
#include <sys/types.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/errno.h>
#include <sys/sysproto.h>
#include <sys/malloc.h>
#include <sys/osd.h>
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/taskqueue.h>
#include <sys/fcntl.h>
#include <sys/jail.h>
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/racct.h>
#include <sys/refcount.h>
#include <sys/sx.h>
#include <sys/namei.h>
#include <sys/mount.h>
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/syscallsubr.h>
#include <sys/sysctl.h>
#include <sys/vnode.h>
#include <net/if.h>
#include <net/vnet.h>
#include <netinet/in.h>
static void
prison_bcopy_primary_ip6(const struct prison *pr, struct in6_addr *ia6)
{
bcopy(prison_ip_get0(pr, PR_INET6), ia6, sizeof(struct in6_addr));
}
int
prison_qcmp_v6(const void *ip1, const void *ip2)
{
const struct in6_addr *ia6a, *ia6b;
int i, rc;
ia6a = (const struct in6_addr *)ip1;
ia6b = (const struct in6_addr *)ip2;
rc = 0;
for (i = 0; rc == 0 && i < sizeof(struct in6_addr); i++) {
if (ia6a->s6_addr[i] > ia6b->s6_addr[i])
rc = 1;
else if (ia6a->s6_addr[i] < ia6b->s6_addr[i])
rc = -1;
}
return (rc);
}
bool
prison_valid_v6(const void *ip)
{
const struct in6_addr *ia = ip;
return (!IN6_IS_ADDR_UNSPECIFIED(ia));
}
/*
* Pass back primary IPv6 address for this jail.
*
* If not restricted return success but do not alter the address. Caller has
* to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT).
*
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
*/
int
prison_get_ip6(struct ucred *cred, struct in6_addr *ia6)
{
struct prison *pr;
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
pr = cred->cr_prison;
if (!(pr->pr_flags & PR_IP6))
return (0);
mtx_lock(&pr->pr_mtx);
if (!(pr->pr_flags & PR_IP6)) {
mtx_unlock(&pr->pr_mtx);
return (0);
}
if (pr->pr_addrs[PR_INET6] == NULL) {
mtx_unlock(&pr->pr_mtx);
return (EAFNOSUPPORT);
}
prison_bcopy_primary_ip6(pr, ia6);
mtx_unlock(&pr->pr_mtx);
return (0);
}
/*
* Return true if we should do proper source address selection or are not jailed.
* We will return false if we should bypass source address selection in favour
* of the primary jail IPv6 address. Only in this case *ia will be updated and
* returned in NBO.
* Return true, even in case this jail does not allow IPv6.
*/
bool
prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
{
struct prison *pr;
struct in6_addr lia6;
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
if (!jailed(cred))
return (true);
pr = cred->cr_prison;
if (pr->pr_flags & PR_IP6_SADDRSEL)
return (true);
lia6 = in6addr_any;
if (prison_get_ip6(cred, &lia6) != 0)
return (true);
if (IN6_IS_ADDR_UNSPECIFIED(&lia6))
return (true);
bcopy(&lia6, ia6, sizeof(struct in6_addr));
return (false);
}
/*
* Return true if pr1 and pr2 have the same IPv6 address restrictions.
*/
bool
prison_equal_ip6(struct prison *pr1, struct prison *pr2)
{
if (pr1 == pr2)
return (true);
while (pr1 != &prison0 &&
#ifdef VIMAGE
!(pr1->pr_flags & PR_VNET) &&
#endif
!(pr1->pr_flags & PR_IP6_USER))
pr1 = pr1->pr_parent;
while (pr2 != &prison0 &&
#ifdef VIMAGE
!(pr2->pr_flags & PR_VNET) &&
#endif
!(pr2->pr_flags & PR_IP6_USER))
pr2 = pr2->pr_parent;
return (pr1 == pr2);
}
/*
* Make sure our (source) address is set to something meaningful to this jail.
*
* v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0)
* when needed while binding.
*
* Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
* EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
* doesn't allow IPv6.
*/
int
prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only)
{
struct prison *pr;
int error;
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
pr = cred->cr_prison;
if (!(pr->pr_flags & PR_IP6))
return (0);
mtx_lock(&pr->pr_mtx);
if (!(pr->pr_flags & PR_IP6)) {
mtx_unlock(&pr->pr_mtx);
return (0);
}
if (pr->pr_addrs[PR_INET6] == NULL) {
mtx_unlock(&pr->pr_mtx);
return (EAFNOSUPPORT);
}
if (IN6_IS_ADDR_UNSPECIFIED(ia6)) {
/*
* In case there is only 1 IPv6 address, and v6only is true,
* then bind directly.
*/
if (v6only != 0 && prison_ip_cnt(pr, PR_INET6) == 1)
prison_bcopy_primary_ip6(pr, ia6);
mtx_unlock(&pr->pr_mtx);
return (0);
}
error = prison_check_ip6_locked(pr, ia6);
if (error == EADDRNOTAVAIL && IN6_IS_ADDR_LOOPBACK(ia6)) {
prison_bcopy_primary_ip6(pr, ia6);
error = 0;
}
mtx_unlock(&pr->pr_mtx);
return (error);
}
/*
* Rewrite destination address in case we will connect to loopback address.
*
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
*/
int
prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6)
{
struct prison *pr;
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
pr = cred->cr_prison;
if (!(pr->pr_flags & PR_IP6))
return (0);
mtx_lock(&pr->pr_mtx);
if (!(pr->pr_flags & PR_IP6)) {
mtx_unlock(&pr->pr_mtx);
return (0);
}
if (pr->pr_addrs[PR_INET6] == NULL) {
mtx_unlock(&pr->pr_mtx);
return (EAFNOSUPPORT);
}
if (IN6_IS_ADDR_LOOPBACK(ia6) &&
prison_check_ip6_locked(pr, ia6) == EADDRNOTAVAIL) {
prison_bcopy_primary_ip6(pr, ia6);
mtx_unlock(&pr->pr_mtx);
return (0);
}
/*
* Return success because nothing had to be changed.
*/
mtx_unlock(&pr->pr_mtx);
return (0);
}
/*
* Check if given address belongs to the jail referenced by cred/prison.
*
* Returns 0 if address belongs to jail,
* EADDRNOTAVAIL if the address doesn't belong to the jail.
*/
int
prison_check_ip6_locked(const struct prison *pr, const struct in6_addr *ia6)
{
if (!(pr->pr_flags & PR_IP6))
return (0);
return (prison_ip_check(pr, PR_INET6, ia6));
}
int
prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6)
{
struct prison *pr;
int error;
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
pr = cred->cr_prison;
if (!(pr->pr_flags & PR_IP6))
return (0);
mtx_lock(&pr->pr_mtx);
if (!(pr->pr_flags & PR_IP6)) {
mtx_unlock(&pr->pr_mtx);
return (0);
}
if (pr->pr_addrs[PR_INET6] == NULL) {
mtx_unlock(&pr->pr_mtx);
return (EAFNOSUPPORT);
}
error = prison_check_ip6_locked(pr, ia6);
mtx_unlock(&pr->pr_mtx);
return (error);
}