mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-14 22:32:30 +01:00
342 lines
8.4 KiB
C
342 lines
8.4 KiB
C
/*-
|
|
* Copyright (c) 1999 Poul-Henning Kamp.
|
|
* Copyright (c) 2008 Bjoern A. Zeeb.
|
|
* Copyright (c) 2009 James Gritton.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <sys/cdefs.h>
|
|
#include "opt_ddb.h"
|
|
#include "opt_inet.h"
|
|
#include "opt_inet6.h"
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/types.h>
|
|
#include <sys/kernel.h>
|
|
#include <sys/systm.h>
|
|
#include <sys/errno.h>
|
|
#include <sys/sysproto.h>
|
|
#include <sys/malloc.h>
|
|
#include <sys/osd.h>
|
|
#include <sys/priv.h>
|
|
#include <sys/proc.h>
|
|
#include <sys/taskqueue.h>
|
|
#include <sys/fcntl.h>
|
|
#include <sys/jail.h>
|
|
#include <sys/lock.h>
|
|
#include <sys/mutex.h>
|
|
#include <sys/racct.h>
|
|
#include <sys/refcount.h>
|
|
#include <sys/sx.h>
|
|
#include <sys/namei.h>
|
|
#include <sys/mount.h>
|
|
#include <sys/queue.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/syscallsubr.h>
|
|
#include <sys/sysctl.h>
|
|
#include <sys/vnode.h>
|
|
|
|
#include <net/if.h>
|
|
#include <net/vnet.h>
|
|
|
|
#include <netinet/in.h>
|
|
|
|
static in_addr_t
|
|
prison_primary_ip4(const struct prison *pr)
|
|
{
|
|
|
|
return (((const struct in_addr *)prison_ip_get0(pr, PR_INET))->s_addr);
|
|
}
|
|
|
|
int
|
|
prison_qcmp_v4(const void *ip1, const void *ip2)
|
|
{
|
|
in_addr_t iaa, iab;
|
|
|
|
/*
|
|
* We need to compare in HBO here to get the list sorted as expected
|
|
* by the result of the code. Sorting NBO addresses gives you
|
|
* interesting results. If you do not understand, do not try.
|
|
*/
|
|
iaa = ntohl(((const struct in_addr *)ip1)->s_addr);
|
|
iab = ntohl(((const struct in_addr *)ip2)->s_addr);
|
|
|
|
/*
|
|
* Do not simply return the difference of the two numbers, the int is
|
|
* not wide enough.
|
|
*/
|
|
if (iaa > iab)
|
|
return (1);
|
|
else if (iaa < iab)
|
|
return (-1);
|
|
else
|
|
return (0);
|
|
}
|
|
|
|
bool
|
|
prison_valid_v4(const void *ip)
|
|
{
|
|
in_addr_t ia = ((const struct in_addr *)ip)->s_addr;
|
|
|
|
/*
|
|
* We do not have to care about byte order for these
|
|
* checks so we will do them in NBO.
|
|
*/
|
|
return (ia != INADDR_ANY && ia != INADDR_BROADCAST);
|
|
}
|
|
|
|
/*
|
|
* Pass back primary IPv4 address of this jail.
|
|
*
|
|
* If not restricted return success but do not alter the address. Caller has
|
|
* to make sure to initialize it correctly (e.g. INADDR_ANY).
|
|
*
|
|
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
|
|
* Address returned in NBO.
|
|
*/
|
|
int
|
|
prison_get_ip4(struct ucred *cred, struct in_addr *ia)
|
|
{
|
|
struct prison *pr;
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
|
|
|
|
pr = cred->cr_prison;
|
|
if (!(pr->pr_flags & PR_IP4))
|
|
return (0);
|
|
mtx_lock(&pr->pr_mtx);
|
|
if (!(pr->pr_flags & PR_IP4)) {
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (0);
|
|
}
|
|
if (pr->pr_addrs[PR_INET] == NULL) {
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (EAFNOSUPPORT);
|
|
}
|
|
|
|
ia->s_addr = prison_primary_ip4(pr);
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* Return true if we should do proper source address selection or are not jailed.
|
|
* We will return false if we should bypass source address selection in favour
|
|
* of the primary jail IPv4 address. Only in this case *ia will be updated and
|
|
* returned in NBO.
|
|
* Return true, even in case this jail does not allow IPv4.
|
|
*/
|
|
bool
|
|
prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia)
|
|
{
|
|
struct prison *pr;
|
|
struct in_addr lia;
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
|
|
|
|
if (!jailed(cred))
|
|
return (true);
|
|
|
|
pr = cred->cr_prison;
|
|
if (pr->pr_flags & PR_IP4_SADDRSEL)
|
|
return (true);
|
|
|
|
lia.s_addr = INADDR_ANY;
|
|
if (prison_get_ip4(cred, &lia) != 0)
|
|
return (true);
|
|
if (lia.s_addr == INADDR_ANY)
|
|
return (true);
|
|
|
|
ia->s_addr = lia.s_addr;
|
|
return (false);
|
|
}
|
|
|
|
/*
|
|
* Return true if pr1 and pr2 have the same IPv4 address restrictions.
|
|
*/
|
|
bool
|
|
prison_equal_ip4(struct prison *pr1, struct prison *pr2)
|
|
{
|
|
|
|
if (pr1 == pr2)
|
|
return (true);
|
|
|
|
/*
|
|
* No need to lock since the PR_IP4_USER flag can't be altered for
|
|
* existing prisons.
|
|
*/
|
|
while (pr1 != &prison0 &&
|
|
#ifdef VIMAGE
|
|
!(pr1->pr_flags & PR_VNET) &&
|
|
#endif
|
|
!(pr1->pr_flags & PR_IP4_USER))
|
|
pr1 = pr1->pr_parent;
|
|
while (pr2 != &prison0 &&
|
|
#ifdef VIMAGE
|
|
!(pr2->pr_flags & PR_VNET) &&
|
|
#endif
|
|
!(pr2->pr_flags & PR_IP4_USER))
|
|
pr2 = pr2->pr_parent;
|
|
return (pr1 == pr2);
|
|
}
|
|
|
|
/*
|
|
* Make sure our (source) address is set to something meaningful to this
|
|
* jail.
|
|
*
|
|
* Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
|
|
* EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
|
|
* doesn't allow IPv4. Address passed in in NBO and returned in NBO.
|
|
*/
|
|
int
|
|
prison_local_ip4(struct ucred *cred, struct in_addr *ia)
|
|
{
|
|
struct prison *pr;
|
|
struct in_addr ia0;
|
|
int error;
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
|
|
|
|
pr = cred->cr_prison;
|
|
if (!(pr->pr_flags & PR_IP4))
|
|
return (0);
|
|
mtx_lock(&pr->pr_mtx);
|
|
if (!(pr->pr_flags & PR_IP4)) {
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (0);
|
|
}
|
|
if (pr->pr_addrs[PR_INET] == NULL) {
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (EAFNOSUPPORT);
|
|
}
|
|
|
|
ia0.s_addr = ntohl(ia->s_addr);
|
|
|
|
if (ia0.s_addr == INADDR_ANY) {
|
|
/*
|
|
* In case there is only 1 IPv4 address, bind directly.
|
|
*/
|
|
if (prison_ip_cnt(pr, PR_INET) == 1)
|
|
ia->s_addr = prison_primary_ip4(pr);
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (0);
|
|
}
|
|
|
|
error = prison_check_ip4_locked(pr, ia);
|
|
if (error == EADDRNOTAVAIL && ia0.s_addr == INADDR_LOOPBACK) {
|
|
ia->s_addr = prison_primary_ip4(pr);
|
|
error = 0;
|
|
}
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (error);
|
|
}
|
|
|
|
/*
|
|
* Rewrite destination address in case we will connect to loopback address.
|
|
*
|
|
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
|
|
* Address passed in in NBO and returned in NBO.
|
|
*/
|
|
int
|
|
prison_remote_ip4(struct ucred *cred, struct in_addr *ia)
|
|
{
|
|
struct prison *pr;
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
|
|
|
|
pr = cred->cr_prison;
|
|
if (!(pr->pr_flags & PR_IP4))
|
|
return (0);
|
|
mtx_lock(&pr->pr_mtx);
|
|
if (!(pr->pr_flags & PR_IP4)) {
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (0);
|
|
}
|
|
if (pr->pr_addrs[PR_INET] == NULL) {
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (EAFNOSUPPORT);
|
|
}
|
|
|
|
if (ntohl(ia->s_addr) == INADDR_LOOPBACK &&
|
|
prison_check_ip4_locked(pr, ia) == EADDRNOTAVAIL) {
|
|
ia->s_addr = prison_primary_ip4(pr);
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* Return success because nothing had to be changed.
|
|
*/
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* Check if given address belongs to the jail referenced by cred/prison.
|
|
*
|
|
* Returns 0 if address belongs to jail,
|
|
* EADDRNOTAVAIL if the address doesn't belong to the jail.
|
|
*/
|
|
int
|
|
prison_check_ip4_locked(const struct prison *pr, const struct in_addr *ia)
|
|
{
|
|
|
|
if (!(pr->pr_flags & PR_IP4))
|
|
return (0);
|
|
|
|
return (prison_ip_check(pr, PR_INET, ia));
|
|
}
|
|
|
|
int
|
|
prison_check_ip4(const struct ucred *cred, const struct in_addr *ia)
|
|
{
|
|
struct prison *pr;
|
|
int error;
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
|
|
|
|
pr = cred->cr_prison;
|
|
if (!(pr->pr_flags & PR_IP4))
|
|
return (0);
|
|
mtx_lock(&pr->pr_mtx);
|
|
if (!(pr->pr_flags & PR_IP4)) {
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (0);
|
|
}
|
|
if (pr->pr_addrs[PR_INET] == NULL) {
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (EAFNOSUPPORT);
|
|
}
|
|
|
|
error = prison_check_ip4_locked(pr, ia);
|
|
mtx_unlock(&pr->pr_mtx);
|
|
return (error);
|
|
}
|