1 /* 2 * ---------------------------------------------------------------------------- 3 * "THE BEER-WARE LICENSE" (Revision 42): 4 * <phk@FreeBSD.org> wrote this file. As long as you retain this notice you 5 * can do whatever you want with this stuff. If we meet some day, and you think 6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7 * ---------------------------------------------------------------------------- 8 * 9 * $FreeBSD: src/sys/sys/jail.h,v 1.8.2.2 2000/11/01 17:58:06 rwatson Exp $ 10 */ 11 12 #ifndef _SYS_JAIL_H_ 13 #define _SYS_JAIL_H_ 14 15 #ifndef _SYS_TYPES_H_ 16 #include <sys/types.h> 17 #endif 18 #ifndef _SYS_PARAM_H_ 19 #include <sys/param.h> 20 #endif 21 #ifndef _SYS_QUEUE_H_ 22 #include <sys/queue.h> 23 #endif 24 #ifndef _SYS_UCRED_H_ 25 #include <sys/ucred.h> 26 #endif 27 #ifndef _NET_IF_H_ 28 #include <net/if.h> 29 #endif 30 31 struct jail { 32 uint32_t version; 33 char *path; 34 char *hostname; 35 uint32_t n_ips; /* Number of ips */ 36 struct sockaddr_storage *ips; 37 }; 38 39 struct jail_v0 { 40 uint32_t version; 41 char *path; 42 char *hostname; 43 uint32_t ip_number; 44 }; 45 46 #ifndef _KERNEL 47 48 int jail(struct jail *); 49 int jail_attach(int); 50 51 #endif 52 53 #ifdef _KERNEL 54 55 #ifndef _SYS_NAMECACHE_H_ 56 #include <sys/namecache.h> 57 #endif 58 #ifndef _SYS_VARSYM_H_ 59 #include <sys/varsym.h> 60 #endif 61 62 #ifdef MALLOC_DECLARE 63 MALLOC_DECLARE(M_PRISON); 64 #endif 65 66 #endif /* _KERNEL */ 67 68 #if defined(_KERNEL) || defined(_KERNEL_STRUCTURES) 69 70 #define JAIL_MAX 999999 71 72 /* Used to store the IPs of the jail */ 73 74 struct jail_ip_storage { 75 struct sockaddr_storage ip; 76 SLIST_ENTRY(jail_ip_storage) entries; 77 }; 78 79 /* 80 * This structure describes a prison. It is pointed to by all struct 81 * proc's of the inmates. pr_ref keeps track of them and is used to 82 * delete the struture when the last inmate is dead. 83 */ 84 85 struct prison { 86 LIST_ENTRY(prison) pr_list; /* all prisons */ 87 int pr_id; /* prison id */ 88 int pr_ref; /* reference count */ 89 struct nchandle pr_root; /* namecache entry of root */ 90 char pr_host[MAXHOSTNAMELEN]; /* host name */ 91 SLIST_HEAD(iplist, jail_ip_storage) pr_ips; /* list of IP addresses */ 92 struct sockaddr_in *local_ip4; /* cache for a loopback ipv4 address */ 93 struct sockaddr_in *nonlocal_ip4; /* cache for a non loopback ipv4 address */ 94 struct sockaddr_in6 *local_ip6; /* cache for a loopback ipv6 address */ 95 struct sockaddr_in6 *nonlocal_ip6; /* cache for a non loopback ipv6 address */ 96 void *pr_linux; /* Linux ABI emulation */ 97 int pr_securelevel; /* jail securelevel */ 98 struct varsymset pr_varsymset; /* jail varsyms */ 99 }; 100 101 /* 102 * Sysctl-set variables that determine global jail policy 103 */ 104 extern int jail_set_hostname_allowed; 105 extern int jail_socket_unixiproute_only; 106 extern int jail_sysvipc_allowed; 107 extern int jail_chflags_allowed; 108 extern int jail_allow_raw_sockets; 109 110 void prison_hold(struct prison *); 111 void prison_free(struct prison *); 112 int jailed_ip(struct prison *, struct sockaddr *); 113 struct sockaddr * 114 prison_get_local(struct prison *pr, sa_family_t, struct sockaddr *); 115 struct sockaddr * 116 prison_get_nonlocal(struct prison *pr, sa_family_t, struct sockaddr *); 117 int prison_priv_check(struct ucred *cred, int priv); 118 119 /* 120 * Return 1 if the passed credential is in a jail, otherwise 0. 121 * 122 * MPSAFE 123 */ 124 static __inline int 125 jailed(struct ucred *cred) 126 { 127 return(cred->cr_prison != NULL); 128 } 129 130 #endif /* _KERNEL || _KERNEL_STRUCTURES */ 131 #endif /* !_SYS_JAIL_H_ */ 132