xref: /dragonfly/sys/sys/jail.h (revision 3f5e28f4) 
1 /*
2  * ----------------------------------------------------------------------------
3  * "THE BEER-WARE LICENSE" (Revision 42):
4  * <phk@FreeBSD.org> wrote this file.  As long as you retain this notice you
5  * can do whatever you want with this stuff. If we meet some day, and you think
6  * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
7  * ----------------------------------------------------------------------------
8  *
9  * $FreeBSD: src/sys/sys/jail.h,v 1.8.2.2 2000/11/01 17:58:06 rwatson Exp $
10  * $DragonFly: src/sys/sys/jail.h,v 1.11 2007/02/01 10:33:26 corecode Exp $
11  *
12  */
13 
14 #ifndef _SYS_JAIL_H_
15 #define _SYS_JAIL_H_
16 
17 #ifndef _SYS_TYPES_H_
18 #include <sys/types.h>
19 #endif
20 #ifndef _SYS_PARAM_H_
21 #include <sys/param.h>
22 #endif
23 #ifndef _SYS_QUEUE_H_
24 #include <sys/queue.h>
25 #endif
26 #ifndef _SYS_UCRED_H_
27 #include <sys/ucred.h>
28 #endif
29 #ifndef _SYS_IF_H_
30 #include <net/if.h>
31 #endif
32 
33 struct jail {
34 	uint32_t	version;
35 	char		*path;
36 	char		*hostname;
37 	uint32_t	n_ips;     /* Number of ips */
38 	struct sockaddr_storage *ips;
39 };
40 
41 struct jail_v0 {
42 	uint32_t	version;
43 	char		*path;
44 	char		*hostname;
45 	uint32_t	ip_number;
46 };
47 
48 #ifndef _KERNEL
49 
50 int jail(struct jail *);
51 int jail_attach(int);
52 
53 #endif
54 
55 #ifdef _KERNEL
56 
57 #ifndef _SYS_NAMECACHE_H_
58 #include <sys/namecache.h>
59 #endif
60 #ifndef _SYS_VARSYM_H_
61 #include <sys/varsym.h>
62 #endif
63 
64 #ifdef MALLOC_DECLARE
65 MALLOC_DECLARE(M_PRISON);
66 #endif
67 
68 #endif	/* _KERNEL */
69 
70 #if defined(_KERNEL) || defined(_KERNEL_STRUCTURES)
71 
72 #define	JAIL_MAX	999999
73 
74 /* Used to store the IPs of the jail */
75 
76 struct jail_ip_storage {
77 	struct sockaddr_storage ip;
78 	SLIST_ENTRY(jail_ip_storage) entries;
79 };
80 
81 /*
82  * This structure describes a prison.  It is pointed to by all struct
83  * proc's of the inmates.  pr_ref keeps track of them and is used to
84  * delete the struture when the last inmate is dead.
85  */
86 
87 struct prison {
88 	LIST_ENTRY(prison) pr_list;			/* all prisons */
89 	int		pr_id;				/* prison id */
90 	int		pr_ref;				/* reference count */
91 	struct nchandle pr_root;			/* namecache entry of root */
92 	char 		pr_host[MAXHOSTNAMELEN];	/* host name */
93 	SLIST_HEAD(iplist, jail_ip_storage) pr_ips;	/* list of IP addresses */
94 	struct sockaddr_in	*local_ip4;		/* cache for a loopback ipv4 address */
95 	struct sockaddr_in	*nonlocal_ip4;		/* cache for a non loopback ipv4 address */
96 	struct sockaddr_in6	*local_ip6;		/* cache for a loopback ipv6 address */
97 	struct sockaddr_in6	*nonlocal_ip6;		/* cache for a non loopback ipv6 address */
98 	void		*pr_linux;			/* Linux ABI emulation */
99 	int		 pr_securelevel;		/* jail securelevel */
100 	struct varsymset pr_varsymset;			/* jail varsyms */
101 };
102 
103 /*
104  * Sysctl-set variables that determine global jail policy
105  */
106 extern int	jail_set_hostname_allowed;
107 extern int	jail_socket_unixiproute_only;
108 extern int	jail_sysvipc_allowed;
109 extern int	jail_chflags_allowed;
110 
111 void	prison_hold(struct prison *);
112 void	prison_free(struct prison *);
113 int	jailed_ip(struct prison *, struct sockaddr *);
114 struct sockaddr *
115 	prison_get_local(struct prison *pr, sa_family_t, struct sockaddr *);
116 struct sockaddr *
117 	prison_get_nonlocal(struct prison *pr, sa_family_t, struct sockaddr *);
118 
119 /*
120  * Return 1 if the passed credential is in a jail, otherwise 0.
121  */
122 static __inline int
123 jailed(struct ucred *cred)
124 {
125 	return(cred->cr_prison != NULL);
126 }
127 
128 #endif /* _KERNEL || _KERNEL_STRUCTURES */
129 #endif /* !_SYS_JAIL_H_ */
130