kern_jail.c revision 46197 
146197Sphk/*
246197Sphk * ----------------------------------------------------------------------------
346197Sphk * "THE BEER-WARE LICENSE" (Revision 42):
446197Sphk * <phk@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
546197Sphk * can do whatever you want with this stuff. If we meet some day, and you think
646197Sphk * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
746197Sphk * ----------------------------------------------------------------------------
846197Sphk *
946197Sphk * $Id: malloc.c,v 1.44 1999/03/28 14:16:05 phk Exp $
1046197Sphk *
1146197Sphk */
1246155Sphk
1346155Sphk#include <sys/param.h>
1446155Sphk#include <sys/types.h>
1546155Sphk#include <sys/kernel.h>
1646155Sphk#include <sys/systm.h>
1746155Sphk#include <sys/errno.h>
1846155Sphk#include <sys/sysproto.h>
1946155Sphk#include <sys/malloc.h>
2046155Sphk#include <sys/proc.h>
2146155Sphk#include <sys/jail.h>
2246155Sphk#include <sys/socket.h>
2346155Sphk#include <net/if.h>
2446155Sphk#include <netinet/in.h>
2546155Sphk
2646155SphkMALLOC_DEFINE(M_PRISON, "prison", "Prison structures");
2746155Sphk
2846155Sphkint
2946155Sphkjail(p, uap)
3046155Sphk        struct proc *p;
3146155Sphk        struct jail_args /* {
3246155Sphk                syscallarg(struct jail *) jail;
3346155Sphk        } */ *uap;
3446155Sphk{
3546155Sphk	int error;
3646155Sphk	struct prison *pr;
3746155Sphk	struct jail j;
3846155Sphk	struct chroot_args ca;
3946155Sphk
4046155Sphk	error = suser(p);
4146155Sphk	if (error)
4246155Sphk		return (error);
4346155Sphk	error = copyin(uap->jail, &j, sizeof j);
4446155Sphk	if (error)
4546155Sphk		return (error);
4646155Sphk	MALLOC(pr, struct prison *, sizeof *pr , M_PRISON, M_WAITOK);
4746155Sphk	bzero((caddr_t)pr, sizeof *pr);
4846155Sphk	error = copyinstr(j.hostname, &pr->pr_host, sizeof pr->pr_host, 0);
4946155Sphk	if (error)
5046155Sphk		goto bail;
5146155Sphk	pr->pr_ip = j.ip_number;
5246155Sphk
5346155Sphk	ca.path = j.path;
5446155Sphk	error = chroot(p, &ca);
5546155Sphk	if (error)
5646155Sphk		goto bail;
5746155Sphk
5846155Sphk	pr->pr_ref++;
5946155Sphk	p->p_prison = pr;
6046155Sphk	p->p_flag |= P_JAILED;
6146155Sphk	return (0);
6246155Sphk
6346155Sphkbail:
6446155Sphk	FREE(pr, M_PRISON);
6546155Sphk	return (error);
6646155Sphk}
6746155Sphk
6846155Sphkint
6946155Sphkprison_ip(struct proc *p, int flag, u_int32_t *ip)
7046155Sphk{
7146155Sphk	u_int32_t tmp;
7246155Sphk
7346155Sphk	if (!p->p_prison)
7446155Sphk		return (0);
7546155Sphk	if (flag)
7646155Sphk		tmp = *ip;
7746155Sphk	else
7846155Sphk		tmp = ntohl(*ip);
7946155Sphk	if (tmp == INADDR_ANY) {
8046155Sphk		if (flag)
8146155Sphk			*ip = p->p_prison->pr_ip;
8246155Sphk		else
8346155Sphk			*ip = htonl(p->p_prison->pr_ip);
8446155Sphk		return (0);
8546155Sphk	}
8646155Sphk	if (p->p_prison->pr_ip != tmp)
8746155Sphk		return (1);
8846155Sphk	return (0);
8946155Sphk}
9046155Sphk
9146155Sphkvoid
9246155Sphkprison_remote_ip(struct proc *p, int flag, u_int32_t *ip)
9346155Sphk{
9446155Sphk	u_int32_t tmp;
9546155Sphk
9646194Sphk	if (!p || !p->p_prison)
9746155Sphk		return;
9846155Sphk	if (flag)
9946155Sphk		tmp = *ip;
10046155Sphk	else
10146155Sphk		tmp = ntohl(*ip);
10246155Sphk	if (tmp == 0x7f000001) {
10346155Sphk		if (flag)
10446155Sphk			*ip = p->p_prison->pr_ip;
10546155Sphk		else
10646155Sphk			*ip = htonl(p->p_prison->pr_ip);
10746155Sphk		return;
10846155Sphk	}
10946155Sphk	return;
11046155Sphk}
11146155Sphk
11246155Sphkint
11346155Sphkprison_if(struct proc *p, struct sockaddr *sa)
11446155Sphk{
11546155Sphk	struct sockaddr_in *sai = (struct sockaddr_in*) sa;
11646155Sphk	int ok;
11746155Sphk
11846155Sphk	if (sai->sin_family != AF_INET)
11946155Sphk		ok = 0;
12046155Sphk	else if (p->p_prison->pr_ip != ntohl(sai->sin_addr.s_addr))
12146155Sphk		ok = 1;
12246155Sphk	else
12346155Sphk		ok = 0;
12446155Sphk	return (ok);
12546155Sphk}
126