2 * Copyright (c) 2011 James Gritton
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
30 #include <sys/types.h>
31 #include <sys/errno.h>
32 #include <sys/socket.h>
33 #include <sys/sysctl.h>
35 #include <arpa/inet.h>
36 #include <netinet/in.h>
55 extern int yyparse(void);
57 struct cfjails cfjails = TAILQ_HEAD_INITIALIZER(cfjails);
59 static void free_param(struct cfparams *pp, struct cfparam *p);
60 static void free_param_strings(struct cfparam *p);
62 static const struct ipspec intparams[] = {
63 [IP_ALLOW_DYING] = {"allow.dying", PF_INTERNAL | PF_BOOL},
64 [IP_COMMAND] = {"command", PF_INTERNAL},
65 [IP_DEPEND] = {"depend", PF_INTERNAL},
66 [IP_EXEC_CLEAN] = {"exec.clean", PF_INTERNAL | PF_BOOL},
67 [IP_EXEC_CONSOLELOG] = {"exec.consolelog", PF_INTERNAL},
68 [IP_EXEC_FIB] = {"exec.fib", PF_INTERNAL | PF_INT},
69 [IP_EXEC_JAIL_USER] = {"exec.jail_user", PF_INTERNAL},
70 [IP_EXEC_POSTSTART] = {"exec.poststart", PF_INTERNAL},
71 [IP_EXEC_POSTSTOP] = {"exec.poststop", PF_INTERNAL},
72 [IP_EXEC_PRESTART] = {"exec.prestart", PF_INTERNAL},
73 [IP_EXEC_PRESTOP] = {"exec.prestop", PF_INTERNAL},
74 [IP_EXEC_START] = {"exec.start", PF_INTERNAL},
75 [IP_EXEC_STOP] = {"exec.stop", PF_INTERNAL},
76 [IP_EXEC_SYSTEM_JAIL_USER]= {"exec.system_jail_user",
77 PF_INTERNAL | PF_BOOL},
78 [IP_EXEC_SYSTEM_USER] = {"exec.system_user", PF_INTERNAL},
79 [IP_EXEC_TIMEOUT] = {"exec.timeout", PF_INTERNAL | PF_INT},
80 #if defined(INET) || defined(INET6)
81 [IP_INTERFACE] = {"interface", PF_INTERNAL},
82 [IP_IP_HOSTNAME] = {"ip_hostname", PF_INTERNAL | PF_BOOL},
84 [IP_MOUNT] = {"mount", PF_INTERNAL | PF_REV},
85 [IP_MOUNT_DEVFS] = {"mount.devfs", PF_INTERNAL | PF_BOOL},
86 [IP_MOUNT_FDESCFS] = {"mount.fdescfs", PF_INTERNAL | PF_BOOL},
87 [IP_MOUNT_PROCFS] = {"mount.procfs", PF_INTERNAL | PF_BOOL},
88 [IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL},
89 [IP_STOP_TIMEOUT] = {"stop.timeout", PF_INTERNAL | PF_INT},
90 [IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL},
92 [IP__IP4_IFADDR] = {"ip4.addr", PF_INTERNAL | PF_CONV | PF_REV},
95 [IP__IP6_IFADDR] = {"ip6.addr", PF_INTERNAL | PF_CONV | PF_REV},
97 [IP__MOUNT_FROM_FSTAB] = {"mount.fstab", PF_INTERNAL | PF_CONV | PF_REV},
98 [IP__OP] = {NULL, PF_CONV},
99 [KP_ALLOW_CHFLAGS] = {"allow.chflags", 0},
100 [KP_ALLOW_MOUNT] = {"allow.mount", 0},
101 [KP_ALLOW_RAW_SOCKETS] = {"allow.raw_sockets", 0},
102 [KP_ALLOW_SET_HOSTNAME]= {"allow.set_hostname", 0},
103 [KP_ALLOW_SOCKET_AF] = {"allow.socket_af", 0},
104 [KP_ALLOW_SYSVIPC] = {"allow.sysvipc", 0},
105 [KP_DEVFS_RULESET] = {"devfs_ruleset", 0},
106 [KP_ENFORCE_STATFS] = {"enforce_statfs", 0},
107 [KP_HOST_HOSTNAME] = {"host.hostname", 0},
109 [KP_IP4_ADDR] = {"ip4.addr", 0},
112 [KP_IP6_ADDR] = {"ip6.addr", 0},
114 [KP_JID] = {"jid", 0},
115 [KP_NAME] = {"name", 0},
116 [KP_PATH] = {"path", 0},
117 [KP_PERSIST] = {"persist", 0},
118 [KP_SECURELEVEL] = {"securelevel", 0},
119 [KP_VNET] = {"vnet", 0},
123 * Parse the jail configuration file.
130 struct cfjail *j, *tj, *wj;
131 struct cfparam *p, *vp, *tp;
132 struct cfstring *s, *vs, *ns;
136 int did_self, jseq, pgen;
138 if (!strcmp(cfname, "-")) {
142 yyin = fopen(cfname, "r");
144 err(1, "%s", cfname);
146 if (yyparse() || yynerrs)
149 /* Separate the wildcard jails out from the actual jails. */
152 TAILQ_FOREACH_SAFE(j, &cfjails, tq, tj) {
154 if (wild_jail_name(j->name))
158 TAILQ_FOREACH(j, &cfjails, tq) {
159 /* Set aside the jail's parameters. */
161 TAILQ_CONCAT(&opp, &j->params, tq);
163 * The jail name implies its "name" or "jid" parameter,
164 * though they may also be explicitly set later on.
167 strtol(j->name, &ep, 10) && !*ep ? KP_JID : KP_NAME,
170 * Collect parameters for the jail, global parameters/variables,
171 * and any matching wildcard jails.
174 TAILQ_FOREACH(wj, &wild, tq) {
175 if (j->seq < wj->seq && !did_self) {
176 TAILQ_FOREACH(p, &opp, tq)
177 add_param(j, p, 0, NULL);
180 if (wild_jail_match(j->name, wj->name))
181 TAILQ_FOREACH(p, &wj->params, tq)
182 add_param(j, p, 0, NULL);
185 TAILQ_FOREACH(p, &opp, tq)
186 add_param(j, p, 0, NULL);
188 /* Resolve any variable substitutions. */
190 TAILQ_FOREACH(p, &j->params, tq) {
193 TAILQ_FOREACH(s, &p->val, tq) {
195 while ((v = STAILQ_FIRST(&s->vars))) {
196 TAILQ_FOREACH(vp, &j->params, tq)
197 if (!strcmp(vp->name, v->name))
201 "%s: variable \"%s\" not found",
204 j->flags |= JF_FAILED;
205 TAILQ_FOREACH(vp, &j->params, tq)
210 if (vp->flags & PF_BAD)
212 if (vp->gen == pgen) {
213 jail_warnx(j, "%s: variable loop",
217 TAILQ_FOREACH(vs, &vp->val, tq)
218 if (!STAILQ_EMPTY(&vs->vars)) {
220 TAILQ_REMOVE(&j->params, vp,
222 TAILQ_INSERT_BEFORE(p, vp, tq);
226 vs = TAILQ_FIRST(&vp->val);
227 if (TAILQ_NEXT(vs, tq) != NULL &&
229 STAILQ_NEXT(v, tq))) {
230 jail_warnx(j, "%s: array cannot be "
231 "substituted inline",
235 s->s = erealloc(s->s, s->len + vs->len + 1);
236 memmove(s->s + v->pos + varoff + vs->len,
237 s->s + v->pos + varoff,
238 s->len - (v->pos + varoff) + 1);
239 memcpy(s->s + v->pos + varoff, vs->s, vs->len);
242 while ((vs = TAILQ_NEXT(vs, tq))) {
243 ns = emalloc(sizeof(struct cfstring));
244 ns->s = estrdup(vs->s);
246 STAILQ_INIT(&ns->vars);
247 TAILQ_INSERT_AFTER(&p->val, s, ns, tq);
252 STAILQ_REMOVE_HEAD(&s->vars, tq);
258 /* Free the jail's original parameter list and any variables. */
259 while ((p = TAILQ_FIRST(&opp)))
261 TAILQ_FOREACH_SAFE(p, &j->params, tq, tp)
262 if (p->flags & PF_VAR)
263 free_param(&j->params, p);
265 while ((wj = TAILQ_FIRST(&wild))) {
267 while ((p = TAILQ_FIRST(&wj->params)))
268 free_param(&wj->params, p);
269 TAILQ_REMOVE(&wild, wj, tq);
274 * Create a new jail record.
281 j = emalloc(sizeof(struct cfjail));
282 memset(j, 0, sizeof(struct cfjail));
283 TAILQ_INIT(&j->params);
284 STAILQ_INIT(&j->dep[DEP_FROM]);
285 STAILQ_INIT(&j->dep[DEP_TO]);
287 TAILQ_INSERT_TAIL(&cfjails, j, tq);
292 * Add a parameter to a jail.
295 add_param(struct cfjail *j, const struct cfparam *p, enum intparam ipnum,
298 struct cfstrings nss;
299 struct cfparam *dp, *np;
300 struct cfstring *s, *ns;
301 struct cfvar *v, *nv;
307 /* Create a single anonymous jail if one doesn't yet exist. */
308 j = TAILQ_LAST(&cfjails, cfjails);
317 * Make a copy of the parameter's string list,
318 * which may be freed if it's overridden later.
320 TAILQ_FOREACH(s, &p->val, tq) {
321 ns = emalloc(sizeof(struct cfstring));
322 ns->s = estrdup(s->s);
324 STAILQ_INIT(&ns->vars);
325 STAILQ_FOREACH(v, &s->vars, tq) {
326 nv = emalloc(sizeof(struct cfvar));
327 nv->name = strdup(v->name);
329 STAILQ_INSERT_TAIL(&ns->vars, nv, tq);
331 TAILQ_INSERT_TAIL(&nss, ns, tq);
335 if (ipnum != IP__NULL) {
336 name = intparams[ipnum].name;
337 flags |= intparams[ipnum].flags;
338 } else if ((cs = strchr(value, '='))) {
339 tname = alloca(cs - value + 1);
340 strlcpy(tname, value, cs - value + 1);
348 ns = emalloc(sizeof(struct cfstring));
349 ns->s = estrdup(value);
350 ns->len = strlen(value);
351 STAILQ_INIT(&ns->vars);
352 TAILQ_INSERT_TAIL(&nss, ns, tq);
356 /* See if this parameter has already been added. */
357 if (ipnum != IP__NULL)
358 dp = j->intparams[ipnum];
360 TAILQ_FOREACH(dp, &j->params, tq)
361 if (!(dp->flags & PF_CONV) && equalopts(dp->name, name))
364 /* Found it - append or replace. */
365 if (strcmp(dp->name, name)) {
367 dp->name = estrdup(name);
369 if (!(flags & PF_APPEND) || TAILQ_EMPTY(&nss))
370 free_param_strings(dp);
371 TAILQ_CONCAT(&dp->val, &nss, tq);
374 /* Not found - add it. */
375 np = emalloc(sizeof(struct cfparam));
376 np->name = estrdup(name);
377 TAILQ_INIT(&np->val);
378 TAILQ_CONCAT(&np->val, &nss, tq);
381 TAILQ_INSERT_TAIL(&j->params, np, tq);
382 if (ipnum != IP__NULL)
383 j->intparams[ipnum] = np;
385 for (ipnum = IP__NULL + 1; ipnum < IP_NPARAM; ipnum++)
386 if (!(intparams[ipnum].flags & PF_CONV) &&
387 equalopts(name, intparams[ipnum].name)) {
388 j->intparams[ipnum] = np;
389 np->flags |= intparams[ipnum].flags;
396 * Return if a boolean parameter exists and is true.
399 bool_param(const struct cfparam *p)
405 cs = strrchr(p->name, '.');
406 return !strncmp(cs ? cs + 1 : p->name, "no", 2) ^
407 (TAILQ_EMPTY(&p->val) ||
408 !strcasecmp(TAILQ_LAST(&p->val, cfstrings)->s, "true") ||
409 (strtol(TAILQ_LAST(&p->val, cfstrings)->s, NULL, 10)));
413 * Set an integer if a parameter if it exists.
416 int_param(const struct cfparam *p, int *ip)
418 if (p == NULL || TAILQ_EMPTY(&p->val))
420 *ip = strtol(TAILQ_LAST(&p->val, cfstrings)->s, NULL, 10);
425 * Return the string value of a scalar parameter if it exists.
428 string_param(const struct cfparam *p)
430 return (p && !TAILQ_EMPTY(&p->val)
431 ? TAILQ_LAST(&p->val, cfstrings)->s : NULL);
435 * Check syntax and values of internal parameters. Set some internal
436 * parameters based on the values of others.
439 check_intparams(struct cfjail *j)
448 #if defined(INET) || defined(INET6)
449 struct addrinfo hints;
450 struct addrinfo *ai0, *ai;
451 const char *hostname;
452 int gicode, defif, prefix;
455 struct in_addr addr4;
457 char avalue4[INET_ADDRSTRLEN];
460 struct in6_addr addr6;
462 char avalue6[INET6_ADDRSTRLEN];
466 /* Check format of boolan and integer values. */
467 TAILQ_FOREACH(p, &j->params, tq) {
468 if (!TAILQ_EMPTY(&p->val) && (p->flags & (PF_BOOL | PF_INT))) {
469 val = TAILQ_LAST(&p->val, cfstrings)->s;
470 if (p->flags & PF_BOOL) {
471 if (strcasecmp(val, "false") &&
472 strcasecmp(val, "true") &&
473 ((void)strtol(val, &ep, 10), *ep)) {
475 "%s: unknown boolean value \"%s\"",
480 (void)strtol(val, &ep, 10);
481 if (ep == val || *ep) {
483 "%s: non-integer value \"%s\"",
491 #if defined(INET) || defined(INET6)
493 * The ip_hostname parameter looks up the hostname, and adds parameters
494 * for any IP addresses it finds.
496 if (((j->flags & JF_OP_MASK) != JF_STOP ||
497 j->intparams[IP_INTERFACE] != NULL) &&
498 bool_param(j->intparams[IP_IP_HOSTNAME]) &&
499 (hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) {
500 j->intparams[IP_IP_HOSTNAME] = NULL;
502 * Silently ignore unsupported address families from
506 ip4ok = feature_present("inet");
509 ip6ok = feature_present("inet6");
512 #if defined(INET) && defined(INET6)
520 /* Look up the hostname (or get the address) */
521 memset(&hints, 0, sizeof(hints));
522 hints.ai_socktype = SOCK_STREAM;
524 #if defined(INET) && defined(INET6)
525 ip4ok ? (ip6ok ? PF_UNSPEC : PF_INET) : PF_INET6;
531 gicode = getaddrinfo(hostname, NULL, &hints, &ai0);
533 jail_warnx(j, "host.hostname %s: %s", hostname,
534 gai_strerror(gicode));
538 * Convert the addresses to ASCII so jailparam
539 * can convert them back. Errors are not
542 for (ai = ai0; ai; ai = ai->ai_next)
543 switch (ai->ai_family) {
547 &((struct sockaddr_in *)
548 (void *)ai->ai_addr)->
549 sin_addr, sizeof(addr4));
550 if (inet_ntop(AF_INET,
552 INET_ADDRSTRLEN) == NULL)
554 add_param(j, NULL, KP_IP4_ADDR,
561 &((struct sockaddr_in6 *)
562 (void *)ai->ai_addr)->
563 sin6_addr, sizeof(addr6));
564 if (inet_ntop(AF_INET6,
566 INET6_ADDRSTRLEN) == NULL)
568 add_param(j, NULL, KP_IP6_ADDR,
579 * IP addresses may include an interface to set that address on,
580 * a netmask/suffix for that address and options for ifconfig.
581 * These are copied to an internal command parameter and then stripped
582 * so they won't be passed on to jailparam_set.
584 defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
586 if (j->intparams[KP_IP4_ADDR] != NULL) {
587 TAILQ_FOREACH(s, &j->intparams[KP_IP4_ADDR]->val, tq) {
588 cs = strchr(s->s, '|');
590 add_param(j, NULL, IP__IP4_IFADDR, s->s);
592 strcpy(s->s, cs + 1);
593 s->len -= cs + 1 - s->s;
595 if ((cs = strchr(s->s, '/'))) {
596 prefix = strtol(cs + 1, &ep, 10);
598 ? inet_pton(AF_INET, cs + 1, &addr4) != 1
599 : *ep || prefix < 0 || prefix > 32) {
601 "ip4.addr: bad netmask \"%s\"", cs);
607 if ((cs = strchr(s->s, ' ')) != NULL) {
615 if (j->intparams[KP_IP6_ADDR] != NULL) {
616 TAILQ_FOREACH(s, &j->intparams[KP_IP6_ADDR]->val, tq) {
617 cs = strchr(s->s, '|');
619 add_param(j, NULL, IP__IP6_IFADDR, s->s);
621 strcpy(s->s, cs + 1);
622 s->len -= cs + 1 - s->s;
624 if ((cs = strchr(s->s, '/'))) {
625 prefix = strtol(cs + 1, &ep, 10);
626 if (*ep || prefix < 0 || prefix > 128) {
628 "ip6.addr: bad prefixlen \"%s\"",
635 if ((cs = strchr(s->s, ' ')) != NULL) {
645 * Read mount.fstab file(s), and treat each line as its own mount
648 if (j->intparams[IP_MOUNT_FSTAB] != NULL) {
649 TAILQ_FOREACH(s, &j->intparams[IP_MOUNT_FSTAB]->val, tq) {
652 f = fopen(s->s, "r");
654 jail_warnx(j, "mount.fstab: %s: %s",
655 s->s, strerror(errno));
659 while ((ln = fgetln(f, &lnlen))) {
660 if ((cs = memchr(ln, '#', lnlen - 1)))
662 if (ln[lnlen - 1] == '\n' ||
663 ln[lnlen - 1] == '#')
664 ln[lnlen - 1] = '\0';
666 cs = alloca(lnlen + 1);
667 strlcpy(cs, ln, lnlen + 1);
670 add_param(j, NULL, IP__MOUNT_FROM_FSTAB, ln);
681 * Import parameters into libjail's binary jailparam format.
684 import_params(struct cfjail *j)
687 struct cfstring *s, *ts;
688 struct jailparam *jp;
695 TAILQ_FOREACH(p, &j->params, tq)
696 if (!(p->flags & PF_INTERNAL))
698 j->jp = jp = emalloc(j->njp * sizeof(struct jailparam));
699 TAILQ_FOREACH(p, &j->params, tq) {
700 if (p->flags & PF_INTERNAL)
702 if (jailparam_init(jp, p->name) < 0) {
704 jail_warnx(j, "%s", jail_errmsg);
708 if (TAILQ_EMPTY(&p->val))
710 else if (!jp->jp_elemlen ||
711 !TAILQ_NEXT(TAILQ_FIRST(&p->val), tq)) {
713 * Scalar parameters silently discard multiple (array)
714 * values, keeping only the last value added. This
715 * lets values added from the command line append to
716 * arrays wthout pre-checking the type.
718 value = TAILQ_LAST(&p->val, cfstrings)->s;
721 * Convert arrays into comma-separated strings, which
722 * jailparam_import will then convert back into arrays.
725 TAILQ_FOREACH(s, &p->val, tq)
726 vallen += s->len + 1;
727 value = alloca(vallen);
729 TAILQ_FOREACH_SAFE(s, &p->val, tq, ts) {
730 memcpy(cs, s->s, s->len);
734 value[vallen - 1] = '\0';
736 if (jailparam_import(jp, value) < 0) {
738 jail_warnx(j, "%s", jail_errmsg);
743 jailparam_free(j->jp, j->njp);
752 * Check if options are equal (with or without the "no" prefix).
755 equalopts(const char *opt1, const char *opt2)
759 /* "opt" vs. "opt" or "noopt" vs. "noopt" */
760 if (strcmp(opt1, opt2) == 0)
762 /* "noopt" vs. "opt" */
763 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0)
765 /* "opt" vs. "noopt" */
766 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0)
768 while ((p = strchr(opt1, '.')) != NULL &&
769 !strncmp(opt1, opt2, ++p - opt1)) {
772 /* "foo.noopt" vs. "foo.opt" */
773 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0)
775 /* "foo.opt" vs. "foo.noopt" */
776 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0)
783 * See if a jail name matches a wildcard.
786 wild_jail_match(const char *jname, const char *wname)
788 const char *jc, *jd, *wc, *wd;
791 * A non-final "*" component in the wild name matches a single jail
792 * component, and a final "*" matches one or more jail components.
794 for (jc = jname, wc = wname;
795 (jd = strchr(jc, '.')) && (wd = strchr(wc, '.'));
796 jc = jd + 1, wc = wd + 1)
797 if (strncmp(jc, wc, jd - jc + 1) && strncmp(wc, "*.", 2))
799 return (!strcmp(jc, wc) || !strcmp(wc, "*"));
803 * Return if a jail name is a wildcard.
806 wild_jail_name(const char *wname)
810 for (wc = strchr(wname, '*'); wc; wc = strchr(wc + 1, '*'))
811 if ((wc == wname || wc[-1] == '.') &&
812 (wc[1] == '\0' || wc[1] == '.'))
818 * Free a parameter record and all its strings and variables.
821 free_param(struct cfparams *pp, struct cfparam *p)
824 free_param_strings(p);
825 TAILQ_REMOVE(pp, p, tq);
830 free_param_strings(struct cfparam *p)
835 while ((s = TAILQ_FIRST(&p->val))) {
837 while ((v = STAILQ_FIRST(&s->vars))) {
839 STAILQ_REMOVE_HEAD(&s->vars, tq);
842 TAILQ_REMOVE(&p->val, s, tq);