Place hostnames and similar information fully under the prison system.
The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
This commit is contained in:
Jamie Gritton
parent
88812d9e1d
commit
76ca6f88da
@ -34,7 +34,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/kerneldump.h>
|
||||
#include <sys/vimage.h>
|
||||
#include <vm/vm.h>
|
||||
#include <vm/pmap.h>
|
||||
#include <machine/elf.h>
|
||||
|
||||
@ -34,7 +34,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/kerneldump.h>
|
||||
#include <sys/msgbuf.h>
|
||||
#include <sys/vimage.h>
|
||||
#include <vm/vm.h>
|
||||
#include <vm/pmap.h>
|
||||
#include <machine/atomic.h>
|
||||
|
||||
@ -35,7 +35,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kerneldump.h>
|
||||
#include <sys/vimage.h>
|
||||
#include <vm/vm.h>
|
||||
#include <vm/pmap.h>
|
||||
#include <machine/elf.h>
|
||||
|
||||
@ -31,11 +31,11 @@
|
||||
#include <sys/conf.h>
|
||||
#include <sys/cpuvar.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/misc.h>
|
||||
#include <sys/module.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
cpu_core_t cpu_core[MAXCPU];
|
||||
kmutex_t cpu_lock;
|
||||
@ -83,7 +83,7 @@ opensolaris_modevent(module_t mod __unused, int type, void *data __unused)
|
||||
|
||||
switch (type) {
|
||||
case MOD_LOAD:
|
||||
utsname.nodename = G_hostname;
|
||||
utsname.nodename = prison0.pr_host;
|
||||
break;
|
||||
|
||||
case MOD_UNLOAD:
|
||||
|
||||
@ -28,6 +28,7 @@
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/libkern.h>
|
||||
#include <sys/limits.h>
|
||||
@ -57,7 +58,7 @@ ddi_strtoul(const char *str, char **nptr, int base, unsigned long *result)
|
||||
{
|
||||
|
||||
if (str == hw_serial) {
|
||||
*result = hostid;
|
||||
*result = prison0.pr_hostid;
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
||||
@ -64,7 +64,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/cpuset.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <security/mac/mac_framework.h>
|
||||
|
||||
@ -715,10 +714,10 @@ linux_times(struct thread *td, struct linux_times_args *args)
|
||||
int
|
||||
linux_newuname(struct thread *td, struct linux_newuname_args *args)
|
||||
{
|
||||
INIT_VPROCG(TD_TO_VPROCG(td));
|
||||
struct l_new_utsname utsname;
|
||||
char osname[LINUX_MAX_UTSNAME];
|
||||
char osrelease[LINUX_MAX_UTSNAME];
|
||||
struct prison *pr;
|
||||
char *p;
|
||||
|
||||
#ifdef DEBUG
|
||||
@ -741,9 +740,10 @@ linux_newuname(struct thread *td, struct linux_newuname_args *args)
|
||||
}
|
||||
strlcpy(utsname.machine, linux_platform, LINUX_MAX_UTSNAME);
|
||||
|
||||
mtx_lock(&hostname_mtx);
|
||||
strlcpy(utsname.domainname, V_domainname, LINUX_MAX_UTSNAME);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
pr = td->td_ucred->cr_prison;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
strlcpy(utsname.domainname, pr->pr_domain, LINUX_MAX_UTSNAME);
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
|
||||
return (copyout(&utsname, args->buf, sizeof(utsname)));
|
||||
}
|
||||
|
||||
@ -43,7 +43,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/sysproto.h>
|
||||
#include <sys/un.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <vm/vm.h>
|
||||
|
||||
@ -386,7 +385,7 @@ svr4_ustat(td, uap)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*extern char ostype[], hostname[], osrelease[], version[], machine[];*/
|
||||
/*extern char ostype[], osrelease[], version[], machine[];*/
|
||||
|
||||
int
|
||||
svr4_sys_uname(td, uap)
|
||||
@ -412,15 +411,12 @@ svr4_sys_systeminfo(td, uap)
|
||||
struct thread *td;
|
||||
struct svr4_sys_systeminfo_args *uap;
|
||||
{
|
||||
INIT_VPROCG(TD_TO_VPROCG(td));
|
||||
struct prison *pr;
|
||||
char *str = NULL;
|
||||
int error = 0;
|
||||
register_t *retval = td->td_retval;
|
||||
size_t len = 0;
|
||||
char buf[11]; /* XXX NetBSD uses 256, but we use 11
|
||||
here as that seems like awfully
|
||||
excessive kstack usage for hostid
|
||||
string... */
|
||||
char buf[MAXHOSTNAMELEN];
|
||||
u_int rlen = uap->len;
|
||||
|
||||
switch (uap->what) {
|
||||
@ -429,7 +425,8 @@ svr4_sys_systeminfo(td, uap)
|
||||
break;
|
||||
|
||||
case SVR4_SI_HOSTNAME:
|
||||
str = V_hostname;
|
||||
getcredhostname(td->td_ucred, buf, sizeof(buf));
|
||||
str = buf;
|
||||
break;
|
||||
|
||||
case SVR4_SI_RELEASE:
|
||||
@ -470,8 +467,11 @@ svr4_sys_systeminfo(td, uap)
|
||||
break;
|
||||
|
||||
case SVR4_SI_SRPC_DOMAIN:
|
||||
/* XXXRW: locking? */
|
||||
str = V_domainname;
|
||||
pr = td->td_ucred->cr_prison;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
strlcpy(buf, pr->pr_domain, sizeof(buf));
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
str = buf;
|
||||
break;
|
||||
|
||||
case SVR4_SI_PLATFORM:
|
||||
|
||||
@ -68,7 +68,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/msgbuf.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <ddb/ddb.h>
|
||||
#include <ddb/db_lex.h>
|
||||
|
||||
@ -39,13 +39,13 @@
|
||||
#include <sys/systm.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/module.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/kthread.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <sys/kdb.h>
|
||||
|
||||
@ -723,7 +723,9 @@ fw_reset_crom(struct firewire_comm *fc)
|
||||
crom_add_simple_text(src, root, &buf->vendor, "FreeBSD Project");
|
||||
crom_add_entry(root, CSRKEY_HW, __FreeBSD_version);
|
||||
#endif
|
||||
crom_add_simple_text(src, root, &buf->hw, G_hostname);
|
||||
mtx_lock(&prison0.pr_mtx);
|
||||
crom_add_simple_text(src, root, &buf->hw, prison0.pr_host);
|
||||
mtx_unlock(&prison0.pr_mtx);
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -32,11 +32,11 @@
|
||||
#include <sys/systm.h>
|
||||
#include <sys/module.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/consio.h>
|
||||
#include <sys/fbio.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <machine/pc/display.h>
|
||||
|
||||
@ -352,11 +352,12 @@ static int
|
||||
daemon_init(video_adapter_t *adp)
|
||||
{
|
||||
|
||||
/* XXXRW: Locking -- these can change! */
|
||||
messagelen = strlen(G_hostname) + 3 + strlen(ostype) + 1 +
|
||||
mtx_lock(&prison0.pr_mtx);
|
||||
messagelen = strlen(prison0.pr_host) + 3 + strlen(ostype) + 1 +
|
||||
strlen(osrelease);
|
||||
message = malloc(messagelen + 1, M_DEVBUF, M_WAITOK);
|
||||
sprintf(message, "%s - %s %s", G_hostname, ostype, osrelease);
|
||||
sprintf(message, "%s - %s %s", prison0.pr_host, ostype, osrelease);
|
||||
mtx_unlock(&prison0.pr_mtx);
|
||||
blanked = 0;
|
||||
switch (adp->va_mode) {
|
||||
case M_PC98_80x25:
|
||||
|
||||
@ -41,10 +41,10 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/systm.h>
|
||||
#include <sys/bio.h>
|
||||
#include <sys/buf.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <fs/cd9660/iso.h>
|
||||
#include <fs/cd9660/cd9660_node.h>
|
||||
@ -114,11 +114,11 @@ cd9660_rrip_slink(p,ana)
|
||||
ISO_RRIP_SLINK *p;
|
||||
ISO_RRIP_ANALYZE *ana;
|
||||
{
|
||||
INIT_VPROCG(TD_TO_VPROCG(curthread));
|
||||
ISO_RRIP_SLINK_COMPONENT *pcomp;
|
||||
ISO_RRIP_SLINK_COMPONENT *pcompe;
|
||||
int len, wlen, cont;
|
||||
char *outbuf, *inbuf;
|
||||
char hostbuf[MAXHOSTNAMELEN];
|
||||
|
||||
pcomp = (ISO_RRIP_SLINK_COMPONENT *)p->component;
|
||||
pcompe = (ISO_RRIP_SLINK_COMPONENT *)((char *)p + isonum_711(p->h.length));
|
||||
@ -172,10 +172,11 @@ cd9660_rrip_slink(p,ana)
|
||||
break;
|
||||
|
||||
case ISO_SUSP_CFLAG_HOST:
|
||||
/* XXXRW: locking. */
|
||||
/* Inserting hostname i.e. "kurt.tools.de" */
|
||||
inbuf = V_hostname;
|
||||
wlen = strlen(V_hostname);
|
||||
getcredhostname(curthread->td_ucred, hostbuf,
|
||||
sizeof(hostbuf));
|
||||
inbuf = hostbuf;
|
||||
wlen = strlen(inbuf);
|
||||
break;
|
||||
|
||||
case ISO_SUSP_CFLAG_CONTINUE:
|
||||
@ -225,10 +226,10 @@ cd9660_rrip_altname(p,ana)
|
||||
ISO_RRIP_ALTNAME *p;
|
||||
ISO_RRIP_ANALYZE *ana;
|
||||
{
|
||||
INIT_VPROCG(TD_TO_VPROCG(curthread));
|
||||
char *inbuf;
|
||||
int wlen;
|
||||
int cont;
|
||||
char hostbuf[MAXHOSTNAMELEN];
|
||||
|
||||
inbuf = "..";
|
||||
wlen = 0;
|
||||
@ -246,10 +247,10 @@ cd9660_rrip_altname(p,ana)
|
||||
break;
|
||||
|
||||
case ISO_SUSP_CFLAG_HOST:
|
||||
/* XXXRW: locking. */
|
||||
/* Inserting hostname i.e. "kurt.tools.de" */
|
||||
inbuf = V_hostname;
|
||||
wlen = strlen(V_hostname);
|
||||
getcredhostname(curthread->td_ucred, hostbuf, sizeof(hostbuf));
|
||||
inbuf = hostbuf;
|
||||
wlen = strlen(inbuf);
|
||||
break;
|
||||
|
||||
case ISO_SUSP_CFLAG_CONTINUE:
|
||||
|
||||
@ -49,6 +49,7 @@
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/filedesc.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/lockf.h>
|
||||
#include <sys/malloc.h>
|
||||
|
||||
@ -675,10 +675,16 @@ nfscl_getcl(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
|
||||
struct nfsclclient *newclp;
|
||||
struct nfscllockowner *lp, *nlp;
|
||||
struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
|
||||
struct prison *pr;
|
||||
char uuid[HOSTUUIDLEN];
|
||||
int igotlock = 0, error, trystalecnt, clidinusedelay, i;
|
||||
u_int16_t idlen;
|
||||
|
||||
idlen = strlen(hostuuid);
|
||||
pr = cred->cr_prison;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
strlcpy(uuid, pr->pr_uuid, sizeof uuid);
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
idlen = strlen(uuid);
|
||||
if (idlen > 0)
|
||||
idlen += sizeof (u_int64_t);
|
||||
else
|
||||
@ -699,7 +705,7 @@ nfscl_getcl(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
|
||||
clp->nfsc_flags = NFSCLFLAGS_INITED;
|
||||
clp->nfsc_clientidrev = 1;
|
||||
clp->nfsc_cbident = nfscl_nextcbident();
|
||||
nfscl_fillclid(nmp->nm_clval, hostuuid, clp->nfsc_id,
|
||||
nfscl_fillclid(nmp->nm_clval, uuid, clp->nfsc_id,
|
||||
clp->nfsc_idlen);
|
||||
LIST_INSERT_HEAD(&nfsclhead, clp, nfsc_list);
|
||||
nmp->nm_clp = clp;
|
||||
|
||||
@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/bio.h>
|
||||
#include <sys/buf.h>
|
||||
#include <sys/clock.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mbuf.h>
|
||||
@ -368,12 +369,11 @@ int
|
||||
ncl_mountroot(struct mount *mp)
|
||||
{
|
||||
struct thread *td = curthread;
|
||||
INIT_VPROCG(TD_TO_VPROCG(td));
|
||||
struct nfsv3_diskless *nd = &newnfsv3_diskless;
|
||||
struct socket *so;
|
||||
struct vnode *vp;
|
||||
struct ifreq ir;
|
||||
int error, i;
|
||||
int error;
|
||||
u_long l;
|
||||
char buf[128];
|
||||
char *cp;
|
||||
@ -477,13 +477,9 @@ ncl_mountroot(struct mount *mp)
|
||||
* set hostname here and then let the "/etc/rc.xxx" files
|
||||
* mount the right /var based upon its preset value.
|
||||
*/
|
||||
mtx_lock(&hostname_mtx);
|
||||
bcopy(nd->my_hostnam, V_hostname, MAXHOSTNAMELEN);
|
||||
V_hostname[MAXHOSTNAMELEN - 1] = '\0';
|
||||
for (i = 0; i < MAXHOSTNAMELEN; i++)
|
||||
if (V_hostname[i] == '\0')
|
||||
break;
|
||||
mtx_unlock(&hostname_mtx);
|
||||
mtx_lock(&prison0.pr_mtx);
|
||||
strlcpy(prison0.pr_host, nd->my_hostnam, sizeof(prison0.pr_host));
|
||||
mtx_unlock(&prison0.pr_mtx);
|
||||
inittodr(ntohl(nd->root_time));
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -31,10 +31,10 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/param.h>
|
||||
#include <sys/bio.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <geom/geom.h>
|
||||
#include <geom/vinum/geom_vinum_var.h>
|
||||
@ -157,9 +157,7 @@ gv_create_drive(struct gv_softc *sc, struct gv_drive *d)
|
||||
hdr = g_malloc(sizeof(*hdr), M_WAITOK | M_ZERO);
|
||||
hdr->magic = GV_MAGIC;
|
||||
hdr->config_length = GV_CFG_LEN;
|
||||
mtx_lock(&hostname_mtx);
|
||||
bcopy(G_hostname, hdr->label.sysname, GV_HOSTNAME_LEN);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
getcredhostname(NULL, hdr->label.sysname, GV_HOSTNAME_LEN);
|
||||
strlcpy(hdr->label.name, d->name, sizeof(hdr->label.name));
|
||||
microtime(&hdr->label.date_of_birth);
|
||||
d->hdr = hdr;
|
||||
|
||||
@ -30,7 +30,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/endian.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <geom/geom.h>
|
||||
#include <geom/vinum/geom_vinum_var.h>
|
||||
|
||||
@ -34,7 +34,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/kerneldump.h>
|
||||
#include <sys/vimage.h>
|
||||
#include <vm/vm.h>
|
||||
#include <vm/pmap.h>
|
||||
#include <machine/elf.h>
|
||||
|
||||
@ -34,7 +34,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/kerneldump.h>
|
||||
#include <sys/msgbuf.h>
|
||||
#include <sys/vimage.h>
|
||||
#include <vm/vm.h>
|
||||
#include <vm/pmap.h>
|
||||
#include <machine/atomic.h>
|
||||
|
||||
@ -31,10 +31,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sysproto.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <i386/ibcs2/ibcs2_socksys.h>
|
||||
#include <i386/ibcs2/ibcs2_util.h>
|
||||
@ -152,7 +149,7 @@ ibcs2_getipdomainname(td, uap)
|
||||
char hname[MAXHOSTNAMELEN], *dptr;
|
||||
int len;
|
||||
|
||||
/* Get the domain name */
|
||||
/* Get the domain name. */
|
||||
getcredhostname(td->td_ucred, hname, sizeof(hname));
|
||||
|
||||
dptr = index(hname, '.');
|
||||
@ -174,20 +171,17 @@ ibcs2_setipdomainname(td, uap)
|
||||
struct thread *td;
|
||||
struct setipdomainname_args *uap;
|
||||
{
|
||||
INIT_VPROCG(TD_TO_VPROCG(td));
|
||||
char hname[MAXHOSTNAMELEN], *ptr;
|
||||
int error, sctl[2], hlen;
|
||||
|
||||
/* Get the domain name */
|
||||
getcredhostname(td->td_ucred, hname, sizeof(hname));
|
||||
|
||||
/* W/out a hostname a domain-name is nonsense */
|
||||
mtx_lock(&hostname_mtx);
|
||||
if ( strlen(V_hostname) == 0 ) {
|
||||
mtx_unlock(&hostname_mtx);
|
||||
if ( strlen(hname) == 0 )
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
/* Get the host's unqualified name (strip off the domain) */
|
||||
snprintf(hname, sizeof(hname), "%s", V_hostname);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
ptr = index(hname, '.');
|
||||
if ( ptr != NULL ) {
|
||||
ptr++;
|
||||
|
||||
@ -33,7 +33,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/cons.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/kerneldump.h>
|
||||
#include <sys/vimage.h>
|
||||
#include <vm/vm.h>
|
||||
#include <vm/pmap.h>
|
||||
#include <machine/efi.h>
|
||||
|
||||
@ -29,6 +29,7 @@
|
||||
#include <sys/cdefs.h>
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
#include "opt_compat.h"
|
||||
#include "opt_ddb.h"
|
||||
#include "opt_inet.h"
|
||||
#include "opt_inet6.h"
|
||||
@ -50,6 +51,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/sx.h>
|
||||
#include <sys/sysent.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/queue.h>
|
||||
@ -79,7 +81,9 @@ struct prison prison0 = {
|
||||
.pr_uref = 1,
|
||||
.pr_path = "/",
|
||||
.pr_securelevel = -1,
|
||||
.pr_uuid = "00000000-0000-0000-0000-000000000000",
|
||||
.pr_children = LIST_HEAD_INITIALIZER(&prison0.pr_children),
|
||||
.pr_flags = PR_HOST,
|
||||
.pr_allow = PR_ALLOW_ALL,
|
||||
};
|
||||
MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
|
||||
@ -116,8 +120,9 @@ static int prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6);
|
||||
*/
|
||||
static char *pr_flag_names[] = {
|
||||
[0] = "persist",
|
||||
"host",
|
||||
#ifdef INET
|
||||
[2] = "ip4",
|
||||
"ip4",
|
||||
#endif
|
||||
#ifdef INET6
|
||||
[3] = "ip6",
|
||||
@ -126,8 +131,9 @@ static char *pr_flag_names[] = {
|
||||
|
||||
static char *pr_flag_nonames[] = {
|
||||
[0] = "nopersist",
|
||||
"nohost",
|
||||
#ifdef INET
|
||||
[2] = "noip4",
|
||||
"noip4",
|
||||
#endif
|
||||
#ifdef INET6
|
||||
[3] = "noip6",
|
||||
@ -453,13 +459,14 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
|
||||
struct vfsoptlist *opts;
|
||||
struct prison *pr, *deadpr, *mypr, *ppr, *tpr;
|
||||
struct vnode *root;
|
||||
char *errmsg, *host, *name, *p, *path;
|
||||
char *domain, *errmsg, *host, *name, *p, *path, *uuid;
|
||||
#if defined(INET) || defined(INET6)
|
||||
void *op;
|
||||
#endif
|
||||
unsigned long hid;
|
||||
size_t namelen, onamelen;
|
||||
int created, cuflags, descend, enforce, error, errmsg_len, errmsg_pos;
|
||||
int gotenforce, gotslevel, fi, jid, len;
|
||||
int gotenforce, gothid, gotslevel, fi, jid, len;
|
||||
int slevel, vfslocked;
|
||||
#if defined(INET) || defined(INET6)
|
||||
int ii, ij;
|
||||
@ -578,6 +585,8 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
|
||||
else if (error != 0)
|
||||
goto done_free;
|
||||
else {
|
||||
ch_flags |= PR_HOST;
|
||||
pr_flags |= PR_HOST;
|
||||
if (len == 0 || host[len - 1] != '\0') {
|
||||
error = EINVAL;
|
||||
goto done_free;
|
||||
@ -588,6 +597,61 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
|
||||
}
|
||||
}
|
||||
|
||||
error = vfs_getopt(opts, "host.domainname", (void **)&domain, &len);
|
||||
if (error == ENOENT)
|
||||
domain = NULL;
|
||||
else if (error != 0)
|
||||
goto done_free;
|
||||
else {
|
||||
ch_flags |= PR_HOST;
|
||||
pr_flags |= PR_HOST;
|
||||
if (len == 0 || domain[len - 1] != '\0') {
|
||||
error = EINVAL;
|
||||
goto done_free;
|
||||
}
|
||||
if (len > MAXHOSTNAMELEN) {
|
||||
error = ENAMETOOLONG;
|
||||
goto done_free;
|
||||
}
|
||||
}
|
||||
|
||||
error = vfs_getopt(opts, "host.hostuuid", (void **)&uuid, &len);
|
||||
if (error == ENOENT)
|
||||
uuid = NULL;
|
||||
else if (error != 0)
|
||||
goto done_free;
|
||||
else {
|
||||
ch_flags |= PR_HOST;
|
||||
pr_flags |= PR_HOST;
|
||||
if (len == 0 || uuid[len - 1] != '\0') {
|
||||
error = EINVAL;
|
||||
goto done_free;
|
||||
}
|
||||
if (len > HOSTUUIDLEN) {
|
||||
error = ENAMETOOLONG;
|
||||
goto done_free;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef COMPAT_IA32
|
||||
if (td->td_proc->p_sysent->sv_flags & SV_IA32) {
|
||||
uint32_t hid32;
|
||||
|
||||
error = vfs_copyopt(opts, "host.hostid", &hid32, sizeof(hid32));
|
||||
hid = hid32;
|
||||
} else
|
||||
#endif
|
||||
error = vfs_copyopt(opts, "host.hostid", &hid, sizeof(hid));
|
||||
if (error == ENOENT)
|
||||
gothid = 0;
|
||||
else if (error != 0)
|
||||
goto done_free;
|
||||
else {
|
||||
gothid = 1;
|
||||
ch_flags |= PR_HOST;
|
||||
pr_flags |= PR_HOST;
|
||||
}
|
||||
|
||||
/* This might be the second time around for this option. */
|
||||
#ifdef INET
|
||||
error = vfs_getopt(opts, "ip4.addr", &op, &ip4s);
|
||||
@ -1000,6 +1064,16 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
|
||||
/* Set some default values, and inherit some from the parent. */
|
||||
if (name == NULL)
|
||||
name = "";
|
||||
if (host != NULL || domain != NULL || uuid != NULL || gothid) {
|
||||
if (host == NULL)
|
||||
host = ppr->pr_host;
|
||||
if (domain == NULL)
|
||||
domain = ppr->pr_domain;
|
||||
if (uuid == NULL)
|
||||
uuid = ppr->pr_uuid;
|
||||
if (!gothid)
|
||||
hid = ppr->pr_hostid;
|
||||
}
|
||||
if (path == NULL) {
|
||||
path = "/";
|
||||
root = mypr->pr_root;
|
||||
@ -1436,8 +1510,50 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
|
||||
strlcpy(pr->pr_path, path, sizeof(pr->pr_path));
|
||||
pr->pr_root = root;
|
||||
}
|
||||
if (host != NULL)
|
||||
strlcpy(pr->pr_host, host, sizeof(pr->pr_host));
|
||||
if (PR_HOST & ch_flags & ~pr_flags) {
|
||||
if (pr->pr_flags & PR_HOST) {
|
||||
/*
|
||||
* Copy the parent's host info. As with pr_ip4 above,
|
||||
* the lack of a lock on the parent is not a problem;
|
||||
* it is always set with allprison_lock at least
|
||||
* shared, and is held exclusively here.
|
||||
*/
|
||||
strlcpy(pr->pr_host, pr->pr_parent->pr_host,
|
||||
sizeof(pr->pr_host));
|
||||
strlcpy(pr->pr_domain, pr->pr_parent->pr_domain,
|
||||
sizeof(pr->pr_domain));
|
||||
strlcpy(pr->pr_uuid, pr->pr_parent->pr_uuid,
|
||||
sizeof(pr->pr_uuid));
|
||||
pr->pr_hostid = pr->pr_parent->pr_hostid;
|
||||
}
|
||||
} else if (host != NULL || domain != NULL || uuid != NULL || gothid) {
|
||||
/* Set this prison, and any descendants without PR_HOST. */
|
||||
if (host != NULL)
|
||||
strlcpy(pr->pr_host, host, sizeof(pr->pr_host));
|
||||
if (domain != NULL)
|
||||
strlcpy(pr->pr_domain, domain, sizeof(pr->pr_domain));
|
||||
if (uuid != NULL)
|
||||
strlcpy(pr->pr_uuid, uuid, sizeof(pr->pr_uuid));
|
||||
if (gothid)
|
||||
pr->pr_hostid = hid;
|
||||
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
|
||||
if (tpr->pr_flags & PR_HOST)
|
||||
descend = 0;
|
||||
else {
|
||||
if (host != NULL)
|
||||
strlcpy(tpr->pr_host, pr->pr_host,
|
||||
sizeof(tpr->pr_host));
|
||||
if (domain != NULL)
|
||||
strlcpy(tpr->pr_domain, pr->pr_domain,
|
||||
sizeof(tpr->pr_domain));
|
||||
if (uuid != NULL)
|
||||
strlcpy(tpr->pr_uuid, pr->pr_uuid,
|
||||
sizeof(tpr->pr_uuid));
|
||||
if (gothid)
|
||||
tpr->pr_hostid = hid;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ((tallow = ch_allow & ~pr_allow)) {
|
||||
/* Clear allow bits in all children. */
|
||||
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend)
|
||||
@ -1751,6 +1867,23 @@ kern_jail_get(struct thread *td, struct uio *optuio, int flags)
|
||||
if (error != 0 && error != ENOENT)
|
||||
goto done_deref;
|
||||
error = vfs_setopts(opts, "host.hostname", pr->pr_host);
|
||||
if (error != 0 && error != ENOENT)
|
||||
goto done_deref;
|
||||
error = vfs_setopts(opts, "host.domainname", pr->pr_domain);
|
||||
if (error != 0 && error != ENOENT)
|
||||
goto done_deref;
|
||||
error = vfs_setopts(opts, "host.hostuuid", pr->pr_uuid);
|
||||
if (error != 0 && error != ENOENT)
|
||||
goto done_deref;
|
||||
#ifdef COMPAT_IA32
|
||||
if (td->td_proc->p_sysent->sv_flags & SV_IA32) {
|
||||
uint32_t hid32 = pr->pr_hostid;
|
||||
|
||||
error = vfs_setopt(opts, "host.hostid", &hid32, sizeof(hid32));
|
||||
} else
|
||||
#endif
|
||||
error = vfs_setopt(opts, "host.hostid", &pr->pr_hostid,
|
||||
sizeof(pr->pr_hostid));
|
||||
if (error != 0 && error != ENOENT)
|
||||
goto done_deref;
|
||||
error = vfs_setopt(opts, "enforce_statfs", &pr->pr_enforce_statfs,
|
||||
@ -3072,17 +3205,12 @@ jailed(struct ucred *cred)
|
||||
void
|
||||
getcredhostname(struct ucred *cred, char *buf, size_t size)
|
||||
{
|
||||
INIT_VPROCG(cred->cr_vimage->v_procg);
|
||||
struct prison *pr;
|
||||
|
||||
if (jailed(cred)) {
|
||||
mtx_lock(&cred->cr_prison->pr_mtx);
|
||||
strlcpy(buf, cred->cr_prison->pr_host, size);
|
||||
mtx_unlock(&cred->cr_prison->pr_mtx);
|
||||
} else {
|
||||
mtx_lock(&hostname_mtx);
|
||||
strlcpy(buf, V_hostname, size);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
}
|
||||
pr = (cred != NULL) ? cred->cr_prison : &prison0;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
strlcpy(buf, pr->pr_host, size);
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -3683,8 +3811,16 @@ SYSCTL_JAIL_PARAM(, dying, CTLTYPE_INT | CTLFLAG_RD,
|
||||
"B", "Jail is in the process of shutting down");
|
||||
|
||||
SYSCTL_JAIL_PARAM_NODE(host, "Jail host info");
|
||||
SYSCTL_JAIL_PARAM(, nohost, CTLTYPE_INT | CTLFLAG_RW,
|
||||
"BN", "Jail w/ no host info");
|
||||
SYSCTL_JAIL_PARAM_STRING(_host, hostname, CTLFLAG_RW, MAXHOSTNAMELEN,
|
||||
"Jail hostname");
|
||||
SYSCTL_JAIL_PARAM_STRING(_host, domainname, CTLFLAG_RW, MAXHOSTNAMELEN,
|
||||
"Jail NIS domainname");
|
||||
SYSCTL_JAIL_PARAM_STRING(_host, hostuuid, CTLFLAG_RW, HOSTUUIDLEN,
|
||||
"Jail host UUID");
|
||||
SYSCTL_JAIL_PARAM(_host, hostid, CTLTYPE_ULONG | CTLFLAG_RW,
|
||||
"LU", "Jail host ID");
|
||||
|
||||
SYSCTL_JAIL_PARAM_NODE(cpuset, "Jail cpuset");
|
||||
SYSCTL_JAIL_PARAM(_cpuset, id, CTLTYPE_INT | CTLFLAG_RD, "I", "Jail cpuset ID");
|
||||
@ -3762,6 +3898,9 @@ db_show_prison(struct prison *pr)
|
||||
db_printf("\n");
|
||||
db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs);
|
||||
db_printf(" host.hostname = %s\n", pr->pr_host);
|
||||
db_printf(" host.domainname = %s\n", pr->pr_domain);
|
||||
db_printf(" host.hostuuid = %s\n", pr->pr_uuid);
|
||||
db_printf(" host.hostid = %lu\n", pr->pr_hostid);
|
||||
#ifdef INET
|
||||
db_printf(" ip4s = %d\n", pr->pr_ip4s);
|
||||
for (ii = 0; ii < pr->pr_ip4s; ii++)
|
||||
|
||||
@ -54,7 +54,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/smp.h>
|
||||
#include <sys/sx.h>
|
||||
#include <sys/unistd.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
SYSCTL_NODE(, 0, sysctl, CTLFLAG_RW, 0,
|
||||
"Sysctl internal magic");
|
||||
@ -209,71 +208,69 @@ static char machine_arch[] = MACHINE_ARCH;
|
||||
SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD,
|
||||
machine_arch, 0, "System architecture");
|
||||
|
||||
#ifdef VIMAGE_GLOBALS
|
||||
char hostname[MAXHOSTNAMELEN];
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This mutex is used to protect the hostname and domainname variables, and
|
||||
* perhaps in the future should also protect hostid, hostuid, and others.
|
||||
*/
|
||||
struct mtx hostname_mtx;
|
||||
MTX_SYSINIT(hostname_mtx, &hostname_mtx, "hostname", MTX_DEF);
|
||||
|
||||
static int
|
||||
sysctl_hostname(SYSCTL_HANDLER_ARGS)
|
||||
{
|
||||
INIT_VPROCG(TD_TO_VPROCG(req->td));
|
||||
struct prison *pr;
|
||||
char tmphostname[MAXHOSTNAMELEN];
|
||||
int error;
|
||||
struct prison *pr, *cpr;
|
||||
size_t pr_offset;
|
||||
char tmpname[MAXHOSTNAMELEN];
|
||||
int descend, error, len;
|
||||
|
||||
/*
|
||||
* This function can set: hostname domainname hostuuid.
|
||||
* Keep that in mind when comments say "hostname".
|
||||
*/
|
||||
pr_offset = (size_t)arg1;
|
||||
len = arg2;
|
||||
KASSERT(len <= sizeof(tmpname),
|
||||
("length %d too long for %s", len, __func__));
|
||||
|
||||
pr = req->td->td_ucred->cr_prison;
|
||||
if (pr != &prison0) {
|
||||
if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME) && req->newptr)
|
||||
return (EPERM);
|
||||
if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME) && req->newptr)
|
||||
return (EPERM);
|
||||
/*
|
||||
* Make a local copy of hostname to get/set so we don't have to hold
|
||||
* the jail mutex during the sysctl copyin/copyout activities.
|
||||
*/
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
bcopy((char *)pr + pr_offset, tmpname, len);
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
|
||||
error = sysctl_handle_string(oidp, tmpname, len, req);
|
||||
|
||||
if (req->newptr != NULL && error == 0) {
|
||||
/*
|
||||
* Process is in jail, so make a local copy of jail
|
||||
* hostname to get/set so we don't have to hold the jail
|
||||
* mutex during the sysctl copyin/copyout activities.
|
||||
* Copy the locally set hostname to all jails that share
|
||||
* this host info.
|
||||
*/
|
||||
sx_slock(&allprison_lock);
|
||||
while (!(pr->pr_flags & PR_HOST))
|
||||
pr = pr->pr_parent;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
bcopy(pr->pr_host, tmphostname, MAXHOSTNAMELEN);
|
||||
bcopy(tmpname, (char *)pr + pr_offset, len);
|
||||
FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend)
|
||||
if (cpr->pr_flags & PR_HOST)
|
||||
descend = 0;
|
||||
else
|
||||
bcopy(tmpname, (char *)cpr + pr_offset, len);
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
|
||||
error = sysctl_handle_string(oidp, tmphostname,
|
||||
sizeof pr->pr_host, req);
|
||||
|
||||
if (req->newptr != NULL && error == 0) {
|
||||
/*
|
||||
* Copy the locally set hostname to the jail, if
|
||||
* appropriate.
|
||||
*/
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
bcopy(tmphostname, pr->pr_host, MAXHOSTNAMELEN);
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
}
|
||||
} else {
|
||||
mtx_lock(&hostname_mtx);
|
||||
bcopy(V_hostname, tmphostname, MAXHOSTNAMELEN);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
error = sysctl_handle_string(oidp, tmphostname,
|
||||
sizeof tmphostname, req);
|
||||
if (req->newptr != NULL && error == 0) {
|
||||
mtx_lock(&prison0.pr_mtx);
|
||||
mtx_lock(&hostname_mtx);
|
||||
bcopy(tmphostname, prison0.pr_host, MAXHOSTNAMELEN);
|
||||
bcopy(tmphostname, V_hostname, MAXHOSTNAMELEN);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
mtx_unlock(&prison0.pr_mtx);
|
||||
}
|
||||
sx_sunlock(&allprison_lock);
|
||||
}
|
||||
return (error);
|
||||
}
|
||||
|
||||
SYSCTL_PROC(_kern, KERN_HOSTNAME, hostname,
|
||||
CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON|CTLFLAG_MPSAFE,
|
||||
0, 0, sysctl_hostname, "A", "Hostname");
|
||||
CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
|
||||
(void *)(offsetof(struct prison, pr_host)), MAXHOSTNAMELEN,
|
||||
sysctl_hostname, "A", "Hostname");
|
||||
SYSCTL_PROC(_kern, KERN_NISDOMAINNAME, domainname,
|
||||
CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
|
||||
(void *)(offsetof(struct prison, pr_domain)), MAXHOSTNAMELEN,
|
||||
sysctl_hostname, "A", "Name of the current YP/NIS domain");
|
||||
SYSCTL_PROC(_kern, KERN_HOSTUUID, hostuuid,
|
||||
CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
|
||||
(void *)(offsetof(struct prison, pr_uuid)), HOSTUUIDLEN,
|
||||
sysctl_hostname, "A", "Host UUID");
|
||||
|
||||
static int regression_securelevel_nonmonotonic = 0;
|
||||
|
||||
@ -341,38 +338,43 @@ SYSCTL_PROC(_kern, OID_AUTO, conftxt, CTLTYPE_STRING|CTLFLAG_RW,
|
||||
0, 0, sysctl_kern_config, "", "Kernel configuration file");
|
||||
#endif
|
||||
|
||||
#ifdef VIMAGE_GLOBALS
|
||||
char domainname[MAXHOSTNAMELEN]; /* Protected by hostname_mtx. */
|
||||
#endif
|
||||
|
||||
static int
|
||||
sysctl_domainname(SYSCTL_HANDLER_ARGS)
|
||||
sysctl_hostid(SYSCTL_HANDLER_ARGS)
|
||||
{
|
||||
INIT_VPROCG(TD_TO_VPROCG(req->td));
|
||||
char tmpdomainname[MAXHOSTNAMELEN];
|
||||
int error;
|
||||
struct prison *pr, *cpr;
|
||||
u_long tmpid;
|
||||
int descend, error;
|
||||
|
||||
/*
|
||||
* Like sysctl_hostname, except it operates on a u_long
|
||||
* instead of a string, and is used only for hostid.
|
||||
*/
|
||||
pr = req->td->td_ucred->cr_prison;
|
||||
if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME) && req->newptr)
|
||||
return (EPERM);
|
||||
tmpid = pr->pr_hostid;
|
||||
error = sysctl_handle_long(oidp, &tmpid, 0, req);
|
||||
|
||||
mtx_lock(&hostname_mtx);
|
||||
bcopy(V_domainname, tmpdomainname, MAXHOSTNAMELEN);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
error = sysctl_handle_string(oidp, tmpdomainname,
|
||||
sizeof tmpdomainname, req);
|
||||
if (req->newptr != NULL && error == 0) {
|
||||
mtx_lock(&hostname_mtx);
|
||||
bcopy(tmpdomainname, V_domainname, MAXHOSTNAMELEN);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
sx_slock(&allprison_lock);
|
||||
while (!(pr->pr_flags & PR_HOST))
|
||||
pr = pr->pr_parent;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
pr->pr_hostid = tmpid;
|
||||
FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend)
|
||||
if (cpr->pr_flags & PR_HOST)
|
||||
descend = 0;
|
||||
else
|
||||
cpr->pr_hostid = tmpid;
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
sx_sunlock(&allprison_lock);
|
||||
}
|
||||
return (error);
|
||||
}
|
||||
|
||||
SYSCTL_PROC(_kern, KERN_NISDOMAINNAME, domainname, CTLTYPE_STRING|CTLFLAG_RW,
|
||||
0, 0, sysctl_domainname, "A", "Name of the current YP/NIS domain");
|
||||
|
||||
u_long hostid;
|
||||
SYSCTL_ULONG(_kern, KERN_HOSTID, hostid, CTLFLAG_RW, &hostid, 0, "Host ID");
|
||||
char hostuuid[64] = "00000000-0000-0000-0000-000000000000";
|
||||
SYSCTL_STRING(_kern, KERN_HOSTUUID, hostuuid, CTLFLAG_RW, hostuuid,
|
||||
sizeof(hostuuid), "Host UUID");
|
||||
SYSCTL_PROC(_kern, KERN_HOSTID, hostid,
|
||||
CTLTYPE_ULONG | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
|
||||
NULL, 0, sysctl_hostid, "LU", "Host ID");
|
||||
|
||||
SYSCTL_NODE(_kern, OID_AUTO, features, CTLFLAG_RD, 0, "Kernel Features");
|
||||
|
||||
|
||||
@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/conf.h>
|
||||
#include <sys/cons.h>
|
||||
#include <sys/eventhandler.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kdb.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/kerneldump.h>
|
||||
@ -65,7 +66,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/smp.h> /* smp_active */
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/sysproto.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <ddb/ddb.h>
|
||||
|
||||
@ -693,7 +693,7 @@ mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver,
|
||||
kdh->dumplength = htod64(dumplen);
|
||||
kdh->dumptime = htod64(time_second);
|
||||
kdh->blocksize = htod32(blksz);
|
||||
strncpy(kdh->hostname, G_hostname, sizeof(kdh->hostname));
|
||||
strncpy(kdh->hostname, prison0.pr_host, sizeof(kdh->hostname));
|
||||
strncpy(kdh->versionstring, version, sizeof(kdh->versionstring));
|
||||
if (panicstr != NULL)
|
||||
strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
|
||||
|
||||
@ -45,7 +45,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/socket.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/utsname.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <vm/vm_param.h>
|
||||
|
||||
@ -103,9 +102,13 @@ ogethostid(td, uap)
|
||||
struct thread *td;
|
||||
struct ogethostid_args *uap;
|
||||
{
|
||||
size_t len = sizeof(long);
|
||||
int name[2];
|
||||
|
||||
*(long *)(td->td_retval) = hostid;
|
||||
return (0);
|
||||
name[0] = CTL_KERN;
|
||||
name[1] = KERN_HOSTID;
|
||||
return (kernel_sysctl(td, name, 2, (long *)td->td_retval, &len,
|
||||
NULL, 0, NULL, 0));
|
||||
}
|
||||
#endif /* COMPAT_43 */
|
||||
|
||||
@ -121,15 +124,12 @@ osethostid(td, uap)
|
||||
struct thread *td;
|
||||
struct osethostid_args *uap;
|
||||
{
|
||||
int error;
|
||||
int name[2];
|
||||
|
||||
error = priv_check(td, PRIV_SETHOSTID);
|
||||
if (error)
|
||||
return (error);
|
||||
mtx_lock(&Giant);
|
||||
hostid = uap->hostid;
|
||||
mtx_unlock(&Giant);
|
||||
return (0);
|
||||
name[0] = CTL_KERN;
|
||||
name[1] = KERN_HOSTID;
|
||||
return (kernel_sysctl(td, name, 2, NULL, NULL, &uap->hostid,
|
||||
sizeof(uap->hostid), NULL, 0));
|
||||
}
|
||||
|
||||
int
|
||||
|
||||
@ -38,7 +38,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/socketvar.h>
|
||||
#include <sys/sysent.h>
|
||||
#include <sys/sysproto.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <kgssapi/gssapi.h>
|
||||
#include <kgssapi/gssapi_impl.h>
|
||||
@ -200,7 +199,7 @@ gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_d
|
||||
* use them to exchange signed and sealed messages.
|
||||
*/
|
||||
static int
|
||||
gsstest_1(void)
|
||||
gsstest_1(struct thread *td)
|
||||
{
|
||||
OM_uint32 maj_stat, min_stat;
|
||||
OM_uint32 smaj_stat, smin_stat;
|
||||
@ -228,7 +227,8 @@ gsstest_1(void)
|
||||
|
||||
{
|
||||
static char sbuf[512];
|
||||
snprintf(sbuf, sizeof(sbuf), "nfs@%s", V_hostname);
|
||||
memcpy(sbuf, "nfs@", 4);
|
||||
getcredhostname(td->td_ucred, sbuf + 4, sizeof(sbuf) - 4);
|
||||
name_desc.value = sbuf;
|
||||
}
|
||||
|
||||
@ -410,7 +410,7 @@ gsstest_1(void)
|
||||
* wrapped reply to userland.
|
||||
*/
|
||||
static int
|
||||
gsstest_2(int step, const gss_buffer_t input_token,
|
||||
gsstest_2(struct thread *td, int step, const gss_buffer_t input_token,
|
||||
OM_uint32 *maj_stat_res, OM_uint32 *min_stat_res, gss_buffer_t output_token)
|
||||
{
|
||||
OM_uint32 maj_stat, min_stat;
|
||||
@ -431,7 +431,9 @@ gsstest_2(int step, const gss_buffer_t input_token,
|
||||
case 1:
|
||||
if (server_context == GSS_C_NO_CONTEXT) {
|
||||
static char sbuf[512];
|
||||
snprintf(sbuf, sizeof(sbuf), "nfs@%s", V_hostname);
|
||||
memcpy(sbuf, "nfs@", 4);
|
||||
getcredhostname(td->td_ucred, sbuf + 4,
|
||||
sizeof(sbuf) - 4);
|
||||
name_desc.value = sbuf;
|
||||
name_desc.length = strlen((const char *)
|
||||
name_desc.value);
|
||||
@ -789,7 +791,7 @@ gsstest_get_rpc(struct sockaddr *sa, rpcprog_t prog, rpcvers_t vers)
|
||||
* RPCSEC_GSS client
|
||||
*/
|
||||
static int
|
||||
gsstest_3(void)
|
||||
gsstest_3(struct thread *td)
|
||||
{
|
||||
struct sockaddr_in sin;
|
||||
char service[128];
|
||||
@ -812,7 +814,8 @@ gsstest_3(void)
|
||||
return(1);
|
||||
}
|
||||
|
||||
snprintf(service, sizeof(service), "host@%s", V_hostname);
|
||||
memcpy(service, "host@", 5);
|
||||
getcredhostname(td->td_ucred, service + 5, sizeof(service) - 5);
|
||||
|
||||
auth = rpc_gss_seccreate(client, curthread->td_ucred,
|
||||
service, "kerberosv5", rpc_gss_svc_privacy,
|
||||
@ -875,14 +878,15 @@ static bool_t server_new_context(struct svc_req *req, gss_cred_id_t deleg,
|
||||
static void server_program_1(struct svc_req *rqstp, register SVCXPRT *transp);
|
||||
|
||||
static int
|
||||
gsstest_4(void)
|
||||
gsstest_4(struct thread *td)
|
||||
{
|
||||
SVCPOOL *pool;
|
||||
char principal[128 + 5];
|
||||
const char **mechs;
|
||||
static rpc_gss_callback_t cb;
|
||||
|
||||
snprintf(principal, sizeof(principal), "host@%s", V_hostname);
|
||||
memcpy(principal, "host@", 5);
|
||||
getcredhostname(td->td_ucred, principal + 5, sizeof(principal) - 5);
|
||||
|
||||
mechs = rpc_gss_get_mechanisms();
|
||||
while (*mechs) {
|
||||
@ -1054,7 +1058,7 @@ gsstest(struct thread *td, struct gsstest_args *uap)
|
||||
|
||||
switch (uap->a_op) {
|
||||
case 1:
|
||||
return (gsstest_1());
|
||||
return (gsstest_1(td));
|
||||
|
||||
case 2: {
|
||||
struct gsstest_2_args args;
|
||||
@ -1076,7 +1080,7 @@ gsstest(struct thread *td, struct gsstest_args *uap)
|
||||
}
|
||||
output_token.length = 0;
|
||||
output_token.value = NULL;
|
||||
gsstest_2(args.step, &input_token,
|
||||
gsstest_2(td, args.step, &input_token,
|
||||
&res.maj_stat, &res.min_stat, &output_token);
|
||||
gss_release_buffer(&junk, &input_token);
|
||||
if (output_token.length > args.output_token.length) {
|
||||
@ -1096,9 +1100,9 @@ gsstest(struct thread *td, struct gsstest_args *uap)
|
||||
break;
|
||||
}
|
||||
case 3:
|
||||
return (gsstest_3());
|
||||
return (gsstest_3(td));
|
||||
case 4:
|
||||
return (gsstest_4());
|
||||
return (gsstest_4(td));
|
||||
}
|
||||
|
||||
return (EINVAL);
|
||||
|
||||
@ -70,6 +70,7 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/domain.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
@ -401,7 +402,6 @@ int
|
||||
icmp6_input(struct mbuf **mp, int *offp, int proto)
|
||||
{
|
||||
INIT_VNET_INET6(curvnet);
|
||||
INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */
|
||||
struct mbuf *m = *mp, *n;
|
||||
struct ifnet *ifp;
|
||||
struct ip6_hdr *ip6, *nip6;
|
||||
@ -663,7 +663,6 @@ icmp6_input(struct mbuf **mp, int *offp, int proto)
|
||||
else
|
||||
goto badlen;
|
||||
|
||||
#define hostnamelen strlen(V_hostname)
|
||||
if (mode == FQDN) {
|
||||
#ifndef PULLDOWN_TEST
|
||||
IP6_EXTHDR_CHECK(m, off, sizeof(struct icmp6_nodeinfo),
|
||||
@ -675,8 +674,9 @@ icmp6_input(struct mbuf **mp, int *offp, int proto)
|
||||
/* XXX meaningless if n == NULL */
|
||||
noff = sizeof(struct ip6_hdr);
|
||||
} else {
|
||||
struct prison *pr;
|
||||
u_char *p;
|
||||
int maxlen, maxhlen;
|
||||
int maxlen, maxhlen, hlen;
|
||||
|
||||
/*
|
||||
* XXX: this combination of flags is pointless,
|
||||
@ -718,9 +718,11 @@ icmp6_input(struct mbuf **mp, int *offp, int proto)
|
||||
n->m_pkthdr.rcvif = NULL;
|
||||
n->m_len = 0;
|
||||
maxhlen = M_TRAILINGSPACE(n) - maxlen;
|
||||
mtx_lock(&hostname_mtx);
|
||||
if (maxhlen > hostnamelen)
|
||||
maxhlen = hostnamelen;
|
||||
pr = curthread->td_ucred->cr_prison;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
hlen = strlen(pr->pr_host);
|
||||
if (maxhlen > hlen)
|
||||
maxhlen = hlen;
|
||||
/*
|
||||
* Copy IPv6 and ICMPv6 only.
|
||||
*/
|
||||
@ -730,15 +732,14 @@ icmp6_input(struct mbuf **mp, int *offp, int proto)
|
||||
bcopy(icmp6, nicmp6, sizeof(struct icmp6_hdr));
|
||||
p = (u_char *)(nicmp6 + 1);
|
||||
bzero(p, 4);
|
||||
bcopy(V_hostname, p + 4, maxhlen); /* meaningless TTL */
|
||||
mtx_unlock(&hostname_mtx);
|
||||
bcopy(pr->pr_host, p + 4, maxhlen); /* meaningless TTL */
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
noff = sizeof(struct ip6_hdr);
|
||||
n->m_pkthdr.len = n->m_len = sizeof(struct ip6_hdr) +
|
||||
sizeof(struct icmp6_hdr) + 4 + maxhlen;
|
||||
nicmp6->icmp6_type = ICMP6_WRUREPLY;
|
||||
nicmp6->icmp6_code = 0;
|
||||
}
|
||||
#undef hostnamelen
|
||||
if (n) {
|
||||
ICMP6STAT_INC(icp6s_reflect);
|
||||
ICMP6STAT_INC(icp6s_outhist[ICMP6_WRUREPLY]);
|
||||
@ -1177,14 +1178,13 @@ icmp6_mtudisc_update(struct ip6ctlparam *ip6cp, int validated)
|
||||
* - joins NI group address at in6_ifattach() time only, does not cope
|
||||
* with hostname changes by sethostname(3)
|
||||
*/
|
||||
#define hostnamelen strlen(V_hostname)
|
||||
static struct mbuf *
|
||||
ni6_input(struct mbuf *m, int off)
|
||||
{
|
||||
INIT_VNET_INET6(curvnet);
|
||||
INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */
|
||||
struct icmp6_nodeinfo *ni6, *nni6;
|
||||
struct mbuf *n = NULL;
|
||||
struct prison *pr;
|
||||
u_int16_t qtype;
|
||||
int subjlen;
|
||||
int replylen = sizeof(struct ip6_hdr) + sizeof(struct icmp6_nodeinfo);
|
||||
@ -1333,9 +1333,10 @@ ni6_input(struct mbuf *m, int off)
|
||||
* wildcard match, if gethostname(3) side has
|
||||
* truncated hostname.
|
||||
*/
|
||||
mtx_lock(&hostname_mtx);
|
||||
n = ni6_nametodns(V_hostname, hostnamelen, 0);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
pr = curthread->td_ucred->cr_prison;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
n = ni6_nametodns(pr->pr_host, strlen(pr->pr_host), 0);
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
if (!n || n->m_next || n->m_len == 0)
|
||||
goto bad;
|
||||
IP6_EXTHDR_GET(subj, char *, m,
|
||||
@ -1457,11 +1458,13 @@ ni6_input(struct mbuf *m, int off)
|
||||
nni6->ni_flags = 0; /* XXX: meaningless TTL */
|
||||
fqdn->ni_fqdn_ttl = 0; /* ditto. */
|
||||
/*
|
||||
* XXX do we really have FQDN in variable "hostname"?
|
||||
* XXX do we really have FQDN in hostname?
|
||||
*/
|
||||
mtx_lock(&hostname_mtx);
|
||||
n->m_next = ni6_nametodns(V_hostname, hostnamelen, oldfqdn);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
pr = curthread->td_ucred->cr_prison;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
n->m_next =
|
||||
ni6_nametodns(pr->pr_host, strlen(pr->pr_host), oldfqdn);
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
if (n->m_next == NULL)
|
||||
goto bad;
|
||||
/* XXX we assume that n->m_next is not a chain */
|
||||
@ -1497,7 +1500,6 @@ ni6_input(struct mbuf *m, int off)
|
||||
m_freem(n);
|
||||
return (NULL);
|
||||
}
|
||||
#undef hostnamelen
|
||||
|
||||
/*
|
||||
* make a mbuf with DNS-encoded string. no compression support.
|
||||
|
||||
@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/syslog.h>
|
||||
#include <sys/md5.h>
|
||||
@ -104,24 +105,27 @@ static void in6_purgemaddrs(struct ifnet *);
|
||||
static int
|
||||
get_rand_ifid(struct ifnet *ifp, struct in6_addr *in6)
|
||||
{
|
||||
INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */
|
||||
MD5_CTX ctxt;
|
||||
struct prison *pr;
|
||||
u_int8_t digest[16];
|
||||
int hostnamelen;
|
||||
|
||||
mtx_lock(&hostname_mtx);
|
||||
hostnamelen = strlen(V_hostname);
|
||||
pr = curthread->td_ucred->cr_prison;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
hostnamelen = strlen(pr->pr_host);
|
||||
#if 0
|
||||
/* we need at least several letters as seed for ifid */
|
||||
if (hostnamelen < 3)
|
||||
if (hostnamelen < 3) {
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* generate 8 bytes of pseudo-random value. */
|
||||
bzero(&ctxt, sizeof(ctxt));
|
||||
MD5Init(&ctxt);
|
||||
MD5Update(&ctxt, V_hostname, hostnamelen);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
MD5Update(&ctxt, pr->pr_host, hostnamelen);
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
MD5Final(digest, &ctxt);
|
||||
|
||||
/* assumes sizeof(digest) > sizeof(ifid) */
|
||||
@ -620,11 +624,10 @@ int
|
||||
in6_nigroup(struct ifnet *ifp, const char *name, int namelen,
|
||||
struct in6_addr *in6)
|
||||
{
|
||||
INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */
|
||||
struct prison *pr;
|
||||
const char *p;
|
||||
u_char *q;
|
||||
MD5_CTX ctxt;
|
||||
int use_hostname;
|
||||
u_int8_t digest[16];
|
||||
char l;
|
||||
char n[64]; /* a single label must not exceed 63 chars */
|
||||
@ -634,15 +637,15 @@ in6_nigroup(struct ifnet *ifp, const char *name, int namelen,
|
||||
* we try to do the hostname lookup ourselves.
|
||||
*/
|
||||
if (!name && namelen == -1) {
|
||||
use_hostname = 1;
|
||||
mtx_lock(&hostname_mtx);
|
||||
name = V_hostname;
|
||||
pr = curthread->td_ucred->cr_prison;
|
||||
mtx_lock(&pr->pr_mtx);
|
||||
name = pr->pr_host;
|
||||
namelen = strlen(name);
|
||||
} else
|
||||
use_hostname = 0;
|
||||
pr = NULL;
|
||||
if (!name || !namelen) {
|
||||
if (use_hostname)
|
||||
mtx_unlock(&hostname_mtx);
|
||||
if (pr != NULL)
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -650,14 +653,14 @@ in6_nigroup(struct ifnet *ifp, const char *name, int namelen,
|
||||
while (p && *p && *p != '.' && p - name < namelen)
|
||||
p++;
|
||||
if (p == name || p - name > sizeof(n) - 1) {
|
||||
if (use_hostname)
|
||||
mtx_unlock(&hostname_mtx);
|
||||
if (pr != NULL)
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
return -1; /* label too long */
|
||||
}
|
||||
l = p - name;
|
||||
strncpy(n, name, l);
|
||||
if (use_hostname)
|
||||
mtx_unlock(&hostname_mtx);
|
||||
if (pr != NULL)
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
n[(int)l] = '\0';
|
||||
for (q = n; *q; q++) {
|
||||
if ('A' <= *q && *q <= 'Z')
|
||||
|
||||
@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/malloc.h>
|
||||
@ -1558,10 +1559,10 @@ bootpc_decode_reply(struct nfsv3_diskless *nd, struct bootpc_ifcontext *ifctx,
|
||||
printf("hostname %s (ignored) ", p);
|
||||
} else {
|
||||
strcpy(nd->my_hostnam, p);
|
||||
mtx_lock(&hostname_mtx);
|
||||
strcpy(G_hostname, p);
|
||||
printf("hostname %s ", G_hostname);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
mtx_lock(&prison0.pr_mtx);
|
||||
strcpy(prison0.pr_host, p);
|
||||
mtx_unlock(&prison0.pr_mtx);
|
||||
printf("hostname %s ", p);
|
||||
gctx->sethostname = ifctx;
|
||||
}
|
||||
}
|
||||
|
||||
@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/bio.h>
|
||||
#include <sys/buf.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mbuf.h>
|
||||
@ -56,7 +57,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/signalvar.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <vm/vm.h>
|
||||
#include <vm/vm_extern.h>
|
||||
@ -415,12 +415,11 @@ int
|
||||
nfs_mountroot(struct mount *mp)
|
||||
{
|
||||
struct thread *td = curthread;
|
||||
INIT_VPROCG(TD_TO_VPROCG(td));
|
||||
struct nfsv3_diskless *nd = &nfsv3_diskless;
|
||||
struct socket *so;
|
||||
struct vnode *vp;
|
||||
struct ifreq ir;
|
||||
int error, i;
|
||||
int error;
|
||||
u_long l;
|
||||
char buf[128];
|
||||
char *cp;
|
||||
@ -524,13 +523,9 @@ nfs_mountroot(struct mount *mp)
|
||||
* set hostname here and then let the "/etc/rc.xxx" files
|
||||
* mount the right /var based upon its preset value.
|
||||
*/
|
||||
mtx_lock(&hostname_mtx);
|
||||
bcopy(nd->my_hostnam, V_hostname, MAXHOSTNAMELEN);
|
||||
V_hostname[MAXHOSTNAMELEN - 1] = '\0';
|
||||
for (i = 0; i < MAXHOSTNAMELEN; i++)
|
||||
if (V_hostname[i] == '\0')
|
||||
break;
|
||||
mtx_unlock(&hostname_mtx);
|
||||
mtx_lock(&prison0.pr_mtx);
|
||||
strlcpy(prison0.pr_host, nd->my_hostnam, sizeof (prison0.pr_host));
|
||||
mtx_unlock(&prison0.pr_mtx);
|
||||
inittodr(ntohl(nd->root_time));
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -61,7 +61,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/lockf.h>
|
||||
#include <sys/eventhandler.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/tcp.h>
|
||||
@ -489,7 +488,9 @@ nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
|
||||
if (error)
|
||||
return (error);
|
||||
} else {
|
||||
snprintf(principal, sizeof(principal), "nfs@%s", V_hostname);
|
||||
memcpy(principal, "nfs@", 4);
|
||||
getcredhostname(td->td_ucred, principal + 4,
|
||||
sizeof(principal) - 4);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/limits.h>
|
||||
#include <sys/lock.h>
|
||||
@ -42,7 +43,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/syslog.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/unistd.h>
|
||||
#include <sys/vimage.h>
|
||||
#include <sys/vnode.h>
|
||||
|
||||
#include <nfs/nfsproto.h>
|
||||
@ -231,9 +231,7 @@ nlm_advlock_internal(struct vnode *vp, void *id, int op, struct flock *fl,
|
||||
sa = nmp->nm_nam;
|
||||
memcpy(&ss, sa, sa->sa_len);
|
||||
sa = (struct sockaddr *) &ss;
|
||||
mtx_lock(&hostname_mtx);
|
||||
strcpy(servername, nmp->nm_hostname);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
fhlen = np->n_fhsize;
|
||||
memcpy(&fh.fh_bytes, np->n_fhp, fhlen);
|
||||
timo.tv_sec = nmp->nm_timeo / NFS_HZ;
|
||||
@ -1222,13 +1220,13 @@ nlm_init_lock(struct flock *fl, int flags, int svid,
|
||||
return (EOVERFLOW);
|
||||
}
|
||||
|
||||
mtx_lock(&hostname_mtx);
|
||||
snprintf(oh_space, 32, "%d@%s", svid, G_hostname);
|
||||
mtx_unlock(&hostname_mtx);
|
||||
snprintf(oh_space, 32, "%d@", svid);
|
||||
oh_len = strlen(oh_space);
|
||||
getcredhostname(NULL, oh_space + oh_len, 32 - oh_len);
|
||||
oh_len = strlen(oh_space);
|
||||
|
||||
memset(lock, 0, sizeof(*lock));
|
||||
lock->caller_name = G_hostname;
|
||||
lock->caller_name = prison0.pr_host;
|
||||
lock->fh.n_len = fhlen;
|
||||
lock->fh.n_bytes = fh;
|
||||
lock->oh.n_len = oh_len;
|
||||
|
||||
@ -44,12 +44,10 @@ __FBSDID("$FreeBSD$");
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/ucred.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <rpc/types.h>
|
||||
#include <rpc/xdr.h>
|
||||
@ -69,14 +67,14 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred)
|
||||
uint32_t namelen;
|
||||
uint32_t ngroups, i;
|
||||
uint32_t junk;
|
||||
INIT_VPROCG(TD_TO_VPROCG(&thread0)); /* XXX revisit - fixme! */
|
||||
char hostbuf[MAXHOSTNAMELEN];
|
||||
|
||||
mtx_lock(&hostname_mtx);
|
||||
if (xdrs->x_op == XDR_ENCODE) {
|
||||
/*
|
||||
* Restrict name length to 255 according to RFC 1057.
|
||||
*/
|
||||
namelen = strlen(V_hostname);
|
||||
getcredhostname(NULL, hostbuf, sizeof(hostbuf));
|
||||
namelen = strlen(hostbuf);
|
||||
if (namelen > 255)
|
||||
namelen = 255;
|
||||
} else {
|
||||
@ -92,12 +90,11 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred)
|
||||
* Ignore the hostname on decode.
|
||||
*/
|
||||
if (xdrs->x_op == XDR_ENCODE) {
|
||||
if (!xdr_opaque(xdrs, V_hostname, namelen))
|
||||
if (!xdr_opaque(xdrs, hostbuf, namelen))
|
||||
return (FALSE);
|
||||
} else {
|
||||
xdr_setpos(xdrs, xdr_getpos(xdrs) + RNDUP(namelen));
|
||||
}
|
||||
mtx_unlock(&hostname_mtx);
|
||||
|
||||
if (!xdr_uint32_t(xdrs, &cred->cr_uid))
|
||||
return (FALSE);
|
||||
|
||||
@ -33,7 +33,6 @@
|
||||
#include <sys/cons.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/kerneldump.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <vm/vm.h>
|
||||
#include <vm/vm_param.h>
|
||||
|
||||
@ -33,7 +33,6 @@
|
||||
#include <sys/cons.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/kerneldump.h>
|
||||
#include <sys/vimage.h>
|
||||
|
||||
#include <vm/vm.h>
|
||||
#include <vm/vm_param.h>
|
||||
|
||||
@ -129,6 +129,8 @@ MALLOC_DECLARE(M_PRISON);
|
||||
|
||||
#include <sys/osd.h>
|
||||
|
||||
#define HOSTUUIDLEN 64
|
||||
|
||||
/*
|
||||
* This structure describes a prison. It is pointed to by all struct
|
||||
* ucreds's of the inmates. pr_ref keeps track of them and is used to
|
||||
@ -166,12 +168,16 @@ struct prison {
|
||||
int pr_prisoncount; /* (a) number of child jails */
|
||||
unsigned pr_allow; /* (p) PR_ALLOW_* flags */
|
||||
int pr_enforce_statfs; /* (p) statfs permission */
|
||||
char pr_domain[MAXHOSTNAMELEN]; /* (p) jail domainname */
|
||||
char pr_uuid[HOSTUUIDLEN]; /* (p) jail hostuuid */
|
||||
unsigned long pr_hostid; /* (p) jail hostid */
|
||||
};
|
||||
#endif /* _KERNEL || _WANT_PRISON */
|
||||
|
||||
#ifdef _KERNEL
|
||||
/* Flag bits set via options */
|
||||
#define PR_PERSIST 0x00000001 /* Can exist without processes */
|
||||
#define PR_HOST 0x00000002 /* Virtualize hostname et al */
|
||||
#define PR_IP4_USER 0x00000004 /* Virtualize IPv4 addresses */
|
||||
#define PR_IP6_USER 0x00000008 /* Virtualize IPv6 addresses */
|
||||
|
||||
|
||||
@ -55,13 +55,6 @@
|
||||
/* Global variables for the kernel. */
|
||||
|
||||
/* 1.1 */
|
||||
extern struct mtx hostname_mtx;
|
||||
extern unsigned long hostid;
|
||||
extern char hostuuid[64];
|
||||
#ifdef VIMAGE_GLOBALS
|
||||
extern char hostname[MAXHOSTNAMELEN];
|
||||
extern char domainname[MAXHOSTNAMELEN];
|
||||
#endif
|
||||
extern char kernelname[MAXPATHLEN];
|
||||
|
||||
extern int tick; /* usec per tick (1000000 / hz) */
|
||||
|
||||
@ -78,7 +78,7 @@
|
||||
#define PRIV_NTP_ADJTIME 16 /* Set NTP time adjustment. */
|
||||
#define PRIV_CLOCK_SETTIME 17 /* Can call clock_settime. */
|
||||
#define PRIV_SETTIMEOFDAY 18 /* Can call settimeofday. */
|
||||
#define PRIV_SETHOSTID 19 /* Can call sethostid. */
|
||||
#define _PRIV_SETHOSTID 19 /* Removed. */
|
||||
#define _PRIV_SETDOMAINNAME 20 /* Removed. */
|
||||
|
||||
/*
|
||||
|
||||
@ -187,8 +187,6 @@ struct vprocg {
|
||||
LIST_ENTRY(vprocg) vprocg_le;
|
||||
u_int vprocg_id; /* ID num */
|
||||
u_int nprocs;
|
||||
char _hostname[MAXHOSTNAMELEN];
|
||||
char _domainname[MAXHOSTNAMELEN];
|
||||
};
|
||||
|
||||
#ifdef VIMAGE
|
||||
@ -324,15 +322,6 @@ extern struct vprocg_list_head vprocg_head;
|
||||
/* XXX those defines bellow should probably go into vprocg.h and vcpu.h */
|
||||
#define VPROCG(sym) VSYM(vprocg, sym)
|
||||
|
||||
#ifdef VIMAGE
|
||||
#define G_hostname TD_TO_VPROCG(&thread0)->_hostname
|
||||
#else
|
||||
#define G_hostname VPROCG(hostname)
|
||||
#endif
|
||||
|
||||
#define V_hostname VPROCG(hostname)
|
||||
#define V_domainname VPROCG(domainname)
|
||||
|
||||
/*
|
||||
* Size-guards for the vimage structures.
|
||||
* If you need to update the values you MUST increment __FreeBSD_version.
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd May 27, 2009
|
||||
.Dd May 29, 2009
|
||||
.Dt JAIL 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -263,7 +263,14 @@ A list of IPv6 addresses assigned to the prison, the counterpart to
|
||||
above.
|
||||
.It Va host.hostname
|
||||
Hostname of the prison.
|
||||
If not specified, a jail will use the system hostname.
|
||||
Other similar parameters are
|
||||
.Va host.domainname ,
|
||||
.Va host.hostuuid
|
||||
and
|
||||
.Va host.hostid .
|
||||
Setting the boolean parameter
|
||||
.Va nohost
|
||||
will retain the system values of these settings.
|
||||
.It Va securelevel
|
||||
The value of the jail's
|
||||
.Va kern.securelevel
|
||||
@ -737,13 +744,16 @@ The variable
|
||||
determines how may address per address family a prison may have.
|
||||
The default is 255.
|
||||
.Pp
|
||||
There are currently two MIB variables that have per-jail settings.
|
||||
Some MIB variables have per-jail settings.
|
||||
Changes to these variables by a jailed process do not effect the host
|
||||
environment, only the jail environment.
|
||||
The variables are
|
||||
.Va kern.securelevel
|
||||
These variables are
|
||||
.Va kern.securelevel ,
|
||||
.Va kern.hostname ,
|
||||
.Va kern.domainname ,
|
||||
.Va kern.hostid ,
|
||||
and
|
||||
.Va kern.hostname .
|
||||
.Va kern.hostuuid .
|
||||
.Ss "Hierarchical Jails"
|
||||
By setting a jail's
|
||||
.Va allow.jails
|
||||
|
||||
Loading…
Reference in New Issue
Block a user