1/*-
2 * Copyright (c) 2010 James Gritton
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
--- 11 unchanged lines hidden (view full) ---
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/config.c 214433 2010-10-27 20:25:55Z jamie $");
29
30#include <sys/types.h>
31#include <sys/socket.h>
32#include <sys/sysctl.h>
33
34#include <arpa/inet.h>
35#include <netinet/in.h>
36
--- 338 unchanged lines hidden (view full) ---
375 j->intparams[ipnum] = np;
376 np->flags |= intparams[ipnum].flags;
377 break;
378 }
379 }
380}
381
382/*
383 * Check syntax of internal parameters.
384 */
385int
386check_intparams(struct cfjail *j)
387{
388 struct cfparam *p;
389 const char *val;
390 char *ep;
391 int error;
392
393 error = 0;
394 TAILQ_FOREACH(p, &j->params, tq) {
395 if (!STAILQ_EMPTY(&p->val) &&
396 (p->flags & (PF_BOOL | PF_INT))) {
397 val = STAILQ_LAST(&p->val, cfstring, tq)->s;
398 if (p->flags & PF_BOOL) {
399 if (strcasecmp(val, "false") &&
400 strcasecmp(val, "true") &&
401 ((void)strtol(val, &ep, 10), *ep)) {
402 jail_warnx(j,
403 "%s: unknown boolean value \"%s\"",
404 p->name, val);
405 error = -1;
406 }
407 } else {
408 (void)strtol(val, &ep, 10);
409 if (ep == val || *ep) {
410 jail_warnx(j,
411 "%s: non-integer value \"%s\"",
412 p->name, val);
413 error = -1;
414 }
415 }
416 }
417 }
418 return error;
419}
420
421/*
422 * Return if a boolean parameter exists and is true.
423 */
424int
425bool_param(const struct cfparam *p)
426{
427 const char *cs;
428
429 if (p == NULL)
--- 23 unchanged lines hidden (view full) ---
453const char *
454string_param(const struct cfparam *p)
455{
456 return (p && !STAILQ_EMPTY(&p->val)
457 ? STAILQ_LAST(&p->val, cfstring, tq)->s : NULL);
458}
459
460/*
461 * Look up extra IP addresses from the hostname and save interface and netmask.
462 */
463int
464ip_params(struct cfjail *j)
465{
466 struct in_addr addr4;
467 struct addrinfo hints, *ai0, *ai;
468 struct cfstring *s, *ns;
469 char *cs, *ep;
470 const char *hostname;
471 size_t size;
472 int error, ip4ok, defif, prefix;
473 int mib[4];
474 char avalue4[INET_ADDRSTRLEN];
475#ifdef INET6
476 struct in6_addr addr6;
477 int ip6ok, isip6;
478 char avalue6[INET6_ADDRSTRLEN];
479#endif
480
481 error = 0;
482 /*
483 * The ip_hostname parameter looks up the hostname, and adds parameters
484 * for any IP addresses it finds.
485 */
486 if (bool_param(j->intparams[IP_IP_HOSTNAME]) &&
487 (hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) {
488 j->intparams[IP_IP_HOSTNAME] = NULL;
489 /*
490 * Silently ignore unsupported address families from
491 * DNS lookups.
492 */
493 size = 4;
494 ip4ok = sysctlnametomib("security.jail.param.ip4", mib, &size)
--- 11 unchanged lines hidden (view full) ---
506 /* Look up the hostname (or get the address) */
507 memset(&hints, 0, sizeof(hints));
508 hints.ai_socktype = SOCK_STREAM;
509 hints.ai_family =
510#ifdef INET6
511 ip6ok ? (ip4ok ? PF_UNSPEC : PF_INET6) :
512#endif
513 PF_INET;
514 error = getaddrinfo(hostname, NULL, &hints, &ai0);
515 if (error != 0) {
516 jail_warnx(j, "host.hostname %s: %s", hostname,
517 gai_strerror(error));
518 error = -1;
519 } else {
520 /*
521 * Convert the addresses to ASCII so jailparam
522 * can convert them back. Errors are not
523 * expected here.
524 */
525 for (ai = ai0; ai; ai = ai->ai_next)
--- 24 unchanged lines hidden (view full) ---
550 avalue6);
551 break;
552#endif
553 }
554 freeaddrinfo(ai0);
555 }
556 }
557 }
558 /*
559 * IP addresses may include an interface to set that address on,
560 * and a netmask/suffix for that address.
561 */
562 defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
563#ifdef INET6
564 for (isip6 = 0; isip6 <= 1; isip6++)
565#else
--- 214 unchanged lines hidden ---
2 * Copyright (c) 2010 James Gritton
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
--- 11 unchanged lines hidden (view full) ---
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/config.c 214433 2010-10-27 20:25:55Z jamie $");
29
30#include <sys/types.h>
31#include <sys/socket.h>
32#include <sys/sysctl.h>
33
34#include <arpa/inet.h>
35#include <netinet/in.h>
36
--- 338 unchanged lines hidden (view full) ---
375 j->intparams[ipnum] = np;
376 np->flags |= intparams[ipnum].flags;
377 break;
378 }
379 }
380}
381
382/*
383 * Check syntax of internal parameters.
384 */
385int
386check_intparams(struct cfjail *j)
387{
388 struct cfparam *p;
389 const char *val;
390 char *ep;
391 int error;
392
393 error = 0;
394 TAILQ_FOREACH(p, &j->params, tq) {
395 if (!STAILQ_EMPTY(&p->val) &&
396 (p->flags & (PF_BOOL | PF_INT))) {
397 val = STAILQ_LAST(&p->val, cfstring, tq)->s;
398 if (p->flags & PF_BOOL) {
399 if (strcasecmp(val, "false") &&
400 strcasecmp(val, "true") &&
401 ((void)strtol(val, &ep, 10), *ep)) {
402 jail_warnx(j,
403 "%s: unknown boolean value \"%s\"",
404 p->name, val);
405 error = -1;
406 }
407 } else {
408 (void)strtol(val, &ep, 10);
409 if (ep == val || *ep) {
410 jail_warnx(j,
411 "%s: non-integer value \"%s\"",
412 p->name, val);
413 error = -1;
414 }
415 }
416 }
417 }
418 return error;
419}
420
421/*
422 * Return if a boolean parameter exists and is true.
423 */
424int
425bool_param(const struct cfparam *p)
426{
427 const char *cs;
428
429 if (p == NULL)
--- 23 unchanged lines hidden (view full) ---
453const char *
454string_param(const struct cfparam *p)
455{
456 return (p && !STAILQ_EMPTY(&p->val)
457 ? STAILQ_LAST(&p->val, cfstring, tq)->s : NULL);
458}
459
460/*
461 * Look up extra IP addresses from the hostname and save interface and netmask.
462 */
463int
464ip_params(struct cfjail *j)
465{
466 struct in_addr addr4;
467 struct addrinfo hints, *ai0, *ai;
468 struct cfstring *s, *ns;
469 char *cs, *ep;
470 const char *hostname;
471 size_t size;
472 int error, ip4ok, defif, prefix;
473 int mib[4];
474 char avalue4[INET_ADDRSTRLEN];
475#ifdef INET6
476 struct in6_addr addr6;
477 int ip6ok, isip6;
478 char avalue6[INET6_ADDRSTRLEN];
479#endif
480
481 error = 0;
482 /*
483 * The ip_hostname parameter looks up the hostname, and adds parameters
484 * for any IP addresses it finds.
485 */
486 if (bool_param(j->intparams[IP_IP_HOSTNAME]) &&
487 (hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) {
488 j->intparams[IP_IP_HOSTNAME] = NULL;
489 /*
490 * Silently ignore unsupported address families from
491 * DNS lookups.
492 */
493 size = 4;
494 ip4ok = sysctlnametomib("security.jail.param.ip4", mib, &size)
--- 11 unchanged lines hidden (view full) ---
506 /* Look up the hostname (or get the address) */
507 memset(&hints, 0, sizeof(hints));
508 hints.ai_socktype = SOCK_STREAM;
509 hints.ai_family =
510#ifdef INET6
511 ip6ok ? (ip4ok ? PF_UNSPEC : PF_INET6) :
512#endif
513 PF_INET;
514 error = getaddrinfo(hostname, NULL, &hints, &ai0);
515 if (error != 0) {
516 jail_warnx(j, "host.hostname %s: %s", hostname,
517 gai_strerror(error));
518 error = -1;
519 } else {
520 /*
521 * Convert the addresses to ASCII so jailparam
522 * can convert them back. Errors are not
523 * expected here.
524 */
525 for (ai = ai0; ai; ai = ai->ai_next)
--- 24 unchanged lines hidden (view full) ---
550 avalue6);
551 break;
552#endif
553 }
554 freeaddrinfo(ai0);
555 }
556 }
557 }
558 /*
559 * IP addresses may include an interface to set that address on,
560 * and a netmask/suffix for that address.
561 */
562 defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
563#ifdef INET6
564 for (isip6 = 0; isip6 <= 1; isip6++)
565#else
--- 214 unchanged lines hidden ---