config.c (214433) | config.c (214649) |
---|---|
1/*- 2 * Copyright (c) 2010 James Gritton 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2010 James Gritton 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> |
28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/config.c 214433 2010-10-27 20:25:55Z jamie $"); | 28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/config.c 214649 2010-11-01 21:37:28Z jamie $"); |
29 30#include <sys/types.h> 31#include <sys/socket.h> 32#include <sys/sysctl.h> 33 34#include <arpa/inet.h> 35#include <netinet/in.h> 36 --- 338 unchanged lines hidden (view full) --- 375 j->intparams[ipnum] = np; 376 np->flags |= intparams[ipnum].flags; 377 break; 378 } 379 } 380} 381 382/* | 29 30#include <sys/types.h> 31#include <sys/socket.h> 32#include <sys/sysctl.h> 33 34#include <arpa/inet.h> 35#include <netinet/in.h> 36 --- 338 unchanged lines hidden (view full) --- 375 j->intparams[ipnum] = np; 376 np->flags |= intparams[ipnum].flags; 377 break; 378 } 379 } 380} 381 382/* |
383 * Check syntax of internal parameters. 384 */ 385int 386check_intparams(struct cfjail *j) 387{ 388 struct cfparam *p; 389 const char *val; 390 char *ep; 391 int error; 392 393 error = 0; 394 TAILQ_FOREACH(p, &j->params, tq) { 395 if (!STAILQ_EMPTY(&p->val) && 396 (p->flags & (PF_BOOL | PF_INT))) { 397 val = STAILQ_LAST(&p->val, cfstring, tq)->s; 398 if (p->flags & PF_BOOL) { 399 if (strcasecmp(val, "false") && 400 strcasecmp(val, "true") && 401 ((void)strtol(val, &ep, 10), *ep)) { 402 jail_warnx(j, 403 "%s: unknown boolean value \"%s\"", 404 p->name, val); 405 error = -1; 406 } 407 } else { 408 (void)strtol(val, &ep, 10); 409 if (ep == val || *ep) { 410 jail_warnx(j, 411 "%s: non-integer value \"%s\"", 412 p->name, val); 413 error = -1; 414 } 415 } 416 } 417 } 418 return error; 419} 420 421/* | |
422 * Return if a boolean parameter exists and is true. 423 */ 424int 425bool_param(const struct cfparam *p) 426{ 427 const char *cs; 428 429 if (p == NULL) --- 23 unchanged lines hidden (view full) --- 453const char * 454string_param(const struct cfparam *p) 455{ 456 return (p && !STAILQ_EMPTY(&p->val) 457 ? STAILQ_LAST(&p->val, cfstring, tq)->s : NULL); 458} 459 460/* | 383 * Return if a boolean parameter exists and is true. 384 */ 385int 386bool_param(const struct cfparam *p) 387{ 388 const char *cs; 389 390 if (p == NULL) --- 23 unchanged lines hidden (view full) --- 414const char * 415string_param(const struct cfparam *p) 416{ 417 return (p && !STAILQ_EMPTY(&p->val) 418 ? STAILQ_LAST(&p->val, cfstring, tq)->s : NULL); 419} 420 421/* |
461 * Look up extra IP addresses from the hostname and save interface and netmask. | 422 * Check syntax and values of internal parameters. Set some internal 423 * parameters based on the values of others. |
462 */ 463int | 424 */ 425int |
464ip_params(struct cfjail *j) | 426check_intparams(struct cfjail *j) |
465{ 466 struct in_addr addr4; | 427{ 428 struct in_addr addr4; |
467 struct addrinfo hints, *ai0, *ai; | 429 struct addrinfo hints; 430 struct addrinfo *ai0, *ai; 431 struct cfparam *p; |
468 struct cfstring *s, *ns; | 432 struct cfstring *s, *ns; |
433 const char *hostname, *val; |
|
469 char *cs, *ep; | 434 char *cs, *ep; |
470 const char *hostname; | |
471 size_t size; | 435 size_t size; |
472 int error, ip4ok, defif, prefix; | 436 int error, gicode, ip4ok, defif, prefix; |
473 int mib[4]; 474 char avalue4[INET_ADDRSTRLEN]; 475#ifdef INET6 476 struct in6_addr addr6; 477 int ip6ok, isip6; 478 char avalue6[INET6_ADDRSTRLEN]; 479#endif 480 481 error = 0; | 437 int mib[4]; 438 char avalue4[INET_ADDRSTRLEN]; 439#ifdef INET6 440 struct in6_addr addr6; 441 int ip6ok, isip6; 442 char avalue6[INET6_ADDRSTRLEN]; 443#endif 444 445 error = 0; |
446 /* Check format of boolan and integer values. */ 447 TAILQ_FOREACH(p, &j->params, tq) { 448 if (!STAILQ_EMPTY(&p->val) && 449 (p->flags & (PF_BOOL | PF_INT))) { 450 val = STAILQ_LAST(&p->val, cfstring, tq)->s; 451 if (p->flags & PF_BOOL) { 452 if (strcasecmp(val, "false") && 453 strcasecmp(val, "true") && 454 ((void)strtol(val, &ep, 10), *ep)) { 455 jail_warnx(j, 456 "%s: unknown boolean value \"%s\"", 457 p->name, val); 458 error = -1; 459 } 460 } else { 461 (void)strtol(val, &ep, 10); 462 if (ep == val || *ep) { 463 jail_warnx(j, 464 "%s: non-integer value \"%s\"", 465 p->name, val); 466 error = -1; 467 } 468 } 469 } 470 } 471 |
|
482 /* 483 * The ip_hostname parameter looks up the hostname, and adds parameters 484 * for any IP addresses it finds. 485 */ | 472 /* 473 * The ip_hostname parameter looks up the hostname, and adds parameters 474 * for any IP addresses it finds. 475 */ |
486 if (bool_param(j->intparams[IP_IP_HOSTNAME]) && | 476 if (((j->flags & JF_OP_MASK) != JF_STOP || 477 j->intparams[IP_INTERFACE] != NULL) && 478 bool_param(j->intparams[IP_IP_HOSTNAME]) && |
487 (hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) { 488 j->intparams[IP_IP_HOSTNAME] = NULL; 489 /* 490 * Silently ignore unsupported address families from 491 * DNS lookups. 492 */ 493 size = 4; 494 ip4ok = sysctlnametomib("security.jail.param.ip4", mib, &size) --- 11 unchanged lines hidden (view full) --- 506 /* Look up the hostname (or get the address) */ 507 memset(&hints, 0, sizeof(hints)); 508 hints.ai_socktype = SOCK_STREAM; 509 hints.ai_family = 510#ifdef INET6 511 ip6ok ? (ip4ok ? PF_UNSPEC : PF_INET6) : 512#endif 513 PF_INET; | 479 (hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) { 480 j->intparams[IP_IP_HOSTNAME] = NULL; 481 /* 482 * Silently ignore unsupported address families from 483 * DNS lookups. 484 */ 485 size = 4; 486 ip4ok = sysctlnametomib("security.jail.param.ip4", mib, &size) --- 11 unchanged lines hidden (view full) --- 498 /* Look up the hostname (or get the address) */ 499 memset(&hints, 0, sizeof(hints)); 500 hints.ai_socktype = SOCK_STREAM; 501 hints.ai_family = 502#ifdef INET6 503 ip6ok ? (ip4ok ? PF_UNSPEC : PF_INET6) : 504#endif 505 PF_INET; |
514 error = getaddrinfo(hostname, NULL, &hints, &ai0); 515 if (error != 0) { | 506 gicode = getaddrinfo(hostname, NULL, &hints, &ai0); 507 if (gicode != 0) { |
516 jail_warnx(j, "host.hostname %s: %s", hostname, | 508 jail_warnx(j, "host.hostname %s: %s", hostname, |
517 gai_strerror(error)); | 509 gai_strerror(gicode)); |
518 error = -1; 519 } else { 520 /* 521 * Convert the addresses to ASCII so jailparam 522 * can convert them back. Errors are not 523 * expected here. 524 */ 525 for (ai = ai0; ai; ai = ai->ai_next) --- 24 unchanged lines hidden (view full) --- 550 avalue6); 551 break; 552#endif 553 } 554 freeaddrinfo(ai0); 555 } 556 } 557 } | 510 error = -1; 511 } else { 512 /* 513 * Convert the addresses to ASCII so jailparam 514 * can convert them back. Errors are not 515 * expected here. 516 */ 517 for (ai = ai0; ai; ai = ai->ai_next) --- 24 unchanged lines hidden (view full) --- 542 avalue6); 543 break; 544#endif 545 } 546 freeaddrinfo(ai0); 547 } 548 } 549 } |
550 |
|
558 /* 559 * IP addresses may include an interface to set that address on, 560 * and a netmask/suffix for that address. 561 */ 562 defif = string_param(j->intparams[IP_INTERFACE]) != NULL; 563#ifdef INET6 564 for (isip6 = 0; isip6 <= 1; isip6++) 565#else --- 214 unchanged lines hidden --- | 551 /* 552 * IP addresses may include an interface to set that address on, 553 * and a netmask/suffix for that address. 554 */ 555 defif = string_param(j->intparams[IP_INTERFACE]) != NULL; 556#ifdef INET6 557 for (isip6 = 0; isip6 <= 1; isip6++) 558#else --- 214 unchanged lines hidden --- |