1/*- 2 * Copyright (c) 2010 James Gritton 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> |
28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/config.c 214649 2010-11-01 21:37:28Z jamie $"); |
29 30#include <sys/types.h> 31#include <sys/socket.h> 32#include <sys/sysctl.h> 33 34#include <arpa/inet.h> 35#include <netinet/in.h> 36 --- 338 unchanged lines hidden (view full) --- 375 j->intparams[ipnum] = np; 376 np->flags |= intparams[ipnum].flags; 377 break; 378 } 379 } 380} 381 382/* |
383 * Return if a boolean parameter exists and is true. 384 */ 385int 386bool_param(const struct cfparam *p) 387{ 388 const char *cs; 389 390 if (p == NULL) --- 23 unchanged lines hidden (view full) --- 414const char * 415string_param(const struct cfparam *p) 416{ 417 return (p && !STAILQ_EMPTY(&p->val) 418 ? STAILQ_LAST(&p->val, cfstring, tq)->s : NULL); 419} 420 421/* |
422 * Check syntax and values of internal parameters. Set some internal 423 * parameters based on the values of others. |
424 */ 425int |
426check_intparams(struct cfjail *j) |
427{ 428 struct in_addr addr4; |
429 struct addrinfo hints; 430 struct addrinfo *ai0, *ai; 431 struct cfparam *p; |
432 struct cfstring *s, *ns; |
433 const char *hostname, *val; |
434 char *cs, *ep; |
435 size_t size; |
436 int error, gicode, ip4ok, defif, prefix; |
437 int mib[4]; 438 char avalue4[INET_ADDRSTRLEN]; 439#ifdef INET6 440 struct in6_addr addr6; 441 int ip6ok, isip6; 442 char avalue6[INET6_ADDRSTRLEN]; 443#endif 444 445 error = 0; |
446 /* Check format of boolan and integer values. */ 447 TAILQ_FOREACH(p, &j->params, tq) { 448 if (!STAILQ_EMPTY(&p->val) && 449 (p->flags & (PF_BOOL | PF_INT))) { 450 val = STAILQ_LAST(&p->val, cfstring, tq)->s; 451 if (p->flags & PF_BOOL) { 452 if (strcasecmp(val, "false") && 453 strcasecmp(val, "true") && 454 ((void)strtol(val, &ep, 10), *ep)) { 455 jail_warnx(j, 456 "%s: unknown boolean value \"%s\"", 457 p->name, val); 458 error = -1; 459 } 460 } else { 461 (void)strtol(val, &ep, 10); 462 if (ep == val || *ep) { 463 jail_warnx(j, 464 "%s: non-integer value \"%s\"", 465 p->name, val); 466 error = -1; 467 } 468 } 469 } 470 } 471 |
472 /* 473 * The ip_hostname parameter looks up the hostname, and adds parameters 474 * for any IP addresses it finds. 475 */ |
476 if (((j->flags & JF_OP_MASK) != JF_STOP || 477 j->intparams[IP_INTERFACE] != NULL) && 478 bool_param(j->intparams[IP_IP_HOSTNAME]) && |
479 (hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) { 480 j->intparams[IP_IP_HOSTNAME] = NULL; 481 /* 482 * Silently ignore unsupported address families from 483 * DNS lookups. 484 */ 485 size = 4; 486 ip4ok = sysctlnametomib("security.jail.param.ip4", mib, &size) --- 11 unchanged lines hidden (view full) --- 498 /* Look up the hostname (or get the address) */ 499 memset(&hints, 0, sizeof(hints)); 500 hints.ai_socktype = SOCK_STREAM; 501 hints.ai_family = 502#ifdef INET6 503 ip6ok ? (ip4ok ? PF_UNSPEC : PF_INET6) : 504#endif 505 PF_INET; |
506 gicode = getaddrinfo(hostname, NULL, &hints, &ai0); 507 if (gicode != 0) { |
508 jail_warnx(j, "host.hostname %s: %s", hostname, |
509 gai_strerror(gicode)); |
510 error = -1; 511 } else { 512 /* 513 * Convert the addresses to ASCII so jailparam 514 * can convert them back. Errors are not 515 * expected here. 516 */ 517 for (ai = ai0; ai; ai = ai->ai_next) --- 24 unchanged lines hidden (view full) --- 542 avalue6); 543 break; 544#endif 545 } 546 freeaddrinfo(ai0); 547 } 548 } 549 } |
550 |
551 /* 552 * IP addresses may include an interface to set that address on, 553 * and a netmask/suffix for that address. 554 */ 555 defif = string_param(j->intparams[IP_INTERFACE]) != NULL; 556#ifdef INET6 557 for (isip6 = 0; isip6 <= 1; isip6++) 558#else --- 214 unchanged lines hidden --- |