config.c (214117) | config.c (214423) |
---|---|
1/*- 2 * Copyright (c) 2010 James Gritton 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2010 James Gritton 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> |
28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/config.c 214117 2010-10-20 20:42:33Z jamie $"); | 28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/config.c 214423 2010-10-27 16:22:54Z jamie $"); |
29 30#include <sys/types.h> 31#include <sys/socket.h> 32#include <sys/sysctl.h> 33 34#include <arpa/inet.h> 35#include <netinet/in.h> 36 37#include <err.h> 38#include <netdb.h> 39#include <stdio.h> 40#include <stdlib.h> 41#include <string.h> 42 43#include "jailp.h" 44 45struct ipspec { 46 const char *name; | 29 30#include <sys/types.h> 31#include <sys/socket.h> 32#include <sys/sysctl.h> 33 34#include <arpa/inet.h> 35#include <netinet/in.h> 36 37#include <err.h> 38#include <netdb.h> 39#include <stdio.h> 40#include <stdlib.h> 41#include <string.h> 42 43#include "jailp.h" 44 45struct ipspec { 46 const char *name; |
47 enum intparam ipnum; | |
48 unsigned flags; 49}; 50 51extern FILE *yyin; 52extern int yynerrs; 53 54struct cfjails cfjails = TAILQ_HEAD_INITIALIZER(cfjails); 55 | 47 unsigned flags; 48}; 49 50extern FILE *yyin; 51extern int yynerrs; 52 53struct cfjails cfjails = TAILQ_HEAD_INITIALIZER(cfjails); 54 |
56static int cmp_intparam(const void *a, const void *b); | |
57static void free_param(struct cfparams *pp, struct cfparam *p); 58static void free_param_strings(struct cfparam *p); 59 | 55static void free_param(struct cfparams *pp, struct cfparam *p); 56static void free_param_strings(struct cfparam *p); 57 |
60/* Note these must be in sort order */ | |
61static const struct ipspec intparams[] = { | 58static const struct ipspec intparams[] = { |
62 {"allow.dying", IP_ALLOW_DYING, PF_INTERNAL | PF_BOOL }, 63 {"allow.nodying", IP_ALLOW_DYING, PF_INTERNAL | PF_BOOL }, 64 {"command", IP_COMMAND, PF_INTERNAL }, 65 {"depend", IP_DEPEND, PF_INTERNAL }, 66 {"exec.clean", IP_EXEC_CLEAN, PF_INTERNAL | PF_BOOL }, 67 {"exec.consolelog", IP_EXEC_CONSOLELOG, PF_INTERNAL }, 68 {"exec.fib", IP_EXEC_FIB, PF_INTERNAL | PF_INT }, 69 {"exec.jail_user", IP_EXEC_JAIL_USER, PF_INTERNAL }, 70 {"exec.noclean", IP_EXEC_CLEAN, PF_INTERNAL | PF_BOOL }, 71 {"exec.nosystem_jail_user",IP_EXEC_SYSTEM_JAIL_USER,PF_INTERNAL | PF_BOOL }, 72 {"exec.poststart", IP_EXEC_POSTSTART, PF_INTERNAL }, 73 {"exec.poststop", IP_EXEC_POSTSTOP, PF_INTERNAL }, 74 {"exec.prestart", IP_EXEC_PRESTART, PF_INTERNAL }, 75 {"exec.prestop", IP_EXEC_PRESTOP, PF_INTERNAL }, 76 {"exec.start", IP_EXEC_START, PF_INTERNAL }, 77 {"exec.stop", IP_EXEC_STOP, PF_INTERNAL }, 78 {"exec.system_jail_user", IP_EXEC_SYSTEM_JAIL_USER, PF_INTERNAL | PF_BOOL }, 79 {"exec.system_user", IP_EXEC_SYSTEM_USER, PF_INTERNAL }, 80 {"exec.timeout", IP_EXEC_TIMEOUT, PF_INTERNAL | PF_INT }, 81 {"host.hostname", KP_HOSTNAME, 0 }, 82 {"interface", IP_INTERFACE, PF_INTERNAL }, 83 {"ip4.addr", KP_IP4_ADDR, 0 }, | 59 [IP_ALLOW_DYING] = {"allow.dying", PF_INTERNAL | PF_BOOL}, 60 [IP_COMMAND] = {"command", PF_INTERNAL}, 61 [IP_DEPEND] = {"depend", PF_INTERNAL}, 62 [IP_EXEC_CLEAN] = {"exec.clean", PF_INTERNAL | PF_BOOL}, 63 [IP_EXEC_CONSOLELOG] = {"exec.consolelog", PF_INTERNAL}, 64 [IP_EXEC_FIB] = {"exec.fib", PF_INTERNAL | PF_INT}, 65 [IP_EXEC_JAIL_USER] = {"exec.jail_user", PF_INTERNAL}, 66 [IP_EXEC_POSTSTART] = {"exec.poststart", PF_INTERNAL}, 67 [IP_EXEC_POSTSTOP] = {"exec.poststop", PF_INTERNAL}, 68 [IP_EXEC_PRESTART] = {"exec.prestart", PF_INTERNAL}, 69 [IP_EXEC_PRESTOP] = {"exec.prestop", PF_INTERNAL}, 70 [IP_EXEC_START] = {"exec.start", PF_INTERNAL}, 71 [IP_EXEC_STOP] = {"exec.stop", PF_INTERNAL}, 72 [IP_EXEC_SYSTEM_JAIL_USER]= {"exec.system_jail_user", 73 PF_INTERNAL | PF_BOOL}, 74 [IP_EXEC_SYSTEM_USER] = {"exec.system_user", PF_INTERNAL}, 75 [IP_EXEC_TIMEOUT] = {"exec.timeout", PF_INTERNAL | PF_INT}, 76 [IP_INTERFACE] = {"interface", PF_INTERNAL}, 77 [IP_IP_HOSTNAME] = {"ip_hostname", PF_INTERNAL | PF_BOOL}, 78 [IP_MOUNT] = {"mount", PF_INTERNAL}, 79 [IP_MOUNT_DEVFS] = {"mount.devfs", PF_INTERNAL | PF_BOOL}, 80 [IP_MOUNT_DEVFS_RULESET]= {"mount.devfs.ruleset", PF_INTERNAL}, 81 [IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL}, 82 [IP_STOP_TIMEOUT] = {"stop.timeout", PF_INTERNAL | PF_INT}, 83 [IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL}, 84 [IP__IP4_IFADDR] = {"ip4.addr", PF_INTERNAL | PF_CONV}, |
84#ifdef INET6 | 85#ifdef INET6 |
85 {"ip6.addr", KP_IP6_ADDR, 0 }, | 86 [IP__IP6_IFADDR] = {"ip6.addr", PF_INTERNAL | PF_CONV}, |
86#endif | 87#endif |
87 {"ip_hostname", IP_IP_HOSTNAME, PF_INTERNAL | PF_BOOL }, 88 {"jid", KP_JID, PF_INT }, 89 {"mount", IP_MOUNT, PF_INTERNAL }, 90 {"mount.devfs", IP_MOUNT_DEVFS, PF_INTERNAL | PF_BOOL }, 91 {"mount.devfs.ruleset", IP_MOUNT_DEVFS_RULESET, PF_INTERNAL }, 92 {"mount.fstab", IP_MOUNT_FSTAB, PF_INTERNAL }, 93 {"mount.nodevfs", IP_MOUNT_DEVFS, PF_INTERNAL | PF_BOOL }, 94 {"name", KP_NAME, 0 }, 95 {"noip_hostname", IP_IP_HOSTNAME, PF_INTERNAL | PF_BOOL }, 96 {"nopersist", KP_PERSIST, PF_BOOL }, 97 {"path", KP_PATH, 0 }, 98 {"persist", KP_PERSIST, PF_BOOL }, 99 {"stop.timeout", IP_STOP_TIMEOUT, PF_INTERNAL | PF_INT }, 100 {"vnet", KP_VNET, 0 }, 101 {"vnet.interface", IP_VNET_INTERFACE, PF_INTERNAL }, | 88 [KP_ALLOW_CHFLAGS] = {"allow.chflags", 0}, 89 [KP_ALLOW_MOUNT] = {"allow.mount", 0}, 90 [KP_ALLOW_RAW_SOCKETS] = {"allow.raw_sockets", 0}, 91 [KP_ALLOW_SET_HOSTNAME]= {"allow.set_hostname", 0}, 92 [KP_ALLOW_SOCKET_AF] = {"allow.socket_af", 0}, 93 [KP_ALLOW_SYSVIPC] = {"allow.sysvipc", 0}, 94 [KP_ENFORCE_STATFS] = {"enforce_statfs", 0}, 95 [KP_HOST_HOSTNAME] = {"host.hostname", 0}, 96 [KP_IP4_ADDR] = {"ip4.addr", 0}, 97#ifdef INET6 98 [KP_IP6_ADDR] = {"ip6.addr", 0}, 99#endif 100 [KP_JID] = {"jid", 0}, 101 [KP_NAME] = {"name", 0}, 102 [KP_PATH] = {"path", 0}, 103 [KP_PERSIST] = {"persist", 0}, 104 [KP_SECURELEVEL] = {"securelevel", 0}, 105 [KP_VNET] = {"vnet", 0}, |
102}; 103 104/* 105 * Parse the jail configuration file. 106 */ 107void 108load_config(void) 109{ --- 31 unchanged lines hidden (view full) --- 141 /* Set aside the jail's parameters. */ 142 TAILQ_INIT(&opp); 143 TAILQ_CONCAT(&opp, &j->params, tq); 144 /* 145 * The jail name implies its "name" or "jid" parameter, 146 * though they may also be explicitly set later on. 147 */ 148 add_param(j, NULL, | 106}; 107 108/* 109 * Parse the jail configuration file. 110 */ 111void 112load_config(void) 113{ --- 31 unchanged lines hidden (view full) --- 145 /* Set aside the jail's parameters. */ 146 TAILQ_INIT(&opp); 147 TAILQ_CONCAT(&opp, &j->params, tq); 148 /* 149 * The jail name implies its "name" or "jid" parameter, 150 * though they may also be explicitly set later on. 151 */ 152 add_param(j, NULL, |
149 strtol(j->name, &ep, 10) && !*ep ? "jid" : "name", | 153 strtol(j->name, &ep, 10) && !*ep ? KP_JID : KP_NAME, |
150 j->name); 151 /* 152 * Collect parameters for the jail, global parameters/variables, 153 * and any matching wildcard jails. 154 */ 155 did_self = 0; 156 TAILQ_FOREACH(wj, &wild, tq) { 157 if (j->seq < wj->seq && !did_self) { 158 TAILQ_FOREACH(p, &opp, tq) | 154 j->name); 155 /* 156 * Collect parameters for the jail, global parameters/variables, 157 * and any matching wildcard jails. 158 */ 159 did_self = 0; 160 TAILQ_FOREACH(wj, &wild, tq) { 161 if (j->seq < wj->seq && !did_self) { 162 TAILQ_FOREACH(p, &opp, tq) |
159 add_param(j, p, NULL, NULL); | 163 add_param(j, p, 0, NULL); |
160 did_self = 1; 161 } 162 if (wild_jail_match(j->name, wj->name)) 163 TAILQ_FOREACH(p, &wj->params, tq) | 164 did_self = 1; 165 } 166 if (wild_jail_match(j->name, wj->name)) 167 TAILQ_FOREACH(p, &wj->params, tq) |
164 add_param(j, p, NULL, NULL); | 168 add_param(j, p, 0, NULL); |
165 } 166 if (!did_self) 167 TAILQ_FOREACH(p, &opp, tq) | 169 } 170 if (!did_self) 171 TAILQ_FOREACH(p, &opp, tq) |
168 add_param(j, p, NULL, NULL); | 172 add_param(j, p, 0, NULL); |
169 170 /* Resolve any variable substitutions. */ 171 pgen = 0; 172 TAILQ_FOREACH(p, &j->params, tq) { 173 p->gen = ++pgen; 174 find_vars: 175 STAILQ_FOREACH(s, &p->val, tq) { 176 varoff = 0; --- 92 unchanged lines hidden (view full) --- 269 TAILQ_INSERT_TAIL(&cfjails, j, tq); 270 return j; 271} 272 273/* 274 * Add a parameter to a jail. 275 */ 276void | 173 174 /* Resolve any variable substitutions. */ 175 pgen = 0; 176 TAILQ_FOREACH(p, &j->params, tq) { 177 p->gen = ++pgen; 178 find_vars: 179 STAILQ_FOREACH(s, &p->val, tq) { 180 varoff = 0; --- 92 unchanged lines hidden (view full) --- 273 TAILQ_INSERT_TAIL(&cfjails, j, tq); 274 return j; 275} 276 277/* 278 * Add a parameter to a jail. 279 */ 280void |
277add_param(struct cfjail *j, const struct cfparam *p, const char *name, | 281add_param(struct cfjail *j, const struct cfparam *p, enum intparam ipnum, |
278 const char *value) 279{ 280 struct cfstrings nss; 281 struct cfparam *dp, *np; 282 struct cfstring *s, *ns; 283 struct cfvar *v, *nv; | 282 const char *value) 283{ 284 struct cfstrings nss; 285 struct cfparam *dp, *np; 286 struct cfstring *s, *ns; 287 struct cfvar *v, *nv; |
288 struct ipspec *ips; 289 const char *name; 290 char *cs, *tname; |
|
284 unsigned flags; 285 286 if (j == NULL) { 287 /* Create a single anonymous jail if one doesn't yet exist. */ 288 j = TAILQ_LAST(&cfjails, cfjails); 289 if (j == NULL) 290 j = add_jail(); 291 } --- 15 unchanged lines hidden (view full) --- 307 nv->name = strdup(v->name); 308 nv->pos = v->pos; 309 STAILQ_INSERT_TAIL(&ns->vars, nv, tq); 310 } 311 STAILQ_INSERT_TAIL(&nss, ns, tq); 312 } 313 } else { 314 flags = PF_APPEND; | 291 unsigned flags; 292 293 if (j == NULL) { 294 /* Create a single anonymous jail if one doesn't yet exist. */ 295 j = TAILQ_LAST(&cfjails, cfjails); 296 if (j == NULL) 297 j = add_jail(); 298 } --- 15 unchanged lines hidden (view full) --- 314 nv->name = strdup(v->name); 315 nv->pos = v->pos; 316 STAILQ_INSERT_TAIL(&ns->vars, nv, tq); 317 } 318 STAILQ_INSERT_TAIL(&nss, ns, tq); 319 } 320 } else { 321 flags = PF_APPEND; |
322 if (ipnum != 0) { 323 name = intparams[ipnum].name; 324 flags |= intparams[ipnum].flags; 325 } else if ((cs = strchr(value, '='))) { 326 tname = alloca(cs - value + 1); 327 strlcpy(tname, value, cs - value + 1); 328 name = tname; 329 value = cs + 1; 330 } else { 331 name = value; 332 value = NULL; 333 } |
|
315 if (value != NULL) { 316 ns = emalloc(sizeof(struct cfstring)); 317 ns->s = estrdup(value); 318 ns->len = strlen(value); 319 STAILQ_INIT(&ns->vars); 320 STAILQ_INSERT_TAIL(&nss, ns, tq); 321 } 322 } 323 324 /* See if this parameter has already been added. */ | 334 if (value != NULL) { 335 ns = emalloc(sizeof(struct cfstring)); 336 ns->s = estrdup(value); 337 ns->len = strlen(value); 338 STAILQ_INIT(&ns->vars); 339 STAILQ_INSERT_TAIL(&nss, ns, tq); 340 } 341 } 342 343 /* See if this parameter has already been added. */ |
325 TAILQ_FOREACH(dp, &j->params, tq) { 326 if (equalopts(dp->name, name)) { 327 /* Found it - append or replace. */ 328 if (strcmp(dp->name, name)) { 329 free(dp->name); 330 dp->name = estrdup(name); 331 } 332 if (!(flags & PF_APPEND) || STAILQ_EMPTY(&nss)) 333 free_param_strings(dp); 334 STAILQ_CONCAT(&dp->val, &nss); 335 dp->flags |= flags; 336 break; | 344 if (ipnum != 0) 345 dp = j->intparams[ipnum]; 346 else 347 TAILQ_FOREACH(dp, &j->params, tq) 348 if (!(dp->flags & PF_CONV) && equalopts(dp->name, name)) 349 break; 350 if (dp != NULL) { 351 /* Found it - append or replace. */ 352 if (strcmp(dp->name, name)) { 353 free(dp->name); 354 dp->name = estrdup(name); |
337 } | 355 } |
338 } 339 if (dp == NULL) { | 356 if (!(flags & PF_APPEND) || STAILQ_EMPTY(&nss)) 357 free_param_strings(dp); 358 STAILQ_CONCAT(&dp->val, &nss); 359 dp->flags |= flags; 360 } else { |
340 /* Not found - add it. */ 341 np = emalloc(sizeof(struct cfparam)); 342 np->name = estrdup(name); 343 STAILQ_INIT(&np->val); 344 STAILQ_CONCAT(&np->val, &nss); 345 np->flags = flags; 346 np->gen = 0; 347 TAILQ_INSERT_TAIL(&j->params, np, tq); | 361 /* Not found - add it. */ 362 np = emalloc(sizeof(struct cfparam)); 363 np->name = estrdup(name); 364 STAILQ_INIT(&np->val); 365 STAILQ_CONCAT(&np->val, &nss); 366 np->flags = flags; 367 np->gen = 0; 368 TAILQ_INSERT_TAIL(&j->params, np, tq); |
369 if (ipnum != 0) 370 j->intparams[ipnum] = np; 371 else 372 for (ipnum = 1; ipnum < IP_NPARAM; ipnum++) 373 if (!(intparams[ipnum].flags & PF_CONV) && 374 equalopts(name, intparams[ipnum].name)) { 375 j->intparams[ipnum] = np; 376 np->flags |= intparams[ipnum].flags; 377 break; 378 } |
|
348 } 349} 350 351/* | 379 } 380} 381 382/* |
352 * Find internal or known parameters. 353 */ 354void 355find_intparams(void) 356{ 357 struct cfjail *j; 358 struct cfparam *p; 359 struct ipspec *ip; 360 361 TAILQ_FOREACH(j, &cfjails, tq) { 362 TAILQ_FOREACH(p, &j->params, tq) { 363 ip = bsearch(p->name, intparams, 364 sizeof(intparams) / sizeof(intparams[0]), 365 sizeof(struct ipspec), cmp_intparam); 366 if (ip != NULL) { 367 j->intparams[ip->ipnum] = p; 368 p->flags |= ip->flags; 369 } 370 } 371 } 372} 373 374/* | |
375 * Check syntax of internal parameters. 376 */ 377int 378check_intparams(struct cfjail *j) 379{ 380 struct cfparam *p; 381 const char *val; 382 char *ep; --- 69 unchanged lines hidden (view full) --- 452/* 453 * Look up extra IP addresses from the hostname and save interface and netmask. 454 */ 455int 456ip_params(struct cfjail *j) 457{ 458 struct in_addr addr4; 459 struct addrinfo hints, *ai0, *ai; | 383 * Check syntax of internal parameters. 384 */ 385int 386check_intparams(struct cfjail *j) 387{ 388 struct cfparam *p; 389 const char *val; 390 char *ep; --- 69 unchanged lines hidden (view full) --- 460/* 461 * Look up extra IP addresses from the hostname and save interface and netmask. 462 */ 463int 464ip_params(struct cfjail *j) 465{ 466 struct in_addr addr4; 467 struct addrinfo hints, *ai0, *ai; |
460 struct cfparam *np; | |
461 struct cfstring *s, *ns; 462 char *cs, *ep; 463 const char *hostname; 464 size_t size; 465 int error, ip4ok, defif, prefix; 466 int mib[4]; 467 char avalue4[INET_ADDRSTRLEN]; 468#ifdef INET6 469 struct in6_addr addr6; 470 int ip6ok, isip6; 471 char avalue6[INET6_ADDRSTRLEN]; 472#endif 473 474 error = 0; 475 /* 476 * The ip_hostname parameter looks up the hostname, and adds parameters 477 * for any IP addresses it finds. 478 */ 479 if (bool_param(j->intparams[IP_IP_HOSTNAME]) && | 468 struct cfstring *s, *ns; 469 char *cs, *ep; 470 const char *hostname; 471 size_t size; 472 int error, ip4ok, defif, prefix; 473 int mib[4]; 474 char avalue4[INET_ADDRSTRLEN]; 475#ifdef INET6 476 struct in6_addr addr6; 477 int ip6ok, isip6; 478 char avalue6[INET6_ADDRSTRLEN]; 479#endif 480 481 error = 0; 482 /* 483 * The ip_hostname parameter looks up the hostname, and adds parameters 484 * for any IP addresses it finds. 485 */ 486 if (bool_param(j->intparams[IP_IP_HOSTNAME]) && |
480 (hostname = string_param(j->intparams[KP_HOSTNAME]))) { | 487 (hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) { |
481 j->intparams[IP_IP_HOSTNAME] = NULL; 482 /* 483 * Silently ignore unsupported address families from 484 * DNS lookups. 485 */ 486 size = 4; 487 ip4ok = sysctlnametomib("security.jail.param.ip4", mib, &size) 488 == 0; --- 32 unchanged lines hidden (view full) --- 521 memcpy(&addr4, 522 &((struct sockaddr_in *) 523 (void *)ai->ai_addr)-> 524 sin_addr, sizeof(addr4)); 525 if (inet_ntop(AF_INET, 526 &addr4, avalue4, 527 INET_ADDRSTRLEN) == NULL) 528 err(1, "inet_ntop"); | 488 j->intparams[IP_IP_HOSTNAME] = NULL; 489 /* 490 * Silently ignore unsupported address families from 491 * DNS lookups. 492 */ 493 size = 4; 494 ip4ok = sysctlnametomib("security.jail.param.ip4", mib, &size) 495 == 0; --- 32 unchanged lines hidden (view full) --- 528 memcpy(&addr4, 529 &((struct sockaddr_in *) 530 (void *)ai->ai_addr)-> 531 sin_addr, sizeof(addr4)); 532 if (inet_ntop(AF_INET, 533 &addr4, avalue4, 534 INET_ADDRSTRLEN) == NULL) 535 err(1, "inet_ntop"); |
529 add_param(j, NULL, "ip4.addr", | 536 add_param(j, NULL, KP_IP4_ADDR, |
530 avalue4); 531 break; 532#ifdef INET6 533 case AF_INET6: 534 memcpy(&addr6, 535 &((struct sockaddr_in6 *) 536 (void *)ai->ai_addr)-> 537 sin6_addr, sizeof(addr6)); 538 if (inet_ntop(AF_INET6, 539 &addr6, avalue6, 540 INET6_ADDRSTRLEN) == NULL) 541 err(1, "inet_ntop"); | 537 avalue4); 538 break; 539#ifdef INET6 540 case AF_INET6: 541 memcpy(&addr6, 542 &((struct sockaddr_in6 *) 543 (void *)ai->ai_addr)-> 544 sin6_addr, sizeof(addr6)); 545 if (inet_ntop(AF_INET6, 546 &addr6, avalue6, 547 INET6_ADDRSTRLEN) == NULL) 548 err(1, "inet_ntop"); |
542 add_param(j, NULL, "ip6.addr", | 549 add_param(j, NULL, KP_IP6_ADDR, |
543 avalue6); 544 break; 545#endif 546 } 547 freeaddrinfo(ai0); 548 } 549 } 550 } --- 6 unchanged lines hidden (view full) --- 557 for (isip6 = 0; isip6 <= 1; isip6++) 558#else 559#define isip6 0 560 do 561#endif 562 { 563 if (j->intparams[KP_IP4_ADDR + isip6] == NULL) 564 continue; | 550 avalue6); 551 break; 552#endif 553 } 554 freeaddrinfo(ai0); 555 } 556 } 557 } --- 6 unchanged lines hidden (view full) --- 564 for (isip6 = 0; isip6 <= 1; isip6++) 565#else 566#define isip6 0 567 do 568#endif 569 { 570 if (j->intparams[KP_IP4_ADDR + isip6] == NULL) 571 continue; |
565 np = j->intparams[IP__IP4_IFADDR + isip6]; | |
566 STAILQ_FOREACH(s, &j->intparams[KP_IP4_ADDR + isip6]->val, tq) { 567 cs = strchr(s->s, '|'); | 572 STAILQ_FOREACH(s, &j->intparams[KP_IP4_ADDR + isip6]->val, tq) { 573 cs = strchr(s->s, '|'); |
568 if (cs || defif) { 569 if (np == NULL) { 570 np = j->intparams[IP__IP4_IFADDR + 571 isip6] = 572 emalloc(sizeof(struct cfparam)); 573 np->name = estrdup(j->intparams 574 [KP_IP4_ADDR + isip6]->name); 575 STAILQ_INIT(&np->val); 576 np->flags = PF_INTERNAL; 577 } 578 ns = emalloc(sizeof(struct cfstring)); 579 ns->s = estrdup(s->s); 580 ns->len = s->len; 581 STAILQ_INIT(&ns->vars); 582 STAILQ_INSERT_TAIL(&np->val, ns, tq); 583 if (cs != NULL) { 584 strcpy(s->s, cs + 1); 585 s->len -= cs - s->s + 1; 586 } | 574 if (cs || defif) 575 add_param(j, NULL, IP__IP4_IFADDR + isip6, 576 s->s); 577 if (cs) { 578 strcpy(s->s, cs + 1); 579 s->len -= cs + 1 - s->s; |
587 } 588 if ((cs = strchr(s->s, '/'))) { 589 prefix = strtol(cs + 1, &ep, 10); 590 if (!isip6 && *ep == '.' 591 ? inet_pton(AF_INET, cs + 1, &addr4) != 1 592 : *ep || prefix < 0 || prefix > 593 (isip6 ? 128 : 32)) { 594 jail_warnx(j, isip6 --- 146 unchanged lines hidden (view full) --- 741 for (wc = strchr(wname, '*'); wc; wc = strchr(wc + 1, '*')) 742 if ((wc == wname || wc[-1] == '.') && 743 (wc[1] == '\0' || wc[1] == '.')) 744 return 1; 745 return 0; 746} 747 748/* | 580 } 581 if ((cs = strchr(s->s, '/'))) { 582 prefix = strtol(cs + 1, &ep, 10); 583 if (!isip6 && *ep == '.' 584 ? inet_pton(AF_INET, cs + 1, &addr4) != 1 585 : *ep || prefix < 0 || prefix > 586 (isip6 ? 128 : 32)) { 587 jail_warnx(j, isip6 --- 146 unchanged lines hidden (view full) --- 734 for (wc = strchr(wname, '*'); wc; wc = strchr(wc + 1, '*')) 735 if ((wc == wname || wc[-1] == '.') && 736 (wc[1] == '\0' || wc[1] == '.')) 737 return 1; 738 return 0; 739} 740 741/* |
749 * Compare strings and intparams for bsearch. 750 */ 751 752static int 753cmp_intparam(const void *a, const void *b) 754{ 755 return strcmp((const char *)a, ((const struct ipspec *)b)->name); 756} 757 758/* | |
759 * Free a parameter record and all its strings and variables. 760 */ 761static void 762free_param(struct cfparams *pp, struct cfparam *p) 763{ 764 free(p->name); 765 free_param_strings(p); 766 TAILQ_REMOVE(pp, p, tq); --- 20 unchanged lines hidden --- | 742 * Free a parameter record and all its strings and variables. 743 */ 744static void 745free_param(struct cfparams *pp, struct cfparam *p) 746{ 747 free(p->name); 748 free_param_strings(p); 749 TAILQ_REMOVE(pp, p, tq); --- 20 unchanged lines hidden --- |