diff options
author | bz <bz@FreeBSD.org> | 2011-05-29 21:03:40 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2011-05-29 21:03:40 +0000 |
commit | 2c33480efee405ba67f6c56ca42ef7773445f470 (patch) | |
tree | 3e37dd4df6eb63a57aa9a42cb6d3401e17abbe4a /usr.sbin/jail | |
parent | abff9de7bdb14557130acd411dda7cbd5f960c99 (diff) | |
download | FreeBSD-src-2c33480efee405ba67f6c56ca42ef7773445f470.zip FreeBSD-src-2c33480efee405ba67f6c56ca42ef7773445f470.tar.gz |
Check for IPv4 or IPv6 to be available by the kernel to not
provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.
Reviewed by: jamie
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
MFC after: 10 days
Diffstat (limited to 'usr.sbin/jail')
-rw-r--r-- | usr.sbin/jail/Makefile | 3 | ||||
-rw-r--r-- | usr.sbin/jail/jail.c | 76 |
2 files changed, 45 insertions, 34 deletions
diff --git a/usr.sbin/jail/Makefile b/usr.sbin/jail/Makefile index de35dcf..52d237b 100644 --- a/usr.sbin/jail/Makefile +++ b/usr.sbin/jail/Makefile @@ -10,5 +10,8 @@ LDADD= -ljail -lutil .if ${MK_INET6_SUPPORT} != "no" CFLAGS+= -DINET6 .endif +.if ${MK_INET_SUPPORT} != "no" +CFLAGS+= -DINET +.endif .include <bsd.prog.mk> diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c index 0722bfd..fc4f71c 100644 --- a/usr.sbin/jail/jail.c +++ b/usr.sbin/jail/jail.c @@ -54,12 +54,18 @@ static struct jailparam *params; static char **param_values; static int nparams; -static char *ip4_addr; #ifdef INET6 +static int ip6_ok; static char *ip6_addr; #endif +#ifdef INET +static int ip4_ok; +static char *ip4_addr; +#endif +#if defined(INET6) || defined(INET) static void add_ip_addr(char **addrp, char *newaddr); +#endif #ifdef INET6 static void add_ip_addr46(char *newaddr); #endif @@ -194,6 +200,13 @@ main(int argc, char **argv) if (uflag) GET_USER_INFO; +#ifdef INET6 + ip6_ok = feature_present("inet6"); +#endif +#ifdef INET + ip4_ok = feature_present("inet"); +#endif + if (jailname) set_param("name", jailname); if (securelevel) @@ -207,10 +220,12 @@ main(int argc, char **argv) break; } if (hflag) { +#ifdef INET if (!strncmp(argv[i], "ip4.addr=", 9)) { add_ip_addr(&ip4_addr, argv[i] + 9); break; } +#endif #ifdef INET6 if (!strncmp(argv[i], "ip6.addr=", 9)) { add_ip_addr(&ip6_addr, argv[i] + 9); @@ -231,12 +246,14 @@ main(int argc, char **argv) set_param("host.hostname", argv[1]); if (hflag) add_ip_addrinfo(0, argv[1]); +#if defined(INET6) || defined(INET) if (argv[2][0] != '\0') #ifdef INET6 add_ip_addr46(argv[2]); #else add_ip_addr(&ip4_addr, argv[2]); #endif +#endif cmdarg = 3; /* Emulate the defaults from security.jail.* sysctls */ sysvallen = sizeof(sysval); @@ -259,8 +276,10 @@ main(int argc, char **argv) } } } +#ifdef INET if (ip4_addr != NULL) set_param("ip4.addr", ip4_addr); +#endif #ifdef INET6 if (ip6_addr != NULL) set_param("ip6.addr", ip6_addr); @@ -297,14 +316,19 @@ main(int argc, char **argv) for (i = 0; i < nparams; i++) if (!strcmp(params[i].jp_name, "path")) break; -#ifdef INET6 +#if defined(INET6) && defined(INET) fprintf(fp, "%d\t%s\t%s\t%s%s%s\t%s\n", jid, i < nparams ? (char *)params[i].jp_value : argv[0], argv[1], ip4_addr ? ip4_addr : "", ip4_addr && ip4_addr[0] && ip6_addr && ip6_addr[0] ? "," : "", ip6_addr ? ip6_addr : "", argv[3]); -#else +#elif defined(INET6) + fprintf(fp, "%d\t%s\t%s\t%s\t%s\n", + jid, i < nparams + ? (char *)params[i].jp_value : argv[0], + argv[1], ip6_addr ? ip6_addr : "", argv[3]); +#elif defined(INET) fprintf(fp, "%d\t%s\t%s\t%s\t%s\n", jid, i < nparams ? (char *)params[i].jp_value : argv[0], @@ -348,6 +372,7 @@ main(int argc, char **argv) err(1, "execvp: %s", argv[cmdarg]); } +#if defined(INET6) || defined(INET) static void add_ip_addr(char **addrp, char *value) { @@ -368,6 +393,7 @@ add_ip_addr(char **addrp, char *value) *addrp = addr; } } +#endif #ifdef INET6 static void @@ -391,23 +417,24 @@ static void add_ip_addrinfo(int ai_flags, char *value) { struct addrinfo hints, *ai0, *ai; - struct in_addr addr4; - size_t size; - int error, ip4ok; - int mib[4]; + int error; +#ifdef INET char avalue4[INET_ADDRSTRLEN]; + struct in_addr addr4; +#endif #ifdef INET6 - struct in6_addr addr6; - int ip6ok; char avalue6[INET6_ADDRSTRLEN]; + struct in6_addr addr6; #endif /* Look up the hostname (or get the address) */ memset(&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_STREAM; -#ifdef INET6 +#if defined(INET6) && defined(INET) hints.ai_family = PF_UNSPEC; -#else +#elif defined(INET6) + hints.ai_family = PF_INET6; +#elif defined(INET) hints.ai_family = PF_INET; #endif hints.ai_flags = ai_flags; @@ -415,32 +442,12 @@ add_ip_addrinfo(int ai_flags, char *value) if (error != 0) errx(1, "hostname %s: %s", value, gai_strerror(error)); - /* - * Silently ignore unsupported address families from DNS lookups. - * But if this is a numeric address, let the kernel give the error. - */ - if (ai_flags & AI_NUMERICHOST) - ip4ok = -#ifdef INET6 - ip6ok = -#endif - 1; - else { - size = 4; - ip4ok = (sysctlnametomib("security.jail.param.ip4", mib, - &size) == 0); -#ifdef INET6 - size = 4; - ip6ok = (sysctlnametomib("security.jail.param.ip6", mib, - &size) == 0); -#endif - } - /* Convert the addresses to ASCII so set_param can convert them back. */ for (ai = ai0; ai; ai = ai->ai_next) switch (ai->ai_family) { +#ifdef INET case AF_INET: - if (!ip4ok) + if (!ip4_ok && (ai_flags & AI_NUMERICHOST) == 0) break; memcpy(&addr4, &((struct sockaddr_in *) (void *)ai->ai_addr)->sin_addr, sizeof(addr4)); @@ -449,9 +456,10 @@ add_ip_addrinfo(int ai_flags, char *value) err(1, "inet_ntop"); add_ip_addr(&ip4_addr, avalue4); break; +#endif #ifdef INET6 case AF_INET6: - if (!ip6ok) + if (!ip6_ok && (ai_flags & AI_NUMERICHOST) == 0) break; memcpy(&addr6, &((struct sockaddr_in6 *) (void *)ai->ai_addr)->sin6_addr, sizeof(addr6)); |