diff options
-rw-r--r-- | usr.sbin/jail/Makefile | 3 | ||||
-rw-r--r-- | usr.sbin/jail/jail.c | 76 | ||||
-rw-r--r-- | usr.sbin/jls/Makefile | 9 | ||||
-rw-r--r-- | usr.sbin/jls/jls.c | 76 |
4 files changed, 111 insertions, 53 deletions
diff --git a/usr.sbin/jail/Makefile b/usr.sbin/jail/Makefile index de35dcf..52d237b 100644 --- a/usr.sbin/jail/Makefile +++ b/usr.sbin/jail/Makefile @@ -10,5 +10,8 @@ LDADD= -ljail -lutil .if ${MK_INET6_SUPPORT} != "no" CFLAGS+= -DINET6 .endif +.if ${MK_INET_SUPPORT} != "no" +CFLAGS+= -DINET +.endif .include <bsd.prog.mk> diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c index 0722bfd..fc4f71c 100644 --- a/usr.sbin/jail/jail.c +++ b/usr.sbin/jail/jail.c @@ -54,12 +54,18 @@ static struct jailparam *params; static char **param_values; static int nparams; -static char *ip4_addr; #ifdef INET6 +static int ip6_ok; static char *ip6_addr; #endif +#ifdef INET +static int ip4_ok; +static char *ip4_addr; +#endif +#if defined(INET6) || defined(INET) static void add_ip_addr(char **addrp, char *newaddr); +#endif #ifdef INET6 static void add_ip_addr46(char *newaddr); #endif @@ -194,6 +200,13 @@ main(int argc, char **argv) if (uflag) GET_USER_INFO; +#ifdef INET6 + ip6_ok = feature_present("inet6"); +#endif +#ifdef INET + ip4_ok = feature_present("inet"); +#endif + if (jailname) set_param("name", jailname); if (securelevel) @@ -207,10 +220,12 @@ main(int argc, char **argv) break; } if (hflag) { +#ifdef INET if (!strncmp(argv[i], "ip4.addr=", 9)) { add_ip_addr(&ip4_addr, argv[i] + 9); break; } +#endif #ifdef INET6 if (!strncmp(argv[i], "ip6.addr=", 9)) { add_ip_addr(&ip6_addr, argv[i] + 9); @@ -231,12 +246,14 @@ main(int argc, char **argv) set_param("host.hostname", argv[1]); if (hflag) add_ip_addrinfo(0, argv[1]); +#if defined(INET6) || defined(INET) if (argv[2][0] != '\0') #ifdef INET6 add_ip_addr46(argv[2]); #else add_ip_addr(&ip4_addr, argv[2]); #endif +#endif cmdarg = 3; /* Emulate the defaults from security.jail.* sysctls */ sysvallen = sizeof(sysval); @@ -259,8 +276,10 @@ main(int argc, char **argv) } } } +#ifdef INET if (ip4_addr != NULL) set_param("ip4.addr", ip4_addr); +#endif #ifdef INET6 if (ip6_addr != NULL) set_param("ip6.addr", ip6_addr); @@ -297,14 +316,19 @@ main(int argc, char **argv) for (i = 0; i < nparams; i++) if (!strcmp(params[i].jp_name, "path")) break; -#ifdef INET6 +#if defined(INET6) && defined(INET) fprintf(fp, "%d\t%s\t%s\t%s%s%s\t%s\n", jid, i < nparams ? (char *)params[i].jp_value : argv[0], argv[1], ip4_addr ? ip4_addr : "", ip4_addr && ip4_addr[0] && ip6_addr && ip6_addr[0] ? "," : "", ip6_addr ? ip6_addr : "", argv[3]); -#else +#elif defined(INET6) + fprintf(fp, "%d\t%s\t%s\t%s\t%s\n", + jid, i < nparams + ? (char *)params[i].jp_value : argv[0], + argv[1], ip6_addr ? ip6_addr : "", argv[3]); +#elif defined(INET) fprintf(fp, "%d\t%s\t%s\t%s\t%s\n", jid, i < nparams ? (char *)params[i].jp_value : argv[0], @@ -348,6 +372,7 @@ main(int argc, char **argv) err(1, "execvp: %s", argv[cmdarg]); } +#if defined(INET6) || defined(INET) static void add_ip_addr(char **addrp, char *value) { @@ -368,6 +393,7 @@ add_ip_addr(char **addrp, char *value) *addrp = addr; } } +#endif #ifdef INET6 static void @@ -391,23 +417,24 @@ static void add_ip_addrinfo(int ai_flags, char *value) { struct addrinfo hints, *ai0, *ai; - struct in_addr addr4; - size_t size; - int error, ip4ok; - int mib[4]; + int error; +#ifdef INET char avalue4[INET_ADDRSTRLEN]; + struct in_addr addr4; +#endif #ifdef INET6 - struct in6_addr addr6; - int ip6ok; char avalue6[INET6_ADDRSTRLEN]; + struct in6_addr addr6; #endif /* Look up the hostname (or get the address) */ memset(&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_STREAM; -#ifdef INET6 +#if defined(INET6) && defined(INET) hints.ai_family = PF_UNSPEC; -#else +#elif defined(INET6) + hints.ai_family = PF_INET6; +#elif defined(INET) hints.ai_family = PF_INET; #endif hints.ai_flags = ai_flags; @@ -415,32 +442,12 @@ add_ip_addrinfo(int ai_flags, char *value) if (error != 0) errx(1, "hostname %s: %s", value, gai_strerror(error)); - /* - * Silently ignore unsupported address families from DNS lookups. - * But if this is a numeric address, let the kernel give the error. - */ - if (ai_flags & AI_NUMERICHOST) - ip4ok = -#ifdef INET6 - ip6ok = -#endif - 1; - else { - size = 4; - ip4ok = (sysctlnametomib("security.jail.param.ip4", mib, - &size) == 0); -#ifdef INET6 - size = 4; - ip6ok = (sysctlnametomib("security.jail.param.ip6", mib, - &size) == 0); -#endif - } - /* Convert the addresses to ASCII so set_param can convert them back. */ for (ai = ai0; ai; ai = ai->ai_next) switch (ai->ai_family) { +#ifdef INET case AF_INET: - if (!ip4ok) + if (!ip4_ok && (ai_flags & AI_NUMERICHOST) == 0) break; memcpy(&addr4, &((struct sockaddr_in *) (void *)ai->ai_addr)->sin_addr, sizeof(addr4)); @@ -449,9 +456,10 @@ add_ip_addrinfo(int ai_flags, char *value) err(1, "inet_ntop"); add_ip_addr(&ip4_addr, avalue4); break; +#endif #ifdef INET6 case AF_INET6: - if (!ip6ok) + if (!ip6_ok && (ai_flags & AI_NUMERICHOST) == 0) break; memcpy(&addr6, &((struct sockaddr_in6 *) (void *)ai->ai_addr)->sin6_addr, sizeof(addr6)); diff --git a/usr.sbin/jls/Makefile b/usr.sbin/jls/Makefile index e1157af..b297cc4 100644 --- a/usr.sbin/jls/Makefile +++ b/usr.sbin/jls/Makefile @@ -1,8 +1,17 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= jls MAN= jls.8 DPADD= ${LIBJAIL} LDADD= -ljail +.if ${MK_INET6_SUPPORT} != "no" +CFLAGS+= -DINET6 +.endif +.if ${MK_INET_SUPPORT} != "no" +CFLAGS+= -DINET +.endif + .include <bsd.prog.mk> diff --git a/usr.sbin/jls/jls.c b/usr.sbin/jls/jls.c index 2c1655b..14aa6af 100644 --- a/usr.sbin/jls/jls.c +++ b/usr.sbin/jls/jls.c @@ -59,6 +59,12 @@ __FBSDID("$FreeBSD$"); static struct jailparam *params; static int *param_parent; static int nparams; +#ifdef INET6 +static int ip6_ok; +#endif +#ifdef INET +static int ip4_ok; +#endif static int add_param(const char *name, void *value, size_t valuelen, struct jailparam *source, unsigned flags); @@ -112,6 +118,13 @@ main(int argc, char **argv) errx(1, "usage: jls [-dhnqv] [-j jail] [param ...]"); } +#ifdef INET6 + ip6_ok = feature_present("inet6"); +#endif +#ifdef INET + ip4_ok = feature_present("inet"); +#endif + /* Add the parameters to print. */ if (optind == argc) { if (pflags & (PRINT_HEADER | PRINT_NAMEVAL)) @@ -124,13 +137,24 @@ main(int argc, char **argv) add_param("name", NULL, (size_t)0, NULL, JP_USER); add_param("dying", NULL, (size_t)0, NULL, JP_USER); add_param("cpuset.id", NULL, (size_t)0, NULL, JP_USER); - add_param("ip4.addr", NULL, (size_t)0, NULL, JP_USER); - add_param("ip6.addr", NULL, (size_t)0, NULL, - JP_USER | JP_OPT); +#ifdef INET + if (ip4_ok) + add_param("ip4.addr", NULL, (size_t)0, NULL, + JP_USER); +#endif +#ifdef INET6 + if (ip6_ok) + add_param("ip6.addr", NULL, (size_t)0, NULL, + JP_USER | JP_OPT); +#endif } else { pflags |= PRINT_DEFAULT; add_param("jid", NULL, (size_t)0, NULL, JP_USER); - add_param("ip4.addr", NULL, (size_t)0, NULL, JP_USER); +#ifdef INET + if (ip4_ok) + add_param("ip4.addr", NULL, (size_t)0, NULL, + JP_USER); +#endif add_param("host.hostname", NULL, (size_t)0, NULL, JP_USER); add_param("path", NULL, (size_t)0, NULL, JP_USER); @@ -327,7 +351,7 @@ print_jail(int pflags, int jflags) { char *nname; char **param_values; - int i, ai, jid, count, spc; + int i, ai, jid, count, n, spc; char ipbuf[INET6_ADDRSTRLEN]; jid = jailparam_get(params, nparams, jflags); @@ -345,31 +369,45 @@ print_jail(int pflags, int jflags) *(int *)params[4].jp_value ? "DYING" : "ACTIVE", "", *(int *)params[5].jp_value); - count = params[6].jp_valuelen / sizeof(struct in_addr); - for (ai = 0; ai < count; ai++) - if (inet_ntop(AF_INET, - &((struct in_addr *)params[6].jp_value)[ai], - ipbuf, sizeof(ipbuf)) == NULL) - err(1, "inet_ntop"); - else - printf("%6s %-15.15s\n", "", ipbuf); - if (!strcmp(params[7].jp_name, "ip6.addr")) { - count = params[7].jp_valuelen / sizeof(struct in6_addr); + n = 6; +#ifdef INET + if (ip4_ok && !strcmp(params[n].jp_name, "ip.addr")) { + count = params[n].jp_valuelen / sizeof(struct in_addr); + for (ai = 0; ai < count; ai++) + if (inet_ntop(AF_INET, + &((struct in_addr *)params[n].jp_value)[ai], + ipbuf, sizeof(ipbuf)) == NULL) + err(1, "inet_ntop"); + else + printf("%6s %-15.15s\n", "", ipbuf); + n++; + } +#endif +#ifdef INET6 + if (ip6_ok && !strcmp(params[n].jp_name, "ip6.addr")) { + count = params[n].jp_valuelen / sizeof(struct in6_addr); for (ai = 0; ai < count; ai++) if (inet_ntop(AF_INET6, - &((struct in6_addr *)params[7].jp_value)[ai], + &((struct in6_addr *) + params[n].jp_value)[ai], ipbuf, sizeof(ipbuf)) == NULL) err(1, "inet_ntop"); else printf("%6s %s\n", "", ipbuf); + n++; } +#endif } else if (pflags & PRINT_DEFAULT) printf("%6d %-15.15s %-29.29s %.74s\n", *(int *)params[0].jp_value, - params[1].jp_valuelen == 0 ? "-" +#ifdef INET + (!ip4_ok || params[1].jp_valuelen == 0) ? "-" : inet_ntoa(*(struct in_addr *)params[1].jp_value), - (char *)params[2].jp_value, - (char *)params[3].jp_value); +#else + "-" +#endif + (char *)params[2-!ip4_ok].jp_value, + (char *)params[3-!ip4_ok].jp_value); else { param_values = alloca(nparams * sizeof(*param_values)); for (i = 0; i < nparams; i++) { |