summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/jail/config.c89
-rw-r--r--usr.sbin/jail/jail.c14
-rw-r--r--usr.sbin/jail/jailp.h20
3 files changed, 54 insertions, 69 deletions
diff --git a/usr.sbin/jail/config.c b/usr.sbin/jail/config.c
index 4bc8938..a12b60e 100644
--- a/usr.sbin/jail/config.c
+++ b/usr.sbin/jail/config.c
@@ -380,45 +380,6 @@ add_param(struct cfjail *j, const struct cfparam *p, enum intparam ipnum,
}
/*
- * Check syntax of internal parameters.
- */
-int
-check_intparams(struct cfjail *j)
-{
- struct cfparam *p;
- const char *val;
- char *ep;
- int error;
-
- error = 0;
- TAILQ_FOREACH(p, &j->params, tq) {
- if (!STAILQ_EMPTY(&p->val) &&
- (p->flags & (PF_BOOL | PF_INT))) {
- val = STAILQ_LAST(&p->val, cfstring, tq)->s;
- if (p->flags & PF_BOOL) {
- if (strcasecmp(val, "false") &&
- strcasecmp(val, "true") &&
- ((void)strtol(val, &ep, 10), *ep)) {
- jail_warnx(j,
- "%s: unknown boolean value \"%s\"",
- p->name, val);
- error = -1;
- }
- } else {
- (void)strtol(val, &ep, 10);
- if (ep == val || *ep) {
- jail_warnx(j,
- "%s: non-integer value \"%s\"",
- p->name, val);
- error = -1;
- }
- }
- }
- }
- return error;
-}
-
-/*
* Return if a boolean parameter exists and is true.
*/
int
@@ -458,18 +419,21 @@ string_param(const struct cfparam *p)
}
/*
- * Look up extra IP addresses from the hostname and save interface and netmask.
+ * Check syntax and values of internal parameters. Set some internal
+ * parameters based on the values of others.
*/
int
-ip_params(struct cfjail *j)
+check_intparams(struct cfjail *j)
{
struct in_addr addr4;
- struct addrinfo hints, *ai0, *ai;
+ struct addrinfo hints;
+ struct addrinfo *ai0, *ai;
+ struct cfparam *p;
struct cfstring *s, *ns;
+ const char *hostname, *val;
char *cs, *ep;
- const char *hostname;
size_t size;
- int error, ip4ok, defif, prefix;
+ int error, gicode, ip4ok, defif, prefix;
int mib[4];
char avalue4[INET_ADDRSTRLEN];
#ifdef INET6
@@ -479,11 +443,39 @@ ip_params(struct cfjail *j)
#endif
error = 0;
+ /* Check format of boolan and integer values. */
+ TAILQ_FOREACH(p, &j->params, tq) {
+ if (!STAILQ_EMPTY(&p->val) &&
+ (p->flags & (PF_BOOL | PF_INT))) {
+ val = STAILQ_LAST(&p->val, cfstring, tq)->s;
+ if (p->flags & PF_BOOL) {
+ if (strcasecmp(val, "false") &&
+ strcasecmp(val, "true") &&
+ ((void)strtol(val, &ep, 10), *ep)) {
+ jail_warnx(j,
+ "%s: unknown boolean value \"%s\"",
+ p->name, val);
+ error = -1;
+ }
+ } else {
+ (void)strtol(val, &ep, 10);
+ if (ep == val || *ep) {
+ jail_warnx(j,
+ "%s: non-integer value \"%s\"",
+ p->name, val);
+ error = -1;
+ }
+ }
+ }
+ }
+
/*
* The ip_hostname parameter looks up the hostname, and adds parameters
* for any IP addresses it finds.
*/
- if (bool_param(j->intparams[IP_IP_HOSTNAME]) &&
+ if (((j->flags & JF_OP_MASK) != JF_STOP ||
+ j->intparams[IP_INTERFACE] != NULL) &&
+ bool_param(j->intparams[IP_IP_HOSTNAME]) &&
(hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) {
j->intparams[IP_IP_HOSTNAME] = NULL;
/*
@@ -511,10 +503,10 @@ ip_params(struct cfjail *j)
ip6ok ? (ip4ok ? PF_UNSPEC : PF_INET6) :
#endif
PF_INET;
- error = getaddrinfo(hostname, NULL, &hints, &ai0);
- if (error != 0) {
+ gicode = getaddrinfo(hostname, NULL, &hints, &ai0);
+ if (gicode != 0) {
jail_warnx(j, "host.hostname %s: %s", hostname,
- gai_strerror(error));
+ gai_strerror(gicode));
error = -1;
} else {
/*
@@ -555,6 +547,7 @@ ip_params(struct cfjail *j)
}
}
}
+
/*
* IP addresses may include an interface to set that address on,
* and a netmask/suffix for that address.
diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c
index bea0322..fbfa28c 100644
--- a/usr.sbin/jail/jail.c
+++ b/usr.sbin/jail/jail.c
@@ -311,23 +311,17 @@ main(int argc, char **argv)
dep_done(j, 0);
continue;
}
- if (!(j->flags & JF_CHECKINT))
+ if (!(j->flags & JF_PARAMS))
{
- j->flags |= JF_CHECKINT;
+ j->flags |= JF_PARAMS;
if (dflag)
add_param(j, NULL, IP_ALLOW_DYING, NULL);
if (check_intparams(j) < 0)
continue;
- }
- if (!(j->flags & JF_IPPARAMS) && (!JF_DO_STOP(j->flags) ||
- j->intparams[IP_INTERFACE] != NULL)) {
- j->flags |= JF_IPPARAMS;
- if (ip_params(j) < 0)
+ if ((j->flags & (JF_START | JF_SET)) &&
+ import_params(j) < 0)
continue;
}
- if (j->jp == NULL && (j->flags & (JF_START | JF_SET)) &&
- import_params(j) < 0)
- continue;
if (!j->jid)
running_jid(j,
(j->flags & (JF_SET | JF_DEPEND)) == JF_SET
diff --git a/usr.sbin/jail/jailp.h b/usr.sbin/jail/jailp.h
index 1d33d01..885a162 100644
--- a/usr.sbin/jail/jailp.h
+++ b/usr.sbin/jail/jailp.h
@@ -57,15 +57,14 @@
#define JF_DEPEND 0x0008 /* Operation required by dependency */
#define JF_WILD 0x0010 /* Not specified on the command line */
#define JF_FAILED 0x0020 /* Operation failed */
-#define JF_CHECKINT 0x0040 /* Checked internal parameters */
-#define JF_IPPARAMS 0x0080 /* Looked up jail hostname for IP_HOSTNAME */
-#define JF_RDTUN 0x0100 /* Create-only parameter check has been done */
-#define JF_IFUP 0x0200 /* IP addresses have been configured */
-#define JF_MOUNTED 0x0400 /* Filesystems have been mounted */
-#define JF_PERSIST 0x0800 /* Jail is temporarily persistent */
-#define JF_TIMEOUT 0x1000 /* A command (or process kill) timed out */
-#define JF_RUNQ 0x2000 /* Jail was in the run qeueue */
-#define JF_BACKGROUND 0x4000 /* Command was run in the background */
+#define JF_PARAMS 0x0040 /* Parameters checked and imported */
+#define JF_RDTUN 0x0080 /* Create-only parameter check has been done */
+#define JF_IFUP 0x0100 /* IP addresses have been configured */
+#define JF_MOUNTED 0x0200 /* Filesystems have been mounted */
+#define JF_PERSIST 0x0400 /* Jail is temporarily persistent */
+#define JF_TIMEOUT 0x0800 /* A command (or process kill) timed out */
+#define JF_RUNQ 0x1000 /* Jail was in the run qeueue */
+#define JF_BACKGROUND 0x2000 /* Command was run in the background */
#define JF_OP_MASK (JF_START | JF_SET | JF_STOP)
#define JF_RESTART (JF_START | JF_STOP)
@@ -197,11 +196,10 @@ extern void load_config(void);
extern struct cfjail *add_jail(void);
extern void add_param(struct cfjail *j, const struct cfparam *p,
enum intparam ipnum, const char *value);
-extern int check_intparams(struct cfjail *j);
extern int bool_param(const struct cfparam *p);
extern int int_param(const struct cfparam *p, int *ip);
extern const char *string_param(const struct cfparam *p);
-extern int ip_params(struct cfjail *j);
+extern int check_intparams(struct cfjail *j);
extern int import_params(struct cfjail *j);
extern int equalopts(const char *opt1, const char *opt2);
extern int wild_jail_name(const char *wname);
OpenPOWER on IntegriCloud