Combine check_intparams() and ip_params(), JF_CHECKINT and JF_IPPARAMS.
This commit is contained in:
Jamie Gritton
parent
47fdec177a
commit
e3c69673a6
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/projects/jailconf/; revision=214649
@ -379,45 +379,6 @@ add_param(struct cfjail *j, const struct cfparam *p, enum intparam ipnum,
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Check syntax of internal parameters.
|
||||
*/
|
||||
int
|
||||
check_intparams(struct cfjail *j)
|
||||
{
|
||||
struct cfparam *p;
|
||||
const char *val;
|
||||
char *ep;
|
||||
int error;
|
||||
|
||||
error = 0;
|
||||
TAILQ_FOREACH(p, &j->params, tq) {
|
||||
if (!STAILQ_EMPTY(&p->val) &&
|
||||
(p->flags & (PF_BOOL | PF_INT))) {
|
||||
val = STAILQ_LAST(&p->val, cfstring, tq)->s;
|
||||
if (p->flags & PF_BOOL) {
|
||||
if (strcasecmp(val, "false") &&
|
||||
strcasecmp(val, "true") &&
|
||||
((void)strtol(val, &ep, 10), *ep)) {
|
||||
jail_warnx(j,
|
||||
"%s: unknown boolean value \"%s\"",
|
||||
p->name, val);
|
||||
error = -1;
|
||||
}
|
||||
} else {
|
||||
(void)strtol(val, &ep, 10);
|
||||
if (ep == val || *ep) {
|
||||
jail_warnx(j,
|
||||
"%s: non-integer value \"%s\"",
|
||||
p->name, val);
|
||||
error = -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
/*
|
||||
* Return if a boolean parameter exists and is true.
|
||||
*/
|
||||
@ -458,18 +419,21 @@ string_param(const struct cfparam *p)
|
||||
}
|
||||
|
||||
/*
|
||||
* Look up extra IP addresses from the hostname and save interface and netmask.
|
||||
* Check syntax and values of internal parameters. Set some internal
|
||||
* parameters based on the values of others.
|
||||
*/
|
||||
int
|
||||
ip_params(struct cfjail *j)
|
||||
check_intparams(struct cfjail *j)
|
||||
{
|
||||
struct in_addr addr4;
|
||||
struct addrinfo hints, *ai0, *ai;
|
||||
struct addrinfo hints;
|
||||
struct addrinfo *ai0, *ai;
|
||||
struct cfparam *p;
|
||||
struct cfstring *s, *ns;
|
||||
const char *hostname, *val;
|
||||
char *cs, *ep;
|
||||
const char *hostname;
|
||||
size_t size;
|
||||
int error, ip4ok, defif, prefix;
|
||||
int error, gicode, ip4ok, defif, prefix;
|
||||
int mib[4];
|
||||
char avalue4[INET_ADDRSTRLEN];
|
||||
#ifdef INET6
|
||||
@ -479,11 +443,39 @@ ip_params(struct cfjail *j)
|
||||
#endif
|
||||
|
||||
error = 0;
|
||||
/* Check format of boolan and integer values. */
|
||||
TAILQ_FOREACH(p, &j->params, tq) {
|
||||
if (!STAILQ_EMPTY(&p->val) &&
|
||||
(p->flags & (PF_BOOL | PF_INT))) {
|
||||
val = STAILQ_LAST(&p->val, cfstring, tq)->s;
|
||||
if (p->flags & PF_BOOL) {
|
||||
if (strcasecmp(val, "false") &&
|
||||
strcasecmp(val, "true") &&
|
||||
((void)strtol(val, &ep, 10), *ep)) {
|
||||
jail_warnx(j,
|
||||
"%s: unknown boolean value \"%s\"",
|
||||
p->name, val);
|
||||
error = -1;
|
||||
}
|
||||
} else {
|
||||
(void)strtol(val, &ep, 10);
|
||||
if (ep == val || *ep) {
|
||||
jail_warnx(j,
|
||||
"%s: non-integer value \"%s\"",
|
||||
p->name, val);
|
||||
error = -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* The ip_hostname parameter looks up the hostname, and adds parameters
|
||||
* for any IP addresses it finds.
|
||||
*/
|
||||
if (bool_param(j->intparams[IP_IP_HOSTNAME]) &&
|
||||
if (((j->flags & JF_OP_MASK) != JF_STOP ||
|
||||
j->intparams[IP_INTERFACE] != NULL) &&
|
||||
bool_param(j->intparams[IP_IP_HOSTNAME]) &&
|
||||
(hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) {
|
||||
j->intparams[IP_IP_HOSTNAME] = NULL;
|
||||
/*
|
||||
@ -511,10 +503,10 @@ ip_params(struct cfjail *j)
|
||||
ip6ok ? (ip4ok ? PF_UNSPEC : PF_INET6) :
|
||||
#endif
|
||||
PF_INET;
|
||||
error = getaddrinfo(hostname, NULL, &hints, &ai0);
|
||||
if (error != 0) {
|
||||
gicode = getaddrinfo(hostname, NULL, &hints, &ai0);
|
||||
if (gicode != 0) {
|
||||
jail_warnx(j, "host.hostname %s: %s", hostname,
|
||||
gai_strerror(error));
|
||||
gai_strerror(gicode));
|
||||
error = -1;
|
||||
} else {
|
||||
/*
|
||||
@ -555,6 +547,7 @@ ip_params(struct cfjail *j)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* IP addresses may include an interface to set that address on,
|
||||
* and a netmask/suffix for that address.
|
||||
|
||||
@ -311,23 +311,17 @@ main(int argc, char **argv)
|
||||
dep_done(j, 0);
|
||||
continue;
|
||||
}
|
||||
if (!(j->flags & JF_CHECKINT))
|
||||
if (!(j->flags & JF_PARAMS))
|
||||
{
|
||||
j->flags |= JF_CHECKINT;
|
||||
j->flags |= JF_PARAMS;
|
||||
if (dflag)
|
||||
add_param(j, NULL, IP_ALLOW_DYING, NULL);
|
||||
if (check_intparams(j) < 0)
|
||||
continue;
|
||||
}
|
||||
if (!(j->flags & JF_IPPARAMS) && (!JF_DO_STOP(j->flags) ||
|
||||
j->intparams[IP_INTERFACE] != NULL)) {
|
||||
j->flags |= JF_IPPARAMS;
|
||||
if (ip_params(j) < 0)
|
||||
if ((j->flags & (JF_START | JF_SET)) &&
|
||||
import_params(j) < 0)
|
||||
continue;
|
||||
}
|
||||
if (j->jp == NULL && (j->flags & (JF_START | JF_SET)) &&
|
||||
import_params(j) < 0)
|
||||
continue;
|
||||
if (!j->jid)
|
||||
running_jid(j,
|
||||
(j->flags & (JF_SET | JF_DEPEND)) == JF_SET
|
||||
|
||||
@ -57,15 +57,14 @@
|
||||
#define JF_DEPEND 0x0008 /* Operation required by dependency */
|
||||
#define JF_WILD 0x0010 /* Not specified on the command line */
|
||||
#define JF_FAILED 0x0020 /* Operation failed */
|
||||
#define JF_CHECKINT 0x0040 /* Checked internal parameters */
|
||||
#define JF_IPPARAMS 0x0080 /* Looked up jail hostname for IP_HOSTNAME */
|
||||
#define JF_RDTUN 0x0100 /* Create-only parameter check has been done */
|
||||
#define JF_IFUP 0x0200 /* IP addresses have been configured */
|
||||
#define JF_MOUNTED 0x0400 /* Filesystems have been mounted */
|
||||
#define JF_PERSIST 0x0800 /* Jail is temporarily persistent */
|
||||
#define JF_TIMEOUT 0x1000 /* A command (or process kill) timed out */
|
||||
#define JF_RUNQ 0x2000 /* Jail was in the run qeueue */
|
||||
#define JF_BACKGROUND 0x4000 /* Command was run in the background */
|
||||
#define JF_PARAMS 0x0040 /* Parameters checked and imported */
|
||||
#define JF_RDTUN 0x0080 /* Create-only parameter check has been done */
|
||||
#define JF_IFUP 0x0100 /* IP addresses have been configured */
|
||||
#define JF_MOUNTED 0x0200 /* Filesystems have been mounted */
|
||||
#define JF_PERSIST 0x0400 /* Jail is temporarily persistent */
|
||||
#define JF_TIMEOUT 0x0800 /* A command (or process kill) timed out */
|
||||
#define JF_RUNQ 0x1000 /* Jail was in the run qeueue */
|
||||
#define JF_BACKGROUND 0x2000 /* Command was run in the background */
|
||||
|
||||
#define JF_OP_MASK (JF_START | JF_SET | JF_STOP)
|
||||
#define JF_RESTART (JF_START | JF_STOP)
|
||||
@ -197,11 +196,10 @@ extern void load_config(void);
|
||||
extern struct cfjail *add_jail(void);
|
||||
extern void add_param(struct cfjail *j, const struct cfparam *p,
|
||||
enum intparam ipnum, const char *value);
|
||||
extern int check_intparams(struct cfjail *j);
|
||||
extern int bool_param(const struct cfparam *p);
|
||||
extern int int_param(const struct cfparam *p, int *ip);
|
||||
extern const char *string_param(const struct cfparam *p);
|
||||
extern int ip_params(struct cfjail *j);
|
||||
extern int check_intparams(struct cfjail *j);
|
||||
extern int import_params(struct cfjail *j);
|
||||
extern int equalopts(const char *opt1, const char *opt2);
|
||||
extern int wild_jail_name(const char *wname);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user