libcasper: Update example in man page to use cap_getnameinfo function.

Reviewed by:	hrs
Differential Revision:	https://reviews.freebsd.org/D16931
This commit is contained in:
oshogbo 2018-11-04 19:31:44 +00:00
parent 196304c463
commit b06b44f3f5

View File

@ -160,19 +160,22 @@ capability to create the
casper service and uses it to resolve an IP address.
.Bd -literal
cap_channel_t *capcas, *capdns;
const char *typelimit = "ADDR";
int familylimit;
int familylimit, error;
const char *ipstr = "127.0.0.1";
struct in_addr ip;
struct hostent *hp;
const char *typelimit = "ADDR";
char hname[NI_MAXHOST];
struct addrinfo hints, *res;
/* Open capability to Casper. */
capcas = cap_init();
if (capcas == NULL)
err(1, "Unable to contact Casper");
/* Cache NLA for gai_strerror. */
caph_cache_catpages();
/* Enter capability mode sandbox. */
if (cap_enter() < 0 && errno != ENOSYS)
if (caph_enter() < 0)
err(1, "Unable to enter capability mode");
/* Use Casper capability to create capability to the system.dns service. */
@ -183,28 +186,34 @@ if (capdns == NULL)
/* Close Casper capability, we don't need it anymore. */
cap_close(capcas);
/* Limit system.dns to reverse DNS lookups. */
if (cap_dns_type_limit(capdns, &typelimit, 1) < 0)
err(1, "Unable to limit access to the system.dns service");
/* Limit system.dns to reserve IPv4 addresses */
familylimit = AF_INET;
if (cap_dns_family_limit(capdns, &familylimit, 1) < 0)
err(1, "Unable to limit access to the system.dns service");
/* Convert IP address in C-string to in_addr. */
if (!inet_aton(ipstr, &ip))
errx(1, "Unable to parse IP address %s.", ipstr);
/* Convert IP address in C-string to struct sockaddr. */
memset(&hints, 0, sizeof(hints));
hints.ai_family = familylimit;
hints.ai_flags = AI_NUMERICHOST;
error = cap_getaddrinfo(capdns, ipstr, NULL, &hints, &res);
if (error != 0)
errx(1, "cap_getaddrinfo(): %s: %s", ipstr, gai_strerror(error));
/* Limit system.dns to reverse DNS lookups. */
if (cap_dns_type_limit(capdns, &typelimit, 1) < 0)
err(1, "Unable to limit access to the system.dns service");
/* Find hostname for the given IP address. */
hp = cap_gethostbyaddr(capdns, (const void *)&ip, sizeof(ip), AF_INET);
if (hp == NULL)
errx(1, "No name associated with %s.", ipstr);
error = cap_getnameinfo(capdns, res->ai_addr, res->ai_addrlen, hname, sizeof(hname),
NULL, 0, 0);
if (error != 0)
errx(1, "cap_getnameinfo(): %s: %s", ipstr, gai_strerror(error));
printf("Name associated with %s is %s.\\n", ipstr, hp->h_name);
printf("Name associated with %s is %s.\\n", ipstr, hname);
.Ed
.Sh SEE ALSO
.Xr cap_enter 2 ,
.Xr caph_enter 3 ,
.Xr err 3 ,
.Xr gethostbyaddr 3 ,
.Xr gethostbyname 3 ,