freebsd-skq/usr.sbin/jail/config.c
pfg 7551d83c35 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00

838 lines
21 KiB
C

/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2011 James Gritton
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/errno.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <err.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "jailp.h"
struct ipspec {
const char *name;
unsigned flags;
};
extern FILE *yyin;
extern int yynerrs;
extern int yyparse(void);
struct cfjails cfjails = TAILQ_HEAD_INITIALIZER(cfjails);
static void free_param(struct cfparams *pp, struct cfparam *p);
static void free_param_strings(struct cfparam *p);
static const struct ipspec intparams[] = {
[IP_ALLOW_DYING] = {"allow.dying", PF_INTERNAL | PF_BOOL},
[IP_COMMAND] = {"command", PF_INTERNAL},
[IP_DEPEND] = {"depend", PF_INTERNAL},
[IP_EXEC_CLEAN] = {"exec.clean", PF_INTERNAL | PF_BOOL},
[IP_EXEC_CONSOLELOG] = {"exec.consolelog", PF_INTERNAL},
[IP_EXEC_FIB] = {"exec.fib", PF_INTERNAL | PF_INT},
[IP_EXEC_JAIL_USER] = {"exec.jail_user", PF_INTERNAL},
[IP_EXEC_POSTSTART] = {"exec.poststart", PF_INTERNAL},
[IP_EXEC_POSTSTOP] = {"exec.poststop", PF_INTERNAL},
[IP_EXEC_PRESTART] = {"exec.prestart", PF_INTERNAL},
[IP_EXEC_PRESTOP] = {"exec.prestop", PF_INTERNAL},
[IP_EXEC_START] = {"exec.start", PF_INTERNAL},
[IP_EXEC_STOP] = {"exec.stop", PF_INTERNAL},
[IP_EXEC_SYSTEM_JAIL_USER]= {"exec.system_jail_user",
PF_INTERNAL | PF_BOOL},
[IP_EXEC_SYSTEM_USER] = {"exec.system_user", PF_INTERNAL},
[IP_EXEC_TIMEOUT] = {"exec.timeout", PF_INTERNAL | PF_INT},
#if defined(INET) || defined(INET6)
[IP_INTERFACE] = {"interface", PF_INTERNAL},
[IP_IP_HOSTNAME] = {"ip_hostname", PF_INTERNAL | PF_BOOL},
#endif
[IP_MOUNT] = {"mount", PF_INTERNAL | PF_REV},
[IP_MOUNT_DEVFS] = {"mount.devfs", PF_INTERNAL | PF_BOOL},
[IP_MOUNT_FDESCFS] = {"mount.fdescfs", PF_INTERNAL | PF_BOOL},
[IP_MOUNT_PROCFS] = {"mount.procfs", PF_INTERNAL | PF_BOOL},
[IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL},
[IP_STOP_TIMEOUT] = {"stop.timeout", PF_INTERNAL | PF_INT},
[IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL},
#ifdef INET
[IP__IP4_IFADDR] = {"ip4.addr", PF_INTERNAL | PF_CONV | PF_REV},
#endif
#ifdef INET6
[IP__IP6_IFADDR] = {"ip6.addr", PF_INTERNAL | PF_CONV | PF_REV},
#endif
[IP__MOUNT_FROM_FSTAB] = {"mount.fstab", PF_INTERNAL | PF_CONV | PF_REV},
[IP__OP] = {NULL, PF_CONV},
[KP_ALLOW_CHFLAGS] = {"allow.chflags", 0},
[KP_ALLOW_MOUNT] = {"allow.mount", 0},
[KP_ALLOW_RAW_SOCKETS] = {"allow.raw_sockets", 0},
[KP_ALLOW_SET_HOSTNAME]= {"allow.set_hostname", 0},
[KP_ALLOW_SOCKET_AF] = {"allow.socket_af", 0},
[KP_ALLOW_SYSVIPC] = {"allow.sysvipc", 0},
[KP_DEVFS_RULESET] = {"devfs_ruleset", 0},
[KP_ENFORCE_STATFS] = {"enforce_statfs", 0},
[KP_HOST_HOSTNAME] = {"host.hostname", 0},
#ifdef INET
[KP_IP4_ADDR] = {"ip4.addr", 0},
#endif
#ifdef INET6
[KP_IP6_ADDR] = {"ip6.addr", 0},
#endif
[KP_JID] = {"jid", PF_IMMUTABLE},
[KP_NAME] = {"name", PF_IMMUTABLE},
[KP_PATH] = {"path", 0},
[KP_PERSIST] = {"persist", 0},
[KP_SECURELEVEL] = {"securelevel", 0},
[KP_VNET] = {"vnet", 0},
};
/*
* Parse the jail configuration file.
*/
void
load_config(void)
{
struct cfjails wild;
struct cfparams opp;
struct cfjail *j, *tj, *wj;
struct cfparam *p, *vp, *tp;
struct cfstring *s, *vs, *ns;
struct cfvar *v, *vv;
char *ep;
int did_self, jseq, pgen;
if (!strcmp(cfname, "-")) {
cfname = "STDIN";
yyin = stdin;
} else {
yyin = fopen(cfname, "r");
if (!yyin)
err(1, "%s", cfname);
}
if (yyparse() || yynerrs)
exit(1);
/* Separate the wildcard jails out from the actual jails. */
jseq = 0;
TAILQ_INIT(&wild);
TAILQ_FOREACH_SAFE(j, &cfjails, tq, tj) {
j->seq = ++jseq;
if (wild_jail_name(j->name))
requeue(j, &wild);
}
TAILQ_FOREACH(j, &cfjails, tq) {
/* Set aside the jail's parameters. */
TAILQ_INIT(&opp);
TAILQ_CONCAT(&opp, &j->params, tq);
/*
* The jail name implies its "name" or "jid" parameter,
* though they may also be explicitly set later on.
*/
add_param(j, NULL,
strtol(j->name, &ep, 10) && !*ep ? KP_JID : KP_NAME,
j->name);
/*
* Collect parameters for the jail, global parameters/variables,
* and any matching wildcard jails.
*/
did_self = 0;
TAILQ_FOREACH(wj, &wild, tq) {
if (j->seq < wj->seq && !did_self) {
TAILQ_FOREACH(p, &opp, tq)
add_param(j, p, 0, NULL);
did_self = 1;
}
if (wild_jail_match(j->name, wj->name))
TAILQ_FOREACH(p, &wj->params, tq)
add_param(j, p, 0, NULL);
}
if (!did_self)
TAILQ_FOREACH(p, &opp, tq)
add_param(j, p, 0, NULL);
/* Resolve any variable substitutions. */
pgen = 0;
TAILQ_FOREACH(p, &j->params, tq) {
p->gen = ++pgen;
find_vars:
TAILQ_FOREACH(s, &p->val, tq) {
while ((v = STAILQ_FIRST(&s->vars))) {
TAILQ_FOREACH(vp, &j->params, tq)
if (!strcmp(vp->name, v->name))
break;
if (!vp) {
jail_warnx(j,
"%s: variable \"%s\" not found",
p->name, v->name);
bad_var:
j->flags |= JF_FAILED;
TAILQ_FOREACH(vp, &j->params, tq)
if (vp->gen == pgen)
vp->flags |= PF_BAD;
goto free_var;
}
if (vp->flags & PF_BAD)
goto bad_var;
if (vp->gen == pgen) {
jail_warnx(j, "%s: variable loop",
v->name);
goto bad_var;
}
TAILQ_FOREACH(vs, &vp->val, tq)
if (!STAILQ_EMPTY(&vs->vars)) {
vp->gen = pgen;
TAILQ_REMOVE(&j->params, vp,
tq);
TAILQ_INSERT_BEFORE(p, vp, tq);
p = vp;
goto find_vars;
}
vs = TAILQ_FIRST(&vp->val);
if (TAILQ_NEXT(vs, tq) != NULL &&
(s->s[0] != '\0' ||
STAILQ_NEXT(v, tq))) {
jail_warnx(j, "%s: array cannot be "
"substituted inline",
p->name);
goto bad_var;
}
s->s = erealloc(s->s, s->len + vs->len + 1);
memmove(s->s + v->pos + vs->len,
s->s + v->pos,
s->len - v->pos + 1);
memcpy(s->s + v->pos, vs->s, vs->len);
vv = v;
while ((vv = STAILQ_NEXT(vv, tq)))
vv->pos += vs->len;
s->len += vs->len;
while ((vs = TAILQ_NEXT(vs, tq))) {
ns = emalloc(sizeof(struct cfstring));
ns->s = estrdup(vs->s);
ns->len = vs->len;
STAILQ_INIT(&ns->vars);
TAILQ_INSERT_AFTER(&p->val, s, ns, tq);
s = ns;
}
free_var:
free(v->name);
STAILQ_REMOVE_HEAD(&s->vars, tq);
free(v);
}
}
}
/* Free the jail's original parameter list and any variables. */
while ((p = TAILQ_FIRST(&opp)))
free_param(&opp, p);
TAILQ_FOREACH_SAFE(p, &j->params, tq, tp)
if (p->flags & PF_VAR)
free_param(&j->params, p);
}
while ((wj = TAILQ_FIRST(&wild))) {
free(wj->name);
while ((p = TAILQ_FIRST(&wj->params)))
free_param(&wj->params, p);
TAILQ_REMOVE(&wild, wj, tq);
}
}
/*
* Create a new jail record.
*/
struct cfjail *
add_jail(void)
{
struct cfjail *j;
j = emalloc(sizeof(struct cfjail));
memset(j, 0, sizeof(struct cfjail));
TAILQ_INIT(&j->params);
STAILQ_INIT(&j->dep[DEP_FROM]);
STAILQ_INIT(&j->dep[DEP_TO]);
j->queue = &cfjails;
TAILQ_INSERT_TAIL(&cfjails, j, tq);
return j;
}
/*
* Add a parameter to a jail.
*/
void
add_param(struct cfjail *j, const struct cfparam *p, enum intparam ipnum,
const char *value)
{
struct cfstrings nss;
struct cfparam *dp, *np;
struct cfstring *s, *ns;
struct cfvar *v, *nv;
const char *name;
char *cs, *tname;
unsigned flags;
if (j == NULL) {
/* Create a single anonymous jail if one doesn't yet exist. */
j = TAILQ_LAST(&cfjails, cfjails);
if (j == NULL)
j = add_jail();
}
TAILQ_INIT(&nss);
if (p != NULL) {
name = p->name;
flags = p->flags;
/*
* Make a copy of the parameter's string list,
* which may be freed if it's overridden later.
*/
TAILQ_FOREACH(s, &p->val, tq) {
ns = emalloc(sizeof(struct cfstring));
ns->s = estrdup(s->s);
ns->len = s->len;
STAILQ_INIT(&ns->vars);
STAILQ_FOREACH(v, &s->vars, tq) {
nv = emalloc(sizeof(struct cfvar));
nv->name = strdup(v->name);
nv->pos = v->pos;
STAILQ_INSERT_TAIL(&ns->vars, nv, tq);
}
TAILQ_INSERT_TAIL(&nss, ns, tq);
}
} else {
flags = PF_APPEND;
if (ipnum != IP__NULL) {
name = intparams[ipnum].name;
flags |= intparams[ipnum].flags;
} else if ((cs = strchr(value, '='))) {
tname = alloca(cs - value + 1);
strlcpy(tname, value, cs - value + 1);
name = tname;
value = cs + 1;
} else {
name = value;
value = NULL;
}
if (value != NULL) {
ns = emalloc(sizeof(struct cfstring));
ns->s = estrdup(value);
ns->len = strlen(value);
STAILQ_INIT(&ns->vars);
TAILQ_INSERT_TAIL(&nss, ns, tq);
}
}
/* See if this parameter has already been added. */
if (ipnum != IP__NULL)
dp = j->intparams[ipnum];
else
TAILQ_FOREACH(dp, &j->params, tq)
if (!(dp->flags & PF_CONV) && equalopts(dp->name, name))
break;
if (dp != NULL) {
/* Found it - append or replace. */
if (dp->flags & PF_IMMUTABLE) {
jail_warnx(j, "cannot redefine variable \"%s\".",
dp->name);
return;
}
if (strcmp(dp->name, name)) {
free(dp->name);
dp->name = estrdup(name);
}
if (!(flags & PF_APPEND) || TAILQ_EMPTY(&nss))
free_param_strings(dp);
TAILQ_CONCAT(&dp->val, &nss, tq);
dp->flags |= flags;
} else {
/* Not found - add it. */
np = emalloc(sizeof(struct cfparam));
np->name = estrdup(name);
TAILQ_INIT(&np->val);
TAILQ_CONCAT(&np->val, &nss, tq);
np->flags = flags;
np->gen = 0;
TAILQ_INSERT_TAIL(&j->params, np, tq);
if (ipnum != IP__NULL)
j->intparams[ipnum] = np;
else
for (ipnum = IP__NULL + 1; ipnum < IP_NPARAM; ipnum++)
if (!(intparams[ipnum].flags & PF_CONV) &&
equalopts(name, intparams[ipnum].name)) {
j->intparams[ipnum] = np;
np->flags |= intparams[ipnum].flags;
break;
}
}
}
/*
* Return if a boolean parameter exists and is true.
*/
int
bool_param(const struct cfparam *p)
{
const char *cs;
if (p == NULL)
return 0;
cs = strrchr(p->name, '.');
return !strncmp(cs ? cs + 1 : p->name, "no", 2) ^
(TAILQ_EMPTY(&p->val) ||
!strcasecmp(TAILQ_LAST(&p->val, cfstrings)->s, "true") ||
(strtol(TAILQ_LAST(&p->val, cfstrings)->s, NULL, 10)));
}
/*
* Set an integer if a parameter if it exists.
*/
int
int_param(const struct cfparam *p, int *ip)
{
if (p == NULL || TAILQ_EMPTY(&p->val))
return 0;
*ip = strtol(TAILQ_LAST(&p->val, cfstrings)->s, NULL, 10);
return 1;
}
/*
* Return the string value of a scalar parameter if it exists.
*/
const char *
string_param(const struct cfparam *p)
{
return (p && !TAILQ_EMPTY(&p->val)
? TAILQ_LAST(&p->val, cfstrings)->s : NULL);
}
/*
* Check syntax and values of internal parameters. Set some internal
* parameters based on the values of others.
*/
int
check_intparams(struct cfjail *j)
{
struct cfparam *p;
struct cfstring *s;
FILE *f;
const char *val;
char *cs, *ep, *ln;
size_t lnlen;
int error;
#if defined(INET) || defined(INET6)
struct addrinfo hints;
struct addrinfo *ai0, *ai;
const char *hostname;
int gicode, defif;
#endif
#ifdef INET
struct in_addr addr4;
int ip4ok;
char avalue4[INET_ADDRSTRLEN];
#endif
#ifdef INET6
struct in6_addr addr6;
int ip6ok;
char avalue6[INET6_ADDRSTRLEN];
#endif
error = 0;
/* Check format of boolan and integer values. */
TAILQ_FOREACH(p, &j->params, tq) {
if (!TAILQ_EMPTY(&p->val) && (p->flags & (PF_BOOL | PF_INT))) {
val = TAILQ_LAST(&p->val, cfstrings)->s;
if (p->flags & PF_BOOL) {
if (strcasecmp(val, "false") &&
strcasecmp(val, "true") &&
((void)strtol(val, &ep, 10), *ep)) {
jail_warnx(j,
"%s: unknown boolean value \"%s\"",
p->name, val);
error = -1;
}
} else {
(void)strtol(val, &ep, 10);
if (ep == val || *ep) {
jail_warnx(j,
"%s: non-integer value \"%s\"",
p->name, val);
error = -1;
}
}
}
}
#if defined(INET) || defined(INET6)
/*
* The ip_hostname parameter looks up the hostname, and adds parameters
* for any IP addresses it finds.
*/
if (((j->flags & JF_OP_MASK) != JF_STOP ||
j->intparams[IP_INTERFACE] != NULL) &&
bool_param(j->intparams[IP_IP_HOSTNAME]) &&
(hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) {
j->intparams[IP_IP_HOSTNAME] = NULL;
/*
* Silently ignore unsupported address families from
* DNS lookups.
*/
#ifdef INET
ip4ok = feature_present("inet");
#endif
#ifdef INET6
ip6ok = feature_present("inet6");
#endif
if (
#if defined(INET) && defined(INET6)
ip4ok || ip6ok
#elif defined(INET)
ip4ok
#elif defined(INET6)
ip6ok
#endif
) {
/* Look up the hostname (or get the address) */
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
hints.ai_family =
#if defined(INET) && defined(INET6)
ip4ok ? (ip6ok ? PF_UNSPEC : PF_INET) : PF_INET6;
#elif defined(INET)
PF_INET;
#elif defined(INET6)
PF_INET6;
#endif
gicode = getaddrinfo(hostname, NULL, &hints, &ai0);
if (gicode != 0) {
jail_warnx(j, "host.hostname %s: %s", hostname,
gai_strerror(gicode));
error = -1;
} else {
/*
* Convert the addresses to ASCII so jailparam
* can convert them back. Errors are not
* expected here.
*/
for (ai = ai0; ai; ai = ai->ai_next)
switch (ai->ai_family) {
#ifdef INET
case AF_INET:
memcpy(&addr4,
&((struct sockaddr_in *)
(void *)ai->ai_addr)->
sin_addr, sizeof(addr4));
if (inet_ntop(AF_INET,
&addr4, avalue4,
INET_ADDRSTRLEN) == NULL)
err(1, "inet_ntop");
add_param(j, NULL, KP_IP4_ADDR,
avalue4);
break;
#endif
#ifdef INET6
case AF_INET6:
memcpy(&addr6,
&((struct sockaddr_in6 *)
(void *)ai->ai_addr)->
sin6_addr, sizeof(addr6));
if (inet_ntop(AF_INET6,
&addr6, avalue6,
INET6_ADDRSTRLEN) == NULL)
err(1, "inet_ntop");
add_param(j, NULL, KP_IP6_ADDR,
avalue6);
break;
#endif
}
freeaddrinfo(ai0);
}
}
}
/*
* IP addresses may include an interface to set that address on,
* a netmask/suffix for that address and options for ifconfig.
* These are copied to an internal command parameter and then stripped
* so they won't be passed on to jailparam_set.
*/
defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
#ifdef INET
if (j->intparams[KP_IP4_ADDR] != NULL) {
TAILQ_FOREACH(s, &j->intparams[KP_IP4_ADDR]->val, tq) {
cs = strchr(s->s, '|');
if (cs || defif)
add_param(j, NULL, IP__IP4_IFADDR, s->s);
if (cs) {
strcpy(s->s, cs + 1);
s->len -= cs + 1 - s->s;
}
if ((cs = strchr(s->s, '/')) != NULL) {
*cs = '\0';
s->len = cs - s->s;
}
if ((cs = strchr(s->s, ' ')) != NULL) {
*cs = '\0';
s->len = cs - s->s;
}
}
}
#endif
#ifdef INET6
if (j->intparams[KP_IP6_ADDR] != NULL) {
TAILQ_FOREACH(s, &j->intparams[KP_IP6_ADDR]->val, tq) {
cs = strchr(s->s, '|');
if (cs || defif)
add_param(j, NULL, IP__IP6_IFADDR, s->s);
if (cs) {
strcpy(s->s, cs + 1);
s->len -= cs + 1 - s->s;
}
if ((cs = strchr(s->s, '/')) != NULL) {
*cs = '\0';
s->len = cs - s->s;
}
if ((cs = strchr(s->s, ' ')) != NULL) {
*cs = '\0';
s->len = cs - s->s;
}
}
}
#endif
#endif
/*
* Read mount.fstab file(s), and treat each line as its own mount
* parameter.
*/
if (j->intparams[IP_MOUNT_FSTAB] != NULL) {
TAILQ_FOREACH(s, &j->intparams[IP_MOUNT_FSTAB]->val, tq) {
if (s->len == 0)
continue;
f = fopen(s->s, "r");
if (f == NULL) {
jail_warnx(j, "mount.fstab: %s: %s",
s->s, strerror(errno));
error = -1;
continue;
}
while ((ln = fgetln(f, &lnlen))) {
if ((cs = memchr(ln, '#', lnlen - 1)))
lnlen = cs - ln + 1;
if (ln[lnlen - 1] == '\n' ||
ln[lnlen - 1] == '#')
ln[lnlen - 1] = '\0';
else {
cs = alloca(lnlen + 1);
strlcpy(cs, ln, lnlen + 1);
ln = cs;
}
add_param(j, NULL, IP__MOUNT_FROM_FSTAB, ln);
}
fclose(f);
}
}
if (error)
failed(j);
return error;
}
/*
* Import parameters into libjail's binary jailparam format.
*/
int
import_params(struct cfjail *j)
{
struct cfparam *p;
struct cfstring *s, *ts;
struct jailparam *jp;
char *value, *cs;
size_t vallen;
int error;
error = 0;
j->njp = 0;
TAILQ_FOREACH(p, &j->params, tq)
if (!(p->flags & PF_INTERNAL))
j->njp++;
j->jp = jp = emalloc(j->njp * sizeof(struct jailparam));
TAILQ_FOREACH(p, &j->params, tq) {
if (p->flags & PF_INTERNAL)
continue;
if (jailparam_init(jp, p->name) < 0) {
error = -1;
jail_warnx(j, "%s", jail_errmsg);
jp++;
continue;
}
if (TAILQ_EMPTY(&p->val))
value = NULL;
else if (!jp->jp_elemlen ||
!TAILQ_NEXT(TAILQ_FIRST(&p->val), tq)) {
/*
* Scalar parameters silently discard multiple (array)
* values, keeping only the last value added. This
* lets values added from the command line append to
* arrays wthout pre-checking the type.
*/
value = TAILQ_LAST(&p->val, cfstrings)->s;
} else {
/*
* Convert arrays into comma-separated strings, which
* jailparam_import will then convert back into arrays.
*/
vallen = 0;
TAILQ_FOREACH(s, &p->val, tq)
vallen += s->len + 1;
value = alloca(vallen);
cs = value;
TAILQ_FOREACH_SAFE(s, &p->val, tq, ts) {
memcpy(cs, s->s, s->len);
cs += s->len + 1;
cs[-1] = ',';
}
value[vallen - 1] = '\0';
}
if (jailparam_import(jp, value) < 0) {
error = -1;
jail_warnx(j, "%s", jail_errmsg);
}
jp++;
}
if (error) {
jailparam_free(j->jp, j->njp);
free(j->jp);
j->jp = NULL;
failed(j);
}
return error;
}
/*
* Check if options are equal (with or without the "no" prefix).
*/
int
equalopts(const char *opt1, const char *opt2)
{
char *p;
/* "opt" vs. "opt" or "noopt" vs. "noopt" */
if (strcmp(opt1, opt2) == 0)
return (1);
/* "noopt" vs. "opt" */
if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0)
return (1);
/* "opt" vs. "noopt" */
if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0)
return (1);
while ((p = strchr(opt1, '.')) != NULL &&
!strncmp(opt1, opt2, ++p - opt1)) {
opt2 += p - opt1;
opt1 = p;
/* "foo.noopt" vs. "foo.opt" */
if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0)
return (1);
/* "foo.opt" vs. "foo.noopt" */
if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0)
return (1);
}
return (0);
}
/*
* See if a jail name matches a wildcard.
*/
int
wild_jail_match(const char *jname, const char *wname)
{
const char *jc, *jd, *wc, *wd;
/*
* A non-final "*" component in the wild name matches a single jail
* component, and a final "*" matches one or more jail components.
*/
for (jc = jname, wc = wname;
(jd = strchr(jc, '.')) && (wd = strchr(wc, '.'));
jc = jd + 1, wc = wd + 1)
if (strncmp(jc, wc, jd - jc + 1) && strncmp(wc, "*.", 2))
return 0;
return (!strcmp(jc, wc) || !strcmp(wc, "*"));
}
/*
* Return if a jail name is a wildcard.
*/
int
wild_jail_name(const char *wname)
{
const char *wc;
for (wc = strchr(wname, '*'); wc; wc = strchr(wc + 1, '*'))
if ((wc == wname || wc[-1] == '.') &&
(wc[1] == '\0' || wc[1] == '.'))
return 1;
return 0;
}
/*
* Free a parameter record and all its strings and variables.
*/
static void
free_param(struct cfparams *pp, struct cfparam *p)
{
free(p->name);
free_param_strings(p);
TAILQ_REMOVE(pp, p, tq);
free(p);
}
static void
free_param_strings(struct cfparam *p)
{
struct cfstring *s;
struct cfvar *v;
while ((s = TAILQ_FIRST(&p->val))) {
free(s->s);
while ((v = STAILQ_FIRST(&s->vars))) {
free(v->name);
STAILQ_REMOVE_HEAD(&s->vars, tq);
free(v);
}
TAILQ_REMOVE(&p->val, s, tq);
free(s);
}
}