2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2012-2013 The FreeBSD Foundation
7 * This software was developed by Pawel Jakub Dawidek under sponsorship from
8 * the FreeBSD Foundation.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
37 #include <netinet/in.h>
46 #include <libcasper.h>
47 #include <libcasper_service.h>
51 static struct hostent hent;
54 hostent_free(struct hostent *hp)
60 if (hp->h_aliases != NULL) {
61 for (ii = 0; hp->h_aliases[ii] != NULL; ii++)
62 free(hp->h_aliases[ii]);
66 if (hp->h_addr_list != NULL) {
67 for (ii = 0; hp->h_addr_list[ii] != NULL; ii++)
68 free(hp->h_addr_list[ii]);
69 free(hp->h_addr_list);
70 hp->h_addr_list = NULL;
74 static struct hostent *
75 hostent_unpack(const nvlist_t *nvl, struct hostent *hp)
77 unsigned int ii, nitems;
83 hp->h_name = strdup(nvlist_get_string(nvl, "name"));
84 if (hp->h_name == NULL)
86 hp->h_addrtype = (int)nvlist_get_number(nvl, "addrtype");
87 hp->h_length = (int)nvlist_get_number(nvl, "length");
89 nitems = (unsigned int)nvlist_get_number(nvl, "naliases");
90 hp->h_aliases = calloc(sizeof(hp->h_aliases[0]), nitems + 1);
91 if (hp->h_aliases == NULL)
93 for (ii = 0; ii < nitems; ii++) {
94 n = snprintf(nvlname, sizeof(nvlname), "alias%u", ii);
95 assert(n > 0 && n < (int)sizeof(nvlname));
97 strdup(nvlist_get_string(nvl, nvlname));
98 if (hp->h_aliases[ii] == NULL)
101 hp->h_aliases[ii] = NULL;
103 nitems = (unsigned int)nvlist_get_number(nvl, "naddrs");
104 hp->h_addr_list = calloc(sizeof(hp->h_addr_list[0]), nitems + 1);
105 if (hp->h_addr_list == NULL)
107 for (ii = 0; ii < nitems; ii++) {
108 hp->h_addr_list[ii] = malloc(hp->h_length);
109 if (hp->h_addr_list[ii] == NULL)
111 n = snprintf(nvlname, sizeof(nvlname), "addr%u", ii);
112 assert(n > 0 && n < (int)sizeof(nvlname));
113 bcopy(nvlist_get_binary(nvl, nvlname, NULL),
114 hp->h_addr_list[ii], hp->h_length);
116 hp->h_addr_list[ii] = NULL;
121 h_errno = NO_RECOVERY;
126 cap_gethostbyname(cap_channel_t *chan, const char *name)
129 return (cap_gethostbyname2(chan, name, AF_INET));
133 cap_gethostbyname2(cap_channel_t *chan, const char *name, int type)
138 nvl = nvlist_create(0);
139 nvlist_add_string(nvl, "cmd", "gethostbyname");
140 nvlist_add_number(nvl, "family", (uint64_t)type);
141 nvlist_add_string(nvl, "name", name);
142 nvl = cap_xfer_nvlist(chan, nvl);
144 h_errno = NO_RECOVERY;
147 if (nvlist_get_number(nvl, "error") != 0) {
148 h_errno = (int)nvlist_get_number(nvl, "error");
153 hp = hostent_unpack(nvl, &hent);
159 cap_gethostbyaddr(cap_channel_t *chan, const void *addr, socklen_t len,
165 nvl = nvlist_create(0);
166 nvlist_add_string(nvl, "cmd", "gethostbyaddr");
167 nvlist_add_binary(nvl, "addr", addr, (size_t)len);
168 nvlist_add_number(nvl, "family", (uint64_t)type);
169 nvl = cap_xfer_nvlist(chan, nvl);
171 h_errno = NO_RECOVERY;
174 if (nvlist_get_number(nvl, "error") != 0) {
175 h_errno = (int)nvlist_get_number(nvl, "error");
179 hp = hostent_unpack(nvl, &hent);
184 static struct addrinfo *
185 addrinfo_unpack(const nvlist_t *nvl)
190 const char *canonname;
192 addr = nvlist_get_binary(nvl, "ai_addr", &addrlen);
193 ai = malloc(sizeof(*ai) + addrlen);
196 ai->ai_flags = (int)nvlist_get_number(nvl, "ai_flags");
197 ai->ai_family = (int)nvlist_get_number(nvl, "ai_family");
198 ai->ai_socktype = (int)nvlist_get_number(nvl, "ai_socktype");
199 ai->ai_protocol = (int)nvlist_get_number(nvl, "ai_protocol");
200 ai->ai_addrlen = (socklen_t)addrlen;
201 canonname = dnvlist_get_string(nvl, "ai_canonname", NULL);
202 if (canonname != NULL) {
203 ai->ai_canonname = strdup(canonname);
204 if (ai->ai_canonname == NULL) {
209 ai->ai_canonname = NULL;
211 ai->ai_addr = (void *)(ai + 1);
212 bcopy(addr, ai->ai_addr, addrlen);
219 cap_getaddrinfo(cap_channel_t *chan, const char *hostname, const char *servname,
220 const struct addrinfo *hints, struct addrinfo **res)
222 struct addrinfo *firstai, *prevai, *curai;
224 const nvlist_t *nvlai;
229 nvl = nvlist_create(0);
230 nvlist_add_string(nvl, "cmd", "getaddrinfo");
231 if (hostname != NULL)
232 nvlist_add_string(nvl, "hostname", hostname);
233 if (servname != NULL)
234 nvlist_add_string(nvl, "servname", servname);
236 nvlist_add_number(nvl, "hints.ai_flags",
237 (uint64_t)hints->ai_flags);
238 nvlist_add_number(nvl, "hints.ai_family",
239 (uint64_t)hints->ai_family);
240 nvlist_add_number(nvl, "hints.ai_socktype",
241 (uint64_t)hints->ai_socktype);
242 nvlist_add_number(nvl, "hints.ai_protocol",
243 (uint64_t)hints->ai_protocol);
245 nvl = cap_xfer_nvlist(chan, nvl);
248 if (nvlist_get_number(nvl, "error") != 0) {
249 error = (int)nvlist_get_number(nvl, "error");
255 firstai = prevai = curai = NULL;
256 for (ii = 0; ; ii++) {
257 n = snprintf(nvlname, sizeof(nvlname), "res%u", ii);
258 assert(n > 0 && n < (int)sizeof(nvlname));
259 if (!nvlist_exists_nvlist(nvl, nvlname))
261 nvlai = nvlist_get_nvlist(nvl, nvlname);
262 curai = addrinfo_unpack(nvlai);
266 prevai->ai_next = curai;
267 else if (firstai == NULL)
272 if (curai == NULL && nvlai != NULL) {
274 freeaddrinfo(firstai);
283 cap_getnameinfo(cap_channel_t *chan, const struct sockaddr *sa, socklen_t salen,
284 char *host, size_t hostlen, char *serv, size_t servlen, int flags)
289 nvl = nvlist_create(0);
290 nvlist_add_string(nvl, "cmd", "getnameinfo");
291 nvlist_add_number(nvl, "hostlen", (uint64_t)hostlen);
292 nvlist_add_number(nvl, "servlen", (uint64_t)servlen);
293 nvlist_add_binary(nvl, "sa", sa, (size_t)salen);
294 nvlist_add_number(nvl, "flags", (uint64_t)flags);
295 nvl = cap_xfer_nvlist(chan, nvl);
298 if (nvlist_get_number(nvl, "error") != 0) {
299 error = (int)nvlist_get_number(nvl, "error");
304 if (host != NULL && nvlist_exists_string(nvl, "host"))
305 strlcpy(host, nvlist_get_string(nvl, "host"), hostlen);
306 if (serv != NULL && nvlist_exists_string(nvl, "serv"))
307 strlcpy(serv, nvlist_get_string(nvl, "serv"), servlen);
313 limit_remove(nvlist_t *limits, const char *prefix)
319 prefixlen = strlen(prefix);
322 while ((name = nvlist_next(limits, NULL, &cookie)) != NULL) {
323 if (strncmp(name, prefix, prefixlen) == 0) {
324 nvlist_free(limits, name);
331 cap_dns_type_limit(cap_channel_t *chan, const char * const *types,
339 if (cap_limit_get(chan, &limits) < 0)
342 limits = nvlist_create(0);
344 limit_remove(limits, "type");
345 for (i = 0; i < ntypes; i++) {
346 n = snprintf(nvlname, sizeof(nvlname), "type%u", i);
347 assert(n > 0 && n < (int)sizeof(nvlname));
348 nvlist_add_string(limits, nvlname, types[i]);
350 return (cap_limit_set(chan, limits));
354 cap_dns_family_limit(cap_channel_t *chan, const int *families,
362 if (cap_limit_get(chan, &limits) < 0)
365 limits = nvlist_create(0);
367 limit_remove(limits, "family");
368 for (i = 0; i < nfamilies; i++) {
369 n = snprintf(nvlname, sizeof(nvlname), "family%u", i);
370 assert(n > 0 && n < (int)sizeof(nvlname));
371 nvlist_add_number(limits, nvlname, (uint64_t)families[i]);
373 return (cap_limit_set(chan, limits));
380 dns_allowed_type(const nvlist_t *limits, const char *type)
391 while ((name = nvlist_next(limits, NULL, &cookie)) != NULL) {
392 if (strncmp(name, "type", sizeof("type") - 1) != 0)
395 if (strcmp(nvlist_get_string(limits, name), type) == 0)
399 /* If there are no types at all, allow any type. */
407 dns_allowed_family(const nvlist_t *limits, int family)
418 while ((name = nvlist_next(limits, NULL, &cookie)) != NULL) {
419 if (strncmp(name, "family", sizeof("family") - 1) != 0)
422 if (family == AF_UNSPEC)
424 if (nvlist_get_number(limits, name) == (uint64_t)family)
428 /* If there are no families at all, allow any family. */
436 hostent_pack(const struct hostent *hp, nvlist_t *nvl)
442 nvlist_add_string(nvl, "name", hp->h_name);
443 nvlist_add_number(nvl, "addrtype", (uint64_t)hp->h_addrtype);
444 nvlist_add_number(nvl, "length", (uint64_t)hp->h_length);
446 if (hp->h_aliases == NULL) {
447 nvlist_add_number(nvl, "naliases", 0);
449 for (ii = 0; hp->h_aliases[ii] != NULL; ii++) {
450 n = snprintf(nvlname, sizeof(nvlname), "alias%u", ii);
451 assert(n > 0 && n < (int)sizeof(nvlname));
452 nvlist_add_string(nvl, nvlname, hp->h_aliases[ii]);
454 nvlist_add_number(nvl, "naliases", (uint64_t)ii);
457 if (hp->h_addr_list == NULL) {
458 nvlist_add_number(nvl, "naddrs", 0);
460 for (ii = 0; hp->h_addr_list[ii] != NULL; ii++) {
461 n = snprintf(nvlname, sizeof(nvlname), "addr%u", ii);
462 assert(n > 0 && n < (int)sizeof(nvlname));
463 nvlist_add_binary(nvl, nvlname, hp->h_addr_list[ii],
464 (size_t)hp->h_length);
466 nvlist_add_number(nvl, "naddrs", (uint64_t)ii);
471 dns_gethostbyname(const nvlist_t *limits, const nvlist_t *nvlin,
477 if (!dns_allowed_type(limits, "NAME2ADDR") &&
478 !dns_allowed_type(limits, "NAME"))
479 return (NO_RECOVERY);
481 family = (int)nvlist_get_number(nvlin, "family");
483 if (!dns_allowed_family(limits, family))
484 return (NO_RECOVERY);
486 hp = gethostbyname2(nvlist_get_string(nvlin, "name"), family);
489 hostent_pack(hp, nvlout);
494 dns_gethostbyaddr(const nvlist_t *limits, const nvlist_t *nvlin,
502 if (!dns_allowed_type(limits, "ADDR2NAME") &&
503 !dns_allowed_type(limits, "ADDR"))
504 return (NO_RECOVERY);
506 family = (int)nvlist_get_number(nvlin, "family");
508 if (!dns_allowed_family(limits, family))
509 return (NO_RECOVERY);
511 addr = nvlist_get_binary(nvlin, "addr", &addrsize);
512 hp = gethostbyaddr(addr, (socklen_t)addrsize, family);
515 hostent_pack(hp, nvlout);
520 dns_getnameinfo(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
522 struct sockaddr_storage sast;
525 size_t sabinsize, hostlen, servlen;
529 if (!dns_allowed_type(limits, "ADDR2NAME") &&
530 !dns_allowed_type(limits, "ADDR"))
531 return (NO_RECOVERY);
535 memset(&sast, 0, sizeof(sast));
537 hostlen = (size_t)nvlist_get_number(nvlin, "hostlen");
538 servlen = (size_t)nvlist_get_number(nvlin, "servlen");
541 host = calloc(1, hostlen);
548 serv = calloc(1, servlen);
555 sabin = nvlist_get_binary(nvlin, "sa", &sabinsize);
556 if (sabinsize > sizeof(sast)) {
561 memcpy(&sast, sabin, sabinsize);
562 salen = (socklen_t)sabinsize;
564 if ((sast.ss_family != AF_INET ||
565 salen != sizeof(struct sockaddr_in)) &&
566 (sast.ss_family != AF_INET6 ||
567 salen != sizeof(struct sockaddr_in6))) {
572 if (!dns_allowed_family(limits, (int)sast.ss_family)) {
577 flags = (int)nvlist_get_number(nvlin, "flags");
579 error = getnameinfo((struct sockaddr *)&sast, salen, host, hostlen,
580 serv, servlen, flags);
585 nvlist_move_string(nvlout, "host", host);
587 nvlist_move_string(nvlout, "serv", serv);
597 addrinfo_pack(const struct addrinfo *ai)
601 nvl = nvlist_create(0);
602 nvlist_add_number(nvl, "ai_flags", (uint64_t)ai->ai_flags);
603 nvlist_add_number(nvl, "ai_family", (uint64_t)ai->ai_family);
604 nvlist_add_number(nvl, "ai_socktype", (uint64_t)ai->ai_socktype);
605 nvlist_add_number(nvl, "ai_protocol", (uint64_t)ai->ai_protocol);
606 nvlist_add_binary(nvl, "ai_addr", ai->ai_addr, (size_t)ai->ai_addrlen);
607 if (ai->ai_canonname != NULL)
608 nvlist_add_string(nvl, "ai_canonname", ai->ai_canonname);
614 dns_getaddrinfo(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
616 struct addrinfo hints, *hintsp, *res, *cur;
617 const char *hostname, *servname;
621 int error, family, n;
623 if (!dns_allowed_type(limits, "NAME2ADDR") &&
624 !dns_allowed_type(limits, "NAME"))
625 return (NO_RECOVERY);
627 hostname = dnvlist_get_string(nvlin, "hostname", NULL);
628 servname = dnvlist_get_string(nvlin, "servname", NULL);
629 if (nvlist_exists_number(nvlin, "hints.ai_flags")) {
630 hints.ai_flags = (int)nvlist_get_number(nvlin,
632 hints.ai_family = (int)nvlist_get_number(nvlin,
634 hints.ai_socktype = (int)nvlist_get_number(nvlin,
635 "hints.ai_socktype");
636 hints.ai_protocol = (int)nvlist_get_number(nvlin,
637 "hints.ai_protocol");
638 hints.ai_addrlen = 0;
639 hints.ai_addr = NULL;
640 hints.ai_canonname = NULL;
641 hints.ai_next = NULL;
643 family = hints.ai_family;
649 if (!dns_allowed_family(limits, family))
650 return (NO_RECOVERY);
652 error = getaddrinfo(hostname, servname, hintsp, &res);
656 for (cur = res, ii = 0; cur != NULL; cur = cur->ai_next, ii++) {
657 elem = addrinfo_pack(cur);
658 n = snprintf(nvlname, sizeof(nvlname), "res%u", ii);
659 assert(n > 0 && n < (int)sizeof(nvlname));
660 nvlist_move_nvlist(nvlout, nvlname, elem);
670 limit_has_entry(const nvlist_t *limits, const char *prefix)
679 prefixlen = strlen(prefix);
682 while ((name = nvlist_next(limits, NULL, &cookie)) != NULL) {
683 if (strncmp(name, prefix, prefixlen) == 0)
691 dns_limit(const nvlist_t *oldlimits, const nvlist_t *newlimits)
696 bool hastype, hasfamily;
702 while ((name = nvlist_next(newlimits, &nvtype, &cookie)) != NULL) {
703 if (nvtype == NV_TYPE_STRING) {
706 if (strncmp(name, "type", sizeof("type") - 1) != 0)
708 type = nvlist_get_string(newlimits, name);
709 if (strcmp(type, "ADDR2NAME") != 0 &&
710 strcmp(type, "NAME2ADDR") != 0 &&
711 strcmp(type, "ADDR") != 0 &&
712 strcmp(type, "NAME") != 0) {
715 if (!dns_allowed_type(oldlimits, type))
716 return (ENOTCAPABLE);
718 } else if (nvtype == NV_TYPE_NUMBER) {
721 if (strncmp(name, "family", sizeof("family") - 1) != 0)
723 family = (int)nvlist_get_number(newlimits, name);
724 if (!dns_allowed_family(oldlimits, family))
725 return (ENOTCAPABLE);
733 * If the new limit doesn't mention type or family we have to
734 * check if the current limit does have those. Missing type or
735 * family in the limit means that all types or families are
739 if (limit_has_entry(oldlimits, "type"))
740 return (ENOTCAPABLE);
743 if (limit_has_entry(oldlimits, "family"))
744 return (ENOTCAPABLE);
751 dns_command(const char *cmd, const nvlist_t *limits, nvlist_t *nvlin,
756 if (strcmp(cmd, "gethostbyname") == 0)
757 error = dns_gethostbyname(limits, nvlin, nvlout);
758 else if (strcmp(cmd, "gethostbyaddr") == 0)
759 error = dns_gethostbyaddr(limits, nvlin, nvlout);
760 else if (strcmp(cmd, "getnameinfo") == 0)
761 error = dns_getnameinfo(limits, nvlin, nvlout);
762 else if (strcmp(cmd, "getaddrinfo") == 0)
763 error = dns_getaddrinfo(limits, nvlin, nvlout);
770 CREATE_SERVICE("system.dns", dns_limit, dns_command, 0);