2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2020 Mariusz Zaborski <oshogbo@FreeBSD.org>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
34 #include <sys/socket.h>
35 #include <netinet/in.h>
44 #include <libcasper.h>
45 #include <libcasper_service.h>
49 #define CAPNET_MASK (CAPNET_ADDR2NAME | CAPNET_NAME2ADDR \
50 CAPNET_DEPRECATED_ADDR2NAME | CAPNET_DEPRECATED_NAME2ADDR | \
51 CAPNET_CONNECT | CAPNET_BIND | CAPNET_CONNECTDNS)
54 * Defines for the names of the limits.
55 * XXX: we should convert all string constats to this to avoid typos.
57 #define LIMIT_NV_BIND "bind"
58 #define LIMIT_NV_CONNECT "connect"
59 #define LIMIT_NV_ADDR2NAME "addr2name"
60 #define LIMIT_NV_NAME2ADDR "name2addr"
62 struct cap_net_limit {
63 cap_channel_t *cnl_chan;
65 nvlist_t *cnl_addr2name;
66 nvlist_t *cnl_name2addr;
67 nvlist_t *cnl_connect;
71 static struct hostent hent;
74 hostent_free(struct hostent *hp)
80 if (hp->h_aliases != NULL) {
81 for (ii = 0; hp->h_aliases[ii] != NULL; ii++)
82 free(hp->h_aliases[ii]);
86 if (hp->h_addr_list != NULL) {
87 for (ii = 0; hp->h_addr_list[ii] != NULL; ii++)
88 free(hp->h_addr_list[ii]);
89 free(hp->h_addr_list);
90 hp->h_addr_list = NULL;
94 static struct hostent *
95 hostent_unpack(const nvlist_t *nvl, struct hostent *hp)
97 unsigned int ii, nitems;
103 hp->h_name = strdup(nvlist_get_string(nvl, "name"));
104 if (hp->h_name == NULL)
106 hp->h_addrtype = (int)nvlist_get_number(nvl, "addrtype");
107 hp->h_length = (int)nvlist_get_number(nvl, "length");
109 nitems = (unsigned int)nvlist_get_number(nvl, "naliases");
110 hp->h_aliases = calloc(sizeof(hp->h_aliases[0]), nitems + 1);
111 if (hp->h_aliases == NULL)
113 for (ii = 0; ii < nitems; ii++) {
114 n = snprintf(nvlname, sizeof(nvlname), "alias%u", ii);
115 assert(n > 0 && n < (int)sizeof(nvlname));
117 strdup(nvlist_get_string(nvl, nvlname));
118 if (hp->h_aliases[ii] == NULL)
121 hp->h_aliases[ii] = NULL;
123 nitems = (unsigned int)nvlist_get_number(nvl, "naddrs");
124 hp->h_addr_list = calloc(sizeof(hp->h_addr_list[0]), nitems + 1);
125 if (hp->h_addr_list == NULL)
127 for (ii = 0; ii < nitems; ii++) {
128 hp->h_addr_list[ii] = malloc(hp->h_length);
129 if (hp->h_addr_list[ii] == NULL)
131 n = snprintf(nvlname, sizeof(nvlname), "addr%u", ii);
132 assert(n > 0 && n < (int)sizeof(nvlname));
133 bcopy(nvlist_get_binary(nvl, nvlname, NULL),
134 hp->h_addr_list[ii], hp->h_length);
136 hp->h_addr_list[ii] = NULL;
141 h_errno = NO_RECOVERY;
146 request_cb(cap_channel_t *chan, const char *name, int s,
147 const struct sockaddr *saddr, socklen_t len)
152 nvl = nvlist_create(0);
153 nvlist_add_string(nvl, "cmd", name);
154 nvlist_add_descriptor(nvl, "s", s);
155 nvlist_add_binary(nvl, "saddr", saddr, len);
157 nvl = cap_xfer_nvlist(chan, nvl);
161 if (nvlist_get_number(nvl, "error") != 0) {
162 serrno = (int)nvlist_get_number(nvl, "error");
168 s = dup2(s, nvlist_get_descriptor(nvl, "s"));
171 return (s == -1 ? -1 : 0);
175 cap_bind(cap_channel_t *chan, int s, const struct sockaddr *addr,
179 return (request_cb(chan, LIMIT_NV_BIND, s, addr, addrlen));
183 cap_connect(cap_channel_t *chan, int s, const struct sockaddr *name,
187 return (request_cb(chan, LIMIT_NV_CONNECT, s, name, namelen));
192 cap_gethostbyname(cap_channel_t *chan, const char *name)
195 return (cap_gethostbyname2(chan, name, AF_INET));
199 cap_gethostbyname2(cap_channel_t *chan, const char *name, int af)
204 nvl = nvlist_create(0);
205 nvlist_add_string(nvl, "cmd", "gethostbyname");
206 nvlist_add_number(nvl, "family", (uint64_t)af);
207 nvlist_add_string(nvl, "name", name);
208 nvl = cap_xfer_nvlist(chan, nvl);
210 h_errno = NO_RECOVERY;
213 if (nvlist_get_number(nvl, "error") != 0) {
214 h_errno = (int)nvlist_get_number(nvl, "error");
219 hp = hostent_unpack(nvl, &hent);
225 cap_gethostbyaddr(cap_channel_t *chan, const void *addr, socklen_t len,
231 nvl = nvlist_create(0);
232 nvlist_add_string(nvl, "cmd", "gethostbyaddr");
233 nvlist_add_binary(nvl, "addr", addr, (size_t)len);
234 nvlist_add_number(nvl, "family", (uint64_t)af);
235 nvl = cap_xfer_nvlist(chan, nvl);
237 h_errno = NO_RECOVERY;
240 if (nvlist_get_number(nvl, "error") != 0) {
241 h_errno = (int)nvlist_get_number(nvl, "error");
245 hp = hostent_unpack(nvl, &hent);
250 static struct addrinfo *
251 addrinfo_unpack(const nvlist_t *nvl)
256 const char *canonname;
258 addr = nvlist_get_binary(nvl, "ai_addr", &addrlen);
259 ai = malloc(sizeof(*ai) + addrlen);
262 ai->ai_flags = (int)nvlist_get_number(nvl, "ai_flags");
263 ai->ai_family = (int)nvlist_get_number(nvl, "ai_family");
264 ai->ai_socktype = (int)nvlist_get_number(nvl, "ai_socktype");
265 ai->ai_protocol = (int)nvlist_get_number(nvl, "ai_protocol");
266 ai->ai_addrlen = (socklen_t)addrlen;
267 canonname = dnvlist_get_string(nvl, "ai_canonname", NULL);
268 if (canonname != NULL) {
269 ai->ai_canonname = strdup(canonname);
270 if (ai->ai_canonname == NULL) {
275 ai->ai_canonname = NULL;
277 ai->ai_addr = (void *)(ai + 1);
278 bcopy(addr, ai->ai_addr, addrlen);
285 cap_getaddrinfo(cap_channel_t *chan, const char *hostname, const char *servname,
286 const struct addrinfo *hints, struct addrinfo **res)
288 struct addrinfo *firstai, *prevai, *curai;
290 const nvlist_t *nvlai;
295 nvl = nvlist_create(0);
296 nvlist_add_string(nvl, "cmd", "getaddrinfo");
297 if (hostname != NULL)
298 nvlist_add_string(nvl, "hostname", hostname);
299 if (servname != NULL)
300 nvlist_add_string(nvl, "servname", servname);
302 nvlist_add_number(nvl, "hints.ai_flags",
303 (uint64_t)hints->ai_flags);
304 nvlist_add_number(nvl, "hints.ai_family",
305 (uint64_t)hints->ai_family);
306 nvlist_add_number(nvl, "hints.ai_socktype",
307 (uint64_t)hints->ai_socktype);
308 nvlist_add_number(nvl, "hints.ai_protocol",
309 (uint64_t)hints->ai_protocol);
311 nvl = cap_xfer_nvlist(chan, nvl);
314 if (nvlist_get_number(nvl, "error") != 0) {
315 error = (int)nvlist_get_number(nvl, "error");
321 firstai = prevai = curai = NULL;
322 for (ii = 0; ; ii++) {
323 n = snprintf(nvlname, sizeof(nvlname), "res%u", ii);
324 assert(n > 0 && n < (int)sizeof(nvlname));
325 if (!nvlist_exists_nvlist(nvl, nvlname))
327 nvlai = nvlist_get_nvlist(nvl, nvlname);
328 curai = addrinfo_unpack(nvlai);
332 prevai->ai_next = curai;
338 if (curai == NULL && nvlai != NULL) {
340 freeaddrinfo(firstai);
349 cap_getnameinfo(cap_channel_t *chan, const struct sockaddr *sa, socklen_t salen,
350 char *host, size_t hostlen, char *serv, size_t servlen, int flags)
355 nvl = nvlist_create(0);
356 nvlist_add_string(nvl, "cmd", "getnameinfo");
357 nvlist_add_number(nvl, "hostlen", (uint64_t)hostlen);
358 nvlist_add_number(nvl, "servlen", (uint64_t)servlen);
359 nvlist_add_binary(nvl, "sa", sa, (size_t)salen);
360 nvlist_add_number(nvl, "flags", (uint64_t)flags);
361 nvl = cap_xfer_nvlist(chan, nvl);
364 if (nvlist_get_number(nvl, "error") != 0) {
365 error = (int)nvlist_get_number(nvl, "error");
370 if (host != NULL && nvlist_exists_string(nvl, "host"))
371 strlcpy(host, nvlist_get_string(nvl, "host"), hostlen + 1);
372 if (serv != NULL && nvlist_exists_string(nvl, "serv"))
373 strlcpy(serv, nvlist_get_string(nvl, "serv"), servlen + 1);
379 cap_net_limit_init(cap_channel_t *chan, uint64_t mode)
381 cap_net_limit_t *limit;
383 limit = calloc(1, sizeof(*limit));
385 limit->cnl_mode = mode;
386 limit->cnl_chan = chan;
387 limit->cnl_addr2name = nvlist_create(0);
388 limit->cnl_name2addr = nvlist_create(0);
389 limit->cnl_connect = nvlist_create(0);
390 limit->cnl_bind = nvlist_create(0);
397 pack_limit(nvlist_t *lnvl, const char *name, nvlist_t *limit)
400 if (!nvlist_empty(limit)) {
401 nvlist_move_nvlist(lnvl, name, limit);
403 nvlist_destroy(limit);
408 cap_net_limit(cap_net_limit_t *limit)
413 lnvl = nvlist_create(0);
414 nvlist_add_number(lnvl, "mode", limit->cnl_mode);
416 pack_limit(lnvl, LIMIT_NV_ADDR2NAME, limit->cnl_addr2name);
417 pack_limit(lnvl, LIMIT_NV_NAME2ADDR, limit->cnl_name2addr);
418 pack_limit(lnvl, LIMIT_NV_CONNECT, limit->cnl_connect);
419 pack_limit(lnvl, LIMIT_NV_BIND, limit->cnl_bind);
421 chan = limit->cnl_chan;
424 return (cap_limit_set(chan, lnvl));
428 cap_net_free(cap_net_limit_t *limit)
434 nvlist_destroy(limit->cnl_addr2name);
435 nvlist_destroy(limit->cnl_name2addr);
436 nvlist_destroy(limit->cnl_connect);
437 nvlist_destroy(limit->cnl_bind);
443 pack_family(nvlist_t *nvl, int *family, size_t size)
448 if (!nvlist_exists_number_array(nvl, "family")) {
452 nvlist_add_number_array(nvl, "family", &val, 1);
456 for (; i < size; i++) {
457 nvlist_append_number_array(nvl, "family", family[i]);
462 pack_sockaddr(nvlist_t *res, const struct sockaddr *sa, socklen_t salen)
466 if (!nvlist_exists_nvlist(res, "sockaddr")) {
467 nvl = nvlist_create(NV_FLAG_NO_UNIQUE);
469 nvl = nvlist_take_nvlist(res, "sockaddr");
472 nvlist_add_binary(nvl, "", sa, salen);
473 nvlist_move_nvlist(res, "sockaddr", nvl);
477 cap_net_limit_addr2name_family(cap_net_limit_t *limit, int *family, size_t size)
480 pack_family(limit->cnl_addr2name, family, size);
485 cap_net_limit_name2addr_family(cap_net_limit_t *limit, int *family, size_t size)
488 pack_family(limit->cnl_name2addr, family, size);
493 cap_net_limit_name2addr(cap_net_limit_t *limit, const char *host,
498 if (!nvlist_exists_nvlist(limit->cnl_name2addr, "hosts")) {
499 nvl = nvlist_create(NV_FLAG_NO_UNIQUE);
501 nvl = nvlist_take_nvlist(limit->cnl_name2addr, "hosts");
504 nvlist_add_string(nvl,
505 host != NULL ? host : "",
506 serv != NULL ? serv : "");
508 nvlist_move_nvlist(limit->cnl_name2addr, "hosts", nvl);
513 cap_net_limit_addr2name(cap_net_limit_t *limit, const struct sockaddr *sa,
517 pack_sockaddr(limit->cnl_addr2name, sa, salen);
523 cap_net_limit_connect(cap_net_limit_t *limit, const struct sockaddr *sa,
527 pack_sockaddr(limit->cnl_connect, sa, salen);
532 cap_net_limit_bind(cap_net_limit_t *limit, const struct sockaddr *sa,
536 pack_sockaddr(limit->cnl_bind, sa, salen);
544 static nvlist_t *capdnscache;
547 net_add_sockaddr_to_cache(struct sockaddr *sa, socklen_t salen, bool deprecated)
551 if (capdnscache == NULL) {
552 capdnscache = nvlist_create(NV_FLAG_NO_UNIQUE);
554 /* Lets keep it clean. Look for dups. */
556 while (nvlist_next(capdnscache, NULL, &cookie) != NULL) {
560 assert(cnvlist_type(cookie) == NV_TYPE_BINARY);
562 data = cnvlist_get_binary(cookie, &size);
565 if (memcmp(data, sa, size) == 0)
570 nvlist_add_binary(capdnscache, deprecated ? "d" : "", sa, salen);
574 net_add_hostent_to_cache(const char *address, size_t asize, int family)
577 if (family != AF_INET && family != AF_INET6)
580 if (family == AF_INET6) {
581 struct sockaddr_in6 connaddr;
583 memset(&connaddr, 0, sizeof(connaddr));
584 connaddr.sin6_family = AF_INET6;
585 memcpy((char *)&connaddr.sin6_addr, address, asize);
586 connaddr.sin6_port = 0;
588 net_add_sockaddr_to_cache((struct sockaddr *)&connaddr,
589 sizeof(connaddr), true);
591 struct sockaddr_in connaddr;
593 memset(&connaddr, 0, sizeof(connaddr));
594 connaddr.sin_family = AF_INET;
595 memcpy((char *)&connaddr.sin_addr.s_addr, address, asize);
596 connaddr.sin_port = 0;
598 net_add_sockaddr_to_cache((struct sockaddr *)&connaddr,
599 sizeof(connaddr), true);
604 net_allowed_mode(const nvlist_t *limits, uint64_t mode)
610 return ((nvlist_get_number(limits, "mode") & mode) == mode);
614 net_allowed_family(const nvlist_t *limits, int family)
616 const uint64_t *allowedfamily;
622 /* If there are no familes at all, allow any mode. */
623 if (!nvlist_exists_number_array(limits, "family"))
626 allowedfamily = nvlist_get_number_array(limits, "family", &allsize);
627 for (i = 0; i < allsize; i++) {
628 /* XXX: what with AF_UNSPEC? */
629 if (allowedfamily[i] == (uint64_t)family) {
638 net_allowed_bsaddr_impl(const nvlist_t *salimits, const void *saddr,
646 while (nvlist_next(salimits, NULL, &cookie) != NULL) {
647 limit = cnvlist_get_binary(cookie, &limitsize);
649 if (limitsize != saddrsize) {
652 if (memcmp(limit, saddr, limitsize) == 0) {
657 * In case of deprecated version (gethostbyname) we have to
658 * ignore port, because there is no such info in the hostent.
659 * Suporting only AF_INET and AF_INET6.
661 if (strcmp(cnvlist_name(cookie), "d") != 0 ||
662 (saddrsize != sizeof(struct sockaddr_in) &&
663 saddrsize != sizeof(struct sockaddr_in6))) {
666 if (saddrsize == sizeof(struct sockaddr_in)) {
667 const struct sockaddr_in *saddrptr;
668 struct sockaddr_in sockaddr;
670 saddrptr = (const struct sockaddr_in *)saddr;
671 memcpy(&sockaddr, limit, sizeof(sockaddr));
672 sockaddr.sin_port = saddrptr->sin_port;
674 if (memcmp(&sockaddr, saddr, saddrsize) == 0) {
677 } else if (saddrsize == sizeof(struct sockaddr_in6)) {
678 const struct sockaddr_in6 *saddrptr;
679 struct sockaddr_in6 sockaddr;
681 saddrptr = (const struct sockaddr_in6 *)saddr;
682 memcpy(&sockaddr, limit, sizeof(sockaddr));
683 sockaddr.sin6_port = saddrptr->sin6_port;
685 if (memcmp(&sockaddr, saddr, saddrsize) == 0) {
695 net_allowed_bsaddr(const nvlist_t *limits, const void *saddr, size_t saddrsize)
701 if (!nvlist_exists_nvlist(limits, "sockaddr"))
704 return (net_allowed_bsaddr_impl(nvlist_get_nvlist(limits, "sockaddr"),
709 net_allowed_hosts(const nvlist_t *limits, const char *name, const char *srvname)
712 const nvlist_t *hlimits;
713 const char *testname, *testsrvname;
715 if (limits == NULL) {
719 /* If there are no hosts at all, allow any. */
720 if (!nvlist_exists_nvlist(limits, "hosts")) {
725 testname = (name == NULL ? "" : name);
726 testsrvname = (srvname == NULL ? "" : srvname);
727 hlimits = nvlist_get_nvlist(limits, "hosts");
728 while (nvlist_next(hlimits, NULL, &cookie) != NULL) {
729 if (strcmp(cnvlist_name(cookie), "") != 0 &&
730 strcmp(cnvlist_name(cookie), testname) != 0) {
734 if (strcmp(cnvlist_get_string(cookie), "") != 0 &&
735 strcmp(cnvlist_get_string(cookie), testsrvname) != 0) {
746 hostent_pack(const struct hostent *hp, nvlist_t *nvl, bool addtocache)
752 nvlist_add_string(nvl, "name", hp->h_name);
753 nvlist_add_number(nvl, "addrtype", (uint64_t)hp->h_addrtype);
754 nvlist_add_number(nvl, "length", (uint64_t)hp->h_length);
756 if (hp->h_aliases == NULL) {
757 nvlist_add_number(nvl, "naliases", 0);
759 for (ii = 0; hp->h_aliases[ii] != NULL; ii++) {
760 n = snprintf(nvlname, sizeof(nvlname), "alias%u", ii);
761 assert(n > 0 && n < (int)sizeof(nvlname));
762 nvlist_add_string(nvl, nvlname, hp->h_aliases[ii]);
764 nvlist_add_number(nvl, "naliases", (uint64_t)ii);
767 if (hp->h_addr_list == NULL) {
768 nvlist_add_number(nvl, "naddrs", 0);
770 for (ii = 0; hp->h_addr_list[ii] != NULL; ii++) {
771 n = snprintf(nvlname, sizeof(nvlname), "addr%u", ii);
772 assert(n > 0 && n < (int)sizeof(nvlname));
773 nvlist_add_binary(nvl, nvlname, hp->h_addr_list[ii],
774 (size_t)hp->h_length);
776 net_add_hostent_to_cache(hp->h_addr_list[ii],
777 hp->h_length, hp->h_addrtype);
780 nvlist_add_number(nvl, "naddrs", (uint64_t)ii);
785 net_gethostbyname(const nvlist_t *limits, const nvlist_t *nvlin,
790 const nvlist_t *funclimit;
794 if (!net_allowed_mode(limits, CAPNET_DEPRECATED_NAME2ADDR))
795 return (ENOTCAPABLE);
797 dnscache = net_allowed_mode(limits, CAPNET_CONNECTDNS);
798 funclimit = dnvlist_get_nvlist(limits, LIMIT_NV_NAME2ADDR, NULL);
800 family = (int)nvlist_get_number(nvlin, "family");
801 if (!net_allowed_family(funclimit, family))
802 return (ENOTCAPABLE);
804 name = nvlist_get_string(nvlin, "name");
805 if (!net_allowed_hosts(funclimit, name, ""))
806 return (ENOTCAPABLE);
808 hp = gethostbyname2(name, family);
811 hostent_pack(hp, nvlout, dnscache);
816 net_gethostbyaddr(const nvlist_t *limits, const nvlist_t *nvlin,
823 const nvlist_t *funclimit;
825 if (!net_allowed_mode(limits, CAPNET_DEPRECATED_ADDR2NAME))
826 return (ENOTCAPABLE);
828 funclimit = dnvlist_get_nvlist(limits, LIMIT_NV_ADDR2NAME, NULL);
830 family = (int)nvlist_get_number(nvlin, "family");
831 if (!net_allowed_family(funclimit, family))
832 return (ENOTCAPABLE);
834 addr = nvlist_get_binary(nvlin, "addr", &addrsize);
835 if (!net_allowed_bsaddr(funclimit, addr, addrsize))
836 return (ENOTCAPABLE);
838 hp = gethostbyaddr(addr, (socklen_t)addrsize, family);
841 hostent_pack(hp, nvlout, false);
846 net_getnameinfo(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
848 struct sockaddr_storage sast;
851 size_t sabinsize, hostlen, servlen;
854 const nvlist_t *funclimit;
856 if (!net_allowed_mode(limits, CAPNET_ADDR2NAME))
857 return (ENOTCAPABLE);
858 funclimit = dnvlist_get_nvlist(limits, LIMIT_NV_ADDR2NAME, NULL);
862 memset(&sast, 0, sizeof(sast));
864 hostlen = (size_t)nvlist_get_number(nvlin, "hostlen");
865 servlen = (size_t)nvlist_get_number(nvlin, "servlen");
868 host = calloc(1, hostlen + 1);
875 serv = calloc(1, servlen + 1);
882 sabin = nvlist_get_binary(nvlin, "sa", &sabinsize);
883 if (sabinsize > sizeof(sast)) {
887 if (!net_allowed_bsaddr(funclimit, sabin, sabinsize))
888 return (ENOTCAPABLE);
890 memcpy(&sast, sabin, sabinsize);
891 salen = (socklen_t)sabinsize;
893 if ((sast.ss_family != AF_INET ||
894 salen != sizeof(struct sockaddr_in)) &&
895 (sast.ss_family != AF_INET6 ||
896 salen != sizeof(struct sockaddr_in6))) {
901 if (!net_allowed_family(funclimit, (int)sast.ss_family)) {
906 flags = (int)nvlist_get_number(nvlin, "flags");
908 error = getnameinfo((struct sockaddr *)&sast, salen, host, hostlen,
909 serv, servlen, flags);
914 nvlist_move_string(nvlout, "host", host);
916 nvlist_move_string(nvlout, "serv", serv);
926 addrinfo_pack(const struct addrinfo *ai)
930 nvl = nvlist_create(0);
931 nvlist_add_number(nvl, "ai_flags", (uint64_t)ai->ai_flags);
932 nvlist_add_number(nvl, "ai_family", (uint64_t)ai->ai_family);
933 nvlist_add_number(nvl, "ai_socktype", (uint64_t)ai->ai_socktype);
934 nvlist_add_number(nvl, "ai_protocol", (uint64_t)ai->ai_protocol);
935 nvlist_add_binary(nvl, "ai_addr", ai->ai_addr, (size_t)ai->ai_addrlen);
936 if (ai->ai_canonname != NULL)
937 nvlist_add_string(nvl, "ai_canonname", ai->ai_canonname);
943 net_getaddrinfo(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
945 struct addrinfo hints, *hintsp, *res, *cur;
946 const char *hostname, *servname;
950 int error, family, n;
951 const nvlist_t *funclimit;
954 if (!net_allowed_mode(limits, CAPNET_NAME2ADDR))
955 return (ENOTCAPABLE);
956 dnscache = net_allowed_mode(limits, CAPNET_CONNECTDNS);
957 funclimit = dnvlist_get_nvlist(limits, LIMIT_NV_NAME2ADDR, NULL);
959 hostname = dnvlist_get_string(nvlin, "hostname", NULL);
960 servname = dnvlist_get_string(nvlin, "servname", NULL);
961 if (nvlist_exists_number(nvlin, "hints.ai_flags")) {
962 hints.ai_flags = (int)nvlist_get_number(nvlin,
964 hints.ai_family = (int)nvlist_get_number(nvlin,
966 hints.ai_socktype = (int)nvlist_get_number(nvlin,
967 "hints.ai_socktype");
968 hints.ai_protocol = (int)nvlist_get_number(nvlin,
969 "hints.ai_protocol");
970 hints.ai_addrlen = 0;
971 hints.ai_addr = NULL;
972 hints.ai_canonname = NULL;
973 hints.ai_next = NULL;
975 family = hints.ai_family;
981 if (!net_allowed_family(funclimit, family))
982 return (ENOTCAPABLE);
983 if (!net_allowed_hosts(funclimit, hostname, servname))
984 return (ENOTCAPABLE);
985 error = getaddrinfo(hostname, servname, hintsp, &res);
990 for (cur = res, ii = 0; cur != NULL; cur = cur->ai_next, ii++) {
991 elem = addrinfo_pack(cur);
992 n = snprintf(nvlname, sizeof(nvlname), "res%u", ii);
993 assert(n > 0 && n < (int)sizeof(nvlname));
994 nvlist_move_nvlist(nvlout, nvlname, elem);
996 net_add_sockaddr_to_cache(cur->ai_addr,
997 cur->ai_addrlen, false);
1008 net_bind(const nvlist_t *limits, nvlist_t *nvlin, nvlist_t *nvlout)
1013 const nvlist_t *funclimit;
1015 if (!net_allowed_mode(limits, CAPNET_BIND))
1016 return (ENOTCAPABLE);
1017 funclimit = dnvlist_get_nvlist(limits, LIMIT_NV_BIND, NULL);
1019 saddr = nvlist_get_binary(nvlin, "saddr", &len);
1021 if (!net_allowed_bsaddr(funclimit, saddr, len))
1022 return (ENOTCAPABLE);
1024 socket = nvlist_take_descriptor(nvlin, "s");
1025 if (bind(socket, saddr, len) < 0) {
1031 nvlist_move_descriptor(nvlout, "s", socket);
1037 net_connect(const nvlist_t *limits, nvlist_t *nvlin, nvlist_t *nvlout)
1041 const nvlist_t *funclimit;
1045 conn = net_allowed_mode(limits, CAPNET_CONNECT);
1046 conndns = net_allowed_mode(limits, CAPNET_CONNECTDNS);
1048 if (!conn && !conndns)
1049 return (ENOTCAPABLE);
1051 funclimit = dnvlist_get_nvlist(limits, LIMIT_NV_CONNECT, NULL);
1053 saddr = nvlist_get_binary(nvlin, "saddr", &len);
1054 if (conn && !net_allowed_bsaddr(funclimit, saddr, len)) {
1055 return (ENOTCAPABLE);
1056 } else if (conndns && (capdnscache == NULL ||
1057 !net_allowed_bsaddr_impl(capdnscache, saddr, len))) {
1058 return (ENOTCAPABLE);
1060 socket = dup(nvlist_get_descriptor(nvlin, "s"));
1061 if (connect(socket, saddr, len) < 0) {
1067 nvlist_move_descriptor(nvlout, "s", socket);
1073 verify_only_sa_newlimts(const nvlist_t *oldfunclimits,
1074 const nvlist_t *newfunclimit)
1079 while (nvlist_next(newfunclimit, NULL, &cookie) != NULL) {
1082 if (strcmp(cnvlist_name(cookie), "sockaddr") != 0)
1085 if (cnvlist_type(cookie) != NV_TYPE_NVLIST)
1089 while (nvlist_next(cnvlist_get_nvlist(cookie), NULL,
1090 &sacookie) != NULL) {
1094 if (cnvlist_type(sacookie) != NV_TYPE_BINARY)
1097 sa = cnvlist_get_binary(sacookie, &sasize);
1098 if (!net_allowed_bsaddr(oldfunclimits, sa, sasize))
1107 verify_bind_newlimts(const nvlist_t *oldlimits,
1108 const nvlist_t *newfunclimit)
1110 const nvlist_t *oldfunclimits;
1112 oldfunclimits = NULL;
1113 if (oldlimits != NULL) {
1114 oldfunclimits = dnvlist_get_nvlist(oldlimits, LIMIT_NV_BIND,
1118 return (verify_only_sa_newlimts(oldfunclimits, newfunclimit));
1123 verify_connect_newlimits(const nvlist_t *oldlimits,
1124 const nvlist_t *newfunclimit)
1126 const nvlist_t *oldfunclimits;
1128 oldfunclimits = NULL;
1129 if (oldlimits != NULL) {
1130 oldfunclimits = dnvlist_get_nvlist(oldlimits, LIMIT_NV_CONNECT,
1134 return (verify_only_sa_newlimts(oldfunclimits, newfunclimit));
1138 verify_addr2name_newlimits(const nvlist_t *oldlimits,
1139 const nvlist_t *newfunclimit)
1142 const nvlist_t *oldfunclimits;
1144 oldfunclimits = NULL;
1145 if (oldlimits != NULL) {
1146 oldfunclimits = dnvlist_get_nvlist(oldlimits,
1147 LIMIT_NV_ADDR2NAME, NULL);
1151 while (nvlist_next(newfunclimit, NULL, &cookie) != NULL) {
1152 if (strcmp(cnvlist_name(cookie), "sockaddr") == 0) {
1155 if (cnvlist_type(cookie) != NV_TYPE_NVLIST)
1159 while (nvlist_next(cnvlist_get_nvlist(cookie), NULL,
1160 &sacookie) != NULL) {
1164 if (cnvlist_type(sacookie) != NV_TYPE_BINARY)
1167 sa = cnvlist_get_binary(sacookie, &sasize);
1168 if (!net_allowed_bsaddr(oldfunclimits, sa,
1173 } else if (strcmp(cnvlist_name(cookie), "family") == 0) {
1174 size_t i, sfamilies;
1175 const uint64_t *families;
1177 if (cnvlist_type(cookie) != NV_TYPE_NUMBER_ARRAY)
1180 families = cnvlist_get_number_array(cookie, &sfamilies);
1181 for (i = 0; i < sfamilies; i++) {
1182 if (!net_allowed_family(oldfunclimits,
1196 verify_name2addr_newlimits(const nvlist_t *oldlimits,
1197 const nvlist_t *newfunclimit)
1200 const nvlist_t *oldfunclimits;
1202 oldfunclimits = NULL;
1203 if (oldlimits != NULL) {
1204 oldfunclimits = dnvlist_get_nvlist(oldlimits,
1205 LIMIT_NV_ADDR2NAME, NULL);
1209 while (nvlist_next(newfunclimit, NULL, &cookie) != NULL) {
1210 if (strcmp(cnvlist_name(cookie), "hosts") == 0) {
1213 if (cnvlist_type(cookie) != NV_TYPE_NVLIST)
1217 while (nvlist_next(cnvlist_get_nvlist(cookie), NULL,
1218 &hostcookie) != NULL) {
1219 if (cnvlist_type(hostcookie) != NV_TYPE_STRING)
1222 if (!net_allowed_hosts(oldfunclimits,
1223 cnvlist_name(hostcookie),
1224 cnvlist_get_string(hostcookie))) {
1228 } else if (strcmp(cnvlist_name(cookie), "family") == 0) {
1229 size_t i, sfamilies;
1230 const uint64_t *families;
1232 if (cnvlist_type(cookie) != NV_TYPE_NUMBER_ARRAY)
1235 families = cnvlist_get_number_array(cookie, &sfamilies);
1236 for (i = 0; i < sfamilies; i++) {
1237 if (!net_allowed_family(oldfunclimits,
1251 net_limit(const nvlist_t *oldlimits, const nvlist_t *newlimits)
1255 bool hasmode, hasconnect, hasbind, hasaddr2name, hasname2addr;
1261 * DEPRECATED_ADDR2NAME:
1266 * DEPRECATED_NAME2ADDR:
1270 * mode : NV_TYPE_NUMBER
1271 * connect : NV_TYPE_NVLIST
1272 * sockaddr : NV_TYPE_NVLIST
1273 * "" : NV_TYPE_BINARY
1274 * ... : NV_TYPE_BINARY
1275 * bind : NV_TYPE_NVLIST
1276 * sockaddr : NV_TYPE_NVLIST
1277 * "" : NV_TYPE_BINARY
1278 * ... : NV_TYPE_BINARY
1279 * addr2name : NV_TYPE_NVLIST
1280 * family : NV_TYPE_NUMBER_ARRAY
1281 * sockaddr : NV_TYPE_NVLIST
1282 * "" : NV_TYPE_BINARY
1283 * ... : NV_TYPE_BINARY
1284 * name2addr : NV_TYPE_NVLIST
1285 * family : NV_TYPE_NUMBER
1286 * hosts : NV_TYPE_NVLIST
1287 * host : servname : NV_TYPE_STRING
1293 hasaddr2name = false;
1294 hasname2addr = false;
1297 while ((name = nvlist_next(newlimits, NULL, &cookie)) != NULL) {
1298 if (strcmp(name, "mode") == 0) {
1299 if (cnvlist_type(cookie) != NV_TYPE_NUMBER) {
1300 return (NO_RECOVERY);
1302 if (!net_allowed_mode(oldlimits,
1303 cnvlist_get_number(cookie))) {
1304 return (ENOTCAPABLE);
1310 if (cnvlist_type(cookie) != NV_TYPE_NVLIST) {
1311 return (NO_RECOVERY);
1314 if (strcmp(name, LIMIT_NV_BIND) == 0) {
1316 if (!verify_bind_newlimts(oldlimits,
1317 cnvlist_get_nvlist(cookie))) {
1318 return (ENOTCAPABLE);
1320 } else if (strcmp(name, LIMIT_NV_CONNECT) == 0) {
1322 if (!verify_connect_newlimits(oldlimits,
1323 cnvlist_get_nvlist(cookie))) {
1324 return (ENOTCAPABLE);
1326 } else if (strcmp(name, LIMIT_NV_ADDR2NAME) == 0) {
1327 hasaddr2name = true;
1328 if (!verify_addr2name_newlimits(oldlimits,
1329 cnvlist_get_nvlist(cookie))) {
1330 return (ENOTCAPABLE);
1332 } else if (strcmp(name, LIMIT_NV_NAME2ADDR) == 0) {
1333 hasname2addr = true;
1334 if (!verify_name2addr_newlimits(oldlimits,
1335 cnvlist_get_nvlist(cookie))) {
1336 return (ENOTCAPABLE);
1341 /* Mode is required. */
1343 return (ENOTCAPABLE);
1346 * If the new limit doesn't mention mode or family we have to
1347 * check if the current limit does have those. Missing mode or
1348 * family in the limit means that all modes or families are
1351 if (oldlimits == NULL)
1353 if (!hasconnect && nvlist_exists(oldlimits, LIMIT_NV_BIND))
1354 return (ENOTCAPABLE);
1355 if (!hasconnect && nvlist_exists(oldlimits, LIMIT_NV_CONNECT))
1356 return (ENOTCAPABLE);
1357 if (!hasaddr2name && nvlist_exists(oldlimits, LIMIT_NV_ADDR2NAME))
1358 return (ENOTCAPABLE);
1359 if (!hasname2addr && nvlist_exists(oldlimits, LIMIT_NV_NAME2ADDR))
1360 return (ENOTCAPABLE);
1365 net_command(const char *cmd, const nvlist_t *limits, nvlist_t *nvlin,
1369 if (strcmp(cmd, "bind") == 0)
1370 return (net_bind(limits, nvlin, nvlout));
1371 else if (strcmp(cmd, "connect") == 0)
1372 return (net_connect(limits, nvlin, nvlout));
1373 else if (strcmp(cmd, "gethostbyname") == 0)
1374 return (net_gethostbyname(limits, nvlin, nvlout));
1375 else if (strcmp(cmd, "gethostbyaddr") == 0)
1376 return (net_gethostbyaddr(limits, nvlin, nvlout));
1377 else if (strcmp(cmd, "getnameinfo") == 0)
1378 return (net_getnameinfo(limits, nvlin, nvlout));
1379 else if (strcmp(cmd, "getaddrinfo") == 0)
1380 return (net_getaddrinfo(limits, nvlin, nvlout));
1385 CREATE_SERVICE("system.net", net_limit, net_command, 0);