diff options
| author | Mariusz Zaborski <oshogbo@FreeBSD.org> | 2018-11-04 19:31:44 +0000 |
|---|---|---|
| committer | Mariusz Zaborski <oshogbo@FreeBSD.org> | 2018-11-04 19:31:44 +0000 |
| commit | db9a6e4178d6a5b10c1af28bf6781d314b0c3742 (patch) | |
| tree | aa3cdfb9be5ff77d836bb47e8492a32c09df1e56 /lib/libcasper/services | |
| parent | fe2494903422ba3b924eba82cb63a6a9188fad7a (diff) | |
Notes
Diffstat (limited to 'lib/libcasper/services')
| -rw-r--r-- | lib/libcasper/services/cap_dns/cap_dns.3 | 41 |
1 files changed, 25 insertions, 16 deletions
diff --git a/lib/libcasper/services/cap_dns/cap_dns.3 b/lib/libcasper/services/cap_dns/cap_dns.3 index cd9d659481de..d1e58193695f 100644 --- a/lib/libcasper/services/cap_dns/cap_dns.3 +++ b/lib/libcasper/services/cap_dns/cap_dns.3 @@ -160,19 +160,22 @@ capability to create the casper service and uses it to resolve an IP address. .Bd -literal cap_channel_t *capcas, *capdns; -const char *typelimit = "ADDR"; -int familylimit; +int familylimit, error; const char *ipstr = "127.0.0.1"; -struct in_addr ip; -struct hostent *hp; +const char *typelimit = "ADDR"; +char hname[NI_MAXHOST]; +struct addrinfo hints, *res; /* Open capability to Casper. */ capcas = cap_init(); if (capcas == NULL) err(1, "Unable to contact Casper"); +/* Cache NLA for gai_strerror. */ +caph_cache_catpages(); + /* Enter capability mode sandbox. */ -if (cap_enter() < 0 && errno != ENOSYS) +if (caph_enter() < 0) err(1, "Unable to enter capability mode"); /* Use Casper capability to create capability to the system.dns service. */ @@ -183,28 +186,34 @@ if (capdns == NULL) /* Close Casper capability, we don't need it anymore. */ cap_close(capcas); -/* Limit system.dns to reverse DNS lookups. */ -if (cap_dns_type_limit(capdns, &typelimit, 1) < 0) - err(1, "Unable to limit access to the system.dns service"); - /* Limit system.dns to reserve IPv4 addresses */ familylimit = AF_INET; if (cap_dns_family_limit(capdns, &familylimit, 1) < 0) err(1, "Unable to limit access to the system.dns service"); -/* Convert IP address in C-string to in_addr. */ -if (!inet_aton(ipstr, &ip)) - errx(1, "Unable to parse IP address %s.", ipstr); +/* Convert IP address in C-string to struct sockaddr. */ +memset(&hints, 0, sizeof(hints)); +hints.ai_family = familylimit; +hints.ai_flags = AI_NUMERICHOST; +error = cap_getaddrinfo(capdns, ipstr, NULL, &hints, &res); +if (error != 0) + errx(1, "cap_getaddrinfo(): %s: %s", ipstr, gai_strerror(error)); + +/* Limit system.dns to reverse DNS lookups. */ +if (cap_dns_type_limit(capdns, &typelimit, 1) < 0) + err(1, "Unable to limit access to the system.dns service"); /* Find hostname for the given IP address. */ -hp = cap_gethostbyaddr(capdns, (const void *)&ip, sizeof(ip), AF_INET); -if (hp == NULL) - errx(1, "No name associated with %s.", ipstr); +error = cap_getnameinfo(capdns, res->ai_addr, res->ai_addrlen, hname, sizeof(hname), + NULL, 0, 0); +if (error != 0) + errx(1, "cap_getnameinfo(): %s: %s", ipstr, gai_strerror(error)); -printf("Name associated with %s is %s.\\n", ipstr, hp->h_name); +printf("Name associated with %s is %s.\\n", ipstr, hname); .Ed .Sh SEE ALSO .Xr cap_enter 2 , +.Xr caph_enter 3 , .Xr err 3 , .Xr gethostbyaddr 3 , .Xr gethostbyname 3 , |