svn commit: r340140 - head/lib/libcasper/services/cap_dns

Mariusz Zaborski oshogbo at FreeBSD.org
Sun Nov 4 19:31:46 UTC 2018 

Author: oshogbo
Date: Sun Nov  4 19:31:44 2018
New Revision: 340140
URL: https://svnweb.freebsd.org/changeset/base/340140

Log:
  libcasper: Update example in man page to use cap_getnameinfo function.
  
  Reviewed by:	hrs
  Differential Revision:	https://reviews.freebsd.org/D16931

Modified:
  head/lib/libcasper/services/cap_dns/cap_dns.3

Modified: head/lib/libcasper/services/cap_dns/cap_dns.3
==============================================================================
--- head/lib/libcasper/services/cap_dns/cap_dns.3	Sun Nov  4 19:29:19 2018	(r340139)
+++ head/lib/libcasper/services/cap_dns/cap_dns.3	Sun Nov  4 19:31:44 2018	(r340140)
@@ -160,19 +160,22 @@ capability to create the
 casper service and uses it to resolve an IP address.
 .Bd -literal
 cap_channel_t *capcas, *capdns;
-const char *typelimit = "ADDR";
-int familylimit;
+int familylimit, error;
 const char *ipstr = "127.0.0.1";
-struct in_addr ip;
-struct hostent *hp;
+const char *typelimit = "ADDR";
+char hname[NI_MAXHOST];
+struct addrinfo hints, *res;
 
 /* Open capability to Casper. */
 capcas = cap_init();
 if (capcas == NULL)
 	err(1, "Unable to contact Casper");
 
+/* Cache NLA for gai_strerror. */
+caph_cache_catpages();
+
 /* Enter capability mode sandbox. */
-if (cap_enter() < 0 && errno != ENOSYS)
+if (caph_enter() < 0)
 	err(1, "Unable to enter capability mode");
 
 /* Use Casper capability to create capability to the system.dns service. */
@@ -183,28 +186,34 @@ if (capdns == NULL)
 /* Close Casper capability, we don't need it anymore. */
 cap_close(capcas);
 
-/* Limit system.dns to reverse DNS lookups. */
-if (cap_dns_type_limit(capdns, &typelimit, 1) < 0)
-	err(1, "Unable to limit access to the system.dns service");
-
 /* Limit system.dns to reserve IPv4 addresses */
 familylimit = AF_INET;
 if (cap_dns_family_limit(capdns, &familylimit, 1) < 0)
 	err(1, "Unable to limit access to the system.dns service");
 
-/* Convert IP address in C-string to in_addr. */
-if (!inet_aton(ipstr, &ip))
-	errx(1, "Unable to parse IP address %s.", ipstr);
+/* Convert IP address in C-string to struct sockaddr. */
+memset(&hints, 0, sizeof(hints));
+hints.ai_family = familylimit;
+hints.ai_flags = AI_NUMERICHOST;
+error = cap_getaddrinfo(capdns, ipstr, NULL, &hints, &res);
+if (error != 0)
+       errx(1, "cap_getaddrinfo(): %s: %s", ipstr, gai_strerror(error));
 
+/* Limit system.dns to reverse DNS lookups. */
+if (cap_dns_type_limit(capdns, &typelimit, 1) < 0)
+	err(1, "Unable to limit access to the system.dns service");
+
 /* Find hostname for the given IP address. */
-hp = cap_gethostbyaddr(capdns, (const void *)&ip, sizeof(ip), AF_INET);
-if (hp == NULL)
-	errx(1, "No name associated with %s.", ipstr);
+error = cap_getnameinfo(capdns, res->ai_addr, res->ai_addrlen, hname, sizeof(hname),
+    NULL, 0, 0);
+if (error != 0)
+	errx(1, "cap_getnameinfo(): %s: %s", ipstr, gai_strerror(error));
 
-printf("Name associated with %s is %s.\\n", ipstr, hp->h_name);
+printf("Name associated with %s is %s.\\n", ipstr, hname);
 .Ed
 .Sh SEE ALSO
 .Xr cap_enter 2 ,
+.Xr caph_enter 3 ,
 .Xr err 3 ,
 .Xr gethostbyaddr 3 ,
 .Xr gethostbyname 3 ,

More information about the svn-src-head mailing list