svn commit: r352187 - in stable/12/lib/libcasper/services/cap_dns: . tests
Mariusz Zaborski
oshogbo at FreeBSD.org
Tue Sep 10 20:41:43 UTC 2019
Author: oshogbo
Date: Tue Sep 10 20:41:42 2019
New Revision: 352187
URL: https://svnweb.freebsd.org/changeset/base/352187
Log:
MFCr340141:
libcasper: fix limitations in dns service
The getaddrinfo(3) and gethostbyname(3) are used to return the address for a
given hostname. The getnameinfo(3) and gethostbyaddr(3) are used to return
hostname for a given address. Right now in casper, we have two limitations:
- NAME which allows resolving DNS names.
- ADDR which allows to do revert DNS lookups.
Before this change the rights was mixed up:
NAME - getnameinfo(3) and gethostbyname(3)
ADDR - gethostbyaddr(3) and getaddrinfo(3)
Which no matters on limitation allowed us to resolve DNS names and do DNS
lookups basically by using a different set of functions.
Now the NAME type allows getaddrinfo(3) and gethostbyname (3)functions,
and the ADDR names allow to use gethostbyaddr(3) and getnameinfo(3) functions.
Reviewed by: pjd, bcr
Discussed with: hrs
Differential Revision: https://reviews.freebsd.org/D16930
Modified:
stable/12/lib/libcasper/services/cap_dns/cap_dns.3
stable/12/lib/libcasper/services/cap_dns/cap_dns.c
stable/12/lib/libcasper/services/cap_dns/tests/dns_test.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/lib/libcasper/services/cap_dns/cap_dns.3
==============================================================================
--- stable/12/lib/libcasper/services/cap_dns/cap_dns.3 Tue Sep 10 20:27:44 2019 (r352186)
+++ stable/12/lib/libcasper/services/cap_dns/cap_dns.3 Tue Sep 10 20:41:42 2019 (r352187)
@@ -118,19 +118,21 @@ or
.Dv NAME .
The
.Dv ADDR
-means that functions
-.Fn cap_gethostbyname ,
-.Fn cap_gethostbyname2
+means that reverse DNS lookups are allowed with
+.Fn cap_getnameinfo
and
.Fn cap_gethostbyaddr
-are allowed.
+functions.
In case when
.Va type
is set to
.Dv NAME
-the
-.Fn cap_getnameinfo
-function is allowed.
+the name resolution is allowed with
+.Fn cap_getaddrinfo ,
+.Fn cap_gethostbyname ,
+and
+.Fn cap_gethostbyname2
+functions.
.It family ( NV_TYPE_NUMBER )
The
.Va family
Modified: stable/12/lib/libcasper/services/cap_dns/cap_dns.c
==============================================================================
--- stable/12/lib/libcasper/services/cap_dns/cap_dns.c Tue Sep 10 20:27:44 2019 (r352186)
+++ stable/12/lib/libcasper/services/cap_dns/cap_dns.c Tue Sep 10 20:41:42 2019 (r352187)
@@ -524,7 +524,7 @@ dns_getnameinfo(const nvlist_t *limits, const nvlist_t
socklen_t salen;
int error, flags;
- if (!dns_allowed_type(limits, "NAME"))
+ if (!dns_allowed_type(limits, "ADDR"))
return (NO_RECOVERY);
error = 0;
@@ -617,7 +617,7 @@ dns_getaddrinfo(const nvlist_t *limits, const nvlist_t
unsigned int ii;
int error, family, n;
- if (!dns_allowed_type(limits, "ADDR"))
+ if (!dns_allowed_type(limits, "NAME"))
return (NO_RECOVERY);
hostname = dnvlist_get_string(nvlin, "hostname", NULL);
Modified: stable/12/lib/libcasper/services/cap_dns/tests/dns_test.c
==============================================================================
--- stable/12/lib/libcasper/services/cap_dns/tests/dns_test.c Tue Sep 10 20:27:44 2019 (r352186)
+++ stable/12/lib/libcasper/services/cap_dns/tests/dns_test.c Tue Sep 10 20:41:42 2019 (r352187)
@@ -393,7 +393,8 @@ main(void)
CHECK(cap_dns_family_limit(capdns, families, 2) == 0);
CHECK(runtest(capdns) ==
- (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6));
+ (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 |
+ GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6));
cap_close(capdns);
@@ -419,9 +420,7 @@ main(void)
CHECK(cap_dns_family_limit(capdns, families, 2) == 0);
CHECK(runtest(capdns) ==
- (GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 |
- GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6));
-
+ (GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6));
cap_close(capdns);
/*
@@ -512,7 +511,8 @@ main(void)
CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
errno == ENOTCAPABLE);
- CHECK(runtest(capdns) == (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET));
+ CHECK(runtest(capdns) ==
+ (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETADDRINFO_AF_INET));
cap_close(capdns);
@@ -548,7 +548,8 @@ main(void)
CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
errno == ENOTCAPABLE);
- CHECK(runtest(capdns) == GETHOSTBYNAME2_AF_INET6);
+ CHECK(runtest(capdns) ==
+ (GETHOSTBYNAME2_AF_INET6 | GETADDRINFO_AF_INET6));
cap_close(capdns);
@@ -584,7 +585,7 @@ main(void)
CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
errno == ENOTCAPABLE);
- CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET | GETADDRINFO_AF_INET));
+ CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET);
cap_close(capdns);
@@ -620,8 +621,7 @@ main(void)
CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
errno == ENOTCAPABLE);
- CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET6 |
- GETADDRINFO_AF_INET6));
+ CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET6);
cap_close(capdns);
@@ -657,7 +657,8 @@ main(void)
errno == ENOTCAPABLE);
/* Do the limits still hold? */
- CHECK(runtest(capdns) == (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET));
+ CHECK(runtest(capdns) == (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET |
+ GETADDRINFO_AF_INET));
cap_close(capdns);
@@ -691,8 +692,7 @@ main(void)
errno == ENOTCAPABLE);
/* Do the limits still hold? */
- CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET6 |
- GETADDRINFO_AF_INET6));
+ CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET6);
cap_close(capdns);
More information about the svn-src-stable
mailing list