Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Sep 2019 20:41:42 +0000 (UTC)
From:      Mariusz Zaborski <oshogbo@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r352187 - in stable/12/lib/libcasper/services/cap_dns: . tests
Message-ID:  <201909102041.x8AKfgA8068981@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: oshogbo
Date: Tue Sep 10 20:41:42 2019
New Revision: 352187
URL: https://svnweb.freebsd.org/changeset/base/352187

Log:
  MFCr340141:
    libcasper: fix limitations in dns service
  
    The getaddrinfo(3) and gethostbyname(3) are used to return the address for a
    given hostname. The getnameinfo(3) and gethostbyaddr(3) are used to return
    hostname for a given address. Right now in casper, we have two limitations:
    - NAME which allows resolving DNS names.
    - ADDR which allows to do revert DNS lookups.
  
    Before this change the rights was mixed up:
    NAME - getnameinfo(3) and gethostbyname(3)
    ADDR - gethostbyaddr(3) and getaddrinfo(3)
  
    Which no matters on limitation allowed us to resolve DNS names and do DNS
    lookups basically by using a different set of functions.
  
    Now the NAME type allows getaddrinfo(3) and gethostbyname (3)functions,
    and the ADDR names allow to use gethostbyaddr(3) and getnameinfo(3) functions.
  
    Reviewed by:  pjd, bcr
    Discussed with:       hrs
    Differential Revision:        https://reviews.freebsd.org/D16930

Modified:
  stable/12/lib/libcasper/services/cap_dns/cap_dns.3
  stable/12/lib/libcasper/services/cap_dns/cap_dns.c
  stable/12/lib/libcasper/services/cap_dns/tests/dns_test.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/lib/libcasper/services/cap_dns/cap_dns.3
==============================================================================
--- stable/12/lib/libcasper/services/cap_dns/cap_dns.3	Tue Sep 10 20:27:44 2019	(r352186)
+++ stable/12/lib/libcasper/services/cap_dns/cap_dns.3	Tue Sep 10 20:41:42 2019	(r352187)
@@ -118,19 +118,21 @@ or
 .Dv NAME .
 The
 .Dv ADDR
-means that functions
-.Fn cap_gethostbyname ,
-.Fn cap_gethostbyname2
+means that reverse DNS lookups are allowed with
+.Fn cap_getnameinfo
 and
 .Fn cap_gethostbyaddr
-are allowed.
+functions.
 In case when
 .Va type
 is set to
 .Dv NAME
-the
-.Fn cap_getnameinfo
-function is allowed.
+the name resolution is allowed with
+.Fn cap_getaddrinfo ,
+.Fn cap_gethostbyname ,
+and
+.Fn cap_gethostbyname2
+functions.
 .It family ( NV_TYPE_NUMBER )
 The
 .Va family

Modified: stable/12/lib/libcasper/services/cap_dns/cap_dns.c
==============================================================================
--- stable/12/lib/libcasper/services/cap_dns/cap_dns.c	Tue Sep 10 20:27:44 2019	(r352186)
+++ stable/12/lib/libcasper/services/cap_dns/cap_dns.c	Tue Sep 10 20:41:42 2019	(r352187)
@@ -524,7 +524,7 @@ dns_getnameinfo(const nvlist_t *limits, const nvlist_t
 	socklen_t salen;
 	int error, flags;
 
-	if (!dns_allowed_type(limits, "NAME"))
+	if (!dns_allowed_type(limits, "ADDR"))
 		return (NO_RECOVERY);
 
 	error = 0;
@@ -617,7 +617,7 @@ dns_getaddrinfo(const nvlist_t *limits, const nvlist_t
 	unsigned int ii;
 	int error, family, n;
 
-	if (!dns_allowed_type(limits, "ADDR"))
+	if (!dns_allowed_type(limits, "NAME"))
 		return (NO_RECOVERY);
 
 	hostname = dnvlist_get_string(nvlin, "hostname", NULL);

Modified: stable/12/lib/libcasper/services/cap_dns/tests/dns_test.c
==============================================================================
--- stable/12/lib/libcasper/services/cap_dns/tests/dns_test.c	Tue Sep 10 20:27:44 2019	(r352186)
+++ stable/12/lib/libcasper/services/cap_dns/tests/dns_test.c	Tue Sep 10 20:41:42 2019	(r352187)
@@ -393,7 +393,8 @@ main(void)
 	CHECK(cap_dns_family_limit(capdns, families, 2) == 0);
 
 	CHECK(runtest(capdns) ==
-	    (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6));
+	    (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 |
+	    GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6));
 
 	cap_close(capdns);
 
@@ -419,9 +420,7 @@ main(void)
 	CHECK(cap_dns_family_limit(capdns, families, 2) == 0);
 
 	CHECK(runtest(capdns) ==
-	    (GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 |
-	    GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6));
-
+	    (GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6));
 	cap_close(capdns);
 
 	/*
@@ -512,7 +511,8 @@ main(void)
 	CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
 	    errno == ENOTCAPABLE);
 
-	CHECK(runtest(capdns) == (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET));
+	CHECK(runtest(capdns) ==
+	    (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETADDRINFO_AF_INET));
 
 	cap_close(capdns);
 
@@ -548,7 +548,8 @@ main(void)
 	CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
 	    errno == ENOTCAPABLE);
 
-	CHECK(runtest(capdns) == GETHOSTBYNAME2_AF_INET6);
+	CHECK(runtest(capdns) ==
+	    (GETHOSTBYNAME2_AF_INET6 | GETADDRINFO_AF_INET6));
 
 	cap_close(capdns);
 
@@ -584,7 +585,7 @@ main(void)
 	CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
 	    errno == ENOTCAPABLE);
 
-	CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET | GETADDRINFO_AF_INET));
+	CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET);
 
 	cap_close(capdns);
 
@@ -620,8 +621,7 @@ main(void)
 	CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
 	    errno == ENOTCAPABLE);
 
-	CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET6 |
-	    GETADDRINFO_AF_INET6));
+	CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET6);
 
 	cap_close(capdns);
 
@@ -657,7 +657,8 @@ main(void)
 	    errno == ENOTCAPABLE);
 
 	/* Do the limits still hold? */
-	CHECK(runtest(capdns) == (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET));
+	CHECK(runtest(capdns) == (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET |
+	    GETADDRINFO_AF_INET));
 
 	cap_close(capdns);
 
@@ -691,8 +692,7 @@ main(void)
 	    errno == ENOTCAPABLE);
 
 	/* Do the limits still hold? */
-	CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET6 |
-	    GETADDRINFO_AF_INET6));
+	CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET6);
 
 	cap_close(capdns);
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909102041.x8AKfgA8068981>