From owner-freebsd-bugs@FreeBSD.ORG Sat Jul 31 08:40:24 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26BBE16A4CE for ; Sat, 31 Jul 2004 08:40:24 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0958543D2F for ; Sat, 31 Jul 2004 08:40:24 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i6V8eM0g089202 for ; Sat, 31 Jul 2004 08:40:22 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i6V8eMxN089199; Sat, 31 Jul 2004 08:40:22 GMT (envelope-from gnats) Date: Sat, 31 Jul 2004 08:40:22 GMT Message-Id: <200407310840.i6V8eMxN089199@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: "Meno Abels" Subject: Re: kern/69064: No multiple ip4/6's could assigned to a jail. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Meno Abels List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jul 2004 08:40:24 -0000 The following reply was made to PR kern/69064; it has been noted by GNATS. From: "Meno Abels" To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: Re: kern/69064: No multiple ip4/6's could assigned to a jail. Date: Sat, 31 Jul 2004 10:35:21 +0200 sorry I missed to convert the userland tools in the unified diff format. Here they are. regards meno Index: usr.sbin/jail/jail.8 =================================================================== RCS file: /usr/freebsd.cvs/src/usr.sbin/jail/jail.8,v retrieving revision 1.57 diff -u -r1.57 jail.8 --- usr.sbin/jail/jail.8 2 Jul 2004 23:12:45 -0000 1.57 +++ usr.sbin/jail/jail.8 14 Jul 2004 19:09:14 -0000 @@ -43,7 +43,10 @@ .Nm .Op Fl i .Op Fl u Ar username | Fl U Ar username -.Ar path hostname ip-number command ... +.Op Fl j Ar jail identifier +.Op Fl a Ar ip4 or ip6 address +.Op Fl d Ar ip4 or ip6 address +.Ar path hostname [ip4|ip6] command ... .Sh DESCRIPTION The .Nm @@ -52,13 +55,22 @@ The options are as follows: .Bl -tag -width ".Fl u Ar username" .It Fl i -Output the jail identifier of the newly created jail. +Output the jail identifier of the newly created jail. Only valid without -j. .It Fl u Ar username The user name from host environment as whom the .Ar command should run. .It Fl U Ar username -The user name from jailed environment as whom the +The user name from jailed environment as whom the. Only valid without -j. +.It Fl j Ar jail identifier +This options set the jail identifier which is modified with -a oder -d. +The jail identifier could be retrieved with jls. +.It Fl a Ar ip4 or ip6 +This options add the specified ip number to the jail that is give with -j. You +can only have one -a per call. +.It Fl d Ar ip4 or ip6 +This options deletes the specified ip number from the jail that is give with -j. +You can only have one -d per call. .Ar command should run. .It Ar path @@ -66,7 +78,7 @@ .It Ar hostname Hostname of the prison. .It Ar ip-number -IP number assigned to the prison. +IP4 or IP6 number assigned to the prison. .It Ar command Pathname of the program which is to be executed. .El Index: usr.sbin/jail/jail.c =================================================================== RCS file: /usr/freebsd.cvs/src/usr.sbin/jail/jail.c,v retrieving revision 1.16 diff -u -r1.16 jail.c --- usr.sbin/jail/jail.c 27 Jun 2004 10:10:16 -0000 1.16 +++ usr.sbin/jail/jail.c 14 Jul 2004 17:49:51 -0000 @@ -13,9 +13,12 @@ #include #include +#include +#include #include #include + #include #include #include @@ -50,14 +53,18 @@ login_cap_t *lcap; struct jail j; struct passwd *pwd; - struct in_addr in; + int jid = 0; int ch, groups[NGROUPS], i, iflag, ngroups, uflag, Uflag; char path[PATH_MAX], *username; + char *address; + int add = 0; + int del = 0; + iflag = uflag = Uflag = 0; username = NULL; - while ((ch = getopt(argc, argv, "iu:U:")) != -1) { + while ((ch = getopt(argc, argv, "iu:U:j:a:d:")) != -1) { switch (ch) { case 'i': iflag = 1; @@ -70,14 +77,49 @@ username = optarg; Uflag = 1; break; + case 'j': + jid = atol(optarg); + break; + case 'a': + add = 1; + address = optarg; + break; + case 'd': + del = 1; + address = optarg; + break; + default: usage(); } } argc -= optind; argv += optind; - if (argc < 4) + if ((jid == 0 && argc < 4) || + (jid < 1 && (add || del)) || + (add && del) || + (jid > 0 && !(add || del))) usage(); + if (jid > 0) { + int function; + if (inet_pton(AF_INET, address, &j.u.v2.u.add_del.v4_6.ip4_num) > 0) { + function = add ? ADDIP4 : DELIP4; + } + else if (inet_pton(AF_INET6, address, &j.u.v2.u.add_del.v4_6.ip6_num) > 0) { + function = add ? ADDIP6 : DELIP6; + } + else { + err(1, "inet_pton: %s", address); + } + j.version = XPRISON_VERSION; + j.u.v2.function = function; + j.u.v2.u.add_del.id = jid; + i = jail(&j); + if (i == -1) + err(1, "jail(%d)", function); + exit (0); + } + if (uflag && Uflag) usage(); if (uflag) @@ -87,17 +129,29 @@ if (chdir(path) != 0) err(1, "chdir: %s", path); memset(&j, 0, sizeof(j)); - j.version = 0; - j.path = path; - j.hostname = argv[1]; - if (inet_aton(argv[2], &in) == 0) - errx(1, "Could not make sense of ip-number: %s", argv[2]); - j.ip_number = ntohl(in.s_addr); + j.version = XPRISON_VERSION; + j.u.v2.function = CREATEJAIL; + j.u.v2.u.createjail.path = path; + j.u.v2.u.createjail.hostname = argv[1]; + jid = i = jail(&j); + if (i == -1) + err(1, "jail(CREATEJAIL)"); + + j.version = XPRISON_VERSION; + j.u.v2.u.add_del.id = i; + j.u.v2.function = ADDIP4; + if (inet_pton(AF_INET, address, &j.u.v2.u.add_del.v4_6.ip4_num) <= 0) { + j.u.v2.function = ADDIP6; + if (inet_pton(AF_INET6, address, &j.u.v2.u.add_del.v4_6.ip6_num) <= 0) { + errx(1, "Could not make sense of ip-number: %s", argv[2]); + } + } i = jail(&j); if (i == -1) - err(1, "jail"); + err(1, "jail(%d)", j.u.v2.function); + if (iflag) { - printf("%d\n", i); + printf("%d\n", jid); fflush(stdout); } if (username != NULL) { @@ -121,8 +175,7 @@ usage(void) { - (void)fprintf(stderr, "%s%s\n", - "usage: jail [-i] [-u username | -U username]", - " path hostname ip-number command ..."); - exit(1); + (void)fprintf(stderr, + "usage: jail [-i] [-u username] [-j id] [[-a [ip4|ip6]|[-d [ip4|ip6]] [path hostname [ip4|ip6] command ...]\n"); + exit(1); } Index: usr.sbin/jls/jls.8 =================================================================== RCS file: /usr/freebsd.cvs/src/usr.sbin/jls/jls.8,v retrieving revision 1.1 diff -u -r1.1 jls.8 --- usr.sbin/jls/jls.8 9 Apr 2003 03:04:12 -0000 1.1 +++ usr.sbin/jls/jls.8 14 Jul 2004 19:00:53 -0000 @@ -33,10 +33,23 @@ .Nd "list active jails" .Sh SYNOPSIS .Nm +.Op Fl a +.Op Fl 6 .Sh DESCRIPTION The .Nm utility lists all active jails. +.Pp +The options are as follows: +.Bl -tag -width ".Fl a " +.It Fl a +output all ip4 assigments to the jail identifier(JID). Each ip4 gets +one line in output. If no ip4 address is assigned 0.0.0.0 is the output. +.It Fl 6 +output ip6 address also a new column is generated between IP Address +and Hostname. If no ip6 address is assigned :: is the output. +.El +.Pp Each jail is represented by one row which contains the following columns: jail identifier (JID), IP address, hostname, and path. .Sh SEE ALSO Index: usr.sbin/jls/jls.c =================================================================== RCS file: /usr/freebsd.cvs/src/usr.sbin/jls/jls.c,v retrieving revision 1.3 diff -u -r1.3 jls.c --- usr.sbin/jls/jls.c 22 Apr 2003 13:24:56 -0000 1.3 +++ usr.sbin/jls/jls.c 14 Jul 2004 08:37:32 -0000 @@ -30,20 +30,52 @@ #include #include +#include +#include +#include #include + #include #include #include #include #include +#include + +static int +usage(void) +{ + fprintf(stderr, "%s\n%s\n%s\n", + "usage: jls [-a] [-6]", + " -a output all jail assigned ip addresses", + " -6 output includes ipv6 addresses"); + exit(1); +} int -main(void) +main(int argc, char **argv) { struct xprison *sxp, *xp; - struct in_addr in; size_t i, len; + int allflag = 0; + int ip6flag = 0; + int ch; + + while ((ch = getopt(argc, argv, "a6")) != -1) { + switch (ch) { + case 'a': + allflag = 1; + break; + case '6': + ip6flag = 1; + break; + default: + usage(); + } + } + argc -= optind; + argv += optind; if (sysctlbyname("security.jail.list", NULL, &len, NULL, 0) == -1) err(1, "sysctlbyname(): security.jail.list"); @@ -65,11 +97,26 @@ xp->pr_version != XPRISON_VERSION) errx(1, "Kernel and userland out of sync"); - printf(" JID IP Address Hostname Path\n"); + if (ip6flag) + printf(" JID IP4 Address IP6 Address Hostname Path\n"); + else + printf(" JID IP Address Hostname Path\n"); for (i = 0; i < len / sizeof(*xp); i++) { - in.s_addr = ntohl(xp->pr_ip); - printf("%6d %-15.15s %-29.29s %.74s\n", - xp->pr_id, inet_ntoa(in), xp->pr_host, xp->pr_path); + if (allflag || xp->pr4_id == 0) { + if (ip6flag) { + char buffer[128]; + printf("%6d %-15.15s %-22.22s %-29.29s %.74s\n", + xp->pr_id, + inet_ntoa(xp->pr4_num), + inet_ntop(AF_INET6, xp->pr6_num.s6_addr, buffer, sizeof(buffer)), + xp->pr_host, + xp->pr_path); + } + else { + printf("%6d %-15.15s %-29.29s %.74s\n", + xp->pr_id, inet_ntoa(xp->pr4_num), xp->pr_host, xp->pr_path); + } + } xp++; } free(sxp);