diff options
| author | ton <none@none> | 2007-10-12 15:25:15 -0700 |
|---|---|---|
| committer | ton <none@none> | 2007-10-12 15:25:15 -0700 |
| commit | 1f041b1785d05ef9863b007d3807833c3609391d (patch) | |
| tree | f11d6c33eac262b23e60754daad1aad501df9ade | |
| parent | 8cdfbd11336f55643933d1869e8c5a5c23dcd546 (diff) | |
| download | illumos-joyent-1f041b1785d05ef9863b007d3807833c3609391d.tar.gz | |
6429548 tnchkdb succeeds when field delimiters and the comment character are used in tnrhtp template name
6507225 tnctl error msg should provide address field to identify tnrhdb entry
| -rw-r--r-- | usr/src/cmd/tsol/tnctl/tnctl.c | 66 | ||||
| -rw-r--r-- | usr/src/lib/libtsnet/common/libtsnet.h | 3 | ||||
| -rw-r--r-- | usr/src/lib/libtsnet/common/tsol_sgettpent.c | 5 |
3 files changed, 51 insertions, 23 deletions
diff --git a/usr/src/cmd/tsol/tnctl/tnctl.c b/usr/src/cmd/tsol/tnctl/tnctl.c index 04a44e33cf..56776d4688 100644 --- a/usr/src/cmd/tsol/tnctl/tnctl.c +++ b/usr/src/cmd/tsol/tnctl/tnctl.c @@ -55,6 +55,7 @@ static void process_tp(const char *); static void process_tpl(const char *); static void process_tnzone(const char *); static void usage(void); +static void translate_inet_addr(tsol_rhent_t *, int *, char [], int); static boolean_t verbose_mode; static boolean_t delete_mode; @@ -127,6 +128,44 @@ print_error(int linenum, int err, const char *errstr) } /* + * Produce ascii format of address and prefix length + */ +static void +translate_inet_addr(tsol_rhent_t *rhentp, int *alen, char abuf[], int abuflen) +{ + void *aptr; + tsol_rhent_t rhent; + struct in6_addr ipv6addr; + char tmpbuf[20]; + + (void) snprintf(tmpbuf, sizeof (tmpbuf), "/%d", rhentp->rh_prefix); + + if (rhentp->rh_address.ta_family == AF_INET6) { + aptr = &(rhentp->rh_address.ta_addr_v6); + *alen = sizeof (ipv6addr); + (void) inet_ntop(rhentp->rh_address.ta_family, aptr, abuf, + abuflen); + if (rhentp->rh_prefix != 128) { + if (strlcat(abuf, tmpbuf, abuflen) >= abuflen) + (void) fprintf(stderr, gettext( + "tnctl: buffer overflow detected: %s\n"), + abuf); + } + } else { + aptr = &(rhentp->rh_address.ta_addr_v4); + *alen = sizeof (rhent.rh_address.ta_addr_v4); + (void) inet_ntop(rhentp->rh_address.ta_family, aptr, abuf, + abuflen); + if (rhentp->rh_prefix != 32) { + if (strlcat(abuf, tmpbuf, abuflen) >= abuflen) + (void) fprintf(stderr, gettext( + "tnctl: buffer overflow detected: %s\n"), + abuf); + } + } +} + +/* * Load remote host entries from the designated file. */ static void @@ -135,6 +174,9 @@ process_rhl(const char *file) boolean_t success = B_FALSE; tsol_rhent_t *rhentp = NULL; FILE *fp; + int alen; + /* abuf holds: <numeric-ip-addr>'/'<prefix-length>'\0' */ + char abuf[INET6_ADDRSTRLEN+5]; if ((fp = fopen(file, "r")) == NULL) { (void) fprintf(stderr, @@ -158,10 +200,12 @@ process_rhl(const char *file) if (errno == EFAULT) perror("tnrh"); else + translate_inet_addr(rhentp, &alen, abuf, + sizeof (abuf)); (void) fprintf(stderr, gettext("tnctl: load of remote-host entry " "%1$s into kernel cache failed: %2$s\n"), - rhentp->rh_template, strerror(errno)); + abuf, strerror(errno)); tsol_endrhent(); exit(1); } @@ -274,25 +318,7 @@ process_rh(const char *hostname) } /* produce ascii format of address and prefix length */ - if (rhentp->rh_address.ta_family == AF_INET6) { - aptr = &(rhentp->rh_address.ta_addr_v6); - alen = sizeof (ipv6addr); - (void) inet_ntop(rhentp->rh_address.ta_family, aptr, abuf, - sizeof (abuf)); - if (rhentp->rh_prefix != 128) { - cp1 = abuf + strlen(abuf); - (void) sprintf(cp1, "/%d", rhentp->rh_prefix); - } - } else { - aptr = &(rhentp->rh_address.ta_addr_v4); - alen = sizeof (rhent.rh_address.ta_addr_v4); - (void) inet_ntop(rhentp->rh_address.ta_family, aptr, abuf, - sizeof (abuf)); - if (rhentp->rh_prefix != 32) { - cp1 = abuf + strlen(abuf); - (void) sprintf(cp1, "/%d", rhentp->rh_prefix); - } - } + translate_inet_addr(rhentp, &alen, abuf, sizeof (abuf)); /* * look up the entry from ldap or tnrhdb if this is a load diff --git a/usr/src/lib/libtsnet/common/libtsnet.h b/usr/src/lib/libtsnet/common/libtsnet.h index 2aa6d5fc56..c1f9b695bd 100644 --- a/usr/src/lib/libtsnet/common/libtsnet.h +++ b/usr/src/lib/libtsnet/common/libtsnet.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * All symbols and functions in this header file and library are private to Sun @@ -44,6 +44,7 @@ extern "C" { #define TNZONECFG_PATH "/etc/security/tsol/tnzonecfg" #define TNDB_COMMA ", \t" +#define TN_RESERVED ",#;" /* * String parsing routines diff --git a/usr/src/lib/libtsnet/common/tsol_sgettpent.c b/usr/src/lib/libtsnet/common/tsol_sgettpent.c index e2dbea6986..5ceb002648 100644 --- a/usr/src/lib/libtsnet/common/tsol_sgettpent.c +++ b/usr/src/lib/libtsnet/common/tsol_sgettpent.c @@ -267,8 +267,9 @@ tpstr_to_ent(tsol_tpstr_t *tpstrp, int *errp, char **errstrp) *errp = LTSNET_SYSERR; return (NULL); } - if (strlcpy(tpentp->name, template, sizeof (tpentp->name)) >= - sizeof (tpentp->name)) { + if ((strlcpy(tpentp->name, template, sizeof (tpentp->name)) >= + sizeof (tpentp->name)) || + strpbrk(tpentp->name, TN_RESERVED) != NULL) { *errp = LTSNET_ILL_NAME; goto err_ret; } |