/etc/hosts support for s6-tcpclient and s6-tcpserver-access

Signed-off-by: Laurent Bercot <ska@appnovation.com>
author: Laurent Bercot <ska-skaware@skarnet.org> 2023-11-18 04:17:07 +0000
committer: Laurent Bercot <ska@appnovation.com> 2023-11-18 04:17:07 +0000
commit: 06b1f4f397d53e9a4c9abe4c8c4c20a7240e7736 (patch)
tree: 05b93d967f6a946a7e0e2395399405c4ec12e3a9 /src/conn-tools/s6-tcpserver-access.c
parent: df6d3fae47a106b70dd9e073d0e60989cd182f79 (diff)
download: s6-networking-06b1f4f397d53e9a4c9abe4c8c4c20a7240e7736.tar.xz
1 files changed, 53 insertions, 25 deletions
diff --git a/src/conn-tools/s6-tcpserver-access.c b/src/conn-tools/s6-tcpserver-access.c
index e8c868a..10a9c5b 100644
--- a/src/conn-tools/s6-tcpserver-access.c
+++ b/src/conn-tools/s6-tcpserver-access.c
@@ -33,12 +33,13 @@
 #include <execline/config.h>
 #endif
 
-#define USAGE "s6-tcpserver-access [ -v verbosity ] [ -W | -w ] [ -D | -d ] [ -H | -h ] [ -R | -r ] [ -P | -p ] [ -l localname ] [ -B banner ] [ -t timeout ] [ -i rulesdir | -x rulesfile ] prog..."
+ /* XXX: this file is super ugly and full of tech debt */
+
+#define USAGE "s6-tcpserver-access [ -v verbosity ] [ -W | -w ] [ -D | -d ] [ -H ] [ -h ] [ -R | -r ] [ -P | -p ] [ -l localname ] [ -B banner ] [ -t timeout ] [ -i rulesdir | -x rulesfile ] prog..."
 #define dieusage() strerr_dieusage(100, USAGE)
 #define dienomem() strerr_diefu1sys(111, "update environment")
 #define X() strerr_dief1x(101, "internal inconsistency. Please submit a bug-report.")
 
-
 static void logit (pid_t pid, ip46 const *ip, int h)
 {
   char fmtpid[PID_FMT] ;
@@ -75,7 +76,7 @@ int main (int argc, char const *const *argv)
   size_t protolen ;
   s6_accessrules_result_t accepted ;
   ip46 remoteip, localip ;
-  int flagfatal = 1, flagnodelay = 0, flagdnslookup = 1,
+  int flagfatal = 1, flagnodelay = 0, flagdnslookup = 1, flaghosts = 0,
     flagident = 0, flagparanoid = 0, e = 0 ;
   uint16_t remoteport, localport ;
   PROG = "s6-tcpserver-access" ;
@@ -93,7 +94,7 @@ int main (int argc, char const *const *argv)
         case 'D' : flagnodelay = 1 ; break ;
         case 'd' : flagnodelay = 0 ; break ;
         case 'H' : flagdnslookup = 0 ; break ;
-        case 'h' : flagdnslookup = 1 ; break ;
+        case 'h' : flaghosts = 1 ; break ;
         case 'R' : flagident = 0 ; break ;
         case 'r' : flagident = 1 ; break ;
         case 'P' : flagparanoid = 0 ; break ;
@@ -228,11 +229,13 @@ int main (int argc, char const *const *argv)
   }
   else
   {
+    stralloc sa = STRALLOC_ZERO ;
+    genalloc ga = GENALLOC_ZERO ;
     tain infinite ;
     s6dns_dpag_t data[2] = { S6DNS_DPAG_ZERO, S6DNS_DPAG_ZERO } ;
     s6dns_resolve_t blob[2] ;
     char remotebuf[256] ;
-    unsigned int remotelen = 0 ;
+    size_t remotelen = 0 ;
     char tcplocalhost[(protolen << 1) + 21] ;
     char *tcpremotehost = tcplocalhost + protolen + 10 ;
     memcpy(tcplocalhost, proto, protolen) ;
@@ -241,7 +244,7 @@ int main (int argc, char const *const *argv)
     memcpy(tcpremotehost + protolen, "REMOTEHOST", 11) ;
     tain_add_g(&infinite, &tain_infinite_relative) ;
 
-    if (!s6dns_init())
+    if (!s6dns_init_options(flaghosts))
     {
       if (verbosity >= 2) strerr_warnwu1sys("init DNS") ;
       if (flagfatal)
@@ -250,6 +253,33 @@ int main (int argc, char const *const *argv)
         goto reject ;
       }
     }
+    if (flaghosts)
+    {
+      int r = s6dns_hosts_name(remoteip.ip, &sa, &ga, ip46_is6(&remoteip)) ;
+      if (r == -1)
+      {
+        if (verbosity >= 2) strerr_warnwu3sys("look up ", "remote", " ip in hosts database") ;
+        if (flagfatal) { e = 111 ; goto reject ; }
+      }
+      if (r)
+      {
+        remotelen = strlen(sa.s + genalloc_s(size_t, &ga)[0]) ;
+        if (remotelen > 255) remotelen = 255 ;
+        memcpy(remotebuf, sa.s + genalloc_s(size_t, &ga)[0], remotelen + 1) ;
+        genalloc_setlen(size_t, &ga, 0) ;
+        sa.len = 0 ;  
+      }
+      if (!localname)
+      {
+        r = s6dns_hosts_name(localip.ip, &sa, &ga, ip46_is6(&localip)) ;
+        if (r == -1)
+        {
+          if (verbosity >= 2) strerr_warnwu3sys("look up ", "local", " ip in hosts database") ;
+          if (flagfatal) { e = 111 ; goto reject ; }
+        }
+        if (r) localname = sa.s + genalloc_s(size_t, &ga)[0] ;
+      }
+    }
     if (localname)
     {
       if (!env_addmodif(&modifs, tcplocalhost, localname)) dienomem() ;
@@ -265,15 +295,18 @@ int main (int argc, char const *const *argv)
       blob[0].options = S6DNS_O_RECURSIVE ;
       data[0].rtype = S6DNS_T_PTR ;
     }
-    s6dns_domain_arpafromip46(&blob[1].q, &remoteip) ;
-    s6dns_domain_encode(&blob[1].q) ;
-    blob[1].qtype = S6DNS_T_PTR ;
-    blob[1].deadline = deadline ;
-    blob[1].parsefunc = &s6dns_message_parse_answer_domain ;
-    blob[1].data = &data[1] ;
-    blob[1].options = S6DNS_O_RECURSIVE ;
-    data[1].rtype = S6DNS_T_PTR ;
-    if (!s6dns_resolven_parse_g(blob + !!localname, 1 + !localname, &infinite))
+    if (!remotelen)
+    {
+      s6dns_domain_arpafromip46(&blob[1].q, &remoteip) ;
+      s6dns_domain_encode(&blob[1].q) ;
+      blob[1].qtype = S6DNS_T_PTR ;
+      blob[1].deadline = deadline ;
+      blob[1].parsefunc = &s6dns_message_parse_answer_domain ;
+      blob[1].data = &data[1] ;
+      blob[1].options = S6DNS_O_RECURSIVE ;
+      data[1].rtype = S6DNS_T_PTR ;
+    }
+    if (!localname && !remotelen && !s6dns_resolven_parse_g(blob + !!localname, !localname + !remotelen, &infinite))
     {
       if (verbosity >= 3) strerr_warnwu2x("resolve IP addresses: ", s6dns_constants_error_str(errno)) ;
       if (flagfatal)
@@ -304,7 +337,7 @@ int main (int argc, char const *const *argv)
           if (!env_addmodif(&modifs, tcplocalhost, s)) dienomem() ;
         }
       }
-      if (!blob[1].status)
+      if (!remotelen && !blob[1].status)
       {
         if (genalloc_len(s6dns_domain_t, &data[1].ds))
         {
@@ -339,6 +372,8 @@ int main (int argc, char const *const *argv)
       }
     }
     if (!env_addmodif(&modifs, tcpremotehost, remotelen ? remotebuf : 0)) dienomem() ;
+
+
     if (remotelen && (accepted == S6_ACCESSRULES_NOTFOUND))
     {
       switch (rulestype)
@@ -386,13 +421,6 @@ int main (int argc, char const *const *argv)
   xmexec_m(argv, params.env.s, params.env.len) ;
 
  reject:
-  if (verbosity >= 2)
-  {
-    char fmtpid[PID_FMT] ;
-    char fmtip[IP46_FMT] ;
-    fmtip[ip46_fmt(fmtip, &remoteip)] = 0 ;
-    fmtpid[pid_fmt(fmtpid, getpid())] = 0 ;
-    strerr_dief5x(e, "reject", " pid ", fmtpid, " ip ", fmtip) ;
-  }
-  else return e ;
+  if (verbosity >= 2) log_deny(getpid(), &remoteip) ;
+  return e ;
 }
author	Laurent Bercot <ska-skaware@skarnet.org>	2023-11-18 04:17:07 +0000
committer	Laurent Bercot <ska@appnovation.com>	2023-11-18 04:17:07 +0000
commit	06b1f4f397d53e9a4c9abe4c8c4c20a7240e7736 (patch)
tree	05b93d967f6a946a7e0e2395399405c4ec12e3a9 /src/conn-tools/s6-tcpserver-access.c
parent	df6d3fae47a106b70dd9e073d0e60989cd182f79 (diff)
download	s6-networking-06b1f4f397d53e9a4c9abe4c8c4c20a7240e7736.tar.xz