first pass centralizing validate_ip function

usr/local/share/bastille/clone.sh

@@ -110,88 +110,33 @@ clone_validate_jail_name() {
     fi
 }
 
-validate_ip() {
-
-    local ip="${1}"
-    local ip4="$(echo ${ip} | awk -F"/" '{print $1}')"
-    local ip6="$(echo ${ip} | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)')"
-    local subnet="$(echo ${ip} | awk -F"/" '{print $2}')"
-
-    if [ -n "${ip6}" ]; then
-    	if [ "${ip6}" = "SLAAC" ] && [ "$(bastille config ${TARGET} get vnet)" != "enabled" ];  then
-            error_exit "[ERROR]: Unsupported IP option for standard jail: (${ip6})."
-        fi
-        if [ "${VNET_JAIL}" -eq 1 ]; then
-            if [ -z "${subnet}" ]; then
-                subnet="64"
-                ip6="${ip6}/${subnet}"
-            elif echo "${subnet}" | grep -Eq '^[0-9]+$'; then
-                error_exit "[ERROR]: Invalid subnet: /${subnet}"
-            elif [ "${subnet}" -lt 1 ] || [ "${subnet}" -gt 128 ]; then
-                error_exit "[ERROR]: Invalid subnet: /${subnet}"
-            fi
-        fi
-        info "\nValid IP: ${ip6}"
-        IP6_ADDR="${ip6}"
-    elif [ "${ip}" = "inherit" ] || [ "${ip}" = "ip_hostname" ]; then
-	        if [ "$(bastille config ${TARGET} get vnet)" = "enabled" ];  then
-                error_exit "[ERROR]: Unsupported IP option for VNET jail: ${ip}"
-	        else
-                info "\nValid IP: ${ip}"
-                IP4_ADDR="${ip}"
-                IP6_ADDR="${ip}"
-	        fi
-    elif [ "${ip}" = "0.0.0.0" ] || [ "${ip}" = "DHCP" ] || [ "${ip}" = "SYNCDHCP" ]; then
-        if [ "$(bastille config ${TARGET} get vnet)" = "enabled" ];  then
-            info "\nValid IP: ${ip}"
-            IP4_ADDR="${ip}"
-        else
-            error_exit "[ERROR]: Unsupported IP option for standard jail: ${ip}"
-        fi
-    else
-        if [ "${VNET_JAIL}" -eq 1 ]; then
-            if [ -z "${subnet}" ]; then
-                subnet="24"
-                ip4="${ip4}/${subnet}"
-            elif echo "${subnet}" | grep -Eq '^[0-9]+$'; then
-                error_exit "[ERROR]: Invalid subnet: /${subnet}"
-            elif [ "${subnet}" -lt 1 ] || [ "${subnet}" -gt 32 ]; then
-                error_exit "[ERROR]: Invalid subnet: /${subnet}"
-            fi
-        fi
-        local IFS
-        if echo "${ip4}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
-            TEST_IP=$(echo "${ip4}" | cut -d / -f1)
-            IFS=.
-            set ${TEST_IP}
-            for quad in 1 2 3 4; do
-                if eval [ \$$quad -gt 255 ]; then
-                    error_exit "[ERROR]: Invalid IP: ${TEST_IP}"
-                fi
-            done
-
-            if ifconfig | grep -qwF "${TEST_IP}"; then
-                warn "\n[WARNING]: IP address already in use: ${TEST_IP}"
-                IP4_ADDR="${ip4}"
-            else
-                info "\nValid IP: ${ip4}"
-                IP4_ADDR="${ip4}"
-            fi
-
-        else
-            error_exit "[ERROR]: Invalid IP: ${ip4}"
-        fi
-    fi
-}
-
-validate_ips() {
+define_ips() {
 
     IP4_ADDR=""
     IP6_ADDR=""
 
     for ip in ${IP}; do
-        validate_ip "${ip}"
+        validate_ip "${ip}" "${VNET_JAIL}"
     done
+
+    if [ -n "${IP4_ADDR}" ]; then
+        if [ "${IP4_ADDR}" = "inherit" ] || [ "${IP4_ADDR}" = "ip_hostname" ]; then
+	        if [ "$(bastille config ${TARGET} get vnet)" = "enabled" ];  then
+                error_exit "[ERROR]: Unsupported IP option for VNET jail: ${IP4_ADDR}"
+        elif [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
+            if [ "$(bastille config ${TARGET} get vnet)" != "enabled" ];  then
+                error_exit "[ERROR]: Unsupported IP option for standard jail: ${IP4_ADDR}"
+            fi
+        elif ifconfig | grep -qwF "${IP4_ADDR}"; then
+            warn "\n[WARNING]: IP address already in use: ${TEST_IP}"
+        fi
+    fi
+
+    if [ -n "${IP6_ADDR}" ]; then
+        if [ "${IP6_ADDR}" = "SLAAC" ] && [ "$(bastille config ${TARGET} get vnet)" != "enabled" ];  then
+            error_exit "[ERROR]: Unsupported IP option for standard jail: ${IP6_ADDR}"
+        fi
+    fi
 }
 
 update_jailconf() {
@@ -495,7 +440,7 @@ clone_jail() {
         fi
 
         if [ -n "${IP}" ]; then
-            validate_ips
+            define_ips
         else
             usage
         fi

usr/local/share/bastille/common.sh

@@ -327,13 +327,72 @@ target_all_jails() {
 }
 
 update_fstab() {
-    local _oldname="${1}"
-    local _newname="${2}"
-    local _fstab="${bastille_jailsdir}/${_newname}/fstab"
-    if [ -f "${_fstab}" ]; then
-        sed -i '' "s|${bastille_jailsdir}/${_oldname}/root/|${bastille_jailsdir}/${_newname}/root/|" "${_fstab}"
+
+    local oldname="${1}"
+    local newname="${2}"
+    local fstab="${bastille_jailsdir}/${newname}/fstab"
+
+    if [ -f "${fstab}" ]; then
+        sed -i '' "s|${bastille_jailsdir}/${oldname}/root/|${bastille_jailsdir}/${newname}/root/|" "${fstab}"
     else
-        error_notify "Error: Failed to update fstab: ${_newmane}"
+        error_notify "Error: Failed to update fstab: ${newmane}"
+    fi
+}
+
+validate_ip() {
+
+    local ip="${1}"
+    local vnet_jail="${2}"
+    local ip4="$(echo ${ip} | awk -F"/" '{print $1}')"
+    local ip6="$(echo ${ip} | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)')"
+    local subnet="$(echo ${ip} | awk -F"/" '{print $2}')"
+    local IFS
+
+    if [ -n "${ip6}" ]; then
+        if [ "${vnet_jail}" -eq 1 ]; then
+            if [ -z "${subnet}" ]; then
+                subnet="64"
+                ip6="${ip6}/${subnet}"
+            elif echo "${subnet}" | grep -Eq '^[0-9]+$'; then
+                error_exit "[ERROR]: Invalid subnet: /${subnet}"
+            elif [ "${subnet}" -lt 1 ] || [ "${subnet}" -gt 128 ]; then
+                error_exit "[ERROR]: Invalid subnet: /${subnet}"
+            fi
+        fi
+        info "\nValid IP: ${ip6}"
+        export IP6_ADDR="${ip6}"
+    elif [ "${ip}" = "inherit" ] || [ "${ip}" = "ip_hostname" ] || [ "${ip}" = "0.0.0.0" ] || [ "${ip}" = "DHCP" ] || [ "${ip}" = "SYNCDHCP" ]; then
+            info "\nValid IP: ${ip}"
+            IP4_ADDR="${ip}"
+            IP6_ADDR="${ip}"
+    elif [ -n "${ip4}" ]; then
+        if [ "${vnet_jail}" -eq 1 ]; then
+            if [ -z "${subnet}" ]; then
+                subnet="24"
+                ip4="${ip4}/${subnet}"
+            elif echo "${subnet}" | grep -Eq '^[0-9]+$'; then
+                error_exit "[ERROR]: Invalid subnet: /${subnet}"
+            elif [ "${subnet}" -lt 1 ] || [ "${subnet}" -gt 32 ]; then
+                error_exit "[ERROR]: Invalid subnet: /${subnet}"
+            fi
+        fi
+        if echo "${ip4}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
+            test_ip=$(echo "${ip4}" | cut -d / -f1)
+            IFS=.
+            set ${test_ip}
+            for quad in 1 2 3 4; do
+                if eval [ \$$quad -gt 255 ]; then
+                    error_exit "[ERROR]: Invalid IP: ${test_ip}"
+                fi
+            done
+
+            info "\nValid IP: ${ip4}"
+            export IP4_ADDR="${ip4}"
+        else
+            error_exit "[ERROR]: Invalid IP: ${ip4}"
+        fi
+    else
+        error_exit "[ERROR]: IP incorrectly formatted: ${ip}"
     fi
 }
 

usr/local/share/bastille/create.sh

@@ -111,105 +111,61 @@ validate_release() {
     OS_RELEASE="$( ${bastille_releasesdir}/${RELEASE}/bin/freebsd-version )"
 }
 
-validate_ip() {
+define_ips() {
 
-    local ip="${1}"
-    local ip4="$(echo ${ip} | awk -F"/" '{print $1}')"
-    local ip6="$(echo ${ip} | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)')"
-    local subnet="$(echo ${ip} | awk -F"/" '{print $2}')"
+    IP6_MODE="disable"
+    IP4_DEFINITION=""
+    IP6_DEFINITION=""
+    IP4_ADDR=""
+    IP6_ADDR=""
+    IP_HOSTNAME=""
 
-    if [ -n "${ip6}" ]; then
-        if [ "${VNET_JAIL}" -eq 1 ]; then
-            if [ -z "${subnet}" ]; then
-                subnet="64"
-                ip6="${ip6}/${subnet}"
-            elif echo "${subnet}" | grep -Eq '^[0-9]+$'; then
-                error_exit "[ERROR]: Invalid subnet: /${subnet}"
-            elif [ "${subnet}" -lt 1 ] || [ "${subnet}" -gt 128 ]; then
-                error_exit "[ERROR]: Invalid subnet: /${subnet}"
-            fi
-        fi
-        info "\nValid IP: ${ip6}"
-        local ipx_addr="ip6.addr"
-    else
-        if [ "${ip4}" = "inherit" ] || [ "${ip4}" = "ip_hostname" ]; then
+    for ip in ${IP}; do
+        validate_ip "${ip}"
+    done
+
+    if [ -n "${IP4_ADDR}" ]; then
+        if [ "${IP4_ADDR}" = "inherit" ] || [ "${IP4_ADDR}" = "ip_hostname" ]; then
 	        if [ "${VNET_JAIL}" -eq 1 ]; then
-                error_exit "[ERROR]: Unsupported IP option for VNET jail: ${ip4}"
-	        else
-                info "\nValid IP: ${ip4}"
+                error_exit "[ERROR]: Unsupported IP option for VNET jail: ${IP4_ADDR}"
 	        fi
-        elif [ "${ip4}" = "DHCP" ] || [ "${ip4}" = "SYNCDHCP" ] || [ "${ip4}" = "0.0.0.0" ]; then
+        elif [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ] || [ "${IP4_ADDR}" = "0.0.0.0" ]; then
 	        if [ "${VNET_JAIL}" -eq 0 ]; then
-                error_exit "[ERROR]: Unsupported IP option for non-VNET jail: ${ip4}"
-	        else
-                info "\nValid IP: ${ip4}"
+                error_exit "[ERROR]: Unsupported IP option for non-VNET jail: ${IP4_ADDR}"
 	        fi
-        else
-            if [ "${VNET_JAIL}" -eq 1 ]; then
-                if [ -z "${subnet}" ]; then
-                    subnet="24"
-                    ip4="${ip4}/${subnet}"
-                elif echo "${subnet}" | grep -Eq '^[0-9]+$'; then
-                    error_exit "[ERROR]: Invalid subnet: /${subnet}"
-                elif [ "${subnet}" -lt 1 ] || [ "${subnet}" -gt 32 ]; then
-                    error_exit "[ERROR]: Invalid subnet: /${subnet}"
-                fi
-            fi
-            local IFS
-            if echo "${ip4}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
-                TEST_IP=$(echo "${ip4}" | cut -d / -f1)
-                IFS=.
-                set ${TEST_IP}
-                for quad in 1 2 3 4; do
-                    if eval [ \$$quad -gt 255 ]; then
-                        error_exit "Invalid IP: ${TEST_IP}"
-                    fi
-                done
-                ipx_addr="ip4.addr"
-                info "\nValid IP: ${ip4}"
-            else
-                error_exit "Invalid IP: ${ip4}"
-            fi
+        # Warn if IP is in use
+        elif ifconfig | grep -qwF "${IP4_ADDR}"; then
+            warn "[WARNING]: IP address in use: ${IP4_ADDR}"
         fi
+        local ipx_addr="ip4.addr"
     fi
 
-    # Warn if IP is in use
-    if ifconfig | grep -qwF "${TEST_IP}"; then
-        warn "[WARNING]: IP address in use: ${TEST_IP}"
-    fi
-
-    # Set interface value
-    if [ ! -f "${bastille_jail_conf}" ]; then
-        if [ -z "${bastille_network_loopback}" ] && [ -n "${bastille_network_shared}" ]; then
-            local bastille_jail_conf_interface=${bastille_network_shared}
-        fi
-        if [ -n "${bastille_network_loopback}" ] && [ -z "${bastille_network_shared}" ]; then
-            local bastille_jail_conf_interface=${bastille_network_loopback}
-        fi
-        if [ -n "${INTERFACE}" ]; then
-            local bastille_jail_conf_interface=${INTERFACE}
+    if [ -n "${IP6_ADDR}" ]; then
+        if [ "${IP6_ADDR}" = "SLAAC" ] && [ "${VNET_JAIL}" -eq 0 ]; then
+            error_exit "[ERROR]: Unsupported IP option for standard jail: ${IP6_ADDR}"
         fi
+        local ipx_addr="ip6.addr"
     fi
 
     # Determine IP/Interface mode
-    if [ "${ip}" = "inherit" ]; then
+    if [ "${IP4_ADDR}" = "inherit" ]; then
         if [ "${DUAL_STACK}" -eq 1 ]; then
-            IP4_DEFINITION="ip4 = ${ip};"
-            IP6_DEFINITION="ip6 = ${ip};"
+            IP4_DEFINITION="ip4 = ${IP4_ADDR};"
+            IP6_DEFINITION="ip6 = ${IP6_ADDR};"
             IP6_MODE="new"
         else
-            IP4_DEFINITION="ip4 = ${ip};"
+            IP4_DEFINITION="ip4 = ${IP4_ADDR};"
             IP6_DEFINITION=""
             IP6_MODE="disable"
         fi
-    elif [ "${ip}" = "ip_hostname" ]; then
+    elif [ "${IP4_ADDR}" = "ip_hostname" ]; then
         if [ "${DUAL_STACK}" -eq 1 ]; then
-            IP_HOSTNAME="${ip}"
+            IP_HOSTNAME="${IP4_ADDR}"
             IP4_DEFINITION="${IP_HOSTNAME};"
             IP6_DEFINITION="${IP_HOSTNAME};"
             IP6_MODE="new"
         else
-            IP_HOSTNAME="${ip}"
+            IP_HOSTNAME="${IP4_ADDR}"
             IP4_DEFINITION="${IP_HOSTNAME};"
             IP6_DEFINITION=""
             IP6_MODE="disable"
@@ -225,35 +181,28 @@ validate_ip() {
             error_exit "[ERROR]: Unsupported IP option for standard jail: ${ip}"
         fi
     else
-        if [ "${VNET_JAIL}" -eq 1 ]; then
+        if [ "${VNET_JAIL}" -eq 0 ]; then
             if [ "${ipx_addr}" = "ip4.addr" ]; then
-                IP4_ADDR="${ip4}"
+                IP4_DEFINITION="${ipx_addr} = ${bastille_jail_conf_interface}|${IP4_ADDR};"
             elif [ "${ipx_addr}" = "ip6.addr" ]; then
-                IP6_ADDR="${ip6}"
-            fi
-        else
-            if [ "${ipx_addr}" = "ip4.addr" ]; then
-                IP4_DEFINITION="${ipx_addr} = ${bastille_jail_conf_interface}|${ip};"
-            elif [ "${ipx_addr}" = "ip6.addr" ]; then
-                IP6_DEFINITION="${ipx_addr} = ${bastille_jail_conf_interface}|${ip};"
+                IP6_DEFINITION="${ipx_addr} = ${bastille_jail_conf_interface}|${IP6_ADDR};"
                 IP6_MODE="new"
             fi
         fi
     fi
-}
 
-validate_ips() {
-
-    IP6_MODE="disable"
-    IP4_DEFINITION=""
-    IP6_DEFINITION=""
-    IP4_ADDR=""
-    IP6_ADDR=""
-    IP_HOSTNAME=""
-
-    for ip in ${IP}; do
-        validate_ip "${ip}"
-    done
+    # Set interface value
+    if [ ! -f "${bastille_jail_conf}" ]; then
+        if [ -z "${bastille_network_loopback}" ] && [ -n "${bastille_network_shared}" ]; then
+            local bastille_jail_conf_interface=${bastille_network_shared}
+        fi
+        if [ -n "${bastille_network_loopback}" ] && [ -z "${bastille_network_shared}" ]; then
+            local bastille_jail_conf_interface=${bastille_network_loopback}
+        fi
+        if [ -n "${INTERFACE}" ]; then
+            local bastille_jail_conf_interface=${INTERFACE}
+        fi
+    fi
 }
 
 validate_netif() {

usr/local/share/bastille/network.sh

@@ -140,6 +140,9 @@ fi
 # Default is standard interface
 if [ "${VNET}" -eq 0 ] && [ "${BRIDGE}" -eq 0 ] && [ "${PASSTHROUGH}" -eq 0 ]; then
     STANDARD=1
+    VNET_JAIL=0
+else
+    VNET_JAIL=1
 fi
 
 if [ "${ACTION}" = "add" ]; then
@@ -175,54 +178,31 @@ else
     error_exit "Use [-a|--auto] to auto-stop the jail."
 fi
 
-validate_ip() {
+define_ips() {
 
-    local ip="${1}"
-    local ip4="$(echo ${ip} | awk -F"/" '{print $1}')"
-    local ip6="$( echo "${ip}" | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)' )"
-    local subnet="$(echo ${ip} | awk -F"/" '{print $2}')"
+    IP4_ADDR=""
+    IP6_ADDR=""
 
-    if [ -n "${ip6}" ]; then
-        if [ "${STANDARD}" -eq 0 ]; then
-            if [ -z "${subnet}" ]; then
-                subnet="64"
-                ip6="${ip6}/${subnet}"
-            elif echo "${subnet}" | grep -Eq '^[0-9]+$'; then
-                error_exit "[ERROR]: Invalid subnet: /${subnet}"
-            elif [ "${subnet}" -lt 1 ] || [ "${subnet}" -gt 128 ]; then
-                error_exit "[ERROR]: Invalid subnet: /${subnet}"
+    for ip in ${IP}; do
+        validate_ip "${ip}" "${VNET_JAIL}"
+    done
+
+    if [ -n "${IP4_ADDR}" ]; then
+        if [ "${IP4_ADDR}" = "inherit" ] || [ "${IP4_ADDR}" = "ip_hostname" ]; then
+	        if [ "$(bastille config ${TARGET} get vnet)" = "enabled" ];  then
+                error_exit "[ERROR]: Unsupported IP option for VNET jail: ${IP4_ADDR}"
+        elif [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
+            if [ "$(bastille config ${TARGET} get vnet)" != "enabled" ];  then
+                error_exit "[ERROR]: Unsupported IP option for standard jail: ${IP4_ADDR}"
             fi
+        elif ifconfig | grep -qwF "${IP4_ADDR}"; then
+            warn "\n[WARNING]: IP address already in use: ${TEST_IP}"
         fi
-        info "\nValid IP: ${ip6}"
-        IP6_ADDR="${ip6}"
-    elif [ "${ip}" = "0.0.0.0" ] || [ "${ip}" = "DHCP" ] || [ "${ip}" = "SYNCDHCP" ]; then
-        info "\nValid IP: ${ip}"
-        IP4_ADDR="${ip}"
-    else
-        if [ "${STANDARD}" -eq 0 ]; then
-            if [ -z "${subnet}" ]; then
-                subnet="24"
-                ip4="${ip4}/${subnet}"
-            elif echo "${subnet}" | grep -Eq '^[0-9]+$'; then
-                error_exit "[ERROR]: Invalid subnet: /${subnet}"
-            elif [ "${subnet}" -lt 1 ] || [ "${subnet}" -gt 32 ]; then
-                error_exit "[ERROR]: Invalid subnet: /${subnet}"
-            fi
-        fi
-        local IFS
-        if echo "${ip4}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
-            TEST_IP=$(echo "${ip4}" | cut -d / -f1)
-            IFS=.
-            set ${TEST_IP}
-            for quad in 1 2 3 4; do
-                if eval [ \$$quad -gt 255 ]; then
-                    error_exit "[ERROR]: Invalid IP: ${TEST_IP}"
-                fi
-            done
-            info "\nValid IP: ${ip4}"
-            IP4_ADDR="${ip4}"
-        else
-            error_exit "[ERROR]: Invalid IP: ${ip4}"
+    fi
+
+    if [ -n "${IP6_ADDR}" ]; then
+        if [ "${IP6_ADDR}" = "SLAAC" ] && [ "$(bastille config ${TARGET} get vnet)" != "enabled" ];  then
+            error_exit "[ERROR]: Unsupported IP option for standard jail: ${IP6_ADDR}"
         fi
     fi
 }
@@ -667,7 +647,7 @@ case "${ACTION}" in
 
         ## validate IP if not empty
         if [ -n "${IP}" ]; then
-            validate_ip "${IP}"
+            define_ips "${IP}"
         fi
 
         if [ "${VNET}" -eq 1 ]; then