/*
* lib/krb5/os/localaddr.c
*
* Copyright 1990,1991,2000,2001,2002,2004 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* Return the protocol addresses supported by this host.
* Exports from this file:
* krb5int_foreach_localaddr (does callbacks)
* krb5int_local_addresses (includes krb5.conf extra_addresses)
* krb5_os_localaddr (doesn't)
*
* XNS support is untested, but "Should just work". (Hah!)
*/
#include "k5-int.h"
#if !defined(_WIN32)
/* needed for solaris, harmless elsewhere... */
#define BSD_COMP
#include <errno.h>
#include <stddef.h>
#include <ctype.h>
# include "fake-addrinfo.h"
#endif
#include "foreachaddr.h"
/* Note: foreach_localaddr is exported from the library through
krb5int_accessor, for the KDC to use.
This function iterates over all the addresses it can find for the
local system, in one or two passes. In each pass, and between the
two, it can invoke callback functions supplied by the caller. The
two passes should operate on the same information, though not
necessarily in the same order each time. Duplicate and local
addresses should be eliminated. Storage passed to callback
functions should not be assumed to be valid after foreach_localaddr
returns.
The int return value is an errno value (XXX or krb5_error_code
returned for a socket error) if something internal to
foreach_localaddr fails. If one of the callback functions wants to
indicate an error, it should store something via the 'data' handle.
If any callback function returns a non-zero value,
foreach_localaddr will clean up and return immediately.
Multiple definitions are provided below, dependent on various
system facilities for extracting the necessary information. */
/* Now, on to the implementations, and heaps of debugging code. */
#ifdef TEST
#else
# define Tprintf(X) (void) X
# define Tperror(X) (void)(X)
#endif
/*
* The SIOCGIF* ioctls require a socket.
* It doesn't matter *what* kind of socket they use, but it has to be
* a socket.
*
* Of course, you can't just ask the kernel for a socket of arbitrary
* type; you have to ask for one with a valid type.
*
*/
#ifdef HAVE_NETINET_IN_H
#ifndef USE_AF
#define USE_PROTO 0
#endif
#endif
#ifdef KRB5_USE_NS
#ifndef USE_AF
#endif
#endif
/*
* Add more address families here.
*/
#define LINUX_IPV6_HACK
#endif
#include <errno.h>
/*
* Return all the protocol addresses of this host.
*
* We could kludge up something to return all addresses, assuming that
* they're valid kerberos protocol addresses, but we wouldn't know the
* real size of the sockaddr or know which part of it was actually the
* host part.
*
* This uses the SIOCGIFCONF, SIOCGIFFLAGS, and SIOCGIFADDR ioctl's.
*/
/*
* BSD 4.4 defines the size of an ifreq to be
* max(sizeof(ifreq), sizeof(ifreq.ifr_name)+ifreq.ifr_addr.sa_len
* However, under earlier systems, sa_len isn't present, so the size is
* just sizeof(struct ifreq).
*/
#ifdef HAVE_SA_LEN
#ifndef max
#define max(a,b) ((a) > (b) ? (a) : (b))
#endif
#else
#endif /* HAVE_SA_LEN*/
#include "socket-utils.h"
#include "fake-addrinfo.h"
/*@modifies fileSystem@*/
{
int err;
if (err)
printf ("<getnameinfo error %d: %s> family=%d",
else
}
#endif
#ifdef HAVE_IFADDRS_H
#include <ifaddrs.h>
#ifdef DEBUG
{
/* printf ("\tnext=%p\n", ifp->ifa_next); */
printf ("\tflags=");
{
ch = '<';
#ifdef IFF_OACTIVE
X (OACTIVE);
#endif
#ifdef IFF_SIMPLE
X (SIMPLEX);
#endif
X (MULTICAST);
printf (">");
#undef X
}
if (ifp->ifa_netmask)
if (ifp->ifa_broadaddr)
if (ifp->ifa_dstaddr)
printf ("\n}\n");
}
#endif /* DEBUG */
#include <string.h>
#include <stdlib.h>
static int
{
return 0;
#ifdef HAVE_SA_LEN
return 0;
#else
case AF_INET:
case AF_INET6:
default:
/* Err on side of duplicate listings. */
return 0;
}
#endif
}
#endif
#ifndef HAVE_IFADDRS_H
/*@-usereleased@*/ /* lclint doesn't understand realloc */
static /*@null@*/ void *
/*@*/
{
void *newptr;
return NULL;
}
return newptr;
}
/*@=usereleased@*/
static int
/*@modifies *buf,*lenp@*/
{
int ret;
/*@+matchanyintegral@*/
/*@=matchanyintegral@*/
/*@-moduncon@*/
/*@=moduncon@*/
/*@+matchanyintegral@*/
/*@=matchanyintegral@*/
return ret;
}
/* Solaris uses SIOCGLIFCONF to return struct lifconf which is just
an extended version of struct ifconf.
HP-UX 11 also appears to have SIOCGLIFCONF, but uses struct
if_laddrconf, and struct if_laddrreq to be used with
SIOCGLIFADDR. */
#if defined(SIOCGLIFCONF) && defined(HAVE_STRUCT_LIFCONF)
static int
/*@modifies *buf,*lenp@*/
{
int ret;
lifc.lifc_flags = 0;
/*@+matchanyintegral@*/
/*@=matchanyintegral@*/
/*@-moduncon@*/
if (ret)
Tperror ("SIOCGLIFCONF");
/*@=moduncon@*/
/*@+matchanyintegral@*/
/*@=matchanyintegral@*/
return ret;
}
#endif
#if defined(SIOCGLIFCONF) && defined(HAVE_STRUCT_IF_LADDRCONF) && 0
static int
/*@modifies *buf,*lenp@*/
{
int ret;
/*@+matchanyintegral@*/
/*@=matchanyintegral@*/
/*@-moduncon@*/
if (ret)
Tperror ("SIOCGLIFCONF");
/*@=moduncon@*/
/*@+matchanyintegral@*/
/*@=matchanyintegral@*/
return ret;
}
#endif
#endif /* ! HAVE_IFADDRS_H */
#ifdef LINUX_IPV6_HACK
#include <stdio.h>
(currently) any ioctl to return them. */
struct linux_ipv6_addr_list {
};
static struct linux_ipv6_addr_list *
{
FILE *f;
/* _PATH_PROCNET_IFINET6 */
if (f) {
int i;
while (fscanf(f,
"%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x"
" %2x %2x %2x %2x %20s\n",
&addrbyte[15],
for (i = 0; i < 16; i++)
if (scope != 0)
continue;
#if 0 /* These symbol names are as used by ifconfig, but none of the
system header files export them. Dig up the kernel versions
someday and see if they're exported. */
switch (scope) {
case 0:
default:
break;
case IPV6_ADDR_LINKLOCAL:
case IPV6_ADDR_SITELOCAL:
case IPV6_ADDR_COMPATv4:
case IPV6_ADDR_LOOPBACK:
continue;
}
#endif
if (nw == 0)
continue;
/* Ignore other fields, we don't actually use them here. */
}
fclose (f);
}
return lst;
}
#endif
/* Return value is errno if internal stuff failed, otherwise zero,
even in the case where a called function terminated the iteration.
If one of the callback functions wants to pass back an error
indication, it should do it via some field pointed to by the DATA
argument. */
#ifdef HAVE_IFADDRS_H
int
struct sockaddr *) /*@*/)
/*@modifies fileSystem@*/
#endif
{
int match;
if (getifaddrs (&ifp_head) < 0)
return errno;
#ifdef DEBUG
printifaddr (ifp);
#endif
continue;
/* Pretend it's not up, so the second pass will skip
it. */
continue;
}
/* Can't use an interface without an address. Linux
apparently does this sometimes. [RT ticket 1770 from
Maurice Massar, also Debian bug 206851, shows the
problem with a PPP link on a newer kernel than I'm
running.]
Pretend it's not up, so the second pass will skip
it. */
continue;
}
/* If this address is a duplicate, punt. */
match = 0;
continue;
continue;
match = 1;
break;
}
}
if (match)
continue;
goto punt;
}
goto punt;
if (pass2fn)
goto punt;
}
punt:
return 0;
}
int
struct sockaddr *) /*@*/)
/*@modifies fileSystem@*/
#endif
{
/* Okay, this is kind of odd. We have to use each of the address
families we care about, because with an AF_INET socket, extra
interfaces like hme0:1 that have only AF_INET6 addresses will
cause errors. Similarly, if hme0 has more AF_INET addresses
than AF_INET6 addresses, we won't be able to retrieve all of
the AF_INET addresses if we use an AF_INET6 socket. Since
neither family is guaranteed to have the greater number of
addresses, we should use both.
If it weren't for this little quirk, we could use one socket of
any type, and ask for addresses of all types. At least, it
seems to work that way. */
struct {
int af;
int sock;
void *buf;
int code, i, j;
/* init */
FOREACH_AF () {
P.sock = -1;
P.buf = 0;
}
/* first pass: get raw data, discard uninteresting addresses, callback */
FOREACH_AF () {
if (P.sock < 0) {
Tperror ("socket");
continue;
}
P.lifnum.lifn_flags = 0;
P.lifnum.lifn_count = 0;
if (code) {
Tperror ("ioctl(SIOCGLIFNUM)");
goto punt;
}
goto punt;
}
if (code < 0) {
goto punt;
}
/*@-moduncon@*/ /* ioctl unknown to lclint */
Tperror ("ioctl(SIOCGLIFFLAGS)");
skip:
/* mark for next pass */
continue;
}
/*@=moduncon@*/
#ifdef IFF_LOOPBACK
/* None of the current callers want loopback addresses. */
Tprintf ((" loopback\n"));
goto skip;
}
#endif
/* Ignore interfaces that are down. */
Tprintf ((" down\n"));
goto skip;
}
/* Make sure we didn't process this address already. */
for (j = 0; j < i; j += sizeof (*lifr2)) {
continue;
/* Compare address info. If this isn't good enough --
i.e., if random padding bytes turn out to differ
when the addresses are the same -- then we'll have
to do it on a per address family basis. */
sizeof (*lifr))) {
Tprintf ((" duplicate addr\n"));
goto skip;
}
}
/*@-moduncon@*/
goto punt;
/*@=moduncon@*/
}
}
/* Did we actually get any working sockets? */
FOREACH_AF ()
if (P.sock != -1)
goto have_working_socket;
goto punt;
/*@-moduncon@*/
goto punt;
/*@=moduncon@*/
if (pass2fn)
FOREACH_AF ()
if (P.sock >= 0) {
/* Marked in first pass to be ignored. */
continue;
/*@-moduncon@*/
goto punt;
/*@=moduncon@*/
}
}
punt:
FOREACH_AF () {
/*@-moduncon@*/
closesocket(P.sock);
/*@=moduncon@*/
}
return retval;
}
#elif defined (SIOCGLIFNUM) && defined(HAVE_STRUCT_IF_LADDRCONF) && 0 /* HP-UX 11 support being debugged */
int
struct sockaddr *) /*@*/)
/*@modifies fileSystem@*/
#endif
{
/* Okay, this is kind of odd. We have to use each of the address
families we care about, because with an AF_INET socket, extra
interfaces like hme0:1 that have only AF_INET6 addresses will
cause errors. Similarly, if hme0 has more AF_INET addresses
than AF_INET6 addresses, we won't be able to retrieve all of
the AF_INET addresses if we use an AF_INET6 socket. Since
neither family is guaranteed to have the greater number of
addresses, we should use both.
If it weren't for this little quirk, we could use one socket of
any type, and ask for addresses of all types. At least, it
seems to work that way. */
struct {
int af;
int sock;
void *buf;
int if_num;
int code, i, j;
/* init */
FOREACH_AF () {
P.sock = -1;
P.buf = 0;
}
/* first pass: get raw data, discard uninteresting addresses, callback */
FOREACH_AF () {
if (P.sock < 0) {
Tperror ("socket");
continue;
}
if (code) {
Tperror ("ioctl(SIOCGLIFNUM)");
goto punt;
}
goto punt;
}
if (code < 0) {
goto punt;
}
/*@-moduncon@*/ /* ioctl unknown to lclint */
Tperror ("ioctl(SIOCGLIFFLAGS)");
skip:
/* mark for next pass */
continue;
}
/*@=moduncon@*/
#ifdef IFF_LOOPBACK
/* None of the current callers want loopback addresses. */
Tprintf ((" loopback\n"));
goto skip;
}
#endif
/* Ignore interfaces that are down. */
Tprintf ((" down\n"));
goto skip;
}
/* Make sure we didn't process this address already. */
for (j = 0; j < i; j += sizeof (*lifr2)) {
continue;
/* Compare address info. If this isn't good enough --
i.e., if random padding bytes turn out to differ
when the addresses are the same -- then we'll have
to do it on a per address family basis. */
sizeof (*lifr))) {
Tprintf ((" duplicate addr\n"));
goto skip;
}
}
/*@-moduncon@*/
goto punt;
/*@=moduncon@*/
}
}
/* Did we actually get any working sockets? */
FOREACH_AF ()
if (P.sock != -1)
goto have_working_socket;
goto punt;
/*@-moduncon@*/
goto punt;
/*@=moduncon@*/
if (pass2fn)
FOREACH_AF ()
if (P.sock >= 0) {
/* Marked in first pass to be ignored. */
continue;
/*@-moduncon@*/
goto punt;
/*@=moduncon@*/
}
}
punt:
FOREACH_AF () {
/*@-moduncon@*/
closesocket(P.sock);
/*@=moduncon@*/
}
return retval;
}
#else /* not defined (SIOCGLIFNUM) */
static int
{
int code;
char *buf = 0;
#ifdef SIOCGSIZIFCONF
#endif
#ifdef SIOCGIFNUM
#endif
/* At least on NetBSD, an ifreq can hold an IPv4 address, but
isn't big enough for an IPv6 or ethernet address. So add a
little more space. */
#ifdef SIOCGSIZIFCONF
if (!code) {
}
#elif defined (SIOCGIFNUM)
#endif
if (current_buf_size == 0)
return errno;
if (code < 0) {
return code;
}
/* Test that the buffer was big enough that another ifreq could've
fit easily, if the OS wanted to provide one. That seems to be
the only indication we get, complicated by the fact that the
associated address may make the required storage a little
bigger than the size of an ifreq. */
#ifdef SIOCGSIZIFCONF
/* Unless we hear SIOCGSIZIFCONF is broken somewhere, let's
trust the value it returns. */
&& ifconfsize <= 0
#elif defined (SIOCGIFNUM)
&& numifs <= 0
#endif
/* And we need *some* sort of bounds. */
&& current_buf_size <= 100000
) {
est_if_count *= 2;
if (buf == 0)
return errno;
goto ask_again;
}
n = size;
if (n > current_buf_size)
n = current_buf_size;
*np = n;
return 0;
}
int
struct sockaddr *) /*@*/)
/*@modifies fileSystem@*/
#endif
{
int s, code;
char *buf = 0;
int retval = 0;
#ifdef LINUX_IPV6_HACK
#endif
if (s < 0)
return SOCKET_ERRNO;
if (retval) {
/*@-moduncon@*/ /* close() unknown to lclint */
closesocket(s);
/*@=moduncon@*/
return retval;
}
/* Note: Apparently some systems put the size (used or wanted?)
into the start of the buffer, just none that I'm actually
using. Fix this when there's such a test system available.
The Samba mailing list archives mention that NTP looks for the
size on these systems: *-fujitsu-uxp* *-ncr-sysv4*
*-univel-sysv*. */
/* In case ifreq_size is more than sizeof(). */
if (i + ifreq_size(*ifr) > n)
break;
/*@-moduncon@*/ /* ioctl unknown to lclint */
skip:
/* mark for next pass */
continue;
}
/*@=moduncon@*/
#ifdef IFF_LOOPBACK
/* None of the current callers want loopback addresses. */
Tprintf ((" loopback\n"));
goto skip;
}
#endif
/* Ignore interfaces that are down. */
Tprintf ((" down\n"));
goto skip;
}
/* Make sure we didn't process this address already. */
for (j = 0; j < i; j += ifreq_size(*ifr2)) {
continue;
/* Compare address info. If this isn't good enough --
i.e., if random padding bytes turn out to differ
when the addresses are the same -- then we'll have
to do it on a per address family basis. */
(ifreq_size (*ifr)
Tprintf ((" duplicate addr\n"));
goto skip;
}
}
/*@-moduncon@*/
goto punt;
/*@=moduncon@*/
}
#ifdef LINUX_IPV6_HACK
goto punt;
#endif
/*@-moduncon@*/
goto punt;
/*@=moduncon@*/
if (pass2fn) {
/* Marked in first pass to be ignored. */
continue;
/*@-moduncon@*/
goto punt;
/*@=moduncon@*/
}
#ifdef LINUX_IPV6_HACK
goto punt;
#endif
}
punt:
/*@-moduncon@*/
closesocket(s);
/*@=moduncon@*/
#ifdef LINUX_IPV6_HACK
while (linux_ipv6_addrs) {
}
#endif
return retval;
}
#endif /* not HAVE_IFADDRS_H and not SIOCGLIFNUM */
static krb5_error_code
#ifdef TEST
/*@modifies fileSystem@*/
{
int err;
(char *) NULL, 0, NI_NUMERICHOST);
if (err) {
int e = errno;
if (err == EAI_SYSTEM)
} else
return 0;
}
int main ()
{
int r;
printf ("return value = %d\n", r);
return 0;
}
#else /* not TESTing */
struct localaddr_data {
};
static int
/*@*/
{
switch (a->sa_family) {
case AF_INET:
#ifdef KRB5_USE_INET6
case AF_INET6:
#endif
#ifdef KRB5_USE_NS
case AF_XNS:
#endif
break;
default:
break;
}
return 0;
}
static int
/*@*/
{
int i;
void *n;
if (n == 0) {
return 1;
}
return 0;
}
static /*@null@*/ krb5_address *
/*@*/
{
krb5_address *a;
void *data;
return NULL;
a = malloc (sizeof (krb5_address));
if (a == NULL) {
return NULL;
}
a->magic = KV5M_ADDRESS;
return a;
}
static int
/*@modifies *P_data@*/
{
switch (a->sa_family) {
#ifdef HAVE_NETINET_IN_H
case AF_INET:
&((const struct sockaddr_in *) a)->sin_addr);
break;
#ifdef KRB5_USE_INET6
case AF_INET6:
{
break;
break;
}
#endif /* KRB5_USE_INET6 */
#ifdef KRB5_USE_NS
case AF_XNS:
&((const struct sockaddr_ns *)a)->sns_addr);
break;
#endif
#ifdef AF_LINK
/* Some BSD-based systems (e.g. NetBSD 1.5) and AIX will
include the ethernet address, but we don't want that, at
least for now. */
case AF_LINK:
break;
#endif
/*
* Add more address families here..
*/
default:
break;
}
#ifdef __LCLINT__
/* Redundant but unconditional store un-confuses lclint. */
#endif
if (address) {
}
}
static krb5_error_code
{
static const char *const profile_name[] = {
"libdefaults", "extra_addresses", 0
};
char **values;
char **iter;
#ifdef DEBUG
#endif
/* Ignore all errors for now? */
if (err)
return 0;
int i, count;
#ifdef DEBUG
#endif
cp++;
if (*cp == 0)
break;
/* Start of an address. */
#ifdef DEBUG
#endif
cp++;
if (*cp != 0) {
*cp = 0;
} else
/* Got a single address, process it. */
#ifdef DEBUG
#endif
newaddrs = 0;
if (err)
continue;
for (i = 0; newaddrs[i]; i++) {
#ifdef DEBUG
#endif
}
count = i;
#ifdef DEBUG
#endif
if (bigger) {
}
}
for (i = 0; i < count; i++) {
else
}
}
}
return 0;
}
{
}
{
}
static krb5_error_code
{
int r;
if (use_profile) {
/* ignore err for now */
}
if (r != 0) {
int i;
}
return ENOMEM;
else
return r;
}
return ENOMEM;
else {
/* This can easily happen if we have IPv6 link-local
addresses. Just shorten the array. */
(sizeof (krb5_address *)
if (*addr == 0)
/* Okay, shortening failed, but the original should still
be intact. */
}
#ifdef DEBUG
{
int j;
for (j = 0; addr[0][j]; j++) {
int err2;
void *addrp = 0;
case ADDRTYPE_INET:
{
#ifdef HAVE_SA_LEN
#endif
break;
}
#ifdef KRB5_USE_INET6
case ADDRTYPE_INET6:
{
#ifdef HAVE_SA_LEN
#endif
break;
}
#endif
default:
break;
}
if (addrp)
if (err2 == 0)
else
}
}
#endif
return 0;
}
#endif /* not TESTing */
/*
* Hold on to your lunch! Backup kludge method of obtaining your
* local IP address, courtesy of Windows Socket Network Programming,
* by Robert Quinn
*/
#if defined(_WIN32)
{
int err;
if (sock == INVALID_SOCKET)
return NULL;
/* connect to arbitrary port and address (NOT loopback) */
if (err == SOCKET_ERROR)
return NULL;
if (err == SOCKET_ERROR)
return NULL;
return &host;
}
#endif
/* No ioctls in winsock so we just assume there is only one networking
* card per machine, so gethostent is good enough.
*/
*addr = 0;
paddr = 0;
err = 0;
err = SOCKET_ERRNO;
}
if (!err) {
err = SOCKET_ERRNO;
}
}
if (err) {
if (!hostrec)
return err;
else
err = 0; /* otherwise we will die at cleanup */
}
if (!paddr) {
goto cleanup;
}
for (i = 0; i < count; i++)
{
goto cleanup;
}
goto cleanup;
}
hostrec->h_addr_list[i],
}
if (err) {
if (paddr) {
for (i = 0; i < count; i++)
{
if (paddr[i]) {
}
}
}
}
else
return(err);
}
#endif