gethostent.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 1993, 1998-2000 by Sun Microsystems, Inc.
* All rights reserved.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* gethostent.c
*
* In order to avoid duplicating libresolv code here, and since libresolv.so.2
* provides res_-equivalents of the getXbyY and {set,get}Xent, lets call
* re_gethostbyaddr() and so on from this file. Among other things, this
* should help us avoid problems like the one described in bug 1264386,
* where the internal getanswer() acquired new functionality in BIND 4.9.3,
* but the local copy of getanswer() in this file wasn't updated, so that new
* functionality wasn't available to the name service switch.
*/
#define gethostbyaddr res_gethostbyaddr
#define gethostbyname res_gethostbyname
#define gethostbyname2 res_gethostbyname2
#define sethostent res_sethostent
#define endhostent res_endhostent
#include "dns_common.h"
extern char *inet_ntoa(struct in_addr in);
struct hostent *_gethostbyname(int *h_errnop, const char *name);
static struct hostent *_gethostbyaddr(int *h_errnop, const char *addr,
int len, int type);
struct hostent *_nss_dns_gethostbyname2(int *h_errnop, const char *name);
#pragma weak res_gethostbyname
#pragma weak res_gethostbyname2
#pragma weak res_gethostbyaddr
#pragma weak res_sethostent
#pragma weak res_endhostent
nss_backend_t *_nss_dns_constr(dns_backend_op_t ops[], int n_ops);
nss_status_t __nss_dns_getbyaddr(dns_backend_ptr_t, void *);
typedef union {
long al;
char ac;
} align;
/*
* Internet Name Domain Server (DNS) only implementation.
*/
static struct hostent *
_gethostbyaddr(int *h_errnop, const char *addr, int len, int type)
{
struct hostent *hp;
hp = gethostbyaddr(addr, len, type);
*h_errnop = *get_h_errno();
return (hp);
}
struct hostent *
_nss_dns_gethostbyname2(int *h_errnop, const char *name)
{
struct hostent *hp;
hp = gethostbyname2(name, AF_INET6);
*h_errnop = *get_h_errno();
return (hp);
}
struct hostent *
_gethostbyname(int *h_errnop, const char *name)
{
struct hostent *hp;
hp = gethostbyname(name);
*h_errnop = *get_h_errno();
return (hp);
}
static void
_sethostent(errp, stayopen)
nss_status_t *errp;
int stayopen;
{
int ret;
ret = sethostent(stayopen);
if (ret == 0)
*errp = NSS_SUCCESS;
else
*errp = NSS_UNAVAIL;
}
static void
_endhostent(errp)
nss_status_t *errp;
{
int ret;
ret = endhostent();
if (ret == 0)
*errp = NSS_SUCCESS;
else
*errp = NSS_UNAVAIL;
}
/*ARGSUSED*/
static nss_status_t
getbyname(be, a)
dns_backend_ptr_t be;
void *a;
{
struct hostent *he;
nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
int ret, mt_disabled;
int old_retry;
sigset_t oldmask;
switch_resolver_setup(&mt_disabled, &oldmask, &old_retry);
he = _gethostbyname(&argp->h_errno, argp->key.name);
if (he != NULL) {
ret = ent2result(he, a, AF_INET);
if (ret == NSS_STR_PARSE_SUCCESS) {
argp->returnval = argp->buf.result;
} else {
argp->h_errno = HOST_NOT_FOUND;
if (ret == NSS_STR_PARSE_ERANGE) {
argp->erange = 1;
}
}
}
switch_resolver_reset(mt_disabled, oldmask, old_retry);
return (_herrno2nss(argp->h_errno));
}
/*ARGSUSED*/
static nss_status_t
getbyaddr(be, a)
dns_backend_ptr_t be;
void *a;
{
return (__nss_dns_getbyaddr(be, a));
}
/*
* Exposing a DNS backend specific interface so that it doesn't conflict
* with other getbyaddr() routines from other switch backends.
*/
nss_status_t
__nss_dns_getbyaddr(be, a)
dns_backend_ptr_t be;
void *a;
{
size_t n;
struct hostent *he, *he2;
nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
int ret, save_h_errno, mt_disabled;
char **ans, hbuf[MAXHOSTNAMELEN];
char dst[INET6_ADDRSTRLEN];
struct in_addr unmapv4;
sigset_t oldmask;
int af, addrlen;
void *addrp;
int old_retry;
switch_resolver_setup(&mt_disabled, &oldmask, &old_retry);
if (IN6_IS_ADDR_V4MAPPED((struct in6_addr *)argp->key.hostaddr.addr)) {
addrp = &unmapv4;
addrlen = sizeof (unmapv4);
af = AF_INET;
memcpy(addrp, &argp->key.hostaddr.addr[12], addrlen);
} else {
addrp = (void *)argp->key.hostaddr.addr;
addrlen = argp->key.hostaddr.len;
af = argp->key.hostaddr.type;
}
he = _gethostbyaddr(&argp->h_errno, addrp, addrlen, af);
if (he != NULL) {
if (strlen(he->h_name) >= MAXHOSTNAMELEN)
ret = NSS_STR_PARSE_ERANGE;
else {
/* save a copy of the (alleged) hostname */
(void) strcpy(hbuf, he->h_name);
n = strlen(hbuf);
if (n < MAXHOSTNAMELEN-1 && hbuf[n-1] != '.') {
(void) strcat(hbuf, ".");
}
ret = ent2result(he, a, argp->key.hostaddr.type);
save_h_errno = argp->h_errno;
}
if (ret == NSS_STR_PARSE_SUCCESS) {
/*
* check to make sure by doing a forward query
* We use _gethostbyname() to avoid the stack, and
* then we throw the result from argp->h_errno away,
* becase we don't care. And besides you want the
* return code from _gethostbyaddr() anyway.
*/
if (af == AF_INET)
he2 = _gethostbyname(&argp->h_errno, hbuf);
else
he2 = _nss_dns_gethostbyname2(&argp->h_errno,
hbuf);
if (he2 != (struct hostent *)NULL) {
/* until we prove name and addr match */
argp->h_errno = HOST_NOT_FOUND;
for (ans = he2->h_addr_list; *ans; ans++)
if (memcmp(*ans, addrp, addrlen) ==
0) {
argp->h_errno = save_h_errno;
argp->returnval = argp->buf.result;
break;
}
} else {
/*
* What to do if _gethostbyname() fails ???
* We assume they are doing something stupid
* like registering addresses but not names
* (some people actually think that provides
* some "security", through obscurity). So for
* these poor lost souls, because we can't
* PROVE spoofing and because we did try (and
* we don't want a bug filed on this), we let
* this go. And return the name from byaddr.
*/
argp->h_errno = save_h_errno;
argp->returnval = argp->buf.result;
}
/* we've been spoofed, make sure to log it. */
if (argp->h_errno == HOST_NOT_FOUND) {
if (argp->key.hostaddr.type == AF_INET)
syslog(LOG_NOTICE, "gethostbyaddr: %s != %s",
hbuf, inet_ntoa(*(struct in_addr *)argp->key.hostaddr.addr));
else
syslog(LOG_NOTICE, "gethostbyaddr: %s != %s",
hbuf, inet_ntop(AF_INET6, (void *) argp->key.hostaddr.addr,
dst, sizeof (dst)));
}
} else {
argp->h_errno = HOST_NOT_FOUND;
if (ret == NSS_STR_PARSE_ERANGE) {
argp->erange = 1;
}
}
}
switch_resolver_reset(mt_disabled, oldmask, old_retry);
return (_herrno2nss(argp->h_errno));
}
/*ARGSUSED*/
static nss_status_t
_nss_dns_getent(be, args)
dns_backend_ptr_t be;
void *args;
{
return (NSS_UNAVAIL);
}
/*ARGSUSED*/
static nss_status_t
_nss_dns_setent(be, dummy)
dns_backend_ptr_t be;
void *dummy;
{
nss_status_t errp;
sigset_t oldmask, newmask;
int mt_disabled = 1;
/*
* Try to enable MT; if not, we have to single-thread libresolv
* access
*/
if (enable_mt == 0 || (mt_disabled = (*enable_mt)()) != 0) {
(void) sigfillset(&newmask);
_thr_sigsetmask(SIG_SETMASK, &newmask, &oldmask);
_mutex_lock(&one_lane);
}
_sethostent(&errp, 1);
if (mt_disabled) {
_mutex_unlock(&one_lane);
_thr_sigsetmask(SIG_SETMASK, &oldmask, NULL);
} else {
(void) (*disable_mt)();
}
return (errp);
}
/*ARGSUSED*/
static nss_status_t
_nss_dns_endent(be, dummy)
dns_backend_ptr_t be;
void *dummy;
{
nss_status_t errp;
sigset_t oldmask, newmask;
int mt_disabled = 1;
/*
* Try to enable MT; if not, we have to single-thread libresolv
* access
*/
if (enable_mt == 0 || (mt_disabled = (*enable_mt)()) != 0) {
(void) sigfillset(&newmask);
_thr_sigsetmask(SIG_SETMASK, &newmask, &oldmask);
_mutex_lock(&one_lane);
}
_endhostent(&errp);
if (mt_disabled) {
_mutex_unlock(&one_lane);
_thr_sigsetmask(SIG_SETMASK, &oldmask, NULL);
} else {
(void) (*disable_mt)();
}
return (errp);
}
/*ARGSUSED*/
static nss_status_t
_nss_dns_destr(be, dummy)
dns_backend_ptr_t be;
void *dummy;
{
nss_status_t errp;
if (be != 0) {
/* === Should change to invoke ops[ENDENT] ? */
sigset_t oldmask, newmask;
int mt_disabled = 1;
if (enable_mt == 0 || (mt_disabled = (*enable_mt)()) != 0) {
(void) sigfillset(&newmask);
_thr_sigsetmask(SIG_SETMASK, &newmask, &oldmask);
_mutex_lock(&one_lane);
}
_endhostent(&errp);
if (mt_disabled) {
_mutex_unlock(&one_lane);
_thr_sigsetmask(SIG_SETMASK, &oldmask, NULL);
} else {
(void) (*disable_mt)();
}
free(be);
}
return (NSS_SUCCESS); /* In case anyone is dumb enough to check */
}
static dns_backend_op_t host_ops[] = {
_nss_dns_destr,
_nss_dns_endent,
_nss_dns_setent,
_nss_dns_getent,
getbyname,
getbyaddr,
};
/*ARGSUSED*/
nss_backend_t *
_nss_dns_hosts_constr(dummy1, dummy2, dummy3)
const char *dummy1, *dummy2, *dummy3;
{
return (_nss_dns_constr(host_ops,
sizeof (host_ops) / sizeof (host_ops[0])));
}