Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "krb5_locl.h"
35 :
36 : #ifdef __osf__
37 : /* hate */
38 : struct rtentry;
39 : struct mbuf;
40 : #endif
41 : #ifdef HAVE_NET_IF_H
42 : #include <net/if.h>
43 : #endif
44 : #include <ifaddrs.h>
45 :
46 : static krb5_error_code
47 0 : gethostname_fallback (krb5_context context, krb5_addresses *res)
48 : {
49 0 : krb5_error_code ret;
50 0 : char hostname[MAXHOSTNAMELEN];
51 0 : struct hostent *hostent;
52 :
53 0 : if (krb5_config_get_bool(context, NULL, "libdefaults", "block_dns",
54 : NULL)) {
55 0 : ret = ENXIO;
56 0 : krb5_set_error_message(context, ret,
57 : "DNS blocked in gethostname fallback");
58 0 : return ret;
59 : }
60 :
61 0 : if (gethostname (hostname, sizeof(hostname))) {
62 0 : ret = errno;
63 0 : krb5_set_error_message(context, ret, "gethostname: %s", strerror(ret));
64 0 : return ret;
65 : }
66 0 : hostent = roken_gethostbyname (hostname);
67 0 : if (hostent == NULL) {
68 0 : ret = errno;
69 0 : krb5_set_error_message (context, ret, "gethostbyname %s: %s",
70 : hostname, strerror(ret));
71 0 : return ret;
72 : }
73 0 : res->len = 1;
74 0 : res->val = malloc (sizeof(*res->val));
75 0 : if (res->val == NULL)
76 0 : return krb5_enomem(context);
77 0 : res->val[0].addr_type = hostent->h_addrtype;
78 0 : res->val[0].address.data = NULL;
79 0 : res->val[0].address.length = 0;
80 0 : ret = krb5_data_copy (&res->val[0].address,
81 0 : hostent->h_addr,
82 0 : hostent->h_length);
83 0 : if (ret) {
84 0 : free (res->val);
85 0 : return ret;
86 : }
87 0 : return 0;
88 : }
89 :
90 : enum {
91 : LOOP = 1, /* do include loopback addrs */
92 : LOOP_IF_NONE = 2, /* include loopback addrs if no others */
93 : EXTRA_ADDRESSES = 4, /* include extra addresses */
94 : SCAN_INTERFACES = 8 /* scan interfaces for addresses */
95 : };
96 :
97 : /*
98 : * Try to figure out the addresses of all configured interfaces with a
99 : * lot of magic ioctls.
100 : */
101 :
102 : static krb5_error_code
103 0 : find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
104 : {
105 0 : struct sockaddr sa_zero;
106 0 : struct ifaddrs *ifa0, *ifa;
107 0 : krb5_error_code ret = ENXIO;
108 0 : unsigned int num, idx;
109 0 : krb5_addresses ignore_addresses;
110 :
111 0 : if (getifaddrs(&ifa0) == -1) {
112 0 : ret = errno;
113 0 : krb5_set_error_message(context, ret, "getifaddrs: %s", strerror(ret));
114 0 : return (ret);
115 : }
116 :
117 0 : memset(&sa_zero, 0, sizeof(sa_zero));
118 :
119 : /* First, count all the ifaddrs. */
120 0 : for (ifa = ifa0, num = 0; ifa != NULL; ifa = ifa->ifa_next, num++)
121 : /* nothing */;
122 :
123 0 : if (num == 0) {
124 0 : freeifaddrs(ifa0);
125 0 : krb5_set_error_message(context, ENXIO, N_("no addresses found", ""));
126 0 : return (ENXIO);
127 : }
128 :
129 0 : if (flags & EXTRA_ADDRESSES) {
130 : /* we'll remove the addresses we don't care about */
131 0 : ret = krb5_get_ignore_addresses(context, &ignore_addresses);
132 0 : if(ret)
133 0 : return ret;
134 : }
135 :
136 : /* Allocate storage for them. */
137 0 : res->val = calloc(num, sizeof(*res->val));
138 0 : if (res->val == NULL) {
139 0 : if (flags & EXTRA_ADDRESSES)
140 0 : krb5_free_addresses(context, &ignore_addresses);
141 0 : freeifaddrs(ifa0);
142 0 : return krb5_enomem(context);
143 : }
144 :
145 : /* Now traverse the list. */
146 0 : for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) {
147 0 : if ((ifa->ifa_flags & IFF_UP) == 0)
148 0 : continue;
149 0 : if (ifa->ifa_addr == NULL)
150 0 : continue;
151 0 : if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
152 0 : continue;
153 0 : if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
154 0 : continue;
155 0 : if (krb5_sockaddr_is_loopback(ifa->ifa_addr) && (flags & LOOP) == 0)
156 : /* We'll deal with the LOOP_IF_NONE case later. */
157 0 : continue;
158 :
159 0 : ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
160 0 : if (ret) {
161 : /*
162 : * The most likely error here is going to be "Program
163 : * lacks support for address type". This is no big
164 : * deal -- just continue, and we'll listen on the
165 : * addresses who's type we *do* support.
166 : */
167 0 : continue;
168 : }
169 : /* possibly skip this address? */
170 0 : if((flags & EXTRA_ADDRESSES) &&
171 0 : krb5_address_search(context, &res->val[idx], &ignore_addresses)) {
172 0 : krb5_free_address(context, &res->val[idx]);
173 0 : flags &= ~LOOP_IF_NONE; /* we actually found an address,
174 : so don't add any loop-back
175 : addresses */
176 0 : continue;
177 : }
178 :
179 0 : idx++;
180 : }
181 :
182 : /*
183 : * If no addresses were found, and LOOP_IF_NONE is set, then find
184 : * the loopback addresses and add them to our list.
185 : */
186 0 : if ((flags & LOOP_IF_NONE) != 0 && idx == 0) {
187 0 : for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) {
188 0 : if ((ifa->ifa_flags & IFF_UP) == 0)
189 0 : continue;
190 0 : if (ifa->ifa_addr == NULL)
191 0 : continue;
192 0 : if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
193 0 : continue;
194 0 : if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
195 0 : continue;
196 0 : if (!krb5_sockaddr_is_loopback(ifa->ifa_addr))
197 0 : continue;
198 0 : if ((ifa->ifa_flags & IFF_LOOPBACK) == 0)
199 : /* Presumably loopback addrs are only used on loopback ifs! */
200 0 : continue;
201 0 : ret = krb5_sockaddr2address(context,
202 0 : ifa->ifa_addr, &res->val[idx]);
203 0 : if (ret)
204 0 : continue; /* We don't consider this failure fatal */
205 0 : if((flags & EXTRA_ADDRESSES) &&
206 0 : krb5_address_search(context, &res->val[idx],
207 : &ignore_addresses)) {
208 0 : krb5_free_address(context, &res->val[idx]);
209 0 : continue;
210 : }
211 0 : idx++;
212 : }
213 : }
214 :
215 0 : if (flags & EXTRA_ADDRESSES)
216 0 : krb5_free_addresses(context, &ignore_addresses);
217 0 : freeifaddrs(ifa0);
218 0 : if (ret) {
219 0 : free(res->val);
220 0 : res->val = NULL;
221 : } else
222 0 : res->len = idx; /* Now a count. */
223 0 : return (ret);
224 : }
225 :
226 : static krb5_error_code
227 0 : get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
228 : {
229 0 : krb5_error_code ret = -1;
230 :
231 0 : res->len = 0;
232 0 : res->val = NULL;
233 :
234 0 : if (flags & SCAN_INTERFACES) {
235 0 : ret = find_all_addresses (context, res, flags);
236 0 : if(ret || res->len == 0)
237 0 : ret = gethostname_fallback (context, res);
238 : } else {
239 0 : ret = 0;
240 : }
241 :
242 0 : if(ret == 0 && (flags & EXTRA_ADDRESSES)) {
243 0 : krb5_addresses a;
244 : /* append user specified addresses */
245 0 : ret = krb5_get_extra_addresses(context, &a);
246 0 : if(ret) {
247 0 : krb5_free_addresses(context, res);
248 0 : return ret;
249 : }
250 0 : ret = krb5_append_addresses(context, res, &a);
251 0 : if(ret) {
252 0 : krb5_free_addresses(context, res);
253 0 : return ret;
254 : }
255 0 : krb5_free_addresses(context, &a);
256 : }
257 0 : if(res->len == 0) {
258 0 : free(res->val);
259 0 : res->val = NULL;
260 : }
261 0 : return ret;
262 : }
263 :
264 : /*
265 : * Try to get all addresses, but return the one corresponding to
266 : * `hostname' if we fail.
267 : *
268 : * Only include loopback address if there are no other.
269 : */
270 :
271 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
272 0 : krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res)
273 : {
274 0 : int flags = LOOP_IF_NONE | EXTRA_ADDRESSES;
275 :
276 0 : if (context->scan_interfaces)
277 0 : flags |= SCAN_INTERFACES;
278 :
279 0 : return get_addrs_int (context, res, flags);
280 : }
281 :
282 : /*
283 : * Try to get all local addresses that a server should listen to.
284 : * If that fails, we return the address corresponding to `hostname'.
285 : */
286 :
287 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
288 0 : krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res)
289 : {
290 0 : return get_addrs_int (context, res, LOOP | SCAN_INTERFACES);
291 : }
|
