blob: ffabc60c7094e37e7d1b08899dac9953ee2e4f33 [file] [log] [blame] [raw]
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <errno.h>
#include <net/if.h>
#include <netdb.h>
#include <nss.h>
#include <stdlib.h>
#include "alloc-util.h"
#include "errno-util.h"
#include "hostname-util.h"
#include "local-addresses.h"
#include "macro.h"
#include "nss-util.h"
#include "signal-util.h"
#include "string-util.h"
/* We use 127.0.0.2 as IPv4 address. This has the advantage over
* 127.0.0.1 that it can be translated back to the local hostname. For
* IPv6 we use ::1 which unfortunately will not translate back to the
* hostname but instead something like "localhost" or so. */
#define LOCALADDRESS_IPV4 (htobe32(0x7F000002))
#define LOCALADDRESS_IPV6 &in6addr_loopback
NSS_GETHOSTBYNAME_PROTOTYPES(myhostname);
NSS_GETHOSTBYADDR_PROTOTYPES(myhostname);
enum nss_status _nss_myhostname_gethostbyname4_r(
const char *name,
struct gaih_addrtuple **pat,
char *buffer, size_t buflen,
int *errnop, int *h_errnop,
int32_t *ttlp) {
struct gaih_addrtuple *r_tuple, *r_tuple_prev = NULL;
_cleanup_free_ struct local_address *addresses = NULL;
_cleanup_free_ char *hn = NULL;
const char *canonical = NULL;
int n_addresses = 0;
uint32_t local_address_ipv4;
struct local_address *a;
size_t l, idx, ms;
char *r_name;
unsigned n;
PROTECT_ERRNO;
BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
assert(name);
assert(pat);
assert(buffer);
assert(errnop);
assert(h_errnop);
if (is_localhost(name)) {
/* We respond to 'localhost', so that /etc/hosts
* is optional */
canonical = "localhost";
local_address_ipv4 = htobe32(INADDR_LOOPBACK);
} else if (is_gateway_hostname(name)) {
n_addresses = local_gateways(NULL, 0, AF_UNSPEC, &addresses);
if (n_addresses <= 0)
goto not_found;
canonical = "_gateway";
} else {
hn = gethostname_malloc();
if (!hn) {
UNPROTECT_ERRNO;
*errnop = ENOMEM;
*h_errnop = NO_RECOVERY;
return NSS_STATUS_TRYAGAIN;
}
/* We respond to our local hostname, our hostname suffixed with a single dot. */
if (!streq(name, hn) && !streq_ptr(startswith(name, hn), "."))
goto not_found;
n_addresses = local_addresses(NULL, 0, AF_UNSPEC, &addresses);
if (n_addresses < 0)
n_addresses = 0;
canonical = hn;
local_address_ipv4 = LOCALADDRESS_IPV4;
}
l = strlen(canonical);
ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * (n_addresses > 0 ? n_addresses : 2);
if (buflen < ms) {
UNPROTECT_ERRNO;
*errnop = ERANGE;
*h_errnop = NETDB_INTERNAL;
return NSS_STATUS_TRYAGAIN;
}
/* First, fill in hostname */
r_name = buffer;
memcpy(r_name, canonical, l+1);
idx = ALIGN(l+1);
assert(n_addresses >= 0);
if (n_addresses == 0) {
/* Second, fill in IPv6 tuple */
r_tuple = (struct gaih_addrtuple*) (buffer + idx);
r_tuple->next = r_tuple_prev;
r_tuple->name = r_name;
r_tuple->family = AF_INET6;
memcpy(r_tuple->addr, LOCALADDRESS_IPV6, 16);
r_tuple->scopeid = 0;
idx += ALIGN(sizeof(struct gaih_addrtuple));
r_tuple_prev = r_tuple;
/* Third, fill in IPv4 tuple */
r_tuple = (struct gaih_addrtuple*) (buffer + idx);
r_tuple->next = r_tuple_prev;
r_tuple->name = r_name;
r_tuple->family = AF_INET;
*(uint32_t*) r_tuple->addr = local_address_ipv4;
r_tuple->scopeid = 0;
idx += ALIGN(sizeof(struct gaih_addrtuple));
r_tuple_prev = r_tuple;
}
/* Fourth, fill actual addresses in, but in backwards order */
for (a = addresses + n_addresses - 1, n = 0; (int) n < n_addresses; n++, a--) {
r_tuple = (struct gaih_addrtuple*) (buffer + idx);
r_tuple->next = r_tuple_prev;
r_tuple->name = r_name;
r_tuple->family = a->family;
r_tuple->scopeid = a->family == AF_INET6 && IN6_IS_ADDR_LINKLOCAL(&a->address.in6) ? a->ifindex : 0;
memcpy(r_tuple->addr, &a->address, 16);
idx += ALIGN(sizeof(struct gaih_addrtuple));
r_tuple_prev = r_tuple;
}
/* Verify the size matches */
assert(idx == ms);
/* Nscd expects us to store the first record in **pat. */
if (*pat)
**pat = *r_tuple_prev;
else
*pat = r_tuple_prev;
if (ttlp)
*ttlp = 0;
/* Explicitly reset both *h_errnop and h_errno to work around
* https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */
*h_errnop = NETDB_SUCCESS;
h_errno = 0;
return NSS_STATUS_SUCCESS;
not_found:
*h_errnop = HOST_NOT_FOUND;
return NSS_STATUS_NOTFOUND;
}
static enum nss_status fill_in_hostent(
const char *canonical, const char *additional,
int af,
struct local_address *addresses, unsigned n_addresses,
uint32_t local_address_ipv4,
struct hostent *result,
char *buffer, size_t buflen,
int *errnop, int *h_errnop,
int32_t *ttlp,
char **canonp) {
size_t l_canonical, l_additional, idx, ms, alen;
char *r_addr, *r_name, *r_aliases, *r_alias = NULL, *r_addr_list;
struct local_address *a;
unsigned n, c;
assert(canonical);
assert(result);
assert(buffer);
assert(errnop);
assert(h_errnop);
PROTECT_ERRNO;
alen = FAMILY_ADDRESS_SIZE(af);
for (a = addresses, n = 0, c = 0; n < n_addresses; a++, n++)
if (af == a->family)
c++;
l_canonical = strlen(canonical);
l_additional = strlen_ptr(additional);
ms = ALIGN(l_canonical+1)+
(additional ? ALIGN(l_additional+1) : 0) +
sizeof(char*) +
(additional ? sizeof(char*) : 0) +
(c > 0 ? c : 1) * ALIGN(alen) +
(c > 0 ? c+1 : 2) * sizeof(char*);
if (buflen < ms) {
UNPROTECT_ERRNO;
*errnop = ERANGE;
*h_errnop = NETDB_INTERNAL;
return NSS_STATUS_TRYAGAIN;
}
/* First, fill in hostnames */
r_name = buffer;
memcpy(r_name, canonical, l_canonical+1);
idx = ALIGN(l_canonical+1);
if (additional) {
r_alias = buffer + idx;
memcpy(r_alias, additional, l_additional+1);
idx += ALIGN(l_additional+1);
}
/* Second, create aliases array */
r_aliases = buffer + idx;
if (additional) {
((char**) r_aliases)[0] = r_alias;
((char**) r_aliases)[1] = NULL;
idx += 2*sizeof(char*);
} else {
((char**) r_aliases)[0] = NULL;
idx += sizeof(char*);
}
/* Third, add addresses */
r_addr = buffer + idx;
if (c > 0) {
unsigned i = 0;
for (a = addresses, n = 0; n < n_addresses; a++, n++) {
if (af != a->family)
continue;
memcpy(r_addr + i*ALIGN(alen), &a->address, alen);
i++;
}
assert(i == c);
idx += c*ALIGN(alen);
} else {
if (af == AF_INET)
*(uint32_t*) r_addr = local_address_ipv4;
else
memcpy(r_addr, LOCALADDRESS_IPV6, 16);
idx += ALIGN(alen);
}
/* Fourth, add address pointer array */
r_addr_list = buffer + idx;
if (c > 0) {
unsigned i;
for (i = 0; i < c; i++)
((char**) r_addr_list)[i] = r_addr + i*ALIGN(alen);
((char**) r_addr_list)[i] = NULL;
idx += (c+1) * sizeof(char*);
} else {
((char**) r_addr_list)[0] = r_addr;
((char**) r_addr_list)[1] = NULL;
idx += 2 * sizeof(char*);
}
/* Verify the size matches */
assert(idx == ms);
result->h_name = r_name;
result->h_aliases = (char**) r_aliases;
result->h_addrtype = af;
result->h_length = alen;
result->h_addr_list = (char**) r_addr_list;
if (ttlp)
*ttlp = 0;
if (canonp)
*canonp = r_name;
/* Explicitly reset both *h_errnop and h_errno to work around
* https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */
*h_errnop = NETDB_SUCCESS;
h_errno = 0;
return NSS_STATUS_SUCCESS;
}
enum nss_status _nss_myhostname_gethostbyname3_r(
const char *name,
int af,
struct hostent *host,
char *buffer, size_t buflen,
int *errnop, int *h_errnop,
int32_t *ttlp,
char **canonp) {
_cleanup_free_ struct local_address *addresses = NULL;
const char *canonical, *additional = NULL;
_cleanup_free_ char *hn = NULL;
uint32_t local_address_ipv4 = 0;
int n_addresses = 0;
PROTECT_ERRNO;
BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
assert(name);
assert(host);
assert(buffer);
assert(errnop);
assert(h_errnop);
if (af == AF_UNSPEC)
af = AF_INET;
if (!IN_SET(af, AF_INET, AF_INET6)) {
UNPROTECT_ERRNO;
*errnop = EAFNOSUPPORT;
*h_errnop = NO_DATA;
return NSS_STATUS_UNAVAIL;
}
if (is_localhost(name)) {
canonical = "localhost";
local_address_ipv4 = htobe32(INADDR_LOOPBACK);
} else if (is_gateway_hostname(name)) {
n_addresses = local_gateways(NULL, 0, af, &addresses);
if (n_addresses <= 0)
goto not_found;
canonical = "_gateway";
} else {
hn = gethostname_malloc();
if (!hn) {
UNPROTECT_ERRNO;
*errnop = ENOMEM;
*h_errnop = NO_RECOVERY;
return NSS_STATUS_TRYAGAIN;
}
if (!streq(name, hn) && !streq_ptr(startswith(name, hn), "."))
goto not_found;
n_addresses = local_addresses(NULL, 0, af, &addresses);
if (n_addresses < 0)
n_addresses = 0;
canonical = hn;
additional = n_addresses <= 0 && af == AF_INET6 ? "localhost" : NULL;
local_address_ipv4 = LOCALADDRESS_IPV4;
}
UNPROTECT_ERRNO;
return fill_in_hostent(
canonical, additional,
af,
addresses, n_addresses,
local_address_ipv4,
host,
buffer, buflen,
errnop, h_errnop,
ttlp,
canonp);
not_found:
*h_errnop = HOST_NOT_FOUND;
return NSS_STATUS_NOTFOUND;
}
enum nss_status _nss_myhostname_gethostbyaddr2_r(
const void* addr, socklen_t len,
int af,
struct hostent *host,
char *buffer, size_t buflen,
int *errnop, int *h_errnop,
int32_t *ttlp) {
const char *canonical = NULL, *additional = NULL;
uint32_t local_address_ipv4 = LOCALADDRESS_IPV4;
_cleanup_free_ struct local_address *addresses = NULL;
_cleanup_free_ char *hn = NULL;
int n_addresses = 0;
struct local_address *a;
bool additional_from_hostname = false;
unsigned n;
PROTECT_ERRNO;
BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
assert(addr);
assert(host);
assert(buffer);
assert(errnop);
assert(h_errnop);
if (!IN_SET(af, AF_INET, AF_INET6)) {
UNPROTECT_ERRNO;
*errnop = EAFNOSUPPORT;
*h_errnop = NO_DATA;
return NSS_STATUS_UNAVAIL;
}
if (len != FAMILY_ADDRESS_SIZE(af)) {
UNPROTECT_ERRNO;
*errnop = EINVAL;
*h_errnop = NO_RECOVERY;
return NSS_STATUS_UNAVAIL;
}
if (af == AF_INET) {
if ((*(uint32_t*) addr) == LOCALADDRESS_IPV4)
goto found;
if ((*(uint32_t*) addr) == htobe32(INADDR_LOOPBACK)) {
canonical = "localhost";
local_address_ipv4 = htobe32(INADDR_LOOPBACK);
goto found;
}
} else {
assert(af == AF_INET6);
if (memcmp(addr, LOCALADDRESS_IPV6, 16) == 0) {
canonical = "localhost";
additional_from_hostname = true;
goto found;
}
}
n_addresses = local_addresses(NULL, 0, AF_UNSPEC, &addresses);
for (a = addresses, n = 0; (int) n < n_addresses; n++, a++) {
if (af != a->family)
continue;
if (memcmp(addr, &a->address, FAMILY_ADDRESS_SIZE(af)) == 0)
goto found;
}
addresses = mfree(addresses);
n_addresses = local_gateways(NULL, 0, AF_UNSPEC, &addresses);
for (a = addresses, n = 0; (int) n < n_addresses; n++, a++) {
if (af != a->family)
continue;
if (memcmp(addr, &a->address, FAMILY_ADDRESS_SIZE(af)) == 0) {
canonical = "_gateway";
goto found;
}
}
*h_errnop = HOST_NOT_FOUND;
return NSS_STATUS_NOTFOUND;
found:
if (!canonical || additional_from_hostname) {
hn = gethostname_malloc();
if (!hn) {
UNPROTECT_ERRNO;
*errnop = ENOMEM;
*h_errnop = NO_RECOVERY;
return NSS_STATUS_TRYAGAIN;
}
if (!canonical)
canonical = hn;
else
additional = hn;
}
UNPROTECT_ERRNO;
return fill_in_hostent(
canonical, additional,
af,
addresses, n_addresses,
local_address_ipv4,
host,
buffer, buflen,
errnop, h_errnop,
ttlp,
NULL);
}
NSS_GETHOSTBYNAME_FALLBACKS(myhostname);
NSS_GETHOSTBYADDR_FALLBACKS(myhostname);