]>
Commit | Line | Data |
---|---|---|
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ | |
2 | ||
3 | #include <errno.h> | |
4 | #include <net/if.h> | |
5 | #include <netdb.h> | |
6 | #include <nss.h> | |
7 | #include <stdlib.h> | |
8 | ||
9 | #include "alloc-util.h" | |
10 | #include "errno-util.h" | |
11 | #include "hostname-util.h" | |
12 | #include "local-addresses.h" | |
13 | #include "macro.h" | |
14 | #include "nss-util.h" | |
15 | #include "signal-util.h" | |
16 | #include "string-util.h" | |
17 | ||
18 | /* We use 127.0.0.2 as IPv4 address. This has the advantage over | |
19 | * 127.0.0.1 that it can be translated back to the local hostname. For | |
20 | * IPv6 we use ::1 which unfortunately will not translate back to the | |
21 | * hostname but instead something like "localhost" or so. */ | |
22 | ||
23 | #define LOCALADDRESS_IPV4 (htobe32(0x7F000002)) | |
24 | #define LOCALADDRESS_IPV6 &in6addr_loopback | |
25 | ||
26 | NSS_GETHOSTBYNAME_PROTOTYPES(myhostname); | |
27 | NSS_GETHOSTBYADDR_PROTOTYPES(myhostname); | |
28 | ||
29 | enum nss_status _nss_myhostname_gethostbyname4_r( | |
30 | const char *name, | |
31 | struct gaih_addrtuple **pat, | |
32 | char *buffer, size_t buflen, | |
33 | int *errnop, int *h_errnop, | |
34 | int32_t *ttlp) { | |
35 | ||
36 | struct gaih_addrtuple *r_tuple, *r_tuple_prev = NULL; | |
37 | _cleanup_free_ struct local_address *addresses = NULL; | |
38 | _cleanup_free_ char *hn = NULL; | |
39 | const char *canonical = NULL; | |
40 | int n_addresses = 0; | |
41 | uint32_t local_address_ipv4; | |
42 | struct local_address *a; | |
43 | size_t l, idx, ms; | |
44 | char *r_name; | |
45 | unsigned n; | |
46 | ||
47 | PROTECT_ERRNO; | |
48 | BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); | |
49 | ||
50 | assert(name); | |
51 | assert(pat); | |
52 | assert(buffer); | |
53 | assert(errnop); | |
54 | assert(h_errnop); | |
55 | ||
56 | if (is_localhost(name)) { | |
57 | /* We respond to 'localhost', so that /etc/hosts | |
58 | * is optional */ | |
59 | ||
60 | canonical = "localhost"; | |
61 | local_address_ipv4 = htobe32(INADDR_LOOPBACK); | |
62 | ||
63 | } else if (is_gateway_hostname(name)) { | |
64 | ||
65 | n_addresses = local_gateways(NULL, 0, AF_UNSPEC, &addresses); | |
66 | if (n_addresses <= 0) | |
67 | goto not_found; | |
68 | ||
69 | canonical = "_gateway"; | |
70 | ||
71 | } else { | |
72 | hn = gethostname_malloc(); | |
73 | if (!hn) { | |
74 | UNPROTECT_ERRNO; | |
75 | *errnop = ENOMEM; | |
76 | *h_errnop = NO_RECOVERY; | |
77 | return NSS_STATUS_TRYAGAIN; | |
78 | } | |
79 | ||
80 | /* We respond to our local hostname, our hostname suffixed with a single dot. */ | |
81 | if (!streq(name, hn) && !streq_ptr(startswith(name, hn), ".")) | |
82 | goto not_found; | |
83 | ||
84 | n_addresses = local_addresses(NULL, 0, AF_UNSPEC, &addresses); | |
85 | if (n_addresses < 0) | |
86 | n_addresses = 0; | |
87 | ||
88 | canonical = hn; | |
89 | local_address_ipv4 = LOCALADDRESS_IPV4; | |
90 | } | |
91 | ||
92 | l = strlen(canonical); | |
93 | ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * (n_addresses > 0 ? n_addresses : 2); | |
94 | if (buflen < ms) { | |
95 | UNPROTECT_ERRNO; | |
96 | *errnop = ERANGE; | |
97 | *h_errnop = NETDB_INTERNAL; | |
98 | return NSS_STATUS_TRYAGAIN; | |
99 | } | |
100 | ||
101 | /* First, fill in hostname */ | |
102 | r_name = buffer; | |
103 | memcpy(r_name, canonical, l+1); | |
104 | idx = ALIGN(l+1); | |
105 | ||
106 | assert(n_addresses >= 0); | |
107 | if (n_addresses == 0) { | |
108 | /* Second, fill in IPv6 tuple */ | |
109 | r_tuple = (struct gaih_addrtuple*) (buffer + idx); | |
110 | r_tuple->next = r_tuple_prev; | |
111 | r_tuple->name = r_name; | |
112 | r_tuple->family = AF_INET6; | |
113 | memcpy(r_tuple->addr, LOCALADDRESS_IPV6, 16); | |
114 | r_tuple->scopeid = 0; | |
115 | ||
116 | idx += ALIGN(sizeof(struct gaih_addrtuple)); | |
117 | r_tuple_prev = r_tuple; | |
118 | ||
119 | /* Third, fill in IPv4 tuple */ | |
120 | r_tuple = (struct gaih_addrtuple*) (buffer + idx); | |
121 | r_tuple->next = r_tuple_prev; | |
122 | r_tuple->name = r_name; | |
123 | r_tuple->family = AF_INET; | |
124 | *(uint32_t*) r_tuple->addr = local_address_ipv4; | |
125 | r_tuple->scopeid = 0; | |
126 | ||
127 | idx += ALIGN(sizeof(struct gaih_addrtuple)); | |
128 | r_tuple_prev = r_tuple; | |
129 | } | |
130 | ||
131 | /* Fourth, fill actual addresses in, but in backwards order */ | |
132 | for (a = addresses + n_addresses - 1, n = 0; (int) n < n_addresses; n++, a--) { | |
133 | r_tuple = (struct gaih_addrtuple*) (buffer + idx); | |
134 | r_tuple->next = r_tuple_prev; | |
135 | r_tuple->name = r_name; | |
136 | r_tuple->family = a->family; | |
137 | r_tuple->scopeid = a->family == AF_INET6 && in6_addr_is_link_local(&a->address.in6) ? a->ifindex : 0; | |
138 | memcpy(r_tuple->addr, &a->address, 16); | |
139 | ||
140 | idx += ALIGN(sizeof(struct gaih_addrtuple)); | |
141 | r_tuple_prev = r_tuple; | |
142 | } | |
143 | ||
144 | /* Verify the size matches */ | |
145 | assert(idx == ms); | |
146 | ||
147 | /* Nscd expects us to store the first record in **pat. */ | |
148 | if (*pat) | |
149 | **pat = *r_tuple_prev; | |
150 | else | |
151 | *pat = r_tuple_prev; | |
152 | ||
153 | if (ttlp) | |
154 | *ttlp = 0; | |
155 | ||
156 | /* Explicitly reset both *h_errnop and h_errno to work around | |
157 | * https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */ | |
158 | *h_errnop = NETDB_SUCCESS; | |
159 | h_errno = 0; | |
160 | ||
161 | return NSS_STATUS_SUCCESS; | |
162 | ||
163 | not_found: | |
164 | *h_errnop = HOST_NOT_FOUND; | |
165 | return NSS_STATUS_NOTFOUND; | |
166 | } | |
167 | ||
168 | static enum nss_status fill_in_hostent( | |
169 | const char *canonical, const char *additional, | |
170 | int af, | |
171 | struct local_address *addresses, unsigned n_addresses, | |
172 | uint32_t local_address_ipv4, | |
173 | struct hostent *result, | |
174 | char *buffer, size_t buflen, | |
175 | int *errnop, int *h_errnop, | |
176 | int32_t *ttlp, | |
177 | char **canonp) { | |
178 | ||
179 | size_t l_canonical, l_additional, idx, ms, alen; | |
180 | char *r_addr, *r_name, *r_aliases, *r_alias = NULL, *r_addr_list; | |
181 | struct local_address *a; | |
182 | unsigned n, c; | |
183 | ||
184 | assert(canonical); | |
185 | assert(result); | |
186 | assert(buffer); | |
187 | assert(errnop); | |
188 | assert(h_errnop); | |
189 | ||
190 | PROTECT_ERRNO; | |
191 | ||
192 | alen = FAMILY_ADDRESS_SIZE(af); | |
193 | ||
194 | for (a = addresses, n = 0, c = 0; n < n_addresses; a++, n++) | |
195 | if (af == a->family) | |
196 | c++; | |
197 | ||
198 | l_canonical = strlen(canonical); | |
199 | l_additional = strlen_ptr(additional); | |
200 | ms = ALIGN(l_canonical+1)+ | |
201 | (additional ? ALIGN(l_additional+1) : 0) + | |
202 | sizeof(char*) + | |
203 | (additional ? sizeof(char*) : 0) + | |
204 | (c > 0 ? c : 1) * ALIGN(alen) + | |
205 | (c > 0 ? c+1 : 2) * sizeof(char*); | |
206 | ||
207 | if (buflen < ms) { | |
208 | UNPROTECT_ERRNO; | |
209 | *errnop = ERANGE; | |
210 | *h_errnop = NETDB_INTERNAL; | |
211 | return NSS_STATUS_TRYAGAIN; | |
212 | } | |
213 | ||
214 | /* First, fill in hostnames */ | |
215 | r_name = buffer; | |
216 | memcpy(r_name, canonical, l_canonical+1); | |
217 | idx = ALIGN(l_canonical+1); | |
218 | ||
219 | if (additional) { | |
220 | r_alias = buffer + idx; | |
221 | memcpy(r_alias, additional, l_additional+1); | |
222 | idx += ALIGN(l_additional+1); | |
223 | } | |
224 | ||
225 | /* Second, create aliases array */ | |
226 | r_aliases = buffer + idx; | |
227 | if (additional) { | |
228 | ((char**) r_aliases)[0] = r_alias; | |
229 | ((char**) r_aliases)[1] = NULL; | |
230 | idx += 2*sizeof(char*); | |
231 | } else { | |
232 | ((char**) r_aliases)[0] = NULL; | |
233 | idx += sizeof(char*); | |
234 | } | |
235 | ||
236 | /* Third, add addresses */ | |
237 | r_addr = buffer + idx; | |
238 | if (c > 0) { | |
239 | unsigned i = 0; | |
240 | ||
241 | for (a = addresses, n = 0; n < n_addresses; a++, n++) { | |
242 | if (af != a->family) | |
243 | continue; | |
244 | ||
245 | memcpy(r_addr + i*ALIGN(alen), &a->address, alen); | |
246 | i++; | |
247 | } | |
248 | ||
249 | assert(i == c); | |
250 | idx += c*ALIGN(alen); | |
251 | } else { | |
252 | if (af == AF_INET) | |
253 | *(uint32_t*) r_addr = local_address_ipv4; | |
254 | else | |
255 | memcpy(r_addr, LOCALADDRESS_IPV6, 16); | |
256 | ||
257 | idx += ALIGN(alen); | |
258 | } | |
259 | ||
260 | /* Fourth, add address pointer array */ | |
261 | r_addr_list = buffer + idx; | |
262 | if (c > 0) { | |
263 | unsigned i; | |
264 | ||
265 | for (i = 0; i < c; i++) | |
266 | ((char**) r_addr_list)[i] = r_addr + i*ALIGN(alen); | |
267 | ||
268 | ((char**) r_addr_list)[i] = NULL; | |
269 | idx += (c+1) * sizeof(char*); | |
270 | ||
271 | } else { | |
272 | ((char**) r_addr_list)[0] = r_addr; | |
273 | ((char**) r_addr_list)[1] = NULL; | |
274 | idx += 2 * sizeof(char*); | |
275 | } | |
276 | ||
277 | /* Verify the size matches */ | |
278 | assert(idx == ms); | |
279 | ||
280 | result->h_name = r_name; | |
281 | result->h_aliases = (char**) r_aliases; | |
282 | result->h_addrtype = af; | |
283 | result->h_length = alen; | |
284 | result->h_addr_list = (char**) r_addr_list; | |
285 | ||
286 | if (ttlp) | |
287 | *ttlp = 0; | |
288 | ||
289 | if (canonp) | |
290 | *canonp = r_name; | |
291 | ||
292 | /* Explicitly reset both *h_errnop and h_errno to work around | |
293 | * https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */ | |
294 | *h_errnop = NETDB_SUCCESS; | |
295 | h_errno = 0; | |
296 | ||
297 | return NSS_STATUS_SUCCESS; | |
298 | } | |
299 | ||
300 | enum nss_status _nss_myhostname_gethostbyname3_r( | |
301 | const char *name, | |
302 | int af, | |
303 | struct hostent *host, | |
304 | char *buffer, size_t buflen, | |
305 | int *errnop, int *h_errnop, | |
306 | int32_t *ttlp, | |
307 | char **canonp) { | |
308 | ||
309 | _cleanup_free_ struct local_address *addresses = NULL; | |
310 | const char *canonical, *additional = NULL; | |
311 | _cleanup_free_ char *hn = NULL; | |
312 | uint32_t local_address_ipv4 = 0; | |
313 | int n_addresses = 0; | |
314 | ||
315 | PROTECT_ERRNO; | |
316 | BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); | |
317 | ||
318 | assert(name); | |
319 | assert(host); | |
320 | assert(buffer); | |
321 | assert(errnop); | |
322 | assert(h_errnop); | |
323 | ||
324 | if (af == AF_UNSPEC) | |
325 | af = AF_INET; | |
326 | ||
327 | if (!IN_SET(af, AF_INET, AF_INET6)) { | |
328 | UNPROTECT_ERRNO; | |
329 | *errnop = EAFNOSUPPORT; | |
330 | *h_errnop = NO_DATA; | |
331 | return NSS_STATUS_UNAVAIL; | |
332 | } | |
333 | ||
334 | if (is_localhost(name)) { | |
335 | canonical = "localhost"; | |
336 | local_address_ipv4 = htobe32(INADDR_LOOPBACK); | |
337 | ||
338 | } else if (is_gateway_hostname(name)) { | |
339 | ||
340 | n_addresses = local_gateways(NULL, 0, af, &addresses); | |
341 | if (n_addresses <= 0) | |
342 | goto not_found; | |
343 | ||
344 | canonical = "_gateway"; | |
345 | ||
346 | } else { | |
347 | hn = gethostname_malloc(); | |
348 | if (!hn) { | |
349 | UNPROTECT_ERRNO; | |
350 | *errnop = ENOMEM; | |
351 | *h_errnop = NO_RECOVERY; | |
352 | return NSS_STATUS_TRYAGAIN; | |
353 | } | |
354 | ||
355 | if (!streq(name, hn) && !streq_ptr(startswith(name, hn), ".")) | |
356 | goto not_found; | |
357 | ||
358 | n_addresses = local_addresses(NULL, 0, af, &addresses); | |
359 | if (n_addresses < 0) | |
360 | n_addresses = 0; | |
361 | ||
362 | canonical = hn; | |
363 | additional = n_addresses <= 0 && af == AF_INET6 ? "localhost" : NULL; | |
364 | local_address_ipv4 = LOCALADDRESS_IPV4; | |
365 | } | |
366 | ||
367 | UNPROTECT_ERRNO; | |
368 | ||
369 | return fill_in_hostent( | |
370 | canonical, additional, | |
371 | af, | |
372 | addresses, n_addresses, | |
373 | local_address_ipv4, | |
374 | host, | |
375 | buffer, buflen, | |
376 | errnop, h_errnop, | |
377 | ttlp, | |
378 | canonp); | |
379 | ||
380 | not_found: | |
381 | *h_errnop = HOST_NOT_FOUND; | |
382 | return NSS_STATUS_NOTFOUND; | |
383 | } | |
384 | ||
385 | enum nss_status _nss_myhostname_gethostbyaddr2_r( | |
386 | const void* addr, socklen_t len, | |
387 | int af, | |
388 | struct hostent *host, | |
389 | char *buffer, size_t buflen, | |
390 | int *errnop, int *h_errnop, | |
391 | int32_t *ttlp) { | |
392 | ||
393 | const char *canonical = NULL, *additional = NULL; | |
394 | uint32_t local_address_ipv4 = LOCALADDRESS_IPV4; | |
395 | _cleanup_free_ struct local_address *addresses = NULL; | |
396 | _cleanup_free_ char *hn = NULL; | |
397 | int n_addresses = 0; | |
398 | struct local_address *a; | |
399 | bool additional_from_hostname = false; | |
400 | unsigned n; | |
401 | ||
402 | PROTECT_ERRNO; | |
403 | BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); | |
404 | ||
405 | assert(addr); | |
406 | assert(host); | |
407 | assert(buffer); | |
408 | assert(errnop); | |
409 | assert(h_errnop); | |
410 | ||
411 | if (!IN_SET(af, AF_INET, AF_INET6)) { | |
412 | UNPROTECT_ERRNO; | |
413 | *errnop = EAFNOSUPPORT; | |
414 | *h_errnop = NO_DATA; | |
415 | return NSS_STATUS_UNAVAIL; | |
416 | } | |
417 | ||
418 | if (len != FAMILY_ADDRESS_SIZE(af)) { | |
419 | UNPROTECT_ERRNO; | |
420 | *errnop = EINVAL; | |
421 | *h_errnop = NO_RECOVERY; | |
422 | return NSS_STATUS_UNAVAIL; | |
423 | } | |
424 | ||
425 | if (af == AF_INET) { | |
426 | if ((*(uint32_t*) addr) == LOCALADDRESS_IPV4) | |
427 | goto found; | |
428 | ||
429 | if ((*(uint32_t*) addr) == htobe32(INADDR_LOOPBACK)) { | |
430 | canonical = "localhost"; | |
431 | local_address_ipv4 = htobe32(INADDR_LOOPBACK); | |
432 | goto found; | |
433 | } | |
434 | ||
435 | } else { | |
436 | assert(af == AF_INET6); | |
437 | ||
438 | if (memcmp(addr, LOCALADDRESS_IPV6, 16) == 0) { | |
439 | canonical = "localhost"; | |
440 | additional_from_hostname = true; | |
441 | goto found; | |
442 | } | |
443 | } | |
444 | ||
445 | n_addresses = local_addresses(NULL, 0, AF_UNSPEC, &addresses); | |
446 | for (a = addresses, n = 0; (int) n < n_addresses; n++, a++) { | |
447 | if (af != a->family) | |
448 | continue; | |
449 | ||
450 | if (memcmp(addr, &a->address, FAMILY_ADDRESS_SIZE(af)) == 0) | |
451 | goto found; | |
452 | } | |
453 | ||
454 | addresses = mfree(addresses); | |
455 | ||
456 | n_addresses = local_gateways(NULL, 0, AF_UNSPEC, &addresses); | |
457 | for (a = addresses, n = 0; (int) n < n_addresses; n++, a++) { | |
458 | if (af != a->family) | |
459 | continue; | |
460 | ||
461 | if (memcmp(addr, &a->address, FAMILY_ADDRESS_SIZE(af)) == 0) { | |
462 | canonical = "_gateway"; | |
463 | goto found; | |
464 | } | |
465 | } | |
466 | ||
467 | *h_errnop = HOST_NOT_FOUND; | |
468 | return NSS_STATUS_NOTFOUND; | |
469 | ||
470 | found: | |
471 | if (!canonical || additional_from_hostname) { | |
472 | hn = gethostname_malloc(); | |
473 | if (!hn) { | |
474 | UNPROTECT_ERRNO; | |
475 | *errnop = ENOMEM; | |
476 | *h_errnop = NO_RECOVERY; | |
477 | return NSS_STATUS_TRYAGAIN; | |
478 | } | |
479 | ||
480 | if (!canonical) | |
481 | canonical = hn; | |
482 | else | |
483 | additional = hn; | |
484 | } | |
485 | ||
486 | UNPROTECT_ERRNO; | |
487 | return fill_in_hostent( | |
488 | canonical, additional, | |
489 | af, | |
490 | addresses, n_addresses, | |
491 | local_address_ipv4, | |
492 | host, | |
493 | buffer, buflen, | |
494 | errnop, h_errnop, | |
495 | ttlp, | |
496 | NULL); | |
497 | } | |
498 | ||
499 | NSS_GETHOSTBYNAME_FALLBACKS(myhostname); | |
500 | NSS_GETHOSTBYADDR_FALLBACKS(myhostname); |