Reorganize internal DNS interfaces

Move SRV lookup function declarations out of dnsglue.h into
os-proto.h, where the TXT lookup function is declared.  Only include
dnsglue.h within files which need to parse DNS records.

To avoid needing MAXDNAME, use dynamic allocation for the results of
DNS lookups (including hostname canonicalization) where we currently
use fixed buffers.  Remove clean_hostname from the accessor (nothing
uses it) and make it a static function within hostrealm.c.

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 5d84985bf139e4d731db19bca53e431f197c1336..1dedeb963e109892f8394ed05cf109618925d185 100644 (file)
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1831,16 +1831,13 @@ krb5int_random_string(krb5_context, char *string, unsigned int length);
 /* To keep happy libraries which are (for now) accessing internal stuff */
 
 /* Make sure to increment by one when changing the struct */
-#define KRB5INT_ACCESS_STRUCT_VERSION 21
+#define KRB5INT_ACCESS_STRUCT_VERSION 22
 
 typedef struct _krb5int_access {
     krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context,
                                                    krb5_auth_context,
                                                    krb5_enctype *);
 
-    krb5_error_code (*clean_hostname)(krb5_context, const char *, char *,
-                                      size_t);
-
     krb5_error_code (*mandatory_cksumtype)(krb5_context, krb5_enctype,
                                            krb5_cksumtype *);
     krb5_error_code (KRB5_CALLCONV *ser_pack_int64)(int64_t, krb5_octet **,

diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c
index 11552ef42c08e9a40af4d8126ee635444bda0a74..d77f8c6b767e60662f11ee7998c8471917ebf12c 100644 (file)
--- a/src/lib/krb5/os/accessor.c
+++ b/src/lib/krb5/os/accessor.c
@@ -56,8 +56,6 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version)
 #endif
             S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype),
 
-            S (clean_hostname, k5_clean_hostname),
-
 #ifndef LEAN_CLIENT
 #define SC(FIELD, VAL)  S(FIELD, VAL)
 #else /* disable */

diff --git a/src/lib/krb5/os/deps b/src/lib/krb5/os/deps
index c09087d6b3a5a5402e765413e7dc495ede7a2bb7..0e5de6e4d271425ccfc680baa093090ef2c8d212 100644 (file)
--- a/src/lib/krb5/os/deps
+++ b/src/lib/krb5/os/deps
@@ -329,8 +329,7 @@ locate_kdc.so locate_kdc.po $(OUTPRE)locate_kdc.$(OBJEXT): \
   $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
   $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
   $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
-  $(top_srcdir)/include/socket-utils.h dnsglue.h locate_kdc.c \
-  os-proto.h
+  $(top_srcdir)/include/socket-utils.h locate_kdc.c os-proto.h
 lock_file.so lock_file.po $(OUTPRE)lock_file.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

diff --git a/src/lib/krb5/os/dnsglue.c b/src/lib/krb5/os/dnsglue.c
index e29066d74bc5bd172983984724ea298e7c5be807..86138c478b311c6ba8a4cde80b9e16aad270a266 100644 (file)
--- a/src/lib/krb5/os/dnsglue.c
+++ b/src/lib/krb5/os/dnsglue.c
@@ -364,7 +364,7 @@ k5_try_realm_txt_rr(krb5_context context, const char *prefix, const char *name,
 {
     krb5_error_code retval = KRB5_ERR_HOST_REALM_UNKNOWN;
     const unsigned char *p, *base;
-    char host[MAXDNAME];
+    char *txtname = NULL;
     int ret, rdlen, len;
     struct krb5int_dns_state *ds = NULL;
     struct k5buf buf;
@@ -373,7 +373,7 @@ k5_try_realm_txt_rr(krb5_context context, const char *prefix, const char *name,
      * Form our query, and send it via DNS
      */
 
-    k5_buf_init_fixed(&buf, host, sizeof(host));
+    k5_buf_init_dynamic(&buf);
     if (name == NULL || name[0] == '\0') {
         k5_buf_add(&buf, prefix);
     } else {
@@ -389,14 +389,15 @@ k5_try_realm_txt_rr(krb5_context context, const char *prefix, const char *name,
            the local domain or domain search lists to be expanded.
         */
 
-        if (buf.len > 0 && host[buf.len - 1] != '.')
+        if (buf.len > 0 && ((char *)buf.data)[buf.len - 1] != '.')
             k5_buf_add(&buf, ".");
     }
     if (k5_buf_status(&buf) != 0)
         return KRB5_ERR_HOST_REALM_UNKNOWN;
-    ret = krb5int_dns_init(&ds, host, C_IN, T_TXT);
+    txtname = buf.data;
+    ret = krb5int_dns_init(&ds, txtname, C_IN, T_TXT);
     if (ret < 0) {
-        TRACE_TXT_LOOKUP_NOTFOUND(context, host);
+        TRACE_TXT_LOOKUP_NOTFOUND(context, txtname);
         goto errout;
     }
 
@@ -419,13 +420,11 @@ k5_try_realm_txt_rr(krb5_context context, const char *prefix, const char *name,
     if ( (*realm)[len-1] == '.' )
         (*realm)[len-1] = '\0';
     retval = 0;
-    TRACE_TXT_LOOKUP_SUCCESS(context, host, *realm);
+    TRACE_TXT_LOOKUP_SUCCESS(context, txtname, *realm);
 
 errout:
-    if (ds != NULL) {
-        krb5int_dns_fini(ds);
-        ds = NULL;
-    }
+    krb5int_dns_fini(ds);
+    free(txtname);
     return retval;
 }
 

diff --git a/src/lib/krb5/os/dnsglue.h b/src/lib/krb5/os/dnsglue.h
index e7844049db726638d525a273f27bba7b81dabe0c..b5d054ac0f40f9ad6ebdc2a166e72dc8dec0dbd6 100644 (file)
--- a/src/lib/krb5/os/dnsglue.h
+++ b/src/lib/krb5/os/dnsglue.h
@@ -64,10 +64,6 @@
 #include <sys/param.h>          /* for MAXHOSTNAMELEN */
 #endif
 
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 64       /* if we can't find it elswhere */
-#endif
-
 #ifndef MAXDNAME
 
 #ifdef NS_MAXDNAME
@@ -159,24 +155,5 @@ int krb5int_dns_expand(struct krb5int_dns_state *,
                        const unsigned char *, char *, int);
 void krb5int_dns_fini(struct krb5int_dns_state *);
 
-struct srv_dns_entry {
-    struct srv_dns_entry *next;
-    int priority;
-    int weight;
-    unsigned short port;
-    char *host;
-};
-
-krb5_error_code
-krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
-                             const char *service, const char *protocol,
-                             struct srv_dns_entry **answers);
-
-void krb5int_free_srv_dns_data(struct srv_dns_entry *);
-
-krb5_error_code
-k5_make_uri_query(krb5_context context, const krb5_data *realm,
-                  const char *service, struct srv_dns_entry **answers);
-
 #endif /* KRB5_DNS_LOOKUP */
 #endif /* !defined(KRB5_DNSGLUE_H) */

diff --git a/src/lib/krb5/os/dnssrv.c b/src/lib/krb5/os/dnssrv.c
index d66a8f99a0af142745ba92ec3065d5816ef6074a..ff14b56a5673001e60d5b1478e51037a3989b8f1 100644 (file)
--- a/src/lib/krb5/os/dnssrv.c
+++ b/src/lib/krb5/os/dnssrv.c
@@ -45,18 +45,18 @@ krb5int_free_srv_dns_data (struct srv_dns_entry *p)
     }
 }
 
-/* Construct a DNS label of the form "service.[protocol.]realm.", placing the
- * result into fixed_buf.  protocol may be NULL. */
-static krb5_error_code
-prepare_lookup_buf(const krb5_data *realm, const char *service,
-                   const char *protocol, char *fixed_buf, size_t bufsize)
+/* Construct a DNS label of the form "service.[protocol.]realm.".  protocol may
+ * be NULL. */
+static char *
+make_lookup_name(const krb5_data *realm, const char *service,
+                 const char *protocol)
 {
     struct k5buf buf;
 
     if (memchr(realm->data, 0, realm->length))
-        return EINVAL;
+        return NULL;
 
-    k5_buf_init_fixed(&buf, fixed_buf, bufsize);
+    k5_buf_init_dynamic(&buf);
     k5_buf_add_fmt(&buf, "%s.", service);
     if (protocol != NULL)
         k5_buf_add_fmt(&buf, "%s.", protocol);
@@ -72,7 +72,7 @@ prepare_lookup_buf(const krb5_data *realm, const char *service,
     if (buf.len > 0 && ((char *)buf.data)[buf.len - 1] != '.')
         k5_buf_add(&buf, ".");
 
-    return k5_buf_status(&buf);
+    return buf.data;
 }
 
 /* Insert new into the list *head, ordering by priority.  Weight is not
@@ -108,7 +108,7 @@ k5_make_uri_query(krb5_context context, const krb5_data *realm,
                   const char *service, struct srv_dns_entry **answers)
 {
     const unsigned char *p = NULL, *base = NULL;
-    char host[MAXDNAME];
+    char *name = NULL;
     int size, ret, rdlen;
     unsigned short priority, weight;
     struct krb5int_dns_state *ds = NULL;
@@ -117,13 +117,13 @@ k5_make_uri_query(krb5_context context, const krb5_data *realm,
     *answers = NULL;
 
     /* Construct service.realm. */
-    ret = prepare_lookup_buf(realm, service, NULL, host, sizeof(host));
-    if (ret)
+    name = make_lookup_name(realm, service, NULL);
+    if (name == NULL)
         return 0;
 
-    TRACE_DNS_URI_SEND(context, host);
+    TRACE_DNS_URI_SEND(context, name);
 
-    size = krb5int_dns_init(&ds, host, C_IN, T_URI);
+    size = krb5int_dns_init(&ds, name, C_IN, T_URI);
     if (size < 0)
         goto out;
 
@@ -156,6 +156,7 @@ k5_make_uri_query(krb5_context context, const krb5_data *realm,
 
 out:
     krb5int_dns_fini(ds);
+    free(name);
     *answers = head;
     return 0;
 }
@@ -173,7 +174,7 @@ krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
                              struct srv_dns_entry **answers)
 {
     const unsigned char *p = NULL, *base = NULL;
-    char host[MAXDNAME];
+    char *name = NULL, host[MAXDNAME];
     int size, ret, rdlen, nlen;
     unsigned short priority, weight, port;
     struct krb5int_dns_state *ds = NULL;
@@ -190,13 +191,13 @@ krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
      *
      */
 
-    ret = prepare_lookup_buf(realm, service, protocol, host, sizeof(host));
-    if (ret)
+    name = make_lookup_name(realm, service, protocol);
+    if (name == NULL)
         return 0;
 
-    TRACE_DNS_SRV_SEND(context, host);
+    TRACE_DNS_SRV_SEND(context, name);
 
-    size = krb5int_dns_init(&ds, host, C_IN, T_SRV);
+    size = krb5int_dns_init(&ds, name, C_IN, T_SRV);
     if (size < 0)
         goto out;
 
@@ -246,6 +247,7 @@ krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
 
 out:
     krb5int_dns_fini(ds);
+    free(name);
     *answers = head;
     return 0;
 }

diff --git a/src/lib/krb5/os/hostrealm.c b/src/lib/krb5/os/hostrealm.c
index 78d6c5df487a078625a8e44fa0aacab86d62b549..fcab360e496aa732e77a46de79f6812da745744a 100644 (file)
--- a/src/lib/krb5/os/hostrealm.c
+++ b/src/lib/krb5/os/hostrealm.c
@@ -254,13 +254,15 @@ translate_gai_error(int num)
 /* Get the canonical form of the local host name, using forward
  * canonicalization only. */
 krb5_error_code
-krb5int_get_fq_local_hostname(char *buf, size_t bufsize)
+krb5int_get_fq_local_hostname(char **hostname_out)
 {
     struct addrinfo *ai, hints;
+    char buf[MAXHOSTNAMELEN];
     int err;
 
-    buf[0] = '\0';
-    if (gethostname(buf, bufsize) == -1)
+    *hostname_out = NULL;
+
+    if (gethostname(buf, sizeof(buf)) == -1)
         return SOCKET_ERRNO;
 
     memset(&hints, 0, sizeof(hints));
@@ -272,26 +274,26 @@ krb5int_get_fq_local_hostname(char *buf, size_t bufsize)
         freeaddrinfo(ai);
         return KRB5_EAI_FAIL;
     }
-    if (strlcpy(buf, ai->ai_canonname, bufsize) >= bufsize)
-        return ENOMEM;
+    *hostname_out = strdup(ai->ai_canonname);
     freeaddrinfo(ai);
-    return 0;
+    return (*hostname_out == NULL) ? ENOMEM : 0;
 }
 
-krb5_error_code
-k5_clean_hostname(krb5_context context, const char *host, char *cleanname,
-                  size_t lhsize)
+static krb5_error_code
+clean_hostname(krb5_context context, const char *host, char **cleanname_out)
 {
-    char *p;
+    char *p, *cleanname;
     krb5_error_code ret;
     size_t l;
 
-    cleanname[0] = '\0';
+    *cleanname_out = NULL;
+
     if (host != NULL) {
-        if (strlcpy(cleanname, host, lhsize) >= lhsize)
+        cleanname = strdup(host);
+        if (cleanname == NULL)
             return ENOMEM;
     } else {
-        ret = krb5int_get_fq_local_hostname(cleanname, lhsize);
+        ret = krb5int_get_fq_local_hostname(&cleanname);
         if (ret)
             return ret;
     }
@@ -307,6 +309,7 @@ k5_clean_hostname(krb5_context context, const char *host, char *cleanname,
     if (l > 0 && cleanname[l - 1] == '.')
         cleanname[l - 1] = '\0';
 
+    *cleanname_out = cleanname;
     return 0;
 }
 
@@ -359,19 +362,19 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realms_out)
 {
     krb5_error_code ret;
     struct hostrealm_module_handle **hp;
-    char **realms, cleanname[1024];
+    char **realms, *cleanname = NULL;
 
     *realms_out = NULL;
 
     if (context->hostrealm_handles == NULL) {
         ret = load_hostrealm_modules(context);
         if (ret)
-            return ret;
+            goto cleanup;
     }
 
-    ret = k5_clean_hostname(context, host, cleanname, sizeof(cleanname));
+    ret = clean_hostname(context, host, &cleanname);
     if (ret)
-        return ret;
+        goto cleanup;
 
     /* Give each module a chance to determine the host's realms. */
     for (hp = context->hostrealm_handles; *hp != NULL; hp++) {
@@ -379,15 +382,19 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realms_out)
         if (ret == 0) {
             ret = copy_list(realms, realms_out);
             free_list(context, *hp, realms);
-            return ret;
+            goto cleanup;
         } else if (ret != KRB5_PLUGIN_NO_HANDLE) {
-            return ret;
+            goto cleanup;
         }
     }
 
     /* Return a list containing the "referral realm" (an empty realm), as a
      * cue to try referrals. */
-    return k5_make_realmlist(KRB5_REFERRAL_REALM, realms_out);
+    ret = k5_make_realmlist(KRB5_REFERRAL_REALM, realms_out);
+
+cleanup:
+    free(cleanname);
+    return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -396,23 +403,23 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata,
 {
     krb5_error_code ret;
     struct hostrealm_module_handle **hp;
-    char **realms, *defrealm, *host, cleanname[1024];
+    char **realms, *defrealm, *host, *cleanname = NULL;
 
     *realms_out = NULL;
 
     /* Convert hdata into a string and clean it. */
     host = k5memdup0(hdata->data, hdata->length, &ret);
     if (host == NULL)
-        return ret;
-    ret = k5_clean_hostname(context, host, cleanname, sizeof(cleanname));
+        goto cleanup;
+    ret = clean_hostname(context, host, &cleanname);
     free(host);
     if (ret)
-        return ret;
+        goto cleanup;
 
     if (context->hostrealm_handles == NULL) {
         ret = load_hostrealm_modules(context);
         if (ret)
-            return ret;
+            goto cleanup;
     }
 
     /* Give each module a chance to determine the fallback realms. */
@@ -421,18 +428,21 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata,
         if (ret == 0) {
             ret = copy_list(realms, realms_out);
             free_list(context, *hp, realms);
-            return ret;
+            goto cleanup;
         } else if (ret != KRB5_PLUGIN_NO_HANDLE) {
-            return ret;
+            goto cleanup;
         }
     }
 
     /* Return a list containing the default realm. */
     ret = krb5_get_default_realm(context, &defrealm);
     if (ret)
-        return ret;
+        goto cleanup;
     ret = k5_make_realmlist(defrealm, realms_out);
     krb5_free_default_realm(context, defrealm);
+
+cleanup:
+    free(cleanname);
     return ret;
 }
 

diff --git a/src/lib/krb5/os/hostrealm_dns.c b/src/lib/krb5/os/hostrealm_dns.c
index 7f017a856c629a8da9385e0df22582dd28007a99..a55a12c15efb95d28e2bc8084a0a73820994856b 100644 (file)
--- a/src/lib/krb5/os/hostrealm_dns.c
+++ b/src/lib/krb5/os/hostrealm_dns.c
@@ -41,7 +41,6 @@
 #include <krb5/hostrealm_plugin.h>
 
 #ifdef KRB5_DNS_LOOKUP
-#include "dnsglue.h"
 
 /* Try a _kerberos TXT lookup for fqdn and each parent domain; return the
  * resulting realm (caller must free) or NULL. */
@@ -85,19 +84,20 @@ dns_default_realm(krb5_context context, krb5_hostrealm_moddata data,
                   char ***realms_out)
 {
     krb5_error_code ret;
-    char localhost[MAXDNAME + 1], *realm;
+    char *localhost, *realm;
 
     *realms_out = NULL;
     if (!_krb5_use_dns_realm(context))
         return KRB5_PLUGIN_NO_HANDLE;
 
-    ret = krb5int_get_fq_local_hostname(localhost, sizeof(localhost));
+    ret = krb5int_get_fq_local_hostname(&localhost);
     if (ret)
         return ret;
 
     /* If we don't find a TXT record for localhost or any parent, look for a
      * global record. */
     realm = txt_lookup(context, localhost);
+    free(localhost);
     if (realm == NULL)
         (void)k5_try_realm_txt_rr(context, "_kerberos", NULL, &realm);
 

diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index b9edecc7a91064e740bf060e8c10ac6f38eb6b47..c32a9675516677db37319cc3389d9c29a9ad943e 100644 (file)
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -27,17 +27,8 @@
 #include "k5-int.h"
 #include "fake-addrinfo.h"
 #include "os-proto.h"
+
 #ifdef KRB5_DNS_LOOKUP
-#ifdef WSHELPER
-#include <wshelper.h>
-#else /* WSHELPER */
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <arpa/nameser.h>
-#include <resolv.h>
-#include <netdb.h>
-#endif /* WSHELPER */
-#include "dnsglue.h"
 
 #define DEFAULT_LOOKUP_KDC 1
 #if KRB5_DNS_LOOKUP_REALM

diff --git a/src/lib/krb5/os/os-proto.h b/src/lib/krb5/os/os-proto.h
index 7cf5a48792b6558bb940672ba7cc2c044a205a4f..634e82d703fcbdd9c1580d0a074d60ce4d6f86b0 100644 (file)
--- a/src/lib/krb5/os/os-proto.h
+++ b/src/lib/krb5/os/os-proto.h
@@ -110,6 +110,25 @@ krb5_error_code krb5_make_full_ipaddr(krb5_context,
 
 #endif /* HAVE_NETINET_IN_H */
 
+struct srv_dns_entry {
+    struct srv_dns_entry *next;
+    int priority;
+    int weight;
+    unsigned short port;
+    char *host;
+};
+
+krb5_error_code
+krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
+                             const char *service, const char *protocol,
+                             struct srv_dns_entry **answers);
+
+void krb5int_free_srv_dns_data(struct srv_dns_entry *);
+
+krb5_error_code
+k5_make_uri_query(krb5_context context, const krb5_data *realm,
+                  const char *service, struct srv_dns_entry **answers);
+
 krb5_error_code k5_try_realm_txt_rr(krb5_context context, const char *prefix,
                                     const char *name, char **realm);
 
@@ -128,7 +147,7 @@ krb5_error_code k5_sendto(krb5_context context, const krb5_data *message,
                                              void *),
                           void *msg_handler_data);
 
-krb5_error_code krb5int_get_fq_local_hostname(char *, size_t);
+krb5_error_code krb5int_get_fq_local_hostname(char **);
 
 /* The io vector is *not* const here, unlike writev()!  */
 int krb5int_net_writev (krb5_context, int, sg_buf *, int);
@@ -152,7 +171,6 @@ krb5_error_code k5_time_with_offset(krb5_timestamp offset,
                                     krb5_timestamp *time_out,
                                     krb5_int32 *usec_out);
 void k5_set_prompt_types(krb5_context, krb5_prompt_type *);
-krb5_error_code k5_clean_hostname(krb5_context, const char *, char *, size_t);
 krb5_boolean k5_is_numeric_address(const char *name);
 krb5_error_code k5_make_realmlist(const char *realm, char ***realms_out);
 krb5_error_code k5_kt_client_default_name(krb5_context context,