xref: /freebsd/crypto/heimdal/lib/krb5/addr_families.c (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1 /*
2  * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "krb5_locl.h"
35 
36 RCSID("$Id: addr_families.c,v 1.38 2003/03/25 12:37:02 joda Exp $");
37 
38 struct addr_operations {
39     int af;
40     krb5_address_type atype;
41     size_t max_sockaddr_size;
42     krb5_error_code (*sockaddr2addr)(const struct sockaddr *, krb5_address *);
43     krb5_error_code (*sockaddr2port)(const struct sockaddr *, int16_t *);
44     void (*addr2sockaddr)(const krb5_address *, struct sockaddr *,
45 			  krb5_socklen_t *sa_size, int port);
46     void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int);
47     krb5_error_code (*h_addr2addr)(const char *, krb5_address *);
48     krb5_boolean (*uninteresting)(const struct sockaddr *);
49     void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int);
50     int (*print_addr)(const krb5_address *, char *, size_t);
51     int (*parse_addr)(krb5_context, const char*, krb5_address *);
52     int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*);
53     int (*free_addr)(krb5_context, krb5_address*);
54     int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*);
55 };
56 
57 /*
58  * AF_INET - aka IPv4 implementation
59  */
60 
61 static krb5_error_code
62 ipv4_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
63 {
64     const struct sockaddr_in *sin = (const struct sockaddr_in *)sa;
65     unsigned char buf[4];
66 
67     a->addr_type = KRB5_ADDRESS_INET;
68     memcpy (buf, &sin->sin_addr, 4);
69     return krb5_data_copy(&a->address, buf, 4);
70 }
71 
72 static krb5_error_code
73 ipv4_sockaddr2port (const struct sockaddr *sa, int16_t *port)
74 {
75     const struct sockaddr_in *sin = (const struct sockaddr_in *)sa;
76 
77     *port = sin->sin_port;
78     return 0;
79 }
80 
81 static void
82 ipv4_addr2sockaddr (const krb5_address *a,
83 		    struct sockaddr *sa,
84 		    krb5_socklen_t *sa_size,
85 		    int port)
86 {
87     struct sockaddr_in tmp;
88 
89     memset (&tmp, 0, sizeof(tmp));
90     tmp.sin_family = AF_INET;
91     memcpy (&tmp.sin_addr, a->address.data, 4);
92     tmp.sin_port = port;
93     memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
94     *sa_size = sizeof(tmp);
95 }
96 
97 static void
98 ipv4_h_addr2sockaddr(const char *addr,
99 		     struct sockaddr *sa,
100 		     krb5_socklen_t *sa_size,
101 		     int port)
102 {
103     struct sockaddr_in tmp;
104 
105     memset (&tmp, 0, sizeof(tmp));
106     tmp.sin_family = AF_INET;
107     tmp.sin_port   = port;
108     tmp.sin_addr   = *((const struct in_addr *)addr);
109     memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
110     *sa_size = sizeof(tmp);
111 }
112 
113 static krb5_error_code
114 ipv4_h_addr2addr (const char *addr,
115 		  krb5_address *a)
116 {
117     unsigned char buf[4];
118 
119     a->addr_type = KRB5_ADDRESS_INET;
120     memcpy(buf, addr, 4);
121     return krb5_data_copy(&a->address, buf, 4);
122 }
123 
124 /*
125  * Are there any addresses that should be considered `uninteresting'?
126  */
127 
128 static krb5_boolean
129 ipv4_uninteresting (const struct sockaddr *sa)
130 {
131     const struct sockaddr_in *sin = (const struct sockaddr_in *)sa;
132 
133     if (sin->sin_addr.s_addr == INADDR_ANY)
134 	return TRUE;
135 
136     return FALSE;
137 }
138 
139 static void
140 ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
141 {
142     struct sockaddr_in tmp;
143 
144     memset (&tmp, 0, sizeof(tmp));
145     tmp.sin_family = AF_INET;
146     tmp.sin_port   = port;
147     tmp.sin_addr.s_addr = INADDR_ANY;
148     memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
149     *sa_size = sizeof(tmp);
150 }
151 
152 static int
153 ipv4_print_addr (const krb5_address *addr, char *str, size_t len)
154 {
155     struct in_addr ia;
156 
157     memcpy (&ia, addr->address.data, 4);
158 
159     return snprintf (str, len, "IPv4:%s", inet_ntoa(ia));
160 }
161 
162 static int
163 ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
164 {
165     const char *p;
166     struct in_addr a;
167 
168     p = strchr(address, ':');
169     if(p) {
170 	p++;
171 	if(strncasecmp(address, "ip:", p - address) != 0 &&
172 	   strncasecmp(address, "ip4:", p - address) != 0 &&
173 	   strncasecmp(address, "ipv4:", p - address) != 0 &&
174 	   strncasecmp(address, "inet:", p - address) != 0)
175 	    return -1;
176     } else
177 	p = address;
178 #ifdef HAVE_INET_ATON
179     if(inet_aton(p, &a) == 0)
180 	return -1;
181 #elif defined(HAVE_INET_ADDR)
182     a.s_addr = inet_addr(p);
183     if(a.s_addr == INADDR_NONE)
184 	return -1;
185 #else
186     return -1;
187 #endif
188     addr->addr_type = KRB5_ADDRESS_INET;
189     if(krb5_data_alloc(&addr->address, 4) != 0)
190 	return -1;
191     _krb5_put_int(addr->address.data, ntohl(a.s_addr), addr->address.length);
192     return 0;
193 }
194 
195 /*
196  * AF_INET6 - aka IPv6 implementation
197  */
198 
199 #ifdef HAVE_IPV6
200 
201 static krb5_error_code
202 ipv6_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
203 {
204     const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
205 
206     if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
207 	unsigned char buf[4];
208 
209 	a->addr_type      = KRB5_ADDRESS_INET;
210 #ifndef IN6_ADDR_V6_TO_V4
211 #ifdef IN6_EXTRACT_V4ADDR
212 #define IN6_ADDR_V6_TO_V4(x) (&IN6_EXTRACT_V4ADDR(x))
213 #else
214 #define IN6_ADDR_V6_TO_V4(x) ((const struct in_addr *)&(x)->s6_addr[12])
215 #endif
216 #endif
217 	memcpy (buf, IN6_ADDR_V6_TO_V4(&sin6->sin6_addr), 4);
218 	return krb5_data_copy(&a->address, buf, 4);
219     } else {
220 	a->addr_type = KRB5_ADDRESS_INET6;
221 	return krb5_data_copy(&a->address,
222 			      &sin6->sin6_addr,
223 			      sizeof(sin6->sin6_addr));
224     }
225 }
226 
227 static krb5_error_code
228 ipv6_sockaddr2port (const struct sockaddr *sa, int16_t *port)
229 {
230     const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
231 
232     *port = sin6->sin6_port;
233     return 0;
234 }
235 
236 static void
237 ipv6_addr2sockaddr (const krb5_address *a,
238 		    struct sockaddr *sa,
239 		    krb5_socklen_t *sa_size,
240 		    int port)
241 {
242     struct sockaddr_in6 tmp;
243 
244     memset (&tmp, 0, sizeof(tmp));
245     tmp.sin6_family = AF_INET6;
246     memcpy (&tmp.sin6_addr, a->address.data, sizeof(tmp.sin6_addr));
247     tmp.sin6_port = port;
248     memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
249     *sa_size = sizeof(tmp);
250 }
251 
252 static void
253 ipv6_h_addr2sockaddr(const char *addr,
254 		     struct sockaddr *sa,
255 		     krb5_socklen_t *sa_size,
256 		     int port)
257 {
258     struct sockaddr_in6 tmp;
259 
260     memset (&tmp, 0, sizeof(tmp));
261     tmp.sin6_family = AF_INET6;
262     tmp.sin6_port   = port;
263     tmp.sin6_addr   = *((const struct in6_addr *)addr);
264     memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
265     *sa_size = sizeof(tmp);
266 }
267 
268 static krb5_error_code
269 ipv6_h_addr2addr (const char *addr,
270 		  krb5_address *a)
271 {
272     a->addr_type = KRB5_ADDRESS_INET6;
273     return krb5_data_copy(&a->address, addr, sizeof(struct in6_addr));
274 }
275 
276 /*
277  *
278  */
279 
280 static krb5_boolean
281 ipv6_uninteresting (const struct sockaddr *sa)
282 {
283     const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
284     const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
285 
286     return
287 	IN6_IS_ADDR_LINKLOCAL(in6)
288 	|| IN6_IS_ADDR_V4COMPAT(in6);
289 }
290 
291 static void
292 ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
293 {
294     struct sockaddr_in6 tmp;
295 
296     memset (&tmp, 0, sizeof(tmp));
297     tmp.sin6_family = AF_INET6;
298     tmp.sin6_port   = port;
299     tmp.sin6_addr   = in6addr_any;
300     *sa_size = sizeof(tmp);
301 }
302 
303 static int
304 ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
305 {
306     char buf[128], buf2[3];
307 #ifdef HAVE_INET_NTOP
308     if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
309 #endif
310 	{
311 	    /* XXX this is pretty ugly, but better than abort() */
312 	    int i;
313 	    unsigned char *p = addr->address.data;
314 	    buf[0] = '\0';
315 	    for(i = 0; i < addr->address.length; i++) {
316 		snprintf(buf2, sizeof(buf2), "%02x", p[i]);
317 		if(i > 0 && (i & 1) == 0)
318 		    strlcat(buf, ":", sizeof(buf));
319 		strlcat(buf, buf2, sizeof(buf));
320 	    }
321 	}
322     return snprintf(str, len, "IPv6:%s", buf);
323 }
324 
325 static int
326 ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr)
327 {
328     int ret;
329     struct in6_addr in6;
330     const char *p;
331 
332     p = strchr(address, ':');
333     if(p) {
334 	p++;
335 	if(strncasecmp(address, "ip6:", p - address) == 0 ||
336 	   strncasecmp(address, "ipv6:", p - address) == 0 ||
337 	   strncasecmp(address, "inet6:", p - address) == 0)
338 	    address = p;
339     }
340 
341     ret = inet_pton(AF_INET6, address, &in6.s6_addr);
342     if(ret == 1) {
343 	addr->addr_type = KRB5_ADDRESS_INET6;
344 	ret = krb5_data_alloc(&addr->address, sizeof(in6.s6_addr));
345 	if (ret)
346 	    return -1;
347 	memcpy(addr->address.data, in6.s6_addr, sizeof(in6.s6_addr));
348 	return 0;
349     }
350     return -1;
351 }
352 
353 #endif /* IPv6 */
354 
355 /*
356  * table
357  */
358 
359 #define KRB5_ADDRESS_ARANGE	(-100)
360 
361 struct arange {
362     krb5_address low;
363     krb5_address high;
364 };
365 
366 static int
367 arange_parse_addr (krb5_context context,
368 		   const char *address, krb5_address *addr)
369 {
370     char buf[1024];
371     krb5_addresses low, high;
372     struct arange *a;
373     krb5_error_code ret;
374 
375     if(strncasecmp(address, "RANGE:", 6) != 0)
376 	return -1;
377 
378     address += 6;
379 
380     /* should handle netmasks */
381     strsep_copy(&address, "-", buf, sizeof(buf));
382     ret = krb5_parse_address(context, buf, &low);
383     if(ret)
384 	return ret;
385     if(low.len != 1) {
386 	krb5_free_addresses(context, &low);
387 	return -1;
388     }
389 
390     strsep_copy(&address, "-", buf, sizeof(buf));
391     ret = krb5_parse_address(context, buf, &high);
392     if(ret) {
393 	krb5_free_addresses(context, &low);
394 	return ret;
395     }
396 
397     if(high.len != 1 || high.val[0].addr_type != low.val[0].addr_type) {
398 	krb5_free_addresses(context, &low);
399 	krb5_free_addresses(context, &high);
400 	return -1;
401     }
402 
403     krb5_data_alloc(&addr->address, sizeof(*a));
404     addr->addr_type = KRB5_ADDRESS_ARANGE;
405     a = addr->address.data;
406 
407     if(krb5_address_order(context, &low.val[0], &high.val[0]) < 0) {
408 	a->low = low.val[0];
409 	a->high = high.val[0];
410     } else {
411 	a->low = high.val[0];
412 	a->high = low.val[0];
413     }
414     return 0;
415 }
416 
417 static int
418 arange_free (krb5_context context, krb5_address *addr)
419 {
420     struct arange *a;
421     a = addr->address.data;
422     krb5_free_address(context, &a->low);
423     krb5_free_address(context, &a->high);
424     return 0;
425 }
426 
427 
428 static int
429 arange_copy (krb5_context context, const krb5_address *inaddr,
430 	     krb5_address *outaddr)
431 {
432     krb5_error_code ret;
433     struct arange *i, *o;
434 
435     outaddr->addr_type = KRB5_ADDRESS_ARANGE;
436     ret = krb5_data_alloc(&outaddr->address, sizeof(*o));
437     if(ret)
438 	return ret;
439     i = inaddr->address.data;
440     o = outaddr->address.data;
441     ret = krb5_copy_address(context, &i->low, &o->low);
442     if(ret) {
443 	krb5_data_free(&outaddr->address);
444 	return ret;
445     }
446     ret = krb5_copy_address(context, &i->high, &o->high);
447     if(ret) {
448 	krb5_free_address(context, &o->low);
449 	krb5_data_free(&outaddr->address);
450 	return ret;
451     }
452     return 0;
453 }
454 
455 static int
456 arange_print_addr (const krb5_address *addr, char *str, size_t len)
457 {
458     struct arange *a;
459     krb5_error_code ret;
460     size_t l, ret_len = 0;
461 
462     a = addr->address.data;
463 
464     l = strlcpy(str, "RANGE:", len);
465     ret_len += l;
466 
467     ret = krb5_print_address (&a->low, str + ret_len, len - ret_len, &l);
468     ret_len += l;
469 
470     l = strlcat(str, "-", len);
471     ret_len += l;
472 
473     ret = krb5_print_address (&a->high, str + ret_len, len - ret_len, &l);
474     ret_len += l;
475 
476     return ret_len;
477 }
478 
479 static int
480 arange_order_addr(krb5_context context,
481 		  const krb5_address *addr1,
482 		  const krb5_address *addr2)
483 {
484     int tmp1, tmp2, sign;
485     struct arange *a;
486     const krb5_address *a2;
487 
488     if(addr1->addr_type == KRB5_ADDRESS_ARANGE) {
489 	a = addr1->address.data;
490 	a2 = addr2;
491 	sign = 1;
492     } else if(addr2->addr_type == KRB5_ADDRESS_ARANGE) {
493 	a = addr2->address.data;
494 	a2 = addr1;
495 	sign = -1;
496     } else
497 	abort();
498 
499     if(a2->addr_type == KRB5_ADDRESS_ARANGE) {
500 	struct arange *b = a2->address.data;
501 	tmp1 = krb5_address_order(context, &a->low, &b->low);
502 	if(tmp1 != 0)
503 	    return sign * tmp1;
504 	return sign * krb5_address_order(context, &a->high, &b->high);
505     } else if(a2->addr_type == a->low.addr_type) {
506 	tmp1 = krb5_address_order(context, &a->low, a2);
507 	if(tmp1 > 0)
508 	    return sign;
509 	tmp2 = krb5_address_order(context, &a->high, a2);
510 	if(tmp2 < 0)
511 	    return -sign;
512 	return 0;
513     } else {
514 	return sign * (addr1->addr_type - addr2->addr_type);
515     }
516 }
517 
518 static int
519 addrport_print_addr (const krb5_address *addr, char *str, size_t len)
520 {
521     krb5_address addr1, addr2;
522     uint16_t port = 0;
523     size_t ret_len = 0, l;
524     krb5_storage *sp = krb5_storage_from_data((krb5_data*)&addr->address);
525     /* for totally obscure reasons, these are not in network byteorder */
526     krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
527 
528     krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */
529     krb5_ret_address(sp, &addr1);
530 
531     krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */
532     krb5_ret_address(sp, &addr2);
533     krb5_storage_free(sp);
534     if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) {
535 	unsigned long value;
536 	_krb5_get_int(addr2.address.data, &value, 2);
537 	port = value;
538     }
539     l = strlcpy(str, "ADDRPORT:", len);
540     ret_len += l;
541     krb5_print_address(&addr1, str + ret_len, len - ret_len, &l);
542     ret_len += l;
543     l = snprintf(str + ret_len, len - ret_len, ",PORT=%u", port);
544     ret_len += l;
545     return ret_len;
546 }
547 
548 static struct addr_operations at[] = {
549     {AF_INET,	KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
550      ipv4_sockaddr2addr,
551      ipv4_sockaddr2port,
552      ipv4_addr2sockaddr,
553      ipv4_h_addr2sockaddr,
554      ipv4_h_addr2addr,
555      ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr},
556 #ifdef HAVE_IPV6
557     {AF_INET6,	KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
558      ipv6_sockaddr2addr,
559      ipv6_sockaddr2port,
560      ipv6_addr2sockaddr,
561      ipv6_h_addr2sockaddr,
562      ipv6_h_addr2addr,
563      ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr} ,
564 #endif
565     {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
566      NULL, NULL, NULL, NULL, NULL,
567      NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL },
568     /* fake address type */
569     {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
570      NULL, NULL, NULL, NULL, NULL, NULL, NULL,
571      arange_print_addr, arange_parse_addr,
572      arange_order_addr, arange_free, arange_copy }
573 };
574 
575 static int num_addrs = sizeof(at) / sizeof(at[0]);
576 
577 static size_t max_sockaddr_size = 0;
578 
579 /*
580  * generic functions
581  */
582 
583 static struct addr_operations *
584 find_af(int af)
585 {
586     struct addr_operations *a;
587 
588     for (a = at; a < at + num_addrs; ++a)
589 	if (af == a->af)
590 	    return a;
591     return NULL;
592 }
593 
594 static struct addr_operations *
595 find_atype(int atype)
596 {
597     struct addr_operations *a;
598 
599     for (a = at; a < at + num_addrs; ++a)
600 	if (atype == a->atype)
601 	    return a;
602     return NULL;
603 }
604 
605 krb5_error_code
606 krb5_sockaddr2address (krb5_context context,
607 		       const struct sockaddr *sa, krb5_address *addr)
608 {
609     struct addr_operations *a = find_af(sa->sa_family);
610     if (a == NULL) {
611 	krb5_set_error_string (context, "Address family %d not supported",
612 			       sa->sa_family);
613 	return KRB5_PROG_ATYPE_NOSUPP;
614     }
615     return (*a->sockaddr2addr)(sa, addr);
616 }
617 
618 krb5_error_code
619 krb5_sockaddr2port (krb5_context context,
620 		    const struct sockaddr *sa, int16_t *port)
621 {
622     struct addr_operations *a = find_af(sa->sa_family);
623     if (a == NULL) {
624 	krb5_set_error_string (context, "Address family %d not supported",
625 			       sa->sa_family);
626 	return KRB5_PROG_ATYPE_NOSUPP;
627     }
628     return (*a->sockaddr2port)(sa, port);
629 }
630 
631 krb5_error_code
632 krb5_addr2sockaddr (krb5_context context,
633 		    const krb5_address *addr,
634 		    struct sockaddr *sa,
635 		    krb5_socklen_t *sa_size,
636 		    int port)
637 {
638     struct addr_operations *a = find_atype(addr->addr_type);
639 
640     if (a == NULL) {
641 	krb5_set_error_string (context, "Address type %d not supported",
642 			       addr->addr_type);
643 	return KRB5_PROG_ATYPE_NOSUPP;
644     }
645     if (a->addr2sockaddr == NULL) {
646 	krb5_set_error_string (context, "Can't convert address type %d to sockaddr",
647 			       addr->addr_type);
648 	return KRB5_PROG_ATYPE_NOSUPP;
649     }
650     (*a->addr2sockaddr)(addr, sa, sa_size, port);
651     return 0;
652 }
653 
654 size_t
655 krb5_max_sockaddr_size (void)
656 {
657     if (max_sockaddr_size == 0) {
658 	struct addr_operations *a;
659 
660 	for(a = at; a < at + num_addrs; ++a)
661 	    max_sockaddr_size = max(max_sockaddr_size, a->max_sockaddr_size);
662     }
663     return max_sockaddr_size;
664 }
665 
666 krb5_boolean
667 krb5_sockaddr_uninteresting(const struct sockaddr *sa)
668 {
669     struct addr_operations *a = find_af(sa->sa_family);
670     if (a == NULL || a->uninteresting == NULL)
671 	return TRUE;
672     return (*a->uninteresting)(sa);
673 }
674 
675 krb5_error_code
676 krb5_h_addr2sockaddr (krb5_context context,
677 		      int af,
678 		      const char *addr, struct sockaddr *sa,
679 		      krb5_socklen_t *sa_size,
680 		      int port)
681 {
682     struct addr_operations *a = find_af(af);
683     if (a == NULL) {
684 	krb5_set_error_string (context, "Address family %d not supported", af);
685 	return KRB5_PROG_ATYPE_NOSUPP;
686     }
687     (*a->h_addr2sockaddr)(addr, sa, sa_size, port);
688     return 0;
689 }
690 
691 krb5_error_code
692 krb5_h_addr2addr (krb5_context context,
693 		  int af,
694 		  const char *haddr, krb5_address *addr)
695 {
696     struct addr_operations *a = find_af(af);
697     if (a == NULL) {
698 	krb5_set_error_string (context, "Address family %d not supported", af);
699 	return KRB5_PROG_ATYPE_NOSUPP;
700     }
701     return (*a->h_addr2addr)(haddr, addr);
702 }
703 
704 krb5_error_code
705 krb5_anyaddr (krb5_context context,
706 	      int af,
707 	      struct sockaddr *sa,
708 	      krb5_socklen_t *sa_size,
709 	      int port)
710 {
711     struct addr_operations *a = find_af (af);
712 
713     if (a == NULL) {
714 	krb5_set_error_string (context, "Address family %d not supported", af);
715 	return KRB5_PROG_ATYPE_NOSUPP;
716     }
717 
718     (*a->anyaddr)(sa, sa_size, port);
719     return 0;
720 }
721 
722 krb5_error_code
723 krb5_print_address (const krb5_address *addr,
724 		    char *str, size_t len, size_t *ret_len)
725 {
726     size_t ret;
727     struct addr_operations *a = find_atype(addr->addr_type);
728 
729     if (a == NULL || a->print_addr == NULL) {
730 	char *s;
731 	int l;
732 	int i;
733 
734 	s = str;
735 	l = snprintf(s, len, "TYPE_%d:", addr->addr_type);
736 	if (l < 0)
737 	    return EINVAL;
738 	s += l;
739 	len -= l;
740 	for(i = 0; i < addr->address.length; i++) {
741 	    l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]);
742 	    if (l < 0)
743 		return EINVAL;
744 	    len -= l;
745 	    s += l;
746 	}
747 	if(ret_len != NULL)
748 	    *ret_len = s - str;
749 	return 0;
750     }
751     ret = (*a->print_addr)(addr, str, len);
752     if(ret_len != NULL)
753 	*ret_len = ret;
754     return 0;
755 }
756 
757 krb5_error_code
758 krb5_parse_address(krb5_context context,
759 		   const char *string,
760 		   krb5_addresses *addresses)
761 {
762     int i, n;
763     struct addrinfo *ai, *a;
764     int error;
765     int save_errno;
766 
767     for(i = 0; i < num_addrs; i++) {
768 	if(at[i].parse_addr) {
769 	    krb5_address addr;
770 	    if((*at[i].parse_addr)(context, string, &addr) == 0) {
771 		ALLOC_SEQ(addresses, 1);
772 		addresses->val[0] = addr;
773 		return 0;
774 	    }
775 	}
776     }
777 
778     error = getaddrinfo (string, NULL, NULL, &ai);
779     if (error) {
780 	save_errno = errno;
781 	krb5_set_error_string (context, "%s: %s", string, gai_strerror(error));
782 	return krb5_eai_to_heim_errno(error, save_errno);
783     }
784 
785     n = 0;
786     for (a = ai; a != NULL; a = a->ai_next)
787 	++n;
788 
789     ALLOC_SEQ(addresses, n);
790 
791     for (a = ai, i = 0; a != NULL; a = a->ai_next) {
792 	if(krb5_sockaddr2address (context, ai->ai_addr,
793 				  &addresses->val[i]) == 0)
794 	    i++;
795     }
796     freeaddrinfo (ai);
797     return 0;
798 }
799 
800 int
801 krb5_address_order(krb5_context context,
802 		   const krb5_address *addr1,
803 		   const krb5_address *addr2)
804 {
805     /* this sucks; what if both addresses have order functions, which
806        should we call? this works for now, though */
807     struct addr_operations *a;
808     a = find_atype(addr1->addr_type);
809     if(a == NULL) {
810 	krb5_set_error_string (context, "Address family %d not supported",
811 			       addr1->addr_type);
812 	return KRB5_PROG_ATYPE_NOSUPP;
813     }
814     if(a->order_addr != NULL)
815 	return (*a->order_addr)(context, addr1, addr2);
816     a = find_atype(addr2->addr_type);
817     if(a == NULL) {
818 	krb5_set_error_string (context, "Address family %d not supported",
819 			       addr2->addr_type);
820 	return KRB5_PROG_ATYPE_NOSUPP;
821     }
822     if(a->order_addr != NULL)
823 	return (*a->order_addr)(context, addr1, addr2);
824 
825     if(addr1->addr_type != addr2->addr_type)
826 	return addr1->addr_type - addr2->addr_type;
827     if(addr1->address.length != addr2->address.length)
828 	return addr1->address.length - addr2->address.length;
829     return memcmp (addr1->address.data,
830 		   addr2->address.data,
831 		   addr1->address.length);
832 }
833 
834 krb5_boolean
835 krb5_address_compare(krb5_context context,
836 		     const krb5_address *addr1,
837 		     const krb5_address *addr2)
838 {
839     return krb5_address_order (context, addr1, addr2) == 0;
840 }
841 
842 krb5_boolean
843 krb5_address_search(krb5_context context,
844 		    const krb5_address *addr,
845 		    const krb5_addresses *addrlist)
846 {
847     int i;
848 
849     for (i = 0; i < addrlist->len; ++i)
850 	if (krb5_address_compare (context, addr, &addrlist->val[i]))
851 	    return TRUE;
852     return FALSE;
853 }
854 
855 krb5_error_code
856 krb5_free_address(krb5_context context,
857 		  krb5_address *address)
858 {
859     struct addr_operations *a = find_af (address->addr_type);
860     if(a != NULL && a->free_addr != NULL)
861 	return (*a->free_addr)(context, address);
862     krb5_data_free (&address->address);
863     return 0;
864 }
865 
866 krb5_error_code
867 krb5_free_addresses(krb5_context context,
868 		    krb5_addresses *addresses)
869 {
870     int i;
871     for(i = 0; i < addresses->len; i++)
872 	krb5_free_address(context, &addresses->val[i]);
873     free(addresses->val);
874     return 0;
875 }
876 
877 krb5_error_code
878 krb5_copy_address(krb5_context context,
879 		  const krb5_address *inaddr,
880 		  krb5_address *outaddr)
881 {
882     struct addr_operations *a = find_af (inaddr->addr_type);
883     if(a != NULL && a->copy_addr != NULL)
884 	return (*a->copy_addr)(context, inaddr, outaddr);
885     return copy_HostAddress(inaddr, outaddr);
886 }
887 
888 krb5_error_code
889 krb5_copy_addresses(krb5_context context,
890 		    const krb5_addresses *inaddr,
891 		    krb5_addresses *outaddr)
892 {
893     int i;
894     ALLOC_SEQ(outaddr, inaddr->len);
895     if(inaddr->len > 0 && outaddr->val == NULL)
896 	return ENOMEM;
897     for(i = 0; i < inaddr->len; i++)
898 	krb5_copy_address(context, &inaddr->val[i], &outaddr->val[i]);
899     return 0;
900 }
901 
902 krb5_error_code
903 krb5_append_addresses(krb5_context context,
904 		      krb5_addresses *dest,
905 		      const krb5_addresses *source)
906 {
907     krb5_address *tmp;
908     krb5_error_code ret;
909     int i;
910     if(source->len > 0) {
911 	tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
912 	if(tmp == NULL) {
913 	    krb5_set_error_string(context, "realloc: out of memory");
914 	    return ENOMEM;
915 	}
916 	dest->val = tmp;
917 	for(i = 0; i < source->len; i++) {
918 	    /* skip duplicates */
919 	    if(krb5_address_search(context, &source->val[i], dest))
920 		continue;
921 	    ret = krb5_copy_address(context,
922 				    &source->val[i],
923 				    &dest->val[dest->len]);
924 	    if(ret)
925 		return ret;
926 	    dest->len++;
927 	}
928     }
929     return 0;
930 }
931 
932 /*
933  * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)
934  */
935 
936 krb5_error_code
937 krb5_make_addrport (krb5_context context,
938 		    krb5_address **res, const krb5_address *addr, int16_t port)
939 {
940     krb5_error_code ret;
941     size_t len = addr->address.length + 2 + 4 * 4;
942     u_char *p;
943 
944     *res = malloc (sizeof(**res));
945     if (*res == NULL) {
946 	krb5_set_error_string(context, "malloc: out of memory");
947 	return ENOMEM;
948     }
949     (*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
950     ret = krb5_data_alloc (&(*res)->address, len);
951     if (ret) {
952 	krb5_set_error_string(context, "malloc: out of memory");
953 	free (*res);
954 	return ret;
955     }
956     p = (*res)->address.data;
957     *p++ = 0;
958     *p++ = 0;
959     *p++ = (addr->addr_type     ) & 0xFF;
960     *p++ = (addr->addr_type >> 8) & 0xFF;
961 
962     *p++ = (addr->address.length      ) & 0xFF;
963     *p++ = (addr->address.length >>  8) & 0xFF;
964     *p++ = (addr->address.length >> 16) & 0xFF;
965     *p++ = (addr->address.length >> 24) & 0xFF;
966 
967     memcpy (p, addr->address.data, addr->address.length);
968     p += addr->address.length;
969 
970     *p++ = 0;
971     *p++ = 0;
972     *p++ = (KRB5_ADDRESS_IPPORT     ) & 0xFF;
973     *p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF;
974 
975     *p++ = (2      ) & 0xFF;
976     *p++ = (2 >>  8) & 0xFF;
977     *p++ = (2 >> 16) & 0xFF;
978     *p++ = (2 >> 24) & 0xFF;
979 
980     memcpy (p, &port, 2);
981     p += 2;
982 
983     return 0;
984 }
985