xref: /freebsd/crypto/heimdal/lib/krb5/addr_families.c (revision aa1a8ff2d6dbc51ef058f46f3db5a8bb77967145)
1 /*
2  * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "krb5_locl.h"
35 
36 struct addr_operations {
37     int af;
38     krb5_address_type atype;
39     size_t max_sockaddr_size;
40     krb5_error_code (*sockaddr2addr)(const struct sockaddr *, krb5_address *);
41     krb5_error_code (*sockaddr2port)(const struct sockaddr *, int16_t *);
42     void (*addr2sockaddr)(const krb5_address *, struct sockaddr *,
43 			  krb5_socklen_t *sa_size, int port);
44     void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int);
45     krb5_error_code (*h_addr2addr)(const char *, krb5_address *);
46     krb5_boolean (*uninteresting)(const struct sockaddr *);
47     krb5_boolean (*is_loopback)(const struct sockaddr *);
48     void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int);
49     int (*print_addr)(const krb5_address *, char *, size_t);
50     int (*parse_addr)(krb5_context, const char*, krb5_address *);
51     int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*);
52     int (*free_addr)(krb5_context, krb5_address*);
53     int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*);
54     int (*mask_boundary)(krb5_context, const krb5_address*, unsigned long,
55 			 krb5_address*, krb5_address*);
56 };
57 
58 /*
59  * AF_INET - aka IPv4 implementation
60  */
61 
62 static krb5_error_code
63 ipv4_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
64 {
65     const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
66     unsigned char buf[4];
67 
68     a->addr_type = KRB5_ADDRESS_INET;
69     memcpy (buf, &sin4->sin_addr, 4);
70     return krb5_data_copy(&a->address, buf, 4);
71 }
72 
73 static krb5_error_code
74 ipv4_sockaddr2port (const struct sockaddr *sa, int16_t *port)
75 {
76     const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
77 
78     *port = sin4->sin_port;
79     return 0;
80 }
81 
82 static void
83 ipv4_addr2sockaddr (const krb5_address *a,
84 		    struct sockaddr *sa,
85 		    krb5_socklen_t *sa_size,
86 		    int port)
87 {
88     struct sockaddr_in tmp;
89 
90     memset (&tmp, 0, sizeof(tmp));
91     tmp.sin_family = AF_INET;
92     memcpy (&tmp.sin_addr, a->address.data, 4);
93     tmp.sin_port = port;
94     memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
95     *sa_size = sizeof(tmp);
96 }
97 
98 static void
99 ipv4_h_addr2sockaddr(const char *addr,
100 		     struct sockaddr *sa,
101 		     krb5_socklen_t *sa_size,
102 		     int port)
103 {
104     struct sockaddr_in tmp;
105 
106     memset (&tmp, 0, sizeof(tmp));
107     tmp.sin_family = AF_INET;
108     tmp.sin_port   = port;
109     tmp.sin_addr   = *((const struct in_addr *)addr);
110     memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
111     *sa_size = sizeof(tmp);
112 }
113 
114 static krb5_error_code
115 ipv4_h_addr2addr (const char *addr,
116 		  krb5_address *a)
117 {
118     unsigned char buf[4];
119 
120     a->addr_type = KRB5_ADDRESS_INET;
121     memcpy(buf, addr, 4);
122     return krb5_data_copy(&a->address, buf, 4);
123 }
124 
125 /*
126  * Are there any addresses that should be considered `uninteresting'?
127  */
128 
129 static krb5_boolean
130 ipv4_uninteresting (const struct sockaddr *sa)
131 {
132     const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
133 
134     if (sin4->sin_addr.s_addr == INADDR_ANY)
135 	return TRUE;
136 
137     return FALSE;
138 }
139 
140 static krb5_boolean
141 ipv4_is_loopback (const struct sockaddr *sa)
142 {
143     const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
144 
145     if ((ntohl(sin4->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET)
146 	return TRUE;
147 
148     return FALSE;
149 }
150 
151 static void
152 ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
153 {
154     struct sockaddr_in tmp;
155 
156     memset (&tmp, 0, sizeof(tmp));
157     tmp.sin_family = AF_INET;
158     tmp.sin_port   = port;
159     tmp.sin_addr.s_addr = INADDR_ANY;
160     memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
161     *sa_size = sizeof(tmp);
162 }
163 
164 static int
165 ipv4_print_addr (const krb5_address *addr, char *str, size_t len)
166 {
167     struct in_addr ia;
168 
169     memcpy (&ia, addr->address.data, 4);
170 
171     return snprintf (str, len, "IPv4:%s", inet_ntoa(ia));
172 }
173 
174 static int
175 ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
176 {
177     const char *p;
178     struct in_addr a;
179 
180     p = strchr(address, ':');
181     if(p) {
182 	p++;
183 	if(strncasecmp(address, "ip:", p - address) != 0 &&
184 	   strncasecmp(address, "ip4:", p - address) != 0 &&
185 	   strncasecmp(address, "ipv4:", p - address) != 0 &&
186 	   strncasecmp(address, "inet:", p - address) != 0)
187 	    return -1;
188     } else
189 	p = address;
190     if(inet_aton(p, &a) == 0)
191 	return -1;
192     addr->addr_type = KRB5_ADDRESS_INET;
193     if(krb5_data_alloc(&addr->address, 4) != 0)
194 	return -1;
195     _krb5_put_int(addr->address.data, ntohl(a.s_addr), addr->address.length);
196     return 0;
197 }
198 
199 static int
200 ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr,
201 		   unsigned long len, krb5_address *low, krb5_address *high)
202 {
203     unsigned long ia;
204     uint32_t l, h, m = 0xffffffff;
205 
206     if (len > 32) {
207 	krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
208 			       N_("IPv4 prefix too large (%ld)", "len"), len);
209 	return KRB5_PROG_ATYPE_NOSUPP;
210     }
211     m = m << (32 - len);
212 
213     _krb5_get_int(inaddr->address.data, &ia, inaddr->address.length);
214 
215     l = ia & m;
216     h = l | ~m;
217 
218     low->addr_type = KRB5_ADDRESS_INET;
219     if(krb5_data_alloc(&low->address, 4) != 0)
220 	return -1;
221     _krb5_put_int(low->address.data, l, low->address.length);
222 
223     high->addr_type = KRB5_ADDRESS_INET;
224     if(krb5_data_alloc(&high->address, 4) != 0) {
225 	krb5_free_address(context, low);
226 	return -1;
227     }
228     _krb5_put_int(high->address.data, h, high->address.length);
229 
230     return 0;
231 }
232 
233 
234 /*
235  * AF_INET6 - aka IPv6 implementation
236  */
237 
238 #ifdef HAVE_IPV6
239 
240 static krb5_error_code
241 ipv6_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
242 {
243     const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
244 
245     if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
246 	unsigned char buf[4];
247 
248 	a->addr_type      = KRB5_ADDRESS_INET;
249 #ifndef IN6_ADDR_V6_TO_V4
250 #ifdef IN6_EXTRACT_V4ADDR
251 #define IN6_ADDR_V6_TO_V4(x) (&IN6_EXTRACT_V4ADDR(x))
252 #else
253 #define IN6_ADDR_V6_TO_V4(x) ((const struct in_addr *)&(x)->s6_addr[12])
254 #endif
255 #endif
256 	memcpy (buf, IN6_ADDR_V6_TO_V4(&sin6->sin6_addr), 4);
257 	return krb5_data_copy(&a->address, buf, 4);
258     } else {
259 	a->addr_type = KRB5_ADDRESS_INET6;
260 	return krb5_data_copy(&a->address,
261 			      &sin6->sin6_addr,
262 			      sizeof(sin6->sin6_addr));
263     }
264 }
265 
266 static krb5_error_code
267 ipv6_sockaddr2port (const struct sockaddr *sa, int16_t *port)
268 {
269     const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
270 
271     *port = sin6->sin6_port;
272     return 0;
273 }
274 
275 static void
276 ipv6_addr2sockaddr (const krb5_address *a,
277 		    struct sockaddr *sa,
278 		    krb5_socklen_t *sa_size,
279 		    int port)
280 {
281     struct sockaddr_in6 tmp;
282 
283     memset (&tmp, 0, sizeof(tmp));
284     tmp.sin6_family = AF_INET6;
285     memcpy (&tmp.sin6_addr, a->address.data, sizeof(tmp.sin6_addr));
286     tmp.sin6_port = port;
287     memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
288     *sa_size = sizeof(tmp);
289 }
290 
291 static void
292 ipv6_h_addr2sockaddr(const char *addr,
293 		     struct sockaddr *sa,
294 		     krb5_socklen_t *sa_size,
295 		     int port)
296 {
297     struct sockaddr_in6 tmp;
298 
299     memset (&tmp, 0, sizeof(tmp));
300     tmp.sin6_family = AF_INET6;
301     tmp.sin6_port   = port;
302     tmp.sin6_addr   = *((const struct in6_addr *)addr);
303     memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
304     *sa_size = sizeof(tmp);
305 }
306 
307 static krb5_error_code
308 ipv6_h_addr2addr (const char *addr,
309 		  krb5_address *a)
310 {
311     a->addr_type = KRB5_ADDRESS_INET6;
312     return krb5_data_copy(&a->address, addr, sizeof(struct in6_addr));
313 }
314 
315 /*
316  *
317  */
318 
319 static krb5_boolean
320 ipv6_uninteresting (const struct sockaddr *sa)
321 {
322     const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
323     const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
324 
325     return IN6_IS_ADDR_LINKLOCAL(in6)
326 	|| IN6_IS_ADDR_V4COMPAT(in6);
327 }
328 
329 static krb5_boolean
330 ipv6_is_loopback (const struct sockaddr *sa)
331 {
332     const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
333     const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
334 
335     return (IN6_IS_ADDR_LOOPBACK(in6));
336 }
337 
338 static void
339 ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
340 {
341     struct sockaddr_in6 tmp;
342 
343     memset (&tmp, 0, sizeof(tmp));
344     tmp.sin6_family = AF_INET6;
345     tmp.sin6_port   = port;
346     tmp.sin6_addr   = in6addr_any;
347     *sa_size = sizeof(tmp);
348 }
349 
350 static int
351 ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
352 {
353     char buf[128], buf2[3];
354     if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
355 	{
356 	    /* XXX this is pretty ugly, but better than abort() */
357 	    size_t i;
358 	    unsigned char *p = addr->address.data;
359 	    buf[0] = '\0';
360 	    for(i = 0; i < addr->address.length; i++) {
361 		snprintf(buf2, sizeof(buf2), "%02x", p[i]);
362 		if(i > 0 && (i & 1) == 0)
363 		    strlcat(buf, ":", sizeof(buf));
364 		strlcat(buf, buf2, sizeof(buf));
365 	    }
366 	}
367     return snprintf(str, len, "IPv6:%s", buf);
368 }
369 
370 static int
371 ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr)
372 {
373     int ret;
374     struct in6_addr in6;
375     const char *p;
376 
377     p = strchr(address, ':');
378     if(p) {
379 	p++;
380 	if(strncasecmp(address, "ip6:", p - address) == 0 ||
381 	   strncasecmp(address, "ipv6:", p - address) == 0 ||
382 	   strncasecmp(address, "inet6:", p - address) == 0)
383 	    address = p;
384     }
385 
386     ret = inet_pton(AF_INET6, address, &in6.s6_addr);
387     if(ret == 1) {
388 	addr->addr_type = KRB5_ADDRESS_INET6;
389 	ret = krb5_data_alloc(&addr->address, sizeof(in6.s6_addr));
390 	if (ret)
391 	    return -1;
392 	memcpy(addr->address.data, in6.s6_addr, sizeof(in6.s6_addr));
393 	return 0;
394     }
395     return -1;
396 }
397 
398 static int
399 ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr,
400 		   unsigned long len, krb5_address *low, krb5_address *high)
401 {
402     struct in6_addr addr, laddr, haddr;
403     uint32_t m;
404     int i, sub_len;
405 
406     if (len > 128) {
407 	krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
408 			       N_("IPv6 prefix too large (%ld)", "length"), len);
409 	return KRB5_PROG_ATYPE_NOSUPP;
410     }
411 
412     if (inaddr->address.length != sizeof(addr)) {
413 	krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
414 			       N_("IPv6 addr bad length", ""));
415 	return KRB5_PROG_ATYPE_NOSUPP;
416     }
417 
418     memcpy(&addr, inaddr->address.data, inaddr->address.length);
419 
420     for (i = 0; i < 16; i++) {
421 	sub_len = min(8, len);
422 
423 	m = 0xff << (8 - sub_len);
424 
425 	laddr.s6_addr[i] = addr.s6_addr[i] & m;
426 	haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m;
427 
428 	if (len > 8)
429 	    len -= 8;
430 	else
431 	    len = 0;
432     }
433 
434     low->addr_type = KRB5_ADDRESS_INET6;
435     if (krb5_data_alloc(&low->address, sizeof(laddr.s6_addr)) != 0)
436 	return -1;
437     memcpy(low->address.data, laddr.s6_addr, sizeof(laddr.s6_addr));
438 
439     high->addr_type = KRB5_ADDRESS_INET6;
440     if (krb5_data_alloc(&high->address, sizeof(haddr.s6_addr)) != 0) {
441 	krb5_free_address(context, low);
442 	return -1;
443     }
444     memcpy(high->address.data, haddr.s6_addr, sizeof(haddr.s6_addr));
445 
446     return 0;
447 }
448 
449 #endif /* IPv6 */
450 
451 #ifndef HEIMDAL_SMALLER
452 
453 /*
454  * table
455  */
456 
457 #define KRB5_ADDRESS_ARANGE	(-100)
458 
459 struct arange {
460     krb5_address low;
461     krb5_address high;
462 };
463 
464 static int
465 arange_parse_addr (krb5_context context,
466 		   const char *address, krb5_address *addr)
467 {
468     char buf[1024], *p;
469     krb5_address low0, high0;
470     struct arange *a;
471     krb5_error_code ret;
472 
473     if(strncasecmp(address, "RANGE:", 6) != 0)
474 	return -1;
475 
476     address += 6;
477 
478     p = strrchr(address, '/');
479     if (p) {
480 	krb5_addresses addrmask;
481 	char *q;
482 	long num;
483 
484 	if (strlcpy(buf, address, sizeof(buf)) > sizeof(buf))
485 	    return -1;
486 	buf[p - address] = '\0';
487 	ret = krb5_parse_address(context, buf, &addrmask);
488 	if (ret)
489 	    return ret;
490 	if(addrmask.len != 1) {
491 	    krb5_free_addresses(context, &addrmask);
492 	    return -1;
493 	}
494 
495 	address += p - address + 1;
496 
497 	num = strtol(address, &q, 10);
498 	if (q == address || *q != '\0' || num < 0) {
499 	    krb5_free_addresses(context, &addrmask);
500 	    return -1;
501 	}
502 
503 	ret = krb5_address_prefixlen_boundary(context, &addrmask.val[0], num,
504 					      &low0, &high0);
505 	krb5_free_addresses(context, &addrmask);
506 	if (ret)
507 	    return ret;
508 
509     } else {
510 	krb5_addresses low, high;
511 
512 	strsep_copy(&address, "-", buf, sizeof(buf));
513 	ret = krb5_parse_address(context, buf, &low);
514 	if(ret)
515 	    return ret;
516 	if(low.len != 1) {
517 	    krb5_free_addresses(context, &low);
518 	    return -1;
519 	}
520 
521 	strsep_copy(&address, "-", buf, sizeof(buf));
522 	ret = krb5_parse_address(context, buf, &high);
523 	if(ret) {
524 	    krb5_free_addresses(context, &low);
525 	    return ret;
526 	}
527 
528 	if(high.len != 1 || high.val[0].addr_type != low.val[0].addr_type) {
529 	    krb5_free_addresses(context, &low);
530 	    krb5_free_addresses(context, &high);
531 	    return -1;
532 	}
533 
534 	ret = krb5_copy_address(context, &high.val[0], &high0);
535 	if (ret == 0) {
536 	    ret = krb5_copy_address(context, &low.val[0], &low0);
537 	    if (ret)
538 		krb5_free_address(context, &high0);
539 	}
540 	krb5_free_addresses(context, &low);
541 	krb5_free_addresses(context, &high);
542 	if (ret)
543 	    return ret;
544     }
545 
546     krb5_data_alloc(&addr->address, sizeof(*a));
547     addr->addr_type = KRB5_ADDRESS_ARANGE;
548     a = addr->address.data;
549 
550     if(krb5_address_order(context, &low0, &high0) < 0) {
551 	a->low = low0;
552 	a->high = high0;
553     } else {
554 	a->low = high0;
555 	a->high = low0;
556     }
557     return 0;
558 }
559 
560 static int
561 arange_free (krb5_context context, krb5_address *addr)
562 {
563     struct arange *a;
564     a = addr->address.data;
565     krb5_free_address(context, &a->low);
566     krb5_free_address(context, &a->high);
567     krb5_data_free(&addr->address);
568     return 0;
569 }
570 
571 
572 static int
573 arange_copy (krb5_context context, const krb5_address *inaddr,
574 	     krb5_address *outaddr)
575 {
576     krb5_error_code ret;
577     struct arange *i, *o;
578 
579     outaddr->addr_type = KRB5_ADDRESS_ARANGE;
580     ret = krb5_data_alloc(&outaddr->address, sizeof(*o));
581     if(ret)
582 	return ret;
583     i = inaddr->address.data;
584     o = outaddr->address.data;
585     ret = krb5_copy_address(context, &i->low, &o->low);
586     if(ret) {
587 	krb5_data_free(&outaddr->address);
588 	return ret;
589     }
590     ret = krb5_copy_address(context, &i->high, &o->high);
591     if(ret) {
592 	krb5_free_address(context, &o->low);
593 	krb5_data_free(&outaddr->address);
594 	return ret;
595     }
596     return 0;
597 }
598 
599 static int
600 arange_print_addr (const krb5_address *addr, char *str, size_t len)
601 {
602     struct arange *a;
603     krb5_error_code ret;
604     size_t l, size, ret_len;
605 
606     a = addr->address.data;
607 
608     l = strlcpy(str, "RANGE:", len);
609     ret_len = l;
610     if (l > len)
611 	l = len;
612     size = l;
613 
614     ret = krb5_print_address (&a->low, str + size, len - size, &l);
615     if (ret)
616 	return ret;
617     ret_len += l;
618     if (len - size > l)
619 	size += l;
620     else
621 	size = len;
622 
623     l = strlcat(str + size, "-", len - size);
624     ret_len += l;
625     if (len - size > l)
626 	size += l;
627     else
628 	size = len;
629 
630     ret = krb5_print_address (&a->high, str + size, len - size, &l);
631     if (ret)
632 	return ret;
633     ret_len += l;
634 
635     return ret_len;
636 }
637 
638 static int
639 arange_order_addr(krb5_context context,
640 		  const krb5_address *addr1,
641 		  const krb5_address *addr2)
642 {
643     int tmp1, tmp2, sign;
644     struct arange *a;
645     const krb5_address *a2;
646 
647     if(addr1->addr_type == KRB5_ADDRESS_ARANGE) {
648 	a = addr1->address.data;
649 	a2 = addr2;
650 	sign = 1;
651     } else if(addr2->addr_type == KRB5_ADDRESS_ARANGE) {
652 	a = addr2->address.data;
653 	a2 = addr1;
654 	sign = -1;
655     } else {
656 	abort();
657         UNREACHABLE(return 0);
658     }
659 
660     if(a2->addr_type == KRB5_ADDRESS_ARANGE) {
661 	struct arange *b = a2->address.data;
662 	tmp1 = krb5_address_order(context, &a->low, &b->low);
663 	if(tmp1 != 0)
664 	    return sign * tmp1;
665 	return sign * krb5_address_order(context, &a->high, &b->high);
666     } else if(a2->addr_type == a->low.addr_type) {
667 	tmp1 = krb5_address_order(context, &a->low, a2);
668 	if(tmp1 > 0)
669 	    return sign;
670 	tmp2 = krb5_address_order(context, &a->high, a2);
671 	if(tmp2 < 0)
672 	    return -sign;
673 	return 0;
674     } else {
675 	return sign * (addr1->addr_type - addr2->addr_type);
676     }
677 }
678 
679 #endif /* HEIMDAL_SMALLER */
680 
681 static int
682 addrport_print_addr (const krb5_address *addr, char *str, size_t len)
683 {
684     krb5_error_code ret;
685     krb5_address addr1, addr2;
686     uint16_t port = 0;
687     size_t ret_len = 0, l, size = 0;
688     krb5_storage *sp;
689 
690     sp = krb5_storage_from_data((krb5_data*)rk_UNCONST(&addr->address));
691     if (sp == NULL)
692         return ENOMEM;
693 
694     /* for totally obscure reasons, these are not in network byteorder */
695     krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
696 
697     krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */
698     krb5_ret_address(sp, &addr1);
699 
700     krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */
701     krb5_ret_address(sp, &addr2);
702     krb5_storage_free(sp);
703     if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) {
704 	unsigned long value;
705 	_krb5_get_int(addr2.address.data, &value, 2);
706 	port = value;
707     }
708     l = strlcpy(str, "ADDRPORT:", len);
709     ret_len += l;
710     if (len > l)
711 	size += l;
712     else
713 	size = len;
714 
715     ret = krb5_print_address(&addr1, str + size, len - size, &l);
716     if (ret)
717 	return ret;
718     ret_len += l;
719     if (len - size > l)
720 	size += l;
721     else
722 	size = len;
723 
724     ret = snprintf(str + size, len - size, ",PORT=%u", port);
725     if (ret < 0)
726 	return EINVAL;
727     ret_len += ret;
728     return ret_len;
729 }
730 
731 static struct addr_operations at[] = {
732     {
733 	AF_INET,	KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
734 	ipv4_sockaddr2addr,
735 	ipv4_sockaddr2port,
736 	ipv4_addr2sockaddr,
737 	ipv4_h_addr2sockaddr,
738 	ipv4_h_addr2addr,
739 	ipv4_uninteresting,
740 	ipv4_is_loopback,
741 	ipv4_anyaddr,
742 	ipv4_print_addr,
743 	ipv4_parse_addr,
744 	NULL,
745 	NULL,
746 	NULL,
747      ipv4_mask_boundary
748     },
749 #ifdef HAVE_IPV6
750     {
751 	AF_INET6,	KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
752 	ipv6_sockaddr2addr,
753 	ipv6_sockaddr2port,
754 	ipv6_addr2sockaddr,
755 	ipv6_h_addr2sockaddr,
756 	ipv6_h_addr2addr,
757 	ipv6_uninteresting,
758 	ipv6_is_loopback,
759 	ipv6_anyaddr,
760 	ipv6_print_addr,
761 	ipv6_parse_addr,
762 	NULL,
763 	NULL,
764 	NULL,
765 	ipv6_mask_boundary
766     } ,
767 #endif
768 #ifndef HEIMDAL_SMALLER
769     /* fake address type */
770     {
771 	KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
772 	NULL,
773 	NULL,
774 	NULL,
775 	NULL,
776 	NULL,
777 	NULL,
778 	NULL,
779 	NULL,
780 	arange_print_addr,
781 	arange_parse_addr,
782 	arange_order_addr,
783 	arange_free,
784 	arange_copy,
785 	NULL
786     },
787 #endif
788     {
789 	KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
790 	NULL,
791 	NULL,
792 	NULL,
793 	NULL,
794 	NULL,
795 	NULL,
796 	NULL,
797 	NULL,
798 	addrport_print_addr,
799 	NULL,
800 	NULL,
801 	NULL,
802 	NULL
803     }
804 };
805 
806 static int num_addrs = sizeof(at) / sizeof(at[0]);
807 
808 static size_t max_sockaddr_size = 0;
809 
810 /*
811  * generic functions
812  */
813 
814 static struct addr_operations *
815 find_af(int af)
816 {
817     struct addr_operations *a;
818 
819     for (a = at; a < at + num_addrs; ++a)
820 	if (af == a->af)
821 	    return a;
822     return NULL;
823 }
824 
825 static struct addr_operations *
826 find_atype(krb5_address_type atype)
827 {
828     struct addr_operations *a;
829 
830     for (a = at; a < at + num_addrs; ++a)
831 	if (atype == a->atype)
832 	    return a;
833     return NULL;
834 }
835 
836 /**
837  * krb5_sockaddr2address stores a address a "struct sockaddr" sa in
838  * the krb5_address addr.
839  *
840  * @param context a Keberos context
841  * @param sa a struct sockaddr to extract the address from
842  * @param addr an Kerberos 5 address to store the address in.
843  *
844  * @return Return an error code or 0.
845  *
846  * @ingroup krb5_address
847  */
848 
849 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
850 krb5_sockaddr2address (krb5_context context,
851 		       const struct sockaddr *sa, krb5_address *addr)
852 {
853     struct addr_operations *a = find_af(sa->sa_family);
854     if (a == NULL) {
855 	krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
856 				N_("Address family %d not supported", ""),
857 				sa->sa_family);
858 	return KRB5_PROG_ATYPE_NOSUPP;
859     }
860     return (*a->sockaddr2addr)(sa, addr);
861 }
862 
863 /**
864  * krb5_sockaddr2port extracts a port (if possible) from a "struct
865  * sockaddr.
866  *
867  * @param context a Keberos context
868  * @param sa a struct sockaddr to extract the port from
869  * @param port a pointer to an int16_t store the port in.
870  *
871  * @return Return an error code or 0. Will return
872  * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
873  *
874  * @ingroup krb5_address
875  */
876 
877 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
878 krb5_sockaddr2port (krb5_context context,
879 		    const struct sockaddr *sa, int16_t *port)
880 {
881     struct addr_operations *a = find_af(sa->sa_family);
882     if (a == NULL) {
883 	krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
884 				N_("Address family %d not supported", ""),
885 				sa->sa_family);
886 	return KRB5_PROG_ATYPE_NOSUPP;
887     }
888     return (*a->sockaddr2port)(sa, port);
889 }
890 
891 /**
892  * krb5_addr2sockaddr sets the "struct sockaddr sockaddr" from addr
893  * and port. The argument sa_size should initially contain the size of
894  * the sa and after the call, it will contain the actual length of the
895  * address. In case of the sa is too small to fit the whole address,
896  * the up to *sa_size will be stored, and then *sa_size will be set to
897  * the required length.
898  *
899  * @param context a Keberos context
900  * @param addr the address to copy the from
901  * @param sa the struct sockaddr that will be filled in
902  * @param sa_size pointer to length of sa, and after the call, it will
903  * contain the actual length of the address.
904  * @param port set port in sa.
905  *
906  * @return Return an error code or 0. Will return
907  * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
908  *
909  * @ingroup krb5_address
910  */
911 
912 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
913 krb5_addr2sockaddr (krb5_context context,
914 		    const krb5_address *addr,
915 		    struct sockaddr *sa,
916 		    krb5_socklen_t *sa_size,
917 		    int port)
918 {
919     struct addr_operations *a = find_atype(addr->addr_type);
920 
921     if (a == NULL) {
922 	krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
923 				N_("Address type %d not supported",
924 				   "krb5_address type"),
925 				addr->addr_type);
926 	return KRB5_PROG_ATYPE_NOSUPP;
927     }
928     if (a->addr2sockaddr == NULL) {
929 	krb5_set_error_message (context,
930 				KRB5_PROG_ATYPE_NOSUPP,
931 				N_("Can't convert address type %d to sockaddr", ""),
932 				addr->addr_type);
933 	return KRB5_PROG_ATYPE_NOSUPP;
934     }
935     (*a->addr2sockaddr)(addr, sa, sa_size, port);
936     return 0;
937 }
938 
939 /**
940  * krb5_max_sockaddr_size returns the max size of the .Li struct
941  * sockaddr that the Kerberos library will return.
942  *
943  * @return Return an size_t of the maximum struct sockaddr.
944  *
945  * @ingroup krb5_address
946  */
947 
948 KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL
949 krb5_max_sockaddr_size (void)
950 {
951     if (max_sockaddr_size == 0) {
952 	struct addr_operations *a;
953 
954 	for(a = at; a < at + num_addrs; ++a)
955 	    max_sockaddr_size = max(max_sockaddr_size, a->max_sockaddr_size);
956     }
957     return max_sockaddr_size;
958 }
959 
960 /**
961  * krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the
962  * kerberos library thinks are uninteresting.  One example are link
963  * local addresses.
964  *
965  * @param sa pointer to struct sockaddr that might be interesting.
966  *
967  * @return Return a non zero for uninteresting addresses.
968  *
969  * @ingroup krb5_address
970  */
971 
972 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
973 krb5_sockaddr_uninteresting(const struct sockaddr *sa)
974 {
975     struct addr_operations *a = find_af(sa->sa_family);
976     if (a == NULL || a->uninteresting == NULL)
977 	return TRUE;
978     return (*a->uninteresting)(sa);
979 }
980 
981 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
982 krb5_sockaddr_is_loopback(const struct sockaddr *sa)
983 {
984     struct addr_operations *a = find_af(sa->sa_family);
985     if (a == NULL || a->is_loopback == NULL)
986 	return TRUE;
987     return (*a->is_loopback)(sa);
988 }
989 
990 /**
991  * krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and
992  * the "struct hostent" (see gethostbyname(3) ) h_addr_list
993  * component. The argument sa_size should initially contain the size
994  * of the sa, and after the call, it will contain the actual length of
995  * the address.
996  *
997  * @param context a Keberos context
998  * @param af addresses
999  * @param addr address
1000  * @param sa returned struct sockaddr
1001  * @param sa_size size of sa
1002  * @param port port to set in sa.
1003  *
1004  * @return Return an error code or 0.
1005  *
1006  * @ingroup krb5_address
1007  */
1008 
1009 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1010 krb5_h_addr2sockaddr (krb5_context context,
1011 		      int af,
1012 		      const char *addr, struct sockaddr *sa,
1013 		      krb5_socklen_t *sa_size,
1014 		      int port)
1015 {
1016     struct addr_operations *a = find_af(af);
1017     if (a == NULL) {
1018 	krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
1019 				"Address family %d not supported", af);
1020 	return KRB5_PROG_ATYPE_NOSUPP;
1021     }
1022     (*a->h_addr2sockaddr)(addr, sa, sa_size, port);
1023     return 0;
1024 }
1025 
1026 /**
1027  * krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception
1028  * that it operates on a krb5_address instead of a struct sockaddr.
1029  *
1030  * @param context a Keberos context
1031  * @param af address family
1032  * @param haddr host address from struct hostent.
1033  * @param addr returned krb5_address.
1034  *
1035  * @return Return an error code or 0.
1036  *
1037  * @ingroup krb5_address
1038  */
1039 
1040 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1041 krb5_h_addr2addr (krb5_context context,
1042 		  int af,
1043 		  const char *haddr, krb5_address *addr)
1044 {
1045     struct addr_operations *a = find_af(af);
1046     if (a == NULL) {
1047 	krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
1048 				N_("Address family %d not supported", ""), af);
1049 	return KRB5_PROG_ATYPE_NOSUPP;
1050     }
1051     return (*a->h_addr2addr)(haddr, addr);
1052 }
1053 
1054 /**
1055  * krb5_anyaddr fills in a "struct sockaddr sa" that can be used to
1056  * bind(2) to.  The argument sa_size should initially contain the size
1057  * of the sa, and after the call, it will contain the actual length
1058  * of the address.
1059  *
1060  * @param context a Keberos context
1061  * @param af address family
1062  * @param sa sockaddr
1063  * @param sa_size lenght of sa.
1064  * @param port for to fill into sa.
1065  *
1066  * @return Return an error code or 0.
1067  *
1068  * @ingroup krb5_address
1069  */
1070 
1071 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1072 krb5_anyaddr (krb5_context context,
1073 	      int af,
1074 	      struct sockaddr *sa,
1075 	      krb5_socklen_t *sa_size,
1076 	      int port)
1077 {
1078     struct addr_operations *a = find_af (af);
1079 
1080     if (a == NULL) {
1081 	krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
1082 				N_("Address family %d not supported", ""), af);
1083 	return KRB5_PROG_ATYPE_NOSUPP;
1084     }
1085 
1086     (*a->anyaddr)(sa, sa_size, port);
1087     return 0;
1088 }
1089 
1090 /**
1091  * krb5_print_address prints the address in addr to the string string
1092  * that have the length len. If ret_len is not NULL, it will be filled
1093  * with the length of the string if size were unlimited (not including
1094  * the final NUL) .
1095  *
1096  * @param addr address to be printed
1097  * @param str pointer string to print the address into
1098  * @param len length that will fit into area pointed to by "str".
1099  * @param ret_len return length the str.
1100  *
1101  * @return Return an error code or 0.
1102  *
1103  * @ingroup krb5_address
1104  */
1105 
1106 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1107 krb5_print_address (const krb5_address *addr,
1108 		    char *str, size_t len, size_t *ret_len)
1109 {
1110     struct addr_operations *a = find_atype(addr->addr_type);
1111     int ret;
1112 
1113     if (a == NULL || a->print_addr == NULL) {
1114 	char *s;
1115 	int l;
1116 	size_t i;
1117 
1118 	s = str;
1119 	l = snprintf(s, len, "TYPE_%d:", addr->addr_type);
1120 	if (l < 0 || (size_t)l >= len)
1121 	    return EINVAL;
1122 	s += l;
1123 	len -= l;
1124 	for(i = 0; i < addr->address.length; i++) {
1125 	    l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]);
1126 	    if (l < 0 || (size_t)l >= len)
1127 		return EINVAL;
1128 	    len -= l;
1129 	    s += l;
1130 	}
1131 	if(ret_len != NULL)
1132 	    *ret_len = s - str;
1133 	return 0;
1134     }
1135     ret = (*a->print_addr)(addr, str, len);
1136     if (ret < 0)
1137 	return EINVAL;
1138     if(ret_len != NULL)
1139 	*ret_len = ret;
1140     return 0;
1141 }
1142 
1143 /**
1144  * krb5_parse_address returns the resolved hostname in string to the
1145  * krb5_addresses addresses .
1146  *
1147  * @param context a Keberos context
1148  * @param string
1149  * @param addresses
1150  *
1151  * @return Return an error code or 0.
1152  *
1153  * @ingroup krb5_address
1154  */
1155 
1156 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1157 krb5_parse_address(krb5_context context,
1158 		   const char *string,
1159 		   krb5_addresses *addresses)
1160 {
1161     int i, n;
1162     struct addrinfo *ai, *a;
1163     int error;
1164     int save_errno;
1165 
1166     addresses->len = 0;
1167     addresses->val = NULL;
1168 
1169     for(i = 0; i < num_addrs; i++) {
1170 	if(at[i].parse_addr) {
1171 	    krb5_address addr;
1172 	    if((*at[i].parse_addr)(context, string, &addr) == 0) {
1173 		ALLOC_SEQ(addresses, 1);
1174 		if (addresses->val == NULL) {
1175 		    krb5_set_error_message(context, ENOMEM,
1176 					   N_("malloc: out of memory", ""));
1177 		    return ENOMEM;
1178 		}
1179 		addresses->val[0] = addr;
1180 		return 0;
1181 	    }
1182 	}
1183     }
1184 
1185     error = getaddrinfo (string, NULL, NULL, &ai);
1186     if (error) {
1187 	krb5_error_code ret2;
1188 	save_errno = errno;
1189 	ret2 = krb5_eai_to_heim_errno(error, save_errno);
1190 	krb5_set_error_message (context, ret2, "%s: %s",
1191 				string, gai_strerror(error));
1192 	return ret2;
1193     }
1194 
1195     n = 0;
1196     for (a = ai; a != NULL; a = a->ai_next)
1197 	++n;
1198 
1199     ALLOC_SEQ(addresses, n);
1200     if (addresses->val == NULL) {
1201 	krb5_set_error_message(context, ENOMEM,
1202 			       N_("malloc: out of memory", ""));
1203 	freeaddrinfo(ai);
1204 	return ENOMEM;
1205     }
1206 
1207     addresses->len = 0;
1208     for (a = ai, i = 0; a != NULL; a = a->ai_next) {
1209 	if (krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i]))
1210 	    continue;
1211 	if(krb5_address_search(context, &addresses->val[i], addresses)) {
1212 	    krb5_free_address(context, &addresses->val[i]);
1213 	    continue;
1214 	}
1215 	i++;
1216 	addresses->len = i;
1217     }
1218     freeaddrinfo (ai);
1219     return 0;
1220 }
1221 
1222 /**
1223  * krb5_address_order compares the addresses addr1 and addr2 so that
1224  * it can be used for sorting addresses. If the addresses are the same
1225  * address krb5_address_order will return 0. Behavies like memcmp(2).
1226  *
1227  * @param context a Keberos context
1228  * @param addr1 krb5_address to compare
1229  * @param addr2 krb5_address to compare
1230  *
1231  * @return < 0 if address addr1 in "less" then addr2. 0 if addr1 and
1232  * addr2 is the same address, > 0 if addr2 is "less" then addr1.
1233  *
1234  * @ingroup krb5_address
1235  */
1236 
1237 KRB5_LIB_FUNCTION int KRB5_LIB_CALL
1238 krb5_address_order(krb5_context context,
1239 		   const krb5_address *addr1,
1240 		   const krb5_address *addr2)
1241 {
1242     /* this sucks; what if both addresses have order functions, which
1243        should we call? this works for now, though */
1244     struct addr_operations *a;
1245     a = find_atype(addr1->addr_type);
1246     if(a == NULL) {
1247 	krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
1248 				N_("Address family %d not supported", ""),
1249 				addr1->addr_type);
1250 	return KRB5_PROG_ATYPE_NOSUPP;
1251     }
1252     if(a->order_addr != NULL)
1253 	return (*a->order_addr)(context, addr1, addr2);
1254     a = find_atype(addr2->addr_type);
1255     if(a == NULL) {
1256 	krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
1257 				N_("Address family %d not supported", ""),
1258 				addr2->addr_type);
1259 	return KRB5_PROG_ATYPE_NOSUPP;
1260     }
1261     if(a->order_addr != NULL)
1262 	return (*a->order_addr)(context, addr1, addr2);
1263 
1264     if(addr1->addr_type != addr2->addr_type)
1265 	return addr1->addr_type - addr2->addr_type;
1266     if(addr1->address.length != addr2->address.length)
1267 	return addr1->address.length - addr2->address.length;
1268     return memcmp (addr1->address.data,
1269 		   addr2->address.data,
1270 		   addr1->address.length);
1271 }
1272 
1273 /**
1274  * krb5_address_compare compares the addresses  addr1 and addr2.
1275  * Returns TRUE if the two addresses are the same.
1276  *
1277  * @param context a Keberos context
1278  * @param addr1 address to compare
1279  * @param addr2 address to compare
1280  *
1281  * @return Return an TRUE is the address are the same FALSE if not
1282  *
1283  * @ingroup krb5_address
1284  */
1285 
1286 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1287 krb5_address_compare(krb5_context context,
1288 		     const krb5_address *addr1,
1289 		     const krb5_address *addr2)
1290 {
1291     return krb5_address_order (context, addr1, addr2) == 0;
1292 }
1293 
1294 /**
1295  * krb5_address_search checks if the address addr is a member of the
1296  * address set list addrlist .
1297  *
1298  * @param context a Keberos context.
1299  * @param addr address to search for.
1300  * @param addrlist list of addresses to look in for addr.
1301  *
1302  * @return Return an error code or 0.
1303  *
1304  * @ingroup krb5_address
1305  */
1306 
1307 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1308 krb5_address_search(krb5_context context,
1309 		    const krb5_address *addr,
1310 		    const krb5_addresses *addrlist)
1311 {
1312     size_t i;
1313 
1314     for (i = 0; i < addrlist->len; ++i)
1315 	if (krb5_address_compare (context, addr, &addrlist->val[i]))
1316 	    return TRUE;
1317     return FALSE;
1318 }
1319 
1320 /**
1321  * krb5_free_address frees the data stored in the address that is
1322  * alloced with any of the krb5_address functions.
1323  *
1324  * @param context a Keberos context
1325  * @param address addresss to be freed.
1326  *
1327  * @return Return an error code or 0.
1328  *
1329  * @ingroup krb5_address
1330  */
1331 
1332 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1333 krb5_free_address(krb5_context context,
1334 		  krb5_address *address)
1335 {
1336     struct addr_operations *a = find_atype (address->addr_type);
1337     if(a != NULL && a->free_addr != NULL)
1338 	return (*a->free_addr)(context, address);
1339     krb5_data_free (&address->address);
1340     memset(address, 0, sizeof(*address));
1341     return 0;
1342 }
1343 
1344 /**
1345  * krb5_free_addresses frees the data stored in the address that is
1346  * alloced with any of the krb5_address functions.
1347  *
1348  * @param context a Keberos context
1349  * @param addresses addressses to be freed.
1350  *
1351  * @return Return an error code or 0.
1352  *
1353  * @ingroup krb5_address
1354  */
1355 
1356 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1357 krb5_free_addresses(krb5_context context,
1358 		    krb5_addresses *addresses)
1359 {
1360     size_t i;
1361     for(i = 0; i < addresses->len; i++)
1362 	krb5_free_address(context, &addresses->val[i]);
1363     free(addresses->val);
1364     addresses->len = 0;
1365     addresses->val = NULL;
1366     return 0;
1367 }
1368 
1369 /**
1370  * krb5_copy_address copies the content of address
1371  * inaddr to outaddr.
1372  *
1373  * @param context a Keberos context
1374  * @param inaddr pointer to source address
1375  * @param outaddr pointer to destination address
1376  *
1377  * @return Return an error code or 0.
1378  *
1379  * @ingroup krb5_address
1380  */
1381 
1382 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1383 krb5_copy_address(krb5_context context,
1384 		  const krb5_address *inaddr,
1385 		  krb5_address *outaddr)
1386 {
1387     struct addr_operations *a = find_af (inaddr->addr_type);
1388     if(a != NULL && a->copy_addr != NULL)
1389 	return (*a->copy_addr)(context, inaddr, outaddr);
1390     return copy_HostAddress(inaddr, outaddr);
1391 }
1392 
1393 /**
1394  * krb5_copy_addresses copies the content of addresses
1395  * inaddr to outaddr.
1396  *
1397  * @param context a Keberos context
1398  * @param inaddr pointer to source addresses
1399  * @param outaddr pointer to destination addresses
1400  *
1401  * @return Return an error code or 0.
1402  *
1403  * @ingroup krb5_address
1404  */
1405 
1406 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1407 krb5_copy_addresses(krb5_context context,
1408 		    const krb5_addresses *inaddr,
1409 		    krb5_addresses *outaddr)
1410 {
1411     size_t i;
1412     ALLOC_SEQ(outaddr, inaddr->len);
1413     if(inaddr->len > 0 && outaddr->val == NULL)
1414 	return ENOMEM;
1415     for(i = 0; i < inaddr->len; i++)
1416 	krb5_copy_address(context, &inaddr->val[i], &outaddr->val[i]);
1417     return 0;
1418 }
1419 
1420 /**
1421  * krb5_append_addresses adds the set of addresses in source to
1422  * dest. While copying the addresses, duplicates are also sorted out.
1423  *
1424  * @param context a Keberos context
1425  * @param dest destination of copy operation
1426  * @param source adresses that are going to be added to dest
1427  *
1428  * @return Return an error code or 0.
1429  *
1430  * @ingroup krb5_address
1431  */
1432 
1433 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1434 krb5_append_addresses(krb5_context context,
1435 		      krb5_addresses *dest,
1436 		      const krb5_addresses *source)
1437 {
1438     krb5_address *tmp;
1439     krb5_error_code ret;
1440     size_t i;
1441     if(source->len > 0) {
1442 	tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
1443 	if(tmp == NULL) {
1444 	    krb5_set_error_message (context, ENOMEM,
1445 				    N_("malloc: out of memory", ""));
1446 	    return ENOMEM;
1447 	}
1448 	dest->val = tmp;
1449 	for(i = 0; i < source->len; i++) {
1450 	    /* skip duplicates */
1451 	    if(krb5_address_search(context, &source->val[i], dest))
1452 		continue;
1453 	    ret = krb5_copy_address(context,
1454 				    &source->val[i],
1455 				    &dest->val[dest->len]);
1456 	    if(ret)
1457 		return ret;
1458 	    dest->len++;
1459 	}
1460     }
1461     return 0;
1462 }
1463 
1464 /**
1465  * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)
1466  *
1467  * @param context a Keberos context
1468  * @param res built address from addr/port
1469  * @param addr address to use
1470  * @param port port to use
1471  *
1472  * @return Return an error code or 0.
1473  *
1474  * @ingroup krb5_address
1475  */
1476 
1477 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1478 krb5_make_addrport (krb5_context context,
1479 		    krb5_address **res, const krb5_address *addr, int16_t port)
1480 {
1481     krb5_error_code ret;
1482     size_t len = addr->address.length + 2 + 4 * 4;
1483     u_char *p;
1484 
1485     *res = malloc (sizeof(**res));
1486     if (*res == NULL) {
1487 	krb5_set_error_message (context, ENOMEM,
1488 				N_("malloc: out of memory", ""));
1489 	return ENOMEM;
1490     }
1491     (*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
1492     ret = krb5_data_alloc (&(*res)->address, len);
1493     if (ret) {
1494 	krb5_set_error_message (context, ret,
1495 				N_("malloc: out of memory", ""));
1496 	free (*res);
1497 	*res = NULL;
1498 	return ret;
1499     }
1500     p = (*res)->address.data;
1501     *p++ = 0;
1502     *p++ = 0;
1503     *p++ = (addr->addr_type     ) & 0xFF;
1504     *p++ = (addr->addr_type >> 8) & 0xFF;
1505 
1506     *p++ = (addr->address.length      ) & 0xFF;
1507     *p++ = (addr->address.length >>  8) & 0xFF;
1508     *p++ = (addr->address.length >> 16) & 0xFF;
1509     *p++ = (addr->address.length >> 24) & 0xFF;
1510 
1511     memcpy (p, addr->address.data, addr->address.length);
1512     p += addr->address.length;
1513 
1514     *p++ = 0;
1515     *p++ = 0;
1516     *p++ = (KRB5_ADDRESS_IPPORT     ) & 0xFF;
1517     *p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF;
1518 
1519     *p++ = (2      ) & 0xFF;
1520     *p++ = (2 >>  8) & 0xFF;
1521     *p++ = (2 >> 16) & 0xFF;
1522     *p++ = (2 >> 24) & 0xFF;
1523 
1524     memcpy (p, &port, 2);
1525 
1526     return 0;
1527 }
1528 
1529 /**
1530  * Calculate the boundary addresses of `inaddr'/`prefixlen' and store
1531  * them in `low' and `high'.
1532  *
1533  * @param context a Keberos context
1534  * @param inaddr address in prefixlen that the bondery searched
1535  * @param prefixlen width of boundery
1536  * @param low lowest address
1537  * @param high highest address
1538  *
1539  * @return Return an error code or 0.
1540  *
1541  * @ingroup krb5_address
1542  */
1543 
1544 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1545 krb5_address_prefixlen_boundary(krb5_context context,
1546 				const krb5_address *inaddr,
1547 				unsigned long prefixlen,
1548 				krb5_address *low,
1549 				krb5_address *high)
1550 {
1551     struct addr_operations *a = find_atype (inaddr->addr_type);
1552     if(a != NULL && a->mask_boundary != NULL)
1553 	return (*a->mask_boundary)(context, inaddr, prefixlen, low, high);
1554     krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
1555 			   N_("Address family %d doesn't support "
1556 			      "address mask operation", ""),
1557 			   inaddr->addr_type);
1558     return KRB5_PROG_ATYPE_NOSUPP;
1559 }
1560