1*45916cd2Sjpk /* 2*45916cd2Sjpk * CDDL HEADER START 3*45916cd2Sjpk * 4*45916cd2Sjpk * The contents of this file are subject to the terms of the 5*45916cd2Sjpk * Common Development and Distribution License (the "License"). 6*45916cd2Sjpk * You may not use this file except in compliance with the License. 7*45916cd2Sjpk * 8*45916cd2Sjpk * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*45916cd2Sjpk * or http://www.opensolaris.org/os/licensing. 10*45916cd2Sjpk * See the License for the specific language governing permissions 11*45916cd2Sjpk * and limitations under the License. 12*45916cd2Sjpk * 13*45916cd2Sjpk * When distributing Covered Code, include this CDDL HEADER in each 14*45916cd2Sjpk * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*45916cd2Sjpk * If applicable, add the following below this CDDL HEADER, with the 16*45916cd2Sjpk * fields enclosed by brackets "[]" replaced with your own identifying 17*45916cd2Sjpk * information: Portions Copyright [yyyy] [name of copyright owner] 18*45916cd2Sjpk * 19*45916cd2Sjpk * CDDL HEADER END 20*45916cd2Sjpk */ 21*45916cd2Sjpk /* 22*45916cd2Sjpk * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23*45916cd2Sjpk * Use is subject to license terms. 24*45916cd2Sjpk * 25*45916cd2Sjpk * From "tsol_tndb_parser.c 7.24 01/09/05 SMI; TSOL 2.x" 26*45916cd2Sjpk * 27*45916cd2Sjpk * These functions parse entries in the "thrhdb" (remote host database) file. 28*45916cd2Sjpk * Each entry in the file has two fields, separated by a colon. The first 29*45916cd2Sjpk * field is the IP host or network address. The second is the name of the 30*45916cd2Sjpk * template to use (from tnrhtp). 31*45916cd2Sjpk * 32*45916cd2Sjpk * In order to help preserve sanity, we do not allow more than one unescaped 33*45916cd2Sjpk * colon in a line. 34*45916cd2Sjpk */ 35*45916cd2Sjpk 36*45916cd2Sjpk #pragma ident "%Z%%M% %I% %E% SMI" 37*45916cd2Sjpk 38*45916cd2Sjpk #include <stdio.h> 39*45916cd2Sjpk #include <ctype.h> 40*45916cd2Sjpk #include <stdlib.h> 41*45916cd2Sjpk #include <stddef.h> 42*45916cd2Sjpk #include <string.h> 43*45916cd2Sjpk #include <strings.h> 44*45916cd2Sjpk #include <libtsnet.h> 45*45916cd2Sjpk #include <sys/types.h> 46*45916cd2Sjpk #include <sys/socket.h> 47*45916cd2Sjpk #include <netinet/in.h> 48*45916cd2Sjpk #include <inet/ip.h> 49*45916cd2Sjpk #include <arpa/inet.h> 50*45916cd2Sjpk #include <nss.h> 51*45916cd2Sjpk #include <errno.h> 52*45916cd2Sjpk 53*45916cd2Sjpk /* 54*45916cd2Sjpk * This routine deals with old pre-CIDR subnet address specifications. In the 55*45916cd2Sjpk * bad old days, a subnet was represented as: 56*45916cd2Sjpk * 57*45916cd2Sjpk * Expression Implied Prefix 58*45916cd2Sjpk * 10.1.1.0 /24 59*45916cd2Sjpk * 10.1.0.0 /16 60*45916cd2Sjpk * 10.0.0.0 /8 61*45916cd2Sjpk * 0.0.0.0 /0 62*45916cd2Sjpk */ 63*45916cd2Sjpk static int 64*45916cd2Sjpk get_classful_prefix(in_addr_t addr) 65*45916cd2Sjpk { 66*45916cd2Sjpk int bits; 67*45916cd2Sjpk 68*45916cd2Sjpk if (addr == 0) 69*45916cd2Sjpk return (0); 70*45916cd2Sjpk addr = ntohl(addr); 71*45916cd2Sjpk for (bits = IP_ABITS; bits > 0 && (addr & 0xFF) == 0; bits -= 8) 72*45916cd2Sjpk addr >>= 8; 73*45916cd2Sjpk 74*45916cd2Sjpk return (bits); 75*45916cd2Sjpk } 76*45916cd2Sjpk 77*45916cd2Sjpk /* 78*45916cd2Sjpk * This routine deals with old pre-CIDR network address specifications. In the 79*45916cd2Sjpk * bad old days, a network was represented as: 80*45916cd2Sjpk * 81*45916cd2Sjpk * Expression Implied Prefix 82*45916cd2Sjpk * 10.1.1 /24 83*45916cd2Sjpk * 10.1 /16 84*45916cd2Sjpk * 10 /8 85*45916cd2Sjpk * 86*45916cd2Sjpk * This routine must compute the mask and left-align the address. 87*45916cd2Sjpk */ 88*45916cd2Sjpk static int 89*45916cd2Sjpk get_network_prefix(in_addr_t *addrp) 90*45916cd2Sjpk { 91*45916cd2Sjpk int bits; 92*45916cd2Sjpk in_addr_t addr; 93*45916cd2Sjpk 94*45916cd2Sjpk addr = ntohl(*addrp); 95*45916cd2Sjpk for (bits = IP_ABITS; bits > 0 && addr < 0x01000000; bits -= 8) 96*45916cd2Sjpk addr <<= 8; 97*45916cd2Sjpk *addrp = htonl(addr); 98*45916cd2Sjpk 99*45916cd2Sjpk return (bits); 100*45916cd2Sjpk } 101*45916cd2Sjpk 102*45916cd2Sjpk static boolean_t 103*45916cd2Sjpk parse_address(tsol_rhent_t *rh, const char *addrbuf) 104*45916cd2Sjpk { 105*45916cd2Sjpk int upper_lim; 106*45916cd2Sjpk int len; 107*45916cd2Sjpk const uchar_t *aptr; 108*45916cd2Sjpk 109*45916cd2Sjpk if (strchr(addrbuf, ':') == NULL) { 110*45916cd2Sjpk /* IPv4 address */ 111*45916cd2Sjpk rh->rh_address.ta_family = AF_INET; 112*45916cd2Sjpk if (inet_pton(AF_INET, addrbuf, 113*45916cd2Sjpk &rh->rh_address.ta_addr_v4) > 0) { 114*45916cd2Sjpk if (rh->rh_prefix == -1) 115*45916cd2Sjpk rh->rh_prefix = get_classful_prefix(rh-> 116*45916cd2Sjpk rh_address.ta_addr_v4.s_addr); 117*45916cd2Sjpk } else if ((rh->rh_address.ta_addr_v4.s_addr = 118*45916cd2Sjpk inet_network(addrbuf)) != (in_addr_t)-1) { 119*45916cd2Sjpk len = get_network_prefix(&rh->rh_address.ta_addr_v4. 120*45916cd2Sjpk s_addr); 121*45916cd2Sjpk if (rh->rh_prefix == -1) 122*45916cd2Sjpk rh->rh_prefix = len; 123*45916cd2Sjpk } else { 124*45916cd2Sjpk return (B_FALSE); 125*45916cd2Sjpk } 126*45916cd2Sjpk upper_lim = IP_ABITS; 127*45916cd2Sjpk aptr = (const uchar_t *)&rh->rh_address.ta_addr_v4; 128*45916cd2Sjpk } else { 129*45916cd2Sjpk /* IPv6 address */ 130*45916cd2Sjpk rh->rh_address.ta_family = AF_INET6; 131*45916cd2Sjpk if (inet_pton(AF_INET6, addrbuf, 132*45916cd2Sjpk &rh->rh_address.ta_addr_v6) <= 0) 133*45916cd2Sjpk return (B_FALSE); 134*45916cd2Sjpk if (rh->rh_prefix == -1) 135*45916cd2Sjpk rh->rh_prefix = IPV6_ABITS; 136*45916cd2Sjpk upper_lim = IPV6_ABITS; 137*45916cd2Sjpk aptr = (const uchar_t *)&rh->rh_address.ta_addr_v6; 138*45916cd2Sjpk } 139*45916cd2Sjpk 140*45916cd2Sjpk if (rh->rh_prefix < 0 || rh->rh_prefix > upper_lim) 141*45916cd2Sjpk return (B_FALSE); 142*45916cd2Sjpk 143*45916cd2Sjpk /* 144*45916cd2Sjpk * Verify that there are no bits set in the "host" portion of the 145*45916cd2Sjpk * IP address. 146*45916cd2Sjpk */ 147*45916cd2Sjpk len = rh->rh_prefix; 148*45916cd2Sjpk aptr += len / 8; 149*45916cd2Sjpk if ((len & 7) != 0) { 150*45916cd2Sjpk if ((*aptr++ & (0xff >> (len & 7))) != 0) 151*45916cd2Sjpk return (B_FALSE); 152*45916cd2Sjpk len = (len + 7) & ~7; 153*45916cd2Sjpk } 154*45916cd2Sjpk while (len < upper_lim) { 155*45916cd2Sjpk if (*aptr++ != 0) 156*45916cd2Sjpk return (B_FALSE); 157*45916cd2Sjpk len += 8; 158*45916cd2Sjpk } 159*45916cd2Sjpk 160*45916cd2Sjpk return (B_TRUE); 161*45916cd2Sjpk } 162*45916cd2Sjpk 163*45916cd2Sjpk tsol_rhent_t * 164*45916cd2Sjpk rhstr_to_ent(tsol_rhstr_t *rhstrp, int *errp, char **errstrp) 165*45916cd2Sjpk { 166*45916cd2Sjpk int len; 167*45916cd2Sjpk int err = 0; 168*45916cd2Sjpk char *cp, *cp2, *errstr; 169*45916cd2Sjpk char *address = rhstrp->address; 170*45916cd2Sjpk char *template = rhstrp->template; 171*45916cd2Sjpk char addrbuf[1024]; 172*45916cd2Sjpk tsol_rhent_t *rhentp = NULL; 173*45916cd2Sjpk 174*45916cd2Sjpk /* 175*45916cd2Sjpk * The user can specify NULL pointers for these. Make sure that we 176*45916cd2Sjpk * don't have to deal with checking for NULL everywhere by just 177*45916cd2Sjpk * pointing to our own variables if the user gives NULL. 178*45916cd2Sjpk */ 179*45916cd2Sjpk if (errp == NULL) 180*45916cd2Sjpk errp = &err; 181*45916cd2Sjpk if (errstrp == NULL) 182*45916cd2Sjpk errstrp = &errstr; 183*45916cd2Sjpk /* The default, unless we find a more specific error locus. */ 184*45916cd2Sjpk *errstrp = address; 185*45916cd2Sjpk 186*45916cd2Sjpk if (address == NULL || *address == '#' || *address == '\n') { 187*45916cd2Sjpk *errp = LTSNET_EMPTY; 188*45916cd2Sjpk if (template && *template != '\0' && *template != '#' && 189*45916cd2Sjpk *template != '\n') 190*45916cd2Sjpk *errstrp = template; 191*45916cd2Sjpk else if (address == NULL) 192*45916cd2Sjpk *errstrp = " "; 193*45916cd2Sjpk goto err_ret; 194*45916cd2Sjpk } 195*45916cd2Sjpk if (*address == '\0') { 196*45916cd2Sjpk *errp = LTSNET_NO_ADDR; 197*45916cd2Sjpk if (template && *template != '\0' && *template != '#' && 198*45916cd2Sjpk *template != '\n') 199*45916cd2Sjpk *errstrp = template; 200*45916cd2Sjpk goto err_ret; 201*45916cd2Sjpk } 202*45916cd2Sjpk if (template == NULL || *template == '#' || *template == '\n' || 203*45916cd2Sjpk *template == '\0') { 204*45916cd2Sjpk *errp = LTSNET_NO_HOSTTYPE; 205*45916cd2Sjpk goto err_ret; 206*45916cd2Sjpk } 207*45916cd2Sjpk if ((rhentp = calloc(1, sizeof (*rhentp))) == NULL) { 208*45916cd2Sjpk *errp = LTSNET_SYSERR; 209*45916cd2Sjpk return (NULL); 210*45916cd2Sjpk } 211*45916cd2Sjpk if ((cp = strrchr(address, '/')) != NULL) { 212*45916cd2Sjpk len = cp - address; 213*45916cd2Sjpk if (len >= sizeof (addrbuf)) { 214*45916cd2Sjpk *errp = LTSNET_ILL_ADDR; 215*45916cd2Sjpk goto err_ret; 216*45916cd2Sjpk } 217*45916cd2Sjpk (void) memset(addrbuf, '\0', sizeof (addrbuf)); 218*45916cd2Sjpk (void) memcpy(addrbuf, address, len); 219*45916cd2Sjpk cp++; 220*45916cd2Sjpk errno = 0; 221*45916cd2Sjpk rhentp->rh_prefix = strtol(cp, &cp2, 0); 222*45916cd2Sjpk if (errno != 0) { 223*45916cd2Sjpk *errp = LTSNET_SYSERR; 224*45916cd2Sjpk *errstrp = cp2; 225*45916cd2Sjpk goto err_ret; 226*45916cd2Sjpk } 227*45916cd2Sjpk if ((isdigit(*cp) == 0)) { 228*45916cd2Sjpk *errp = LTSNET_ILL_ADDR; 229*45916cd2Sjpk *errstrp = address; 230*45916cd2Sjpk goto err_ret; 231*45916cd2Sjpk } 232*45916cd2Sjpk } else { 233*45916cd2Sjpk rhentp->rh_prefix = -1; 234*45916cd2Sjpk (void) strlcpy(addrbuf, address, sizeof (addrbuf)); 235*45916cd2Sjpk } 236*45916cd2Sjpk if (strlcpy(rhentp->rh_template, template, 237*45916cd2Sjpk sizeof (rhentp->rh_template)) >= sizeof (rhentp->rh_template)) { 238*45916cd2Sjpk *errstrp = template; 239*45916cd2Sjpk *errp = LTSNET_ILL_NAME; 240*45916cd2Sjpk goto err_ret; 241*45916cd2Sjpk } 242*45916cd2Sjpk if (!parse_address(rhentp, addrbuf)) { 243*45916cd2Sjpk *errp = LTSNET_ILL_ADDR; 244*45916cd2Sjpk *errstrp = address; 245*45916cd2Sjpk goto err_ret; 246*45916cd2Sjpk } 247*45916cd2Sjpk 248*45916cd2Sjpk #ifdef DEBUG 249*45916cd2Sjpk (void) fprintf(stdout, "rhstr_to_ent: %s:%s\n", 250*45916cd2Sjpk address, rhentp->rh_template); 251*45916cd2Sjpk #endif /* DEBUG */ 252*45916cd2Sjpk 253*45916cd2Sjpk return (rhentp); 254*45916cd2Sjpk 255*45916cd2Sjpk err_ret: 256*45916cd2Sjpk err = errno; 257*45916cd2Sjpk tsol_freerhent(rhentp); 258*45916cd2Sjpk errno = err; 259*45916cd2Sjpk #ifdef DEBUG 260*45916cd2Sjpk (void) fprintf(stderr, "\nrhstr_to_ent: %s: %s\n", 261*45916cd2Sjpk *errstrp, (char *)tsol_strerror(*errp, errno)); 262*45916cd2Sjpk #endif /* DEBUG */ 263*45916cd2Sjpk 264*45916cd2Sjpk return (NULL); 265*45916cd2Sjpk } 266*45916cd2Sjpk 267*45916cd2Sjpk void 268*45916cd2Sjpk tsol_freerhent(tsol_rhent_t *rh) 269*45916cd2Sjpk { 270*45916cd2Sjpk if (rh != NULL) 271*45916cd2Sjpk free(rh); 272*45916cd2Sjpk } 273