1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* lib/krb5/os/dnsglue.h */
/*
* Copyright 2004 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
/*
* Glue layer for DNS resolver, to make parsing of replies easier
* whether we are using BIND 4, 8, or 9.
*/
/*
* BIND 4 doesn't have the ns_initparse() API, so we need to do some
* manual parsing via the HEADER struct. BIND 8 does have
* ns_initparse(), but has enums for the various protocol constants
* rather than the BIND 4 macros. BIND 9 (at least on macOS 10.3)
* appears to disable res_nsearch() if BIND_8_COMPAT is defined
* (which is necessary to obtain the HEADER struct).
*
* We use ns_initparse() if available at all, and never define
* BIND_8_COMPAT. If there is no ns_initparse(), we do manual parsing
* by using the HEADER struct.
*/
#ifndef KRB5_DNSGLUE_H
#define KRB5_DNSGLUE_H
#include "autoconf.h"
#ifdef KRB5_DNS_LOOKUP
#include "k5-int.h"
#include "os-proto.h"
#ifdef WSHELPER
#include <wshelper.h>
#else /* WSHELPER */
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include <netdb.h>
#endif /* WSHELPER */
#if HAVE_SYS_PARAM_H
#include <sys/param.h> /* for MAXHOSTNAMELEN */
#endif
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 64 /* if we can't find it elswhere */
#endif
#ifndef MAXDNAME
#ifdef NS_MAXDNAME
#define MAXDNAME NS_MAXDNAME
#else
#ifdef MAXLABEL
#define MAXDNAME (16 * MAXLABEL)
#else
#define MAXDNAME (16 * MAXHOSTNAMELEN)
#endif
#endif
#endif
#if HAVE_NS_INITPARSE
/*
* Solaris 7 has ns_rr_cl rather than ns_rr_class.
*/
#if !defined(ns_rr_class) && defined(ns_rr_cl)
#define ns_rr_class ns_rr_cl
#endif
#endif
#if HAVE_RES_NSEARCH
/*
* Some BIND 8 / BIND 9 implementations disable the BIND 4 style
* constants.
*/
#ifndef C_IN
#define C_IN ns_c_in
#endif
#ifndef T_SRV
#define T_SRV ns_t_srv
#endif
#ifndef T_TXT
#define T_TXT ns_t_txt
#endif
#else /* !HAVE_RES_NSEARCH */
/*
* Some BIND implementations might be old enough to lack these.
*/
#ifndef T_TXT
#define T_TXT 15
#endif
#ifndef T_SRV
#define T_SRV 33
#endif
#endif /* HAVE_RES_NSEARCH */
#ifndef T_URI
#define T_URI 256
#endif
/*
* INCR_OK
*
* Given moving pointer PTR offset from BASE, return true if adding
* INCR to PTR doesn't move it PTR than MAX bytes from BASE.
*/
#define INCR_OK(base, max, ptr, incr) \
((incr) <= (max) - ((const unsigned char *)(ptr) \
- (const unsigned char *)(base)))
/*
* SAFE_GETUINT16
*
* Given PTR offset from BASE, if at least INCR bytes are safe to
* read, get network byte order uint16 into S, and increment PTR. On
* failure, goto LABEL.
*/
#define SAFE_GETUINT16(base, max, ptr, incr, s, label) \
do { \
if (!INCR_OK(base, max, ptr, incr)) goto label; \
(s) = (unsigned short)(ptr)[0] << 8 \
| (unsigned short)(ptr)[1]; \
(ptr) += (incr); \
} while (0)
struct krb5int_dns_state;
int krb5int_dns_init(struct krb5int_dns_state **, char *, int, int);
int krb5int_dns_nextans(struct krb5int_dns_state *,
const unsigned char **, int *);
int krb5int_dns_expand(struct krb5int_dns_state *,
const unsigned char *, char *, int);
void krb5int_dns_fini(struct krb5int_dns_state *);
struct srv_dns_entry {
struct srv_dns_entry *next;
int priority;
int weight;
unsigned short port;
char *host;
};
krb5_error_code
krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
const char *service, const char *protocol,
struct srv_dns_entry **answers);
void krb5int_free_srv_dns_data(struct srv_dns_entry *);
krb5_error_code
k5_make_uri_query(krb5_context context, const krb5_data *realm,
const char *service, struct srv_dns_entry **answers);
#endif /* KRB5_DNS_LOOKUP */
#endif /* !defined(KRB5_DNSGLUE_H) */
|
