27c478bdstevel@tonic-gate * CDDL HEADER START
37c478bdstevel@tonic-gate *
47c478bdstevel@tonic-gate * The contents of this file are subject to the terms of the
5cb5caa9djl * Common Development and Distribution License (the "License").
6cb5caa9djl * You may not use this file except in compliance with the License.
77c478bdstevel@tonic-gate *
87c478bdstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bdstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bdstevel@tonic-gate * See the License for the specific language governing permissions
117c478bdstevel@tonic-gate * and limitations under the License.
127c478bdstevel@tonic-gate *
137c478bdstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bdstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bdstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bdstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bdstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bdstevel@tonic-gate *
197c478bdstevel@tonic-gate * CDDL HEADER END
207c478bdstevel@tonic-gate */
22cb5caa9djl * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
237c478bdstevel@tonic-gate * Use is subject to license terms.
247c478bdstevel@tonic-gate */
267c478bdstevel@tonic-gate#pragma ident	"%Z%%M%	%I%	%E% SMI"
297c478bdstevel@tonic-gate * All routines necessary to deal the "netmasks" database.  The sources
307c478bdstevel@tonic-gate * contain mappings between 32 bit Internet addresses and corresponding
317c478bdstevel@tonic-gate * 32 bit Internet address masks. The addresses are in dotted internet
327c478bdstevel@tonic-gate * address notation.
337c478bdstevel@tonic-gate */
357c478bdstevel@tonic-gate#include <stdio.h>
367c478bdstevel@tonic-gate#include <ctype.h>
377c478bdstevel@tonic-gate#include <string.h>
387c478bdstevel@tonic-gate#include <stdlib.h>
397c478bdstevel@tonic-gate#include <sys/types.h>
407c478bdstevel@tonic-gate#include <sys/socket.h>
417c478bdstevel@tonic-gate#include <net/if.h>
427c478bdstevel@tonic-gate#include <netinet/in.h>
437c478bdstevel@tonic-gate#include <arpa/inet.h>
447c478bdstevel@tonic-gate#include <nss_dbdefs.h>
46cb5caa9djlint str2addr(const char *, int, void *, char *, int);
487c478bdstevel@tonic-gatestatic DEFINE_NSS_DB_ROOT(db_root);
517c478bdstevel@tonic-gate_nss_initf_netmasks(nss_db_params_t *p)
537c478bdstevel@tonic-gate	p->name = NSS_DBNAM_NETMASKS;
547c478bdstevel@tonic-gate	p->default_config = NSS_DEFCONF_NETMASKS;
587c478bdstevel@tonic-gate * Print a network number such as 129.144 as well as an IP address.
597c478bdstevel@tonic-gate * Assumes network byte order for both IP addresses and network numbers
607c478bdstevel@tonic-gate * (Network numbers are normally passed around in host byte order).
61cb5caa9djl * to be MT safe, use a passed in buffer like otherget*_r APIs.
627c478bdstevel@tonic-gate */
637c478bdstevel@tonic-gatestatic char *
64cb5caa9djlinet_nettoa(struct in_addr in, char *result, int len)
667c478bdstevel@tonic-gate	uint32_t addr = in.s_addr;
677c478bdstevel@tonic-gate	uchar_t *up = (uchar_t *)&addr;
69cb5caa9djl	if (result == NULL)
70cb5caa9djl		return (NULL);
727c478bdstevel@tonic-gate	/* Omit leading zeros */
737c478bdstevel@tonic-gate	if (up[0]) {
74cb5caa9djl		(void) snprintf(result, len, "%d.%d.%d.%d",
757c478bdstevel@tonic-gate		    up[0], up[1], up[2], up[3]);
767c478bdstevel@tonic-gate	} else if (up[1]) {
77cb5caa9djl		(void) snprintf(result, len, "%d.%d.%d", up[1], up[2], up[3]);
787c478bdstevel@tonic-gate	} else if (up[2]) {
79cb5caa9djl		(void) snprintf(result, len, "%d.%d", up[2], up[3]);
807c478bdstevel@tonic-gate	} else {
81cb5caa9djl		(void) snprintf(result, len, "%d", up[3]);
827c478bdstevel@tonic-gate	}
837c478bdstevel@tonic-gate	return (result);
877c478bdstevel@tonic-gate * Given a 32 bit key look it up in the netmasks database
887c478bdstevel@tonic-gate * based on the "netmasks" policy in /etc/nsswitch.conf.
897c478bdstevel@tonic-gate * If the key is a network number with the trailing zero's removed
907c478bdstevel@tonic-gate * (e.g. "192.9.200") this routine can't use inet_ntoa to convert
917c478bdstevel@tonic-gate * the address to the string key.
927c478bdstevel@tonic-gate * Returns zero if successful, non-zero otherwise.
937c478bdstevel@tonic-gate */
947c478bdstevel@tonic-gatestatic int
957c478bdstevel@tonic-gategetnetmaskbykey(const struct in_addr addr, struct in_addr *mask)
977c478bdstevel@tonic-gate	nss_XbyY_args_t arg;
987c478bdstevel@tonic-gate	nss_status_t	res;
997c478bdstevel@tonic-gate	char		tmp[NSS_LINELEN_NETMASKS];
1017c478bdstevel@tonic-gate	/*
1027c478bdstevel@tonic-gate	 * let the backend do the allocation to store stuff for parsing.
1037c478bdstevel@tonic-gate	 * To simplify things, we put the dotted internet address form of
1047c478bdstevel@tonic-gate	 * the network address in the 'name' field as a filter to speed
1057c478bdstevel@tonic-gate	 * up the lookup.
1067c478bdstevel@tonic-gate	 */
107cb5caa9djl	if (inet_nettoa(addr, tmp, NSS_LINELEN_NETMASKS) == NULL)
108cb5caa9djl		return (NSS_NOTFOUND);
1107c478bdstevel@tonic-gate	NSS_XbyY_INIT(&arg, mask, NULL, 0, str2addr);
1117c478bdstevel@tonic-gate	arg.key.name = tmp;
1127c478bdstevel@tonic-gate	res = nss_search(&db_root, _nss_initf_netmasks,
1137c478bdstevel@tonic-gate			NSS_DBOP_NETMASKS_BYNET, &arg);
1147c478bdstevel@tonic-gate	(void) NSS_XbyY_FINI(&arg);
1157c478bdstevel@tonic-gate	return (arg.status = res);
1197c478bdstevel@tonic-gate * Given a 32 bit internet network number, it finds the corresponding netmask
1207c478bdstevel@tonic-gate * address based on the "netmasks" policy in /etc/nsswitch.conf.
1217c478bdstevel@tonic-gate * Returns zero if successful, non-zero otherwise.
1227c478bdstevel@tonic-gate * Check both for the (masked) network number and the shifted network
1237c478bdstevel@tonic-gate * number (e.g., both "" and "10").
1247c478bdstevel@tonic-gate * Assumes that the caller passes in an unshifted number (or an IP address).
1257c478bdstevel@tonic-gate */
1277c478bdstevel@tonic-gategetnetmaskbynet(const struct in_addr net, struct in_addr *mask)
1297c478bdstevel@tonic-gate	struct in_addr net1, net2;
1307c478bdstevel@tonic-gate	uint32_t i;
1327c478bdstevel@tonic-gate	i = ntohl(net.s_addr);
1347c478bdstevel@tonic-gate	/*
1357c478bdstevel@tonic-gate	 * Try looking for the network number both with and without
1367c478bdstevel@tonic-gate	 * the trailing zeros.
1377c478bdstevel@tonic-gate	 */
1387c478bdstevel@tonic-gate	if ((i & IN_CLASSA_NET) == 0) {
1397c478bdstevel@tonic-gate		/* Assume already a right-shifted network number */
1407c478bdstevel@tonic-gate		net2.s_addr = htonl(i);
1417c478bdstevel@tonic-gate		if ((i & IN_CLASSB_NET) != 0) {
1427c478bdstevel@tonic-gate			net1.s_addr = htonl(i << IN_CLASSC_NSHIFT);
1437c478bdstevel@tonic-gate		} else if ((i & IN_CLASSC_NET) != 0) {
1447c478bdstevel@tonic-gate			net1.s_addr = htonl(i << IN_CLASSB_NSHIFT);
1457c478bdstevel@tonic-gate		} else {
1467c478bdstevel@tonic-gate			net1.s_addr = htonl(i << IN_CLASSA_NSHIFT);
1477c478bdstevel@tonic-gate		}
1487c478bdstevel@tonic-gate	} else if (IN_CLASSA(i)) {
1497c478bdstevel@tonic-gate		net1.s_addr = htonl(i & IN_CLASSA_NET);
1507c478bdstevel@tonic-gate		net2.s_addr = htonl(i >> IN_CLASSA_NSHIFT);
1517c478bdstevel@tonic-gate	} else if (IN_CLASSB(i)) {
1527c478bdstevel@tonic-gate		net1.s_addr = htonl(i & IN_CLASSB_NET);
1537c478bdstevel@tonic-gate		net2.s_addr = htonl(i >> IN_CLASSB_NSHIFT);
1547c478bdstevel@tonic-gate	} else {
1557c478bdstevel@tonic-gate		net1.s_addr = htonl(i & IN_CLASSC_NET);
1567c478bdstevel@tonic-gate		net2.s_addr = htonl(i >> IN_CLASSC_NSHIFT);
1577c478bdstevel@tonic-gate	}
1597c478bdstevel@tonic-gate	if (getnetmaskbykey(net1, mask) == 0) {
1607c478bdstevel@tonic-gate		return (0);
1617c478bdstevel@tonic-gate	}
1627c478bdstevel@tonic-gate	if (getnetmaskbykey(net2, mask) == 0) {
1637c478bdstevel@tonic-gate		return (0);
1647c478bdstevel@tonic-gate	}
1657c478bdstevel@tonic-gate	return (-1);
1697c478bdstevel@tonic-gate * Find the netmask used for an IP address.
1707c478bdstevel@tonic-gate * Returns zero if successful, non-zero otherwise.
1717c478bdstevel@tonic-gate *
1727c478bdstevel@tonic-gate * Support Variable Length Subnetmasks by looking for the longest
1737c478bdstevel@tonic-gate * matching subnetmask in the database.
1747c478bdstevel@tonic-gate * Start by looking for a match for the full IP address and
1757c478bdstevel@tonic-gate * mask off one rightmost bit after another until we find a match.
1767c478bdstevel@tonic-gate * Note that for a match the found netmask must match what was used
1777c478bdstevel@tonic-gate * for the lookup masking.
1787c478bdstevel@tonic-gate * As a fallback for compatibility finally lookup the network
1797c478bdstevel@tonic-gate * number with and without the trailing zeros.
1807c478bdstevel@tonic-gate * In order to suppress redundant lookups in the name service
1817c478bdstevel@tonic-gate * we keep the previous lookup key and compare against it before
1827c478bdstevel@tonic-gate * doing the lookup.
1837c478bdstevel@tonic-gate */
1857c478bdstevel@tonic-gategetnetmaskbyaddr(const struct in_addr addr, struct in_addr *mask)
1877c478bdstevel@tonic-gate	struct in_addr prevnet, net;
1887c478bdstevel@tonic-gate	uint32_t i, maskoff;
1907c478bdstevel@tonic-gate	i = ntohl(addr.s_addr);
1917c478bdstevel@tonic-gate	prevnet.s_addr = 0;
1927c478bdstevel@tonic-gate	mask->s_addr = 0;
1947c478bdstevel@tonic-gate	for (maskoff = 0xFFFFFFFF; maskoff != 0; maskoff = maskoff << 1) {
1957c478bdstevel@tonic-gate		net.s_addr = htonl(i & maskoff);
1977c478bdstevel@tonic-gate		if (net.s_addr != prevnet.s_addr) {
1987c478bdstevel@tonic-gate			if (getnetmaskbykey(net, mask) != 0) {
1997c478bdstevel@tonic-gate				mask->s_addr = 0;
2007c478bdstevel@tonic-gate			}
2017c478bdstevel@tonic-gate		}
2027c478bdstevel@tonic-gate		if (htonl(maskoff) == mask->s_addr)
2037c478bdstevel@tonic-gate			return (0);
2057c478bdstevel@tonic-gate		prevnet.s_addr = net.s_addr;
2067c478bdstevel@tonic-gate	}
2087c478bdstevel@tonic-gate	/*
2097c478bdstevel@tonic-gate	 * Non-VLSM fallback.
2107c478bdstevel@tonic-gate	 * Try looking for the network number with and without the trailing
2117c478bdstevel@tonic-gate	 * zeros.
2127c478bdstevel@tonic-gate	 */
2137c478bdstevel@tonic-gate	return (getnetmaskbynet(addr, mask));
2177c478bdstevel@tonic-gate * Parse netmasks entry into its components. The network address is placed
2187c478bdstevel@tonic-gate * in buffer for use by check_addr for 'files' backend, to match the network
2197c478bdstevel@tonic-gate * address. The network address is placed in the buffer as a network order
2207c478bdstevel@tonic-gate * internet address, if buffer is non null. The network order form of the mask
2217c478bdstevel@tonic-gate * itself is placed in 'ent'.
2227c478bdstevel@tonic-gate */
2247c478bdstevel@tonic-gatestr2addr(const char *instr, int lenstr, void *ent, char *buffer, int buflen)
2267c478bdstevel@tonic-gate	int	retval;
2277c478bdstevel@tonic-gate	struct in_addr	*mask = (struct in_addr *)ent;
2287c478bdstevel@tonic-gate	const char	*p, *limit, *start;
2297c478bdstevel@tonic-gate	struct in_addr	addr;
2307c478bdstevel@tonic-gate	int		i;
2317c478bdstevel@tonic-gate	char		tmp[NSS_LINELEN_NETMASKS];
2337c478bdstevel@tonic-gate	p = instr;
2347c478bdstevel@tonic-gate	limit = p + lenstr;
2357c478bdstevel@tonic-gate	retval = NSS_STR_PARSE_PARSE;
2377c478bdstevel@tonic-gate	while (p < limit && isspace(*p))	/* skip leading whitespace */
2387c478bdstevel@tonic-gate		p++;
2407c478bdstevel@tonic-gate	if (buffer) {	/* for 'files' backend verification */
2417c478bdstevel@tonic-gate		for (start = p, i = 0; p < limit && !isspace(*p); p++)
2427c478bdstevel@tonic-gate			i++;
2437c478bdstevel@tonic-gate		if (p < limit && i < buflen) {
2447c478bdstevel@tonic-gate			(void) memcpy(tmp, start, i);
2457c478bdstevel@tonic-gate			tmp[i] = '\0';
2467c478bdstevel@tonic-gate			addr.s_addr = inet_addr(tmp);
2477c478bdstevel@tonic-gate			/* Addr will always be an ipv4 address (32bits) */
2487c478bdstevel@tonic-gate			if (addr.s_addr == 0xffffffffUL)
2497c478bdstevel@tonic-gate				return (NSS_STR_PARSE_PARSE);
2507c478bdstevel@tonic-gate			else {
2517c478bdstevel@tonic-gate				(void) memcpy(buffer, (char *)&addr,
2527c478bdstevel@tonic-gate				    sizeof (struct in_addr));
2537c478bdstevel@tonic-gate			}
2547c478bdstevel@tonic-gate		} else
2557c478bdstevel@tonic-gate			return (NSS_STR_PARSE_ERANGE);
2567c478bdstevel@tonic-gate	}
2587c478bdstevel@tonic-gate	while (p < limit && isspace(*p))	/* skip intermediate */
2597c478bdstevel@tonic-gate		p++;
2617c478bdstevel@tonic-gate	if (mask) {
2627c478bdstevel@tonic-gate		for (start = p, i = 0; p < limit && !isspace(*p); p++)
2637c478bdstevel@tonic-gate			i++;
2647c478bdstevel@tonic-gate		if (p <= limit) {
2657c478bdstevel@tonic-gate			if ((i + 1) > NSS_LINELEN_NETMASKS)
2667c478bdstevel@tonic-gate				return (NSS_STR_PARSE_ERANGE);
2677c478bdstevel@tonic-gate			(void) memcpy(tmp, start, i);
2687c478bdstevel@tonic-gate			tmp[i] = '\0';
2697c478bdstevel@tonic-gate			addr.s_addr = inet_addr(tmp);
2707c478bdstevel@tonic-gate			/* Addr will always be an ipv4 address (32bits) */
2717c478bdstevel@tonic-gate			if (addr.s_addr == 0xffffffffUL)
2727c478bdstevel@tonic-gate				retval = NSS_STR_PARSE_PARSE;
2737c478bdstevel@tonic-gate			else {
2747c478bdstevel@tonic-gate				mask->s_addr = addr.s_addr;
2757c478bdstevel@tonic-gate				retval = NSS_STR_PARSE_SUCCESS;
2767c478bdstevel@tonic-gate			}
2777c478bdstevel@tonic-gate		}
2787c478bdstevel@tonic-gate	}
2807c478bdstevel@tonic-gate	return (retval);