xref: /onnv-gate/usr/src/lib/libsocket/inet/netmasks.c (revision 2830:5228d1267a01)
10Sstevel@tonic-gate /*
20Sstevel@tonic-gate  * CDDL HEADER START
30Sstevel@tonic-gate  *
40Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5*2830Sdjl  * Common Development and Distribution License (the "License").
6*2830Sdjl  * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate  *
80Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate  * See the License for the specific language governing permissions
110Sstevel@tonic-gate  * and limitations under the License.
120Sstevel@tonic-gate  *
130Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate  *
190Sstevel@tonic-gate  * CDDL HEADER END
200Sstevel@tonic-gate  */
210Sstevel@tonic-gate /*
22*2830Sdjl  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
230Sstevel@tonic-gate  * Use is subject to license terms.
240Sstevel@tonic-gate  */
250Sstevel@tonic-gate 
260Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
270Sstevel@tonic-gate 
280Sstevel@tonic-gate /*
290Sstevel@tonic-gate  * All routines necessary to deal the "netmasks" database.  The sources
300Sstevel@tonic-gate  * contain mappings between 32 bit Internet addresses and corresponding
310Sstevel@tonic-gate  * 32 bit Internet address masks. The addresses are in dotted internet
320Sstevel@tonic-gate  * address notation.
330Sstevel@tonic-gate  */
340Sstevel@tonic-gate 
350Sstevel@tonic-gate #include <stdio.h>
360Sstevel@tonic-gate #include <ctype.h>
370Sstevel@tonic-gate #include <string.h>
380Sstevel@tonic-gate #include <stdlib.h>
390Sstevel@tonic-gate #include <sys/types.h>
400Sstevel@tonic-gate #include <sys/socket.h>
410Sstevel@tonic-gate #include <net/if.h>
420Sstevel@tonic-gate #include <netinet/in.h>
430Sstevel@tonic-gate #include <arpa/inet.h>
440Sstevel@tonic-gate #include <nss_dbdefs.h>
450Sstevel@tonic-gate 
46*2830Sdjl int str2addr(const char *, int, void *, char *, int);
470Sstevel@tonic-gate 
480Sstevel@tonic-gate static DEFINE_NSS_DB_ROOT(db_root);
490Sstevel@tonic-gate 
50*2830Sdjl void
_nss_initf_netmasks(nss_db_params_t * p)510Sstevel@tonic-gate _nss_initf_netmasks(nss_db_params_t *p)
520Sstevel@tonic-gate {
530Sstevel@tonic-gate 	p->name = NSS_DBNAM_NETMASKS;
540Sstevel@tonic-gate 	p->default_config = NSS_DEFCONF_NETMASKS;
550Sstevel@tonic-gate }
560Sstevel@tonic-gate 
570Sstevel@tonic-gate /*
580Sstevel@tonic-gate  * Print a network number such as 129.144 as well as an IP address.
590Sstevel@tonic-gate  * Assumes network byte order for both IP addresses and network numbers
600Sstevel@tonic-gate  * (Network numbers are normally passed around in host byte order).
61*2830Sdjl  * to be MT safe, use a passed in buffer like otherget*_r APIs.
620Sstevel@tonic-gate  */
630Sstevel@tonic-gate static char *
inet_nettoa(struct in_addr in,char * result,int len)64*2830Sdjl inet_nettoa(struct in_addr in, char *result, int len)
650Sstevel@tonic-gate {
660Sstevel@tonic-gate 	uint32_t addr = in.s_addr;
670Sstevel@tonic-gate 	uchar_t *up = (uchar_t *)&addr;
68*2830Sdjl 
69*2830Sdjl 	if (result == NULL)
70*2830Sdjl 		return (NULL);
710Sstevel@tonic-gate 
720Sstevel@tonic-gate 	/* Omit leading zeros */
730Sstevel@tonic-gate 	if (up[0]) {
74*2830Sdjl 		(void) snprintf(result, len, "%d.%d.%d.%d",
750Sstevel@tonic-gate 		    up[0], up[1], up[2], up[3]);
760Sstevel@tonic-gate 	} else if (up[1]) {
77*2830Sdjl 		(void) snprintf(result, len, "%d.%d.%d", up[1], up[2], up[3]);
780Sstevel@tonic-gate 	} else if (up[2]) {
79*2830Sdjl 		(void) snprintf(result, len, "%d.%d", up[2], up[3]);
800Sstevel@tonic-gate 	} else {
81*2830Sdjl 		(void) snprintf(result, len, "%d", up[3]);
820Sstevel@tonic-gate 	}
830Sstevel@tonic-gate 	return (result);
840Sstevel@tonic-gate }
850Sstevel@tonic-gate 
860Sstevel@tonic-gate /*
870Sstevel@tonic-gate  * Given a 32 bit key look it up in the netmasks database
880Sstevel@tonic-gate  * based on the "netmasks" policy in /etc/nsswitch.conf.
890Sstevel@tonic-gate  * If the key is a network number with the trailing zero's removed
900Sstevel@tonic-gate  * (e.g. "192.9.200") this routine can't use inet_ntoa to convert
910Sstevel@tonic-gate  * the address to the string key.
920Sstevel@tonic-gate  * Returns zero if successful, non-zero otherwise.
930Sstevel@tonic-gate  */
940Sstevel@tonic-gate static int
getnetmaskbykey(const struct in_addr addr,struct in_addr * mask)950Sstevel@tonic-gate getnetmaskbykey(const struct in_addr addr, struct in_addr *mask)
960Sstevel@tonic-gate {
970Sstevel@tonic-gate 	nss_XbyY_args_t arg;
980Sstevel@tonic-gate 	nss_status_t	res;
990Sstevel@tonic-gate 	char		tmp[NSS_LINELEN_NETMASKS];
1000Sstevel@tonic-gate 
1010Sstevel@tonic-gate 	/*
1020Sstevel@tonic-gate 	 * let the backend do the allocation to store stuff for parsing.
1030Sstevel@tonic-gate 	 * To simplify things, we put the dotted internet address form of
1040Sstevel@tonic-gate 	 * the network address in the 'name' field as a filter to speed
1050Sstevel@tonic-gate 	 * up the lookup.
1060Sstevel@tonic-gate 	 */
107*2830Sdjl 	if (inet_nettoa(addr, tmp, NSS_LINELEN_NETMASKS) == NULL)
108*2830Sdjl 		return (NSS_NOTFOUND);
109*2830Sdjl 
1100Sstevel@tonic-gate 	NSS_XbyY_INIT(&arg, mask, NULL, 0, str2addr);
1110Sstevel@tonic-gate 	arg.key.name = tmp;
1120Sstevel@tonic-gate 	res = nss_search(&db_root, _nss_initf_netmasks,
1130Sstevel@tonic-gate 			NSS_DBOP_NETMASKS_BYNET, &arg);
1140Sstevel@tonic-gate 	(void) NSS_XbyY_FINI(&arg);
1150Sstevel@tonic-gate 	return (arg.status = res);
1160Sstevel@tonic-gate }
1170Sstevel@tonic-gate 
1180Sstevel@tonic-gate /*
1190Sstevel@tonic-gate  * Given a 32 bit internet network number, it finds the corresponding netmask
1200Sstevel@tonic-gate  * address based on the "netmasks" policy in /etc/nsswitch.conf.
1210Sstevel@tonic-gate  * Returns zero if successful, non-zero otherwise.
1220Sstevel@tonic-gate  * Check both for the (masked) network number and the shifted network
1230Sstevel@tonic-gate  * number (e.g., both "10.0.0.0" and "10").
1240Sstevel@tonic-gate  * Assumes that the caller passes in an unshifted number (or an IP address).
1250Sstevel@tonic-gate  */
1260Sstevel@tonic-gate int
getnetmaskbynet(const struct in_addr net,struct in_addr * mask)1270Sstevel@tonic-gate getnetmaskbynet(const struct in_addr net, struct in_addr *mask)
1280Sstevel@tonic-gate {
1290Sstevel@tonic-gate 	struct in_addr net1, net2;
1300Sstevel@tonic-gate 	uint32_t i;
1310Sstevel@tonic-gate 
1320Sstevel@tonic-gate 	i = ntohl(net.s_addr);
1330Sstevel@tonic-gate 
1340Sstevel@tonic-gate 	/*
1350Sstevel@tonic-gate 	 * Try looking for the network number both with and without
1360Sstevel@tonic-gate 	 * the trailing zeros.
1370Sstevel@tonic-gate 	 */
1380Sstevel@tonic-gate 	if ((i & IN_CLASSA_NET) == 0) {
1390Sstevel@tonic-gate 		/* Assume already a right-shifted network number */
1400Sstevel@tonic-gate 		net2.s_addr = htonl(i);
1410Sstevel@tonic-gate 		if ((i & IN_CLASSB_NET) != 0) {
1420Sstevel@tonic-gate 			net1.s_addr = htonl(i << IN_CLASSC_NSHIFT);
1430Sstevel@tonic-gate 		} else if ((i & IN_CLASSC_NET) != 0) {
1440Sstevel@tonic-gate 			net1.s_addr = htonl(i << IN_CLASSB_NSHIFT);
1450Sstevel@tonic-gate 		} else {
1460Sstevel@tonic-gate 			net1.s_addr = htonl(i << IN_CLASSA_NSHIFT);
1470Sstevel@tonic-gate 		}
1480Sstevel@tonic-gate 	} else if (IN_CLASSA(i)) {
1490Sstevel@tonic-gate 		net1.s_addr = htonl(i & IN_CLASSA_NET);
1500Sstevel@tonic-gate 		net2.s_addr = htonl(i >> IN_CLASSA_NSHIFT);
1510Sstevel@tonic-gate 	} else if (IN_CLASSB(i)) {
1520Sstevel@tonic-gate 		net1.s_addr = htonl(i & IN_CLASSB_NET);
1530Sstevel@tonic-gate 		net2.s_addr = htonl(i >> IN_CLASSB_NSHIFT);
1540Sstevel@tonic-gate 	} else {
1550Sstevel@tonic-gate 		net1.s_addr = htonl(i & IN_CLASSC_NET);
1560Sstevel@tonic-gate 		net2.s_addr = htonl(i >> IN_CLASSC_NSHIFT);
1570Sstevel@tonic-gate 	}
1580Sstevel@tonic-gate 
1590Sstevel@tonic-gate 	if (getnetmaskbykey(net1, mask) == 0) {
1600Sstevel@tonic-gate 		return (0);
1610Sstevel@tonic-gate 	}
1620Sstevel@tonic-gate 	if (getnetmaskbykey(net2, mask) == 0) {
1630Sstevel@tonic-gate 		return (0);
1640Sstevel@tonic-gate 	}
1650Sstevel@tonic-gate 	return (-1);
1660Sstevel@tonic-gate }
1670Sstevel@tonic-gate 
1680Sstevel@tonic-gate /*
1690Sstevel@tonic-gate  * Find the netmask used for an IP address.
1700Sstevel@tonic-gate  * Returns zero if successful, non-zero otherwise.
1710Sstevel@tonic-gate  *
1720Sstevel@tonic-gate  * Support Variable Length Subnetmasks by looking for the longest
1730Sstevel@tonic-gate  * matching subnetmask in the database.
1740Sstevel@tonic-gate  * Start by looking for a match for the full IP address and
1750Sstevel@tonic-gate  * mask off one rightmost bit after another until we find a match.
1760Sstevel@tonic-gate  * Note that for a match the found netmask must match what was used
1770Sstevel@tonic-gate  * for the lookup masking.
1780Sstevel@tonic-gate  * As a fallback for compatibility finally lookup the network
1790Sstevel@tonic-gate  * number with and without the trailing zeros.
1800Sstevel@tonic-gate  * In order to suppress redundant lookups in the name service
1810Sstevel@tonic-gate  * we keep the previous lookup key and compare against it before
1820Sstevel@tonic-gate  * doing the lookup.
1830Sstevel@tonic-gate  */
1840Sstevel@tonic-gate int
getnetmaskbyaddr(const struct in_addr addr,struct in_addr * mask)1850Sstevel@tonic-gate getnetmaskbyaddr(const struct in_addr addr, struct in_addr *mask)
1860Sstevel@tonic-gate {
1870Sstevel@tonic-gate 	struct in_addr prevnet, net;
1880Sstevel@tonic-gate 	uint32_t i, maskoff;
1890Sstevel@tonic-gate 
1900Sstevel@tonic-gate 	i = ntohl(addr.s_addr);
1910Sstevel@tonic-gate 	prevnet.s_addr = 0;
1920Sstevel@tonic-gate 	mask->s_addr = 0;
1930Sstevel@tonic-gate 
1940Sstevel@tonic-gate 	for (maskoff = 0xFFFFFFFF; maskoff != 0; maskoff = maskoff << 1) {
1950Sstevel@tonic-gate 		net.s_addr = htonl(i & maskoff);
1960Sstevel@tonic-gate 
1970Sstevel@tonic-gate 		if (net.s_addr != prevnet.s_addr) {
1980Sstevel@tonic-gate 			if (getnetmaskbykey(net, mask) != 0) {
1990Sstevel@tonic-gate 				mask->s_addr = 0;
2000Sstevel@tonic-gate 			}
2010Sstevel@tonic-gate 		}
2020Sstevel@tonic-gate 		if (htonl(maskoff) == mask->s_addr)
2030Sstevel@tonic-gate 			return (0);
2040Sstevel@tonic-gate 
2050Sstevel@tonic-gate 		prevnet.s_addr = net.s_addr;
2060Sstevel@tonic-gate 	}
2070Sstevel@tonic-gate 
2080Sstevel@tonic-gate 	/*
2090Sstevel@tonic-gate 	 * Non-VLSM fallback.
2100Sstevel@tonic-gate 	 * Try looking for the network number with and without the trailing
2110Sstevel@tonic-gate 	 * zeros.
2120Sstevel@tonic-gate 	 */
2130Sstevel@tonic-gate 	return (getnetmaskbynet(addr, mask));
2140Sstevel@tonic-gate }
2150Sstevel@tonic-gate 
2160Sstevel@tonic-gate /*
2170Sstevel@tonic-gate  * Parse netmasks entry into its components. The network address is placed
2180Sstevel@tonic-gate  * in buffer for use by check_addr for 'files' backend, to match the network
2190Sstevel@tonic-gate  * address. The network address is placed in the buffer as a network order
2200Sstevel@tonic-gate  * internet address, if buffer is non null. The network order form of the mask
2210Sstevel@tonic-gate  * itself is placed in 'ent'.
2220Sstevel@tonic-gate  */
2230Sstevel@tonic-gate int
str2addr(const char * instr,int lenstr,void * ent,char * buffer,int buflen)2240Sstevel@tonic-gate str2addr(const char *instr, int lenstr, void *ent, char *buffer, int buflen)
2250Sstevel@tonic-gate {
2260Sstevel@tonic-gate 	int	retval;
2270Sstevel@tonic-gate 	struct in_addr	*mask = (struct in_addr *)ent;
2280Sstevel@tonic-gate 	const char	*p, *limit, *start;
2290Sstevel@tonic-gate 	struct in_addr	addr;
2300Sstevel@tonic-gate 	int		i;
2310Sstevel@tonic-gate 	char		tmp[NSS_LINELEN_NETMASKS];
2320Sstevel@tonic-gate 
2330Sstevel@tonic-gate 	p = instr;
2340Sstevel@tonic-gate 	limit = p + lenstr;
2350Sstevel@tonic-gate 	retval = NSS_STR_PARSE_PARSE;
2360Sstevel@tonic-gate 
2370Sstevel@tonic-gate 	while (p < limit && isspace(*p))	/* skip leading whitespace */
2380Sstevel@tonic-gate 		p++;
2390Sstevel@tonic-gate 
2400Sstevel@tonic-gate 	if (buffer) {	/* for 'files' backend verification */
2410Sstevel@tonic-gate 		for (start = p, i = 0; p < limit && !isspace(*p); p++)
2420Sstevel@tonic-gate 			i++;
2430Sstevel@tonic-gate 		if (p < limit && i < buflen) {
2440Sstevel@tonic-gate 			(void) memcpy(tmp, start, i);
2450Sstevel@tonic-gate 			tmp[i] = '\0';
2460Sstevel@tonic-gate 			addr.s_addr = inet_addr(tmp);
2470Sstevel@tonic-gate 			/* Addr will always be an ipv4 address (32bits) */
2480Sstevel@tonic-gate 			if (addr.s_addr == 0xffffffffUL)
2490Sstevel@tonic-gate 				return (NSS_STR_PARSE_PARSE);
2500Sstevel@tonic-gate 			else {
2510Sstevel@tonic-gate 				(void) memcpy(buffer, (char *)&addr,
2520Sstevel@tonic-gate 				    sizeof (struct in_addr));
2530Sstevel@tonic-gate 			}
2540Sstevel@tonic-gate 		} else
2550Sstevel@tonic-gate 			return (NSS_STR_PARSE_ERANGE);
2560Sstevel@tonic-gate 	}
2570Sstevel@tonic-gate 
2580Sstevel@tonic-gate 	while (p < limit && isspace(*p))	/* skip intermediate */
2590Sstevel@tonic-gate 		p++;
2600Sstevel@tonic-gate 
2610Sstevel@tonic-gate 	if (mask) {
2620Sstevel@tonic-gate 		for (start = p, i = 0; p < limit && !isspace(*p); p++)
2630Sstevel@tonic-gate 			i++;
2640Sstevel@tonic-gate 		if (p <= limit) {
2650Sstevel@tonic-gate 			if ((i + 1) > NSS_LINELEN_NETMASKS)
2660Sstevel@tonic-gate 				return (NSS_STR_PARSE_ERANGE);
2670Sstevel@tonic-gate 			(void) memcpy(tmp, start, i);
2680Sstevel@tonic-gate 			tmp[i] = '\0';
2690Sstevel@tonic-gate 			addr.s_addr = inet_addr(tmp);
2700Sstevel@tonic-gate 			/* Addr will always be an ipv4 address (32bits) */
2710Sstevel@tonic-gate 			if (addr.s_addr == 0xffffffffUL)
2720Sstevel@tonic-gate 				retval = NSS_STR_PARSE_PARSE;
2730Sstevel@tonic-gate 			else {
2740Sstevel@tonic-gate 				mask->s_addr = addr.s_addr;
2750Sstevel@tonic-gate 				retval = NSS_STR_PARSE_SUCCESS;
2760Sstevel@tonic-gate 			}
2770Sstevel@tonic-gate 		}
2780Sstevel@tonic-gate 	}
2790Sstevel@tonic-gate 
2800Sstevel@tonic-gate 	return (retval);
2810Sstevel@tonic-gate }
282