1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/os/dnsglue.h */
3 /*
4  * Copyright 2004 by the Massachusetts Institute of Technology.
5  * All Rights Reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  */
26 
27 /*
28  * Glue layer for DNS resolver, to make parsing of replies easier
29  * whether we are using BIND 4, 8, or 9.  This header is not used on
30  * Windows.
31  */
32 
33 /*
34  * BIND 4 doesn't have the ns_initparse() API, so we need to do some
35  * manual parsing via the HEADER struct.  BIND 8 does have
36  * ns_initparse(), but has enums for the various protocol constants
37  * rather than the BIND 4 macros.  BIND 9 (at least on macOS 10.3)
38  * appears to disable res_nsearch() if BIND_8_COMPAT is defined
39  * (which is necessary to obtain the HEADER struct).
40  *
41  * We use ns_initparse() if available at all, and never define
42  * BIND_8_COMPAT.  If there is no ns_initparse(), we do manual parsing
43  * by using the HEADER struct.
44  */
45 
46 #ifndef KRB5_DNSGLUE_H
47 #define KRB5_DNSGLUE_H
48 
49 #include "autoconf.h"
50 #ifdef KRB5_DNS_LOOKUP
51 
52 #include "k5-int.h"
53 #include "os-proto.h"
54 #include <netinet/in.h>
55 #include <arpa/inet.h>
56 #include <arpa/nameser.h>
57 #include <resolv.h>
58 #include <netdb.h>
59 
60 #if HAVE_SYS_PARAM_H
61 #include <sys/param.h>          /* for MAXHOSTNAMELEN */
62 #endif
63 
64 #ifndef MAXDNAME
65 
66 #ifdef NS_MAXDNAME
67 #define MAXDNAME NS_MAXDNAME
68 #else
69 #ifdef MAXLABEL
70 #define MAXDNAME (16 * MAXLABEL)
71 #else
72 #define MAXDNAME (16 * MAXHOSTNAMELEN)
73 #endif
74 #endif
75 
76 #endif
77 
78 #if HAVE_NS_INITPARSE
79 /*
80  * Solaris 7 has ns_rr_cl rather than ns_rr_class.
81  */
82 #if !defined(ns_rr_class) && defined(ns_rr_cl)
83 #define ns_rr_class ns_rr_cl
84 #endif
85 #endif
86 
87 #if HAVE_RES_NSEARCH
88 /*
89  * Some BIND 8 / BIND 9 implementations disable the BIND 4 style
90  * constants.
91  */
92 #ifndef C_IN
93 #define C_IN ns_c_in
94 #endif
95 #ifndef T_SRV
96 #define T_SRV ns_t_srv
97 #endif
98 #ifndef T_TXT
99 #define T_TXT ns_t_txt
100 #endif
101 
102 #else  /* !HAVE_RES_NSEARCH */
103 
104 /*
105  * Some BIND implementations might be old enough to lack these.
106  */
107 #ifndef T_TXT
108 #define T_TXT 15
109 #endif
110 #ifndef T_SRV
111 #define T_SRV 33
112 #endif
113 
114 #endif /* HAVE_RES_NSEARCH */
115 
116 #ifndef T_URI
117 #define T_URI 256
118 #endif
119 
120 /*
121  * INCR_OK
122  *
123  * Given moving pointer PTR offset from BASE, return true if adding
124  * INCR to PTR doesn't move it PTR than MAX bytes from BASE.
125  */
126 #define INCR_OK(base, max, ptr, incr)                           \
127     ((incr) <= (max) - ((const unsigned char *)(ptr)            \
128                         - (const unsigned char *)(base)))
129 
130 /*
131  * SAFE_GETUINT16
132  *
133  * Given PTR offset from BASE, if at least INCR bytes are safe to
134  * read, get network byte order uint16 into S, and increment PTR.  On
135  * failure, goto LABEL.
136  */
137 
138 #define SAFE_GETUINT16(base, max, ptr, incr, s, label)  \
139     do {                                                \
140         if (!INCR_OK(base, max, ptr, incr)) goto label; \
141         (s) = (unsigned short)(ptr)[0] << 8             \
142             | (unsigned short)(ptr)[1];                 \
143         (ptr) += (incr);                                \
144     } while (0)
145 
146 struct krb5int_dns_state;
147 
148 int krb5int_dns_init(struct krb5int_dns_state **, char *, int, int);
149 int krb5int_dns_nextans(struct krb5int_dns_state *,
150                         const unsigned char **, int *);
151 int krb5int_dns_expand(struct krb5int_dns_state *,
152                        const unsigned char *, char *, int);
153 void krb5int_dns_fini(struct krb5int_dns_state *);
154 
155 #endif /* KRB5_DNS_LOOKUP */
156 #endif /* !defined(KRB5_DNSGLUE_H) */
157