source: trunk/src/sh_static.c@ 520

Last change on this file since 520 was 502, checked in by katerina, 9 years ago

Tighter sanity checks in sh_static.c

File size: 49.4 KB
RevLine 
[1]1/* Copyright (C) 2003 Manuel Novoa III
2 *
3 * This library is free software; you can redistribute it and/or
4 * modify it under the terms of the GNU Library General Public
5 * License as published by the Free Software Foundation; either
6 * version 2 of the License, or (at your option) any later version.
7 *
8 * This library is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * Library General Public License for more details.
12 *
13 * You should have received a copy of the GNU Library General Public
14 * License along with this library; if not, write to the Free
15 * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
16 */
17
18/* Nov 6, 2003 Initial version.
19 *
20 * NOTE: This implementation is quite strict about requiring all
21 * field seperators. It also does not allow leading whitespace
22 * except when processing the numeric fields. glibc is more
23 * lenient. See the various glibc difference comments below.
24 *
25 * TODO:
26 * Move to dynamic allocation of (currently staticly allocated)
27 * buffers; especially for the group-related functions since
28 * large group member lists will cause error returns.
29 *
30 */
31
32/* Jul 20, 2004 Adapted for samhain. Rainer Wichmann.
33 *
34 * Stripped all unneeded code.
35 */
36
37#include "config_xor.h"
38
39#if defined(SH_COMPILE_STATIC) && defined(__linux__)
40
41#define _GNU_SOURCE
42#include <features.h>
43#include <stdio.h>
44#include <stdlib.h>
45#include <stdint.h>
46#include <string.h>
47#include <stddef.h>
48#include <errno.h>
49#include <assert.h>
50#include <ctype.h>
51#include <pwd.h>
52#include <grp.h>
53
[134]54#include "sh_pthread.h"
55
[252]56extern int sl_close_fd (const char * file, int line, int fd);
57extern int sl_fclose (const char * file, int line, FILE * fp);
58
59
[1]60#ifndef _PATH_PASSWD
61#define _PATH_PASSWD "/etc/passwd"
62#endif
63#ifndef _PATH_GROUP
64#define _PATH_GROUP "/etc/group"
65#endif
66
[252]67#undef FIL__
68#define FIL__ _("sh_static.c")
69
[22]70extern int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz);
71extern int sl_strlcat(char * dst, /*@null@*/const char * src, size_t siz);
[1]72
73
74/**********************************************************************/
75/* Sizes for staticly allocated buffers. */
76
77#define PWD_BUFFER_SIZE 256
[428]78#define GRP_BUFFER_SIZE 3584
79#define GRP_BUFFER_SIZE_MALLOC 32768
[1]80
81/**********************************************************************/
82/* Prototypes for internal functions. */
83
84static int __parsepwent(void *pw, char *line);
85static int __parsegrent(void *gr, char *line);
86
87static int __pgsreader(int (*__parserfunc)(void *d, char *line), void *data,
88 char *__restrict line_buff,
89 size_t buflen, FILE *f);
90
91#undef GETXXKEY_R_FUNC
92#undef GETXXKEY_R_PARSER
93#undef GETXXKEY_R_ENTTYPE
94#undef GETXXKEY_R_TEST
95#undef DO_GETXXKEY_R_KEYTYPE
96#undef DO_GETXXKEY_R_PATHNAME
97#define GETXXKEY_R_FUNC sh_getpwnam_r
98#define GETXXKEY_R_PARSER __parsepwent
99#define GETXXKEY_R_ENTTYPE struct passwd
100#define GETXXKEY_R_TEST(ENT) (!strcmp((ENT)->pw_name, key))
101#define DO_GETXXKEY_R_KEYTYPE const char *__restrict
102#define DO_GETXXKEY_R_PATHNAME _PATH_PASSWD
103
[145]104int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key,
105 GETXXKEY_R_ENTTYPE *__restrict resultbuf,
106 char *__restrict buffer, size_t buflen,
107 GETXXKEY_R_ENTTYPE **__restrict result)
[1]108{
109 FILE *stream;
110 int rv;
111
112 *result = NULL;
113
114 if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) {
115 rv = errno;
116 } else {
117 /* __STDIO_SET_USER_LOCKING(stream); */
118 do {
119 if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf,
120 buffer, buflen, stream))
121 ) {
122 if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */
123 *result = resultbuf;
124 break;
125 }
126 } else {
127 if (rv == ENOENT) { /* end-of-file encountered. */
128 rv = 0;
129 }
130 break;
131 }
132 } while (1);
[252]133 sl_fclose(FIL__, __LINE__, stream);
[1]134 }
135
136 return rv;
137}
138
139#undef GETXXKEY_R_FUNC
140#undef GETXXKEY_R_PARSER
141#undef GETXXKEY_R_ENTTYPE
142#undef GETXXKEY_R_TEST
143#undef DO_GETXXKEY_R_KEYTYPE
144#undef DO_GETXXKEY_R_PATHNAME
145#define GETXXKEY_R_FUNC sh_getgrnam_r
146#define GETXXKEY_R_PARSER __parsegrent
147#define GETXXKEY_R_ENTTYPE struct group
148#define GETXXKEY_R_TEST(ENT) (!strcmp((ENT)->gr_name, key))
149#define DO_GETXXKEY_R_KEYTYPE const char *__restrict
150#define DO_GETXXKEY_R_PATHNAME _PATH_GROUP
151
[145]152int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key,
153 GETXXKEY_R_ENTTYPE *__restrict resultbuf,
154 char *__restrict buffer, size_t buflen,
155 GETXXKEY_R_ENTTYPE **__restrict result)
[1]156{
157 FILE *stream;
158 int rv;
159
160 *result = NULL;
161
162 if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) {
163 rv = errno;
164 } else {
165 /* __STDIO_SET_USER_LOCKING(stream); */
166 do {
167 if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf,
168 buffer, buflen, stream))
169 ) {
170 if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */
171 *result = resultbuf;
172 break;
173 }
174 } else {
175 if (rv == ENOENT) { /* end-of-file encountered. */
176 rv = 0;
177 }
178 break;
179 }
180 } while (1);
[252]181 sl_fclose(FIL__, __LINE__, stream);
[1]182 }
183
184 return rv;
185}
186
187#undef GETXXKEY_R_FUNC
188#undef GETXXKEY_R_PARSER
189#undef GETXXKEY_R_ENTTYPE
190#undef GETXXKEY_R_TEST
191#undef DO_GETXXKEY_R_KEYTYPE
192#undef DO_GETXXKEY_R_PATHNAME
193#define GETXXKEY_R_FUNC sh_getpwuid_r
194#define GETXXKEY_R_PARSER __parsepwent
195#define GETXXKEY_R_ENTTYPE struct passwd
196#define GETXXKEY_R_TEST(ENT) ((ENT)->pw_uid == key)
197#define DO_GETXXKEY_R_KEYTYPE uid_t
198#define DO_GETXXKEY_R_PATHNAME _PATH_PASSWD
199
[145]200int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key,
201 GETXXKEY_R_ENTTYPE *__restrict resultbuf,
202 char *__restrict buffer, size_t buflen,
203 GETXXKEY_R_ENTTYPE **__restrict result)
[1]204{
205 FILE *stream;
206 int rv;
207
208 *result = NULL;
209
210 if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) {
211 rv = errno;
212 } else {
213 /* __STDIO_SET_USER_LOCKING(stream); */
214 do {
215 if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf,
216 buffer, buflen, stream))
217 ) {
218 if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */
219 *result = resultbuf;
220 break;
221 }
222 } else {
223 if (rv == ENOENT) { /* end-of-file encountered. */
224 rv = 0;
225 }
226 break;
227 }
228 } while (1);
[252]229 sl_fclose(FIL__, __LINE__, stream);
[1]230 }
231
232 return rv;
233}
234
235#undef GETXXKEY_R_FUNC
236#undef GETXXKEY_R_PARSER
237#undef GETXXKEY_R_ENTTYPE
238#undef GETXXKEY_R_TEST
239#undef DO_GETXXKEY_R_KEYTYPE
240#undef DO_GETXXKEY_R_PATHNAME
241#define GETXXKEY_R_FUNC sh_getgrgid_r
242#define GETXXKEY_R_PARSER __parsegrent
243#define GETXXKEY_R_ENTTYPE struct group
244#define GETXXKEY_R_TEST(ENT) ((ENT)->gr_gid == key)
245#define DO_GETXXKEY_R_KEYTYPE gid_t
246#define DO_GETXXKEY_R_PATHNAME _PATH_GROUP
247
[145]248int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key,
249 GETXXKEY_R_ENTTYPE *__restrict resultbuf,
250 char *__restrict buffer, size_t buflen,
251 GETXXKEY_R_ENTTYPE **__restrict result)
[1]252{
253 FILE *stream;
254 int rv;
255
256 *result = NULL;
257
258 if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) {
259 rv = errno;
260 } else {
261 /* __STDIO_SET_USER_LOCKING(stream); */
262 do {
263 if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf,
264 buffer, buflen, stream))
265 ) {
266 if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */
267 *result = resultbuf;
268 break;
269 }
270 } else {
271 if (rv == ENOENT) { /* end-of-file encountered. */
272 rv = 0;
273 }
274 break;
275 }
276 } while (1);
[252]277 sl_fclose(FIL__, __LINE__, stream);
[1]278 }
279
280 return rv;
281}
282
283struct passwd * sh_getpwuid(uid_t uid)
284{
285 static char buffer[PWD_BUFFER_SIZE];
286 static struct passwd resultbuf;
287 struct passwd *result;
288
289 sh_getpwuid_r(uid, &resultbuf, buffer, sizeof(buffer), &result);
290 return result;
291}
292
[170]293struct passwd * getpwuid(uid_t uid)
294{
295 return sh_getpwuid(uid);
296}
297
[1]298struct group * sh_getgrgid(gid_t gid)
299{
300 static char buffer[GRP_BUFFER_SIZE];
301 static struct group resultbuf;
302 struct group *result;
303
304 sh_getgrgid_r(gid, &resultbuf, buffer, sizeof(buffer), &result);
305 return result;
306}
307
[170]308struct group * getgrgid(gid_t gid)
309{
310 return sh_getgrgid(gid);
311}
[1]312
313struct passwd * sh_getpwnam(const char *name)
314{
315 static char buffer[PWD_BUFFER_SIZE];
316 static struct passwd resultbuf;
317 struct passwd *result;
318
319 sh_getpwnam_r(name, &resultbuf, buffer, sizeof(buffer), &result);
320 return result;
321}
322
323struct group * sh_getgrnam(const char *name)
324{
325 static char buffer[GRP_BUFFER_SIZE];
326 static struct group resultbuf;
327 struct group *result;
328
329 sh_getgrnam_r(name, &resultbuf, buffer, sizeof(buffer), &result);
330 return result;
331}
332
[134]333SH_MUTEX_STATIC(pwf_lock, PTHREAD_MUTEX_INITIALIZER);
[1]334
[134]335
[1]336static FILE *pwf = NULL;
337
338void sh_setpwent(void)
339{
[134]340 SH_MUTEX_LOCK(pwf_lock);
[1]341 if (pwf) {
342 rewind(pwf);
343 }
[134]344 SH_MUTEX_UNLOCK(pwf_lock);
[1]345}
346
347void sh_endpwent(void)
348{
[134]349 SH_MUTEX_LOCK(pwf_lock);
[1]350 if (pwf) {
[252]351 sl_fclose(FIL__, __LINE__, pwf);
[1]352 pwf = NULL;
353 }
[134]354 SH_MUTEX_UNLOCK(pwf_lock);
[1]355}
356
357
358static int sh_getpwent_r(struct passwd *__restrict resultbuf,
359 char *__restrict buffer, size_t buflen,
360 struct passwd **__restrict result)
361{
362 int rv;
363
[134]364 SH_MUTEX_LOCK(pwf_lock);
[1]365
366 *result = NULL; /* In case of error... */
367
368 if (!pwf) {
369 if (!(pwf = fopen(_PATH_PASSWD, "r"))) {
370 rv = errno;
371 goto ERR;
372 }
373 /* __STDIO_SET_USER_LOCKING(pwf); */
374 }
375
376 if (!(rv = __pgsreader(__parsepwent, resultbuf,
377 buffer, buflen, pwf))) {
378 *result = resultbuf;
379 }
380
381 ERR:
[150]382 ; /* 'label at end of compound statement' */
[134]383 SH_MUTEX_UNLOCK(pwf_lock);
[1]384
385 return rv;
386}
387
[134]388SH_MUTEX_STATIC(grf_lock, PTHREAD_MUTEX_INITIALIZER);
[1]389
390static FILE *grf = NULL;
391
392void sh_setgrent(void)
393{
[134]394 SH_MUTEX_LOCK(grf_lock);
[1]395 if (grf) {
396 rewind(grf);
397 }
[134]398 SH_MUTEX_UNLOCK(grf_lock);
[1]399}
400
401void sh_endgrent(void)
402{
[134]403 SH_MUTEX_LOCK(grf_lock);
[1]404 if (grf) {
[252]405 sl_fclose(FIL__, __LINE__, grf);
[1]406 grf = NULL;
407 }
[134]408 SH_MUTEX_UNLOCK(grf_lock);
[1]409}
410
411static int sh_getgrent_r(struct group *__restrict resultbuf,
412 char *__restrict buffer, size_t buflen,
413 struct group **__restrict result)
414{
415 int rv;
416
[134]417 SH_MUTEX_LOCK(grf_lock);
[1]418
419 *result = NULL; /* In case of error... */
420
421 if (!grf) {
422 if (!(grf = fopen(_PATH_GROUP, "r"))) {
423 rv = errno;
424 goto ERR;
425 }
426 /* __STDIO_SET_USER_LOCKING(grf); */
427 }
428
429 if (!(rv = __pgsreader(__parsegrent, resultbuf,
430 buffer, buflen, grf))) {
431 *result = resultbuf;
432 }
433
434 ERR:
[150]435 ; /* 'label at end of compound statement' */
[134]436 SH_MUTEX_UNLOCK(grf_lock);
[1]437
438 return rv;
439}
440
441
442struct passwd * sh_getpwent(void)
443{
444 static char line_buff[PWD_BUFFER_SIZE];
445 static struct passwd pwd;
446 struct passwd *result;
447
448 sh_getpwent_r(&pwd, line_buff, sizeof(line_buff), &result);
449 return result;
450}
451
452
453struct group * sh_getgrent(void)
454{
455 static char line_buff[GRP_BUFFER_SIZE];
456 static struct group gr;
457 struct group *result;
458
[134]459 sh_getgrent_r(&gr, line_buff, sizeof(line_buff), &result);
[1]460 return result;
461}
462
463int sh_initgroups(const char *user, gid_t gid)
464{
465 FILE *grf;
466 gid_t *group_list;
467 int num_groups, rv;
468 char **m;
469 struct group group;
470
[454]471 char * buff = calloc(1,GRP_BUFFER_SIZE_MALLOC);
[428]472
[1]473 rv = -1;
474
475 /* We alloc space for 8 gids at a time. */
[454]476 if (((group_list = calloc(8,sizeof(gid_t *))) != NULL)
[1]477 && ((grf = fopen(_PATH_GROUP, "r")) != NULL)
478 ) {
479
480 /* __STDIO_SET_USER_LOCKING(grf); */
481
482 *group_list = gid;
483 num_groups = 1;
484
[428]485 while (!__pgsreader(__parsegrent, &group, buff, GRP_BUFFER_SIZE_MALLOC, grf)) {
[1]486 assert(group.gr_mem); /* Must have at least a NULL terminator. */
487 if (group.gr_gid != gid) {
488 for (m=group.gr_mem ; *m ; m++) {
489 if (!strcmp(*m, user)) {
490 if (!(num_groups & 7)) {
491 gid_t *tmp = (gid_t *)
492 realloc(group_list,
493 (num_groups+8) * sizeof(gid_t *));
494 if (!tmp) {
495 rv = -1;
496 goto DO_CLOSE;
497 }
498 group_list = tmp;
499 }
500 group_list[num_groups++] = group.gr_gid;
501 break;
502 }
503 }
504 }
505 }
506
507 rv = setgroups(num_groups, group_list);
508 DO_CLOSE:
[252]509 sl_fclose(FIL__, __LINE__, grf);
[1]510 }
511
512 /* group_list will be NULL if initial malloc failed, which may trigger
513 * warnings from various malloc debuggers. */
514 free(group_list);
[428]515 free(buff);
[1]516 return rv;
517}
518
519
520/**********************************************************************/
521/* Internal uClibc functions. */
522/**********************************************************************/
523
524static const unsigned char pw_off[] = {
525 offsetof(struct passwd, pw_name), /* 0 */
526 offsetof(struct passwd, pw_passwd), /* 1 */
527 offsetof(struct passwd, pw_uid), /* 2 - not a char ptr */
528 offsetof(struct passwd, pw_gid), /* 3 - not a char ptr */
529 offsetof(struct passwd, pw_gecos), /* 4 */
530 offsetof(struct passwd, pw_dir), /* 5 */
531 offsetof(struct passwd, pw_shell) /* 6 */
532};
533
534static int __parsepwent(void *data, char *line)
535{
536 char *endptr;
537 char *p;
538 int i;
539
540 i = 0;
541 do {
542 p = ((char *) ((struct passwd *) data)) + pw_off[i];
543
544 if ((i & 6) ^ 2) { /* i!=2 and i!=3 */
545 *((char **) p) = line;
546 if (i==6) {
547 return 0;
548 }
549 /* NOTE: glibc difference - glibc allows omission of
550 * ':' seperators after the gid field if all remaining
551 * entries are empty. We require all separators. */
552 if (!(line = strchr(line, ':'))) {
553 break;
554 }
555 } else {
556 unsigned long t = strtoul(line, &endptr, 10);
557 /* Make sure we had at least one digit, and that the
558 * failing char is the next field seperator ':'. See
559 * glibc difference note above. */
560 /* TODO: Also check for leading whitespace? */
561 if ((endptr == line) || (*endptr != ':')) {
562 break;
563 }
564 line = endptr;
565 if (i & 1) { /* i == 3 -- gid */
566 *((gid_t *) p) = t;
567 } else { /* i == 2 -- uid */
568 *((uid_t *) p) = t;
569 }
570 }
571
572 *line++ = 0;
573 ++i;
574 } while (1);
575
576 return -1;
577}
578
579static const unsigned char gr_off[] = {
580 offsetof(struct group, gr_name), /* 0 */
581 offsetof(struct group, gr_passwd), /* 1 */
582 offsetof(struct group, gr_gid) /* 2 - not a char ptr */
583};
584
585static int __parsegrent(void *data, char *line)
586{
587 char *endptr;
588 char *p;
589 int i;
590 char **members;
591 char *end_of_buf;
592
593 end_of_buf = ((struct group *) data)->gr_name; /* Evil hack! */
594 i = 0;
595 do {
596 p = ((char *) ((struct group *) data)) + gr_off[i];
597
598 if (i < 2) {
599 *((char **) p) = line;
600 if (!(line = strchr(line, ':'))) {
601 break;
602 }
603 *line++ = 0;
604 ++i;
605 } else {
606 *((gid_t *) p) = strtoul(line, &endptr, 10);
607
608 /* NOTE: glibc difference - glibc allows omission of the
609 * trailing colon when there is no member list. We treat
610 * this as an error. */
611
612 /* Make sure we had at least one digit, and that the
613 * failing char is the next field seperator ':'. See
614 * glibc difference note above. */
615 if ((endptr == line) || (*endptr != ':')) {
616 break;
617 }
618
619 i = 1; /* Count terminating NULL ptr. */
620 p = endptr;
621
622 if (p[1]) { /* We have a member list to process. */
623 /* Overwrite the last ':' with a ',' before counting.
624 * This allows us to test for initial ',' and adds
625 * one ',' so that the ',' count equals the member
626 * count. */
627 *p = ',';
628 do {
629 /* NOTE: glibc difference - glibc allows and trims leading
630 * (but not trailing) space. We treat this as an error. */
631 /* NOTE: glibc difference - glibc allows consecutive and
632 * trailing commas, and ignores "empty string" users. We
633 * treat this as an error. */
634 if (*p == ',') {
635 ++i;
636 *p = 0; /* nul-terminate each member string. */
637 if (!*++p || (*p == ',') || isspace(*p)) {
638 goto ERR;
639 }
640 }
641 } while (*++p);
642 }
643
644 /* Now align (p+1), rounding up. */
645 /* Assumes sizeof(char **) is a power of 2. */
646 members = (char **)( (((intptr_t) p) + sizeof(char **))
647 & ~((intptr_t)(sizeof(char **) - 1)) );
648
649 if (((char *)(members + i)) > end_of_buf) { /* No space. */
650 break;
651 }
652
653 ((struct group *) data)->gr_mem = members;
654
655 if (--i) {
656 p = endptr; /* Pointing to char prior to first member. */
657 do {
658 *members++ = ++p;
659 if (!--i) break;
660 while (*++p) {}
661 } while (1);
662 }
663 *members = NULL;
664
665 return 0;
666 }
667 } while (1);
668
669 ERR:
670 return -1;
671}
672
673/* Reads until if EOF, or until if finds a line which fits in the buffer
674 * and for which the parser function succeeds.
675 *
676 * Returns 0 on success and ENOENT for end-of-file (glibc concession).
677 */
678
679static int __pgsreader(int (*__parserfunc)(void *d, char *line), void *data,
680 char *__restrict line_buff, size_t buflen, FILE *f)
681{
682 size_t line_len; /* int -> size_t R.W. */
683 int skip;
684 int rv = ERANGE;
685
686 if (buflen < PWD_BUFFER_SIZE) {
687 errno = rv;
688 } else {
689 /* __STDIO_THREADLOCK(f); */
690
691 skip = 0;
692 do {
[134]693 if (!fgets(line_buff, buflen, f)) {
694 if (feof(f)) {
[1]695 rv = ENOENT;
696 }
697 break;
698 }
699
700 line_len = strlen(line_buff) - 1; /* strlen() must be > 0. */
701 if (line_buff[line_len] == '\n') {
702 line_buff[line_len] = 0;
703 } else if (line_len + 2 == buflen) { /* line too long */
[428]704 rv = ERANGE;
705 break;
706 /*
[1]707 ++skip;
708 continue;
[428]709 */
[1]710 }
711
712 if (skip) {
713 --skip;
714 continue;
715 }
716
717 /* NOTE: glibc difference - glibc strips leading whitespace from
718 * records. We do not allow leading whitespace. */
719
720 /* Skip empty lines, comment lines, and lines with leading
721 * whitespace. */
722 if (*line_buff && (*line_buff != '#') && !isspace(*line_buff)) {
723 if (__parserfunc == __parsegrent) { /* Do evil group hack. */
724 /* The group entry parsing function needs to know where
725 * the end of the buffer is so that it can construct the
726 * group member ptr table. */
727 ((struct group *) data)->gr_name = line_buff + buflen;
728 }
729
730 if (!__parserfunc(data, line_buff)) {
731 rv = 0;
732 break;
733 }
734 }
735 } while (1);
736
737 /* __STDIO_THREADUNLOCK(f); */
738 }
739
740 return rv;
741}
742
743/* resolv.c: DNS Resolver
744 *
745 * Copyright (C) 1998 Kenneth Albanowski <kjahds@kjahds.com>,
746 * The Silver Hammer Group, Ltd.
747 *
748 * This library is free software; you can redistribute it and/or
749 * modify it under the terms of the GNU Library General Public
750 * License as published by the Free Software Foundation; either
751 * version 2 of the License, or (at your option) any later version.
752*/
753
754/*
755 * Portions Copyright (c) 1985, 1993
756 * The Regents of the University of California. All rights reserved.
757 *
758 * Redistribution and use in source and binary forms, with or without
759 * modification, are permitted provided that the following conditions
760 * are met:
761 * 1. Redistributions of source code must retain the above copyright
762 * notice, this list of conditions and the following disclaimer.
763 * 2. Redistributions in binary form must reproduce the above copyright
764 * notice, this list of conditions and the following disclaimer in the
765 * documentation and/or other materials provided with the distribution.
766 * 4. Neither the name of the University nor the names of its contributors
767 * may be used to endorse or promote products derived from this software
768 * without specific prior written permission.
769 *
770 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
771 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
772 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
773 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
774 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
775 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
776 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
777 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
778 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
779 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
780 * SUCH DAMAGE.
781 */
782
783/*
784 * Portions Copyright (c) 1993 by Digital Equipment Corporation.
785 *
786 * Permission to use, copy, modify, and distribute this software for any
787 * purpose with or without fee is hereby granted, provided that the above
788 * copyright notice and this permission notice appear in all copies, and that
789 * the name of Digital Equipment Corporation not be used in advertising or
790 * publicity pertaining to distribution of the document or software without
791 * specific, written prior permission.
792 *
793 * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
794 * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
795 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
796 * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
797 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
798 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
799 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
800 * SOFTWARE.
801 */
802
803/*
804 * Portions Copyright (c) 1996-1999 by Internet Software Consortium.
805 *
806 * Permission to use, copy, modify, and distribute this software for any
807 * purpose with or without fee is hereby granted, provided that the above
808 * copyright notice and this permission notice appear in all copies.
809 *
810 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
811 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
812 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
813 * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
814 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
815 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
816 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
817 * SOFTWARE.
818 */
819
820/*
821 *
822 * 5-Oct-2000 W. Greathouse wgreathouse@smva.com
823 * Fix memory leak and memory corruption.
824 * -- Every name resolution resulted in
825 * a new parse of resolv.conf and new
826 * copy of nameservers allocated by
827 * strdup.
828 * -- Every name resolution resulted in
829 * a new read of resolv.conf without
830 * resetting index from prior read...
831 * resulting in exceeding array bounds.
832 *
833 * Limit nameservers read from resolv.conf
834 *
835 * Add "search" domains from resolv.conf
836 *
837 * Some systems will return a security
838 * signature along with query answer for
839 * dynamic DNS entries.
840 * -- skip/ignore this answer
841 *
842 * Include arpa/nameser.h for defines.
843 *
844 * General cleanup
845 *
846 * 20-Jun-2001 Michal Moskal <malekith@pld.org.pl>
847 * partial IPv6 support (i.e. gethostbyname2() and resolve_address2()
848 * functions added), IPv6 nameservers are also supported.
849 *
850 * 6-Oct-2001 Jari Korva <jari.korva@iki.fi>
851 * more IPv6 support (IPv6 support for gethostbyaddr();
852 * address family parameter and improved IPv6 support for get_hosts_byname
853 * and read_etc_hosts; getnameinfo() port from glibc; defined
854 * defined ip6addr_any and in6addr_loopback)
855 *
856 * 2-Feb-2002 Erik Andersen <andersee@debian.org>
857 * Added gethostent(), sethostent(), and endhostent()
858 *
859 * 17-Aug-2002 Manuel Novoa III <mjn3@codepoet.org>
860 * Fixed __read_etc_hosts_r to return alias list, and modified buffer
861 * allocation accordingly. See MAX_ALIASES and ALIAS_DIM below.
862 * This fixes the segfault in the Python 2.2.1 socket test.
863 *
864 * 04-Jan-2003 Jay Kulpinski <jskulpin@berkshire.rr.com>
865 * Fixed __decode_dotted to count the terminating null character
866 * in a host name.
867 *
868 * 02-Oct-2003 Tony J. White <tjw@tjw.org>
869 * Lifted dn_expand() and dependent ns_name_uncompress(), ns_name_unpack(),
870 * and ns_name_ntop() from glibc 2.3.2 for compatibility with ipsec-tools
871 * and openldap.
872 *
873 */
874
875#include <sys/socket.h>
876#include <netinet/in.h>
877#include <arpa/inet.h>
878
[252]879/* sl_close_fd(FIL__, __LINE__, )
[1]880 */
881#include <unistd.h>
882
883/* 'struct hostent'
884 */
885#include <netdb.h>
886
887/* constanst like HFIXEDSZ
888 */
889#include <arpa/nameser.h>
890
[134]891SH_MUTEX_STATIC(resolv_lock, PTHREAD_MUTEX_INITIALIZER);
[1]892
893#define __UCLIBC_HAS_IPV6__
894#define MAX_RECURSE 5
895#define REPLY_TIMEOUT 10
896#define MAX_RETRIES 3
897#define MAX_SERVERS 3
898#define MAX_SEARCH 4
899#define MAX_ALIASES 5
900
901/* 1:ip + 1:full + MAX_ALIASES:aliases + 1:NULL */
902#define ALIAS_DIM (2 + MAX_ALIASES + 1)
903
904static int __nameservers;
905static char * __nameserver[MAX_SERVERS];
906static int __searchdomains;
907static char * __searchdomain[MAX_SEARCH];
908
909#undef DEBUG
910/*#define DEBUG*/
911
912#ifdef DEBUG
[22]913/* flawfinder: ignore *//* definition of debug macro */
[1]914#define DPRINTF(X,args...) fprintf(stderr, X, ##args)
915#else
916#define DPRINTF(X,args...)
917#endif /* DEBUG */
918
919struct resolv_header {
920 int id;
921 int qr,opcode,aa,tc,rd,ra,rcode;
922 int qdcount;
923 int ancount;
924 int nscount;
925 int arcount;
926};
927
928struct resolv_question {
929 char * dotted;
930 int qtype;
931 int qclass;
932};
933
934struct resolv_answer {
935 char * dotted;
936 int atype;
937 int aclass;
938 int ttl;
939 int rdlength;
940 unsigned char * rdata;
941 int rdoffset;
942};
943
944enum etc_hosts_action {
945 GET_HOSTS_BYNAME = 0,
946 GETHOSTENT,
947 GET_HOSTS_BYADDR,
948};
949
950static int __encode_header(struct resolv_header *h, unsigned char *dest, int maxlen)
951{
952 if (maxlen < HFIXEDSZ)
953 return -1;
954
955 dest[0] = (h->id & 0xff00) >> 8;
956 dest[1] = (h->id & 0x00ff) >> 0;
957 dest[2] = (h->qr ? 0x80 : 0) |
958 ((h->opcode & 0x0f) << 3) |
959 (h->aa ? 0x04 : 0) |
960 (h->tc ? 0x02 : 0) |
961 (h->rd ? 0x01 : 0);
962 dest[3] = (h->ra ? 0x80 : 0) | (h->rcode & 0x0f);
963 dest[4] = (h->qdcount & 0xff00) >> 8;
964 dest[5] = (h->qdcount & 0x00ff) >> 0;
965 dest[6] = (h->ancount & 0xff00) >> 8;
966 dest[7] = (h->ancount & 0x00ff) >> 0;
967 dest[8] = (h->nscount & 0xff00) >> 8;
968 dest[9] = (h->nscount & 0x00ff) >> 0;
969 dest[10] = (h->arcount & 0xff00) >> 8;
970 dest[11] = (h->arcount & 0x00ff) >> 0;
971
972 return HFIXEDSZ;
973}
974
975static int __decode_header(unsigned char *data, struct resolv_header *h)
976{
977 h->id = (data[0] << 8) | data[1];
978 h->qr = (data[2] & 0x80) ? 1 : 0;
979 h->opcode = (data[2] >> 3) & 0x0f;
980 h->aa = (data[2] & 0x04) ? 1 : 0;
981 h->tc = (data[2] & 0x02) ? 1 : 0;
982 h->rd = (data[2] & 0x01) ? 1 : 0;
983 h->ra = (data[3] & 0x80) ? 1 : 0;
984 h->rcode = data[3] & 0x0f;
985 h->qdcount = (data[4] << 8) | data[5];
986 h->ancount = (data[6] << 8) | data[7];
987 h->nscount = (data[8] << 8) | data[9];
988 h->arcount = (data[10] << 8) | data[11];
989
990 return HFIXEDSZ;
991}
992
993static int __length_dotted(const unsigned char *data, int offset)
994{
995 int orig_offset = offset;
996 int l;
997
998 if (!data)
999 return -1;
1000
[501]1001 do {
[1]1002
[481]1003 if (offset < INT_MAX)
1004 offset++;
1005 else
1006 return -1;
1007
[501]1008 l = data[offset];
1009
[1]1010 if ((l & 0xc0) == (0xc0)) {
[481]1011 if (offset < INT_MAX)
1012 offset++;
1013 else
1014 return -1;
[1]1015 break;
1016 }
1017
[481]1018 if (offset <= (INT_MAX - l))
1019 offset += l;
1020 else
1021 return -1;
[1]1022
[501]1023 } while (l);
1024
[1]1025 return offset - orig_offset;
1026}
1027
1028static int __length_question(unsigned char *message, int offset)
1029{
1030 int i;
1031
1032 i = __length_dotted(message, offset);
1033 if (i < 0)
1034 return i;
[481]1035 if (i < (INT_MAX - 4))
1036 return i + 4;
1037 else
1038 return -1;
[1]1039}
1040
1041/* Decode a dotted string from nameserver transport-level encoding.
1042 This routine understands compressed data. */
1043
1044static int __decode_dotted(const unsigned char *data, int offset,
1045 char *dest, int maxlen)
1046{
1047 int l;
1048 int measure = 1;
1049 int total = 0;
1050 int used = 0;
1051
1052 if (!data)
1053 return -1;
[502]1054 if ((offset < 0) || (offset > (PACKETSZ-1)))
1055 return -1;
[481]1056 while ((l=data[offset])) {
[502]1057 if (offset < (PACKETSZ-1)) offset++;
[481]1058 else return -1;
[501]1059 if (measure)
1060 { if (total < INT_MAX) total++; else return -1; }
[1]1061 if ((l & 0xc0) == (0xc0)) {
[501]1062 if (measure)
1063 { if (total < INT_MAX) total++; else return -1; }
[481]1064 /* compressed item, redirect */
[1]1065 offset = ((l & 0x3f) << 8) | data[offset];
[502]1066 if ((offset < 0) || (offset > (PACKETSZ-1)))
[481]1067 return -1;
[1]1068 measure = 0;
1069 continue;
1070 }
[481]1071
1072 if (used >= (INT_MAX - l))
1073 return -1;
[1]1074
1075 if ((used + l + 1) >= maxlen)
[481]1076 return -1;
[1]1077
1078 memcpy(dest + used, data + offset, l);
[481]1079
[502]1080 if (offset <= ((PACKETSZ-1) - l))
[481]1081 offset += l;
1082 else
1083 return -1;
1084
1085 if (used <= (INT_MAX - l))
1086 used += l;
1087 else
1088 return -1;
[501]1089 if (measure)
1090 { if (total <= (INT_MAX -l)) total += l; else return -1; }
[1]1091
[502]1092 if (used >= maxlen)
[481]1093 return -1;
[1]1094 if (data[offset] != 0)
1095 dest[used++] = '.';
1096 else
1097 dest[used++] = '\0';
1098 }
1099
1100 /* The null byte must be counted too */
[501]1101 if (measure) {
1102 if (total < INT_MAX) total++; else return -1;
[1]1103 }
1104
1105 DPRINTF("Total decode len = %d\n", total);
1106
1107 return total;
1108}
1109
1110static int __decode_answer(unsigned char *message, int offset,
1111 struct resolv_answer *a)
1112{
1113 char temp[256];
[481]1114 int i = 0;
[1]1115
1116 i = __decode_dotted(message, offset, temp, sizeof(temp));
[502]1117 if (i < 0 || i > PACKETSZ)
1118 return -1;
[1]1119
[502]1120 if (offset <= ((PACKETSZ - 10) - i))
[481]1121 message += offset + i;
1122 else
1123 return -1;
[1]1124
1125 a->dotted = strdup(temp);
1126 a->atype = (message[0] << 8) | message[1];
1127 message += 2;
1128 a->aclass = (message[0] << 8) | message[1];
1129 message += 2;
1130 a->ttl = (message[0] << 24) |
1131 (message[1] << 16) | (message[2] << 8) | (message[3] << 0);
1132 message += 4;
1133 a->rdlength = (message[0] << 8) | message[1];
1134 message += 2;
1135 a->rdata = message;
1136 a->rdoffset = offset + i + RRFIXEDSZ;
1137
1138 DPRINTF("i=%d,rdlength=%d\n", i, a->rdlength);
1139
[481]1140 if (RRFIXEDSZ <= (INT_MAX - i))
1141 i += RRFIXEDSZ;
1142 else
1143 return -1;
1144 if (a->rdlength <= (INT_MAX - i))
1145 return i + a->rdlength;
1146 else
1147 return -1;
[1]1148}
1149
1150
1151/* Encode a dotted string into nameserver transport-level encoding.
1152 This routine is fairly dumb, and doesn't attempt to compress
1153 the data */
1154
1155static int __encode_dotted(const char *dotted, unsigned char *dest, int maxlen)
1156{
1157 unsigned int used = 0;
1158
1159 while (dotted && *dotted) {
1160 char *c = strchr(dotted, '.');
1161 unsigned int l = c ? (unsigned int)(c - dotted) : strlen(dotted);
1162
1163 if (l >= ((unsigned int)maxlen - used - 1))
1164 return -1;
1165
1166 dest[used++] = l;
1167 memcpy(dest + used, dotted, l);
1168 used += l;
1169
1170 if (c)
1171 dotted = c + 1;
1172 else
1173 break;
1174 }
1175
1176 if (maxlen < 1)
1177 return -1;
1178
1179 dest[used++] = 0;
1180
1181 return used;
1182}
1183
1184static int __encode_question(struct resolv_question *q,
1185 unsigned char *dest, int maxlen)
1186{
1187 int i;
1188
1189 i = __encode_dotted(q->dotted, dest, maxlen);
1190 if (i < 0)
1191 return i;
1192
1193 dest += i;
[481]1194 if (maxlen < i)
1195 return -1;
[1]1196 maxlen -= i;
1197
1198 if (maxlen < 4)
1199 return -1;
1200
1201 dest[0] = (q->qtype & 0xff00) >> 8;
1202 dest[1] = (q->qtype & 0x00ff) >> 0;
1203 dest[2] = (q->qclass & 0xff00) >> 8;
1204 dest[3] = (q->qclass & 0x00ff) >> 0;
1205
[481]1206 if (i <= (INT_MAX - 4))
1207 return i + 4;
1208 else
1209 return -1;
[1]1210}
1211
1212
1213/* Just for the record, having to lock __dns_lookup() just for these two globals
1214 * is pretty lame. I think these two variables can probably be de-global-ized,
1215 * which should eliminate the need for doing locking here... Needs a closer
1216 * look anyways. */
1217static int ns=0, id=1;
1218
1219static int __dns_lookup(const char *name, int type, int nscount, char **nsip,
1220 unsigned char **outpacket, struct resolv_answer *a)
1221{
1222 int i, j, len, fd, pos, rc;
1223 struct timeval tv;
1224 fd_set fds;
1225 struct resolv_header h;
1226 struct resolv_question q;
1227 int retries = 0;
[454]1228 unsigned char * packet = calloc(1,PACKETSZ);
1229 char *dns, *lookup = calloc(1,MAXDNAME);
[1]1230 int variant = 0;
1231 struct sockaddr_in sa;
1232#ifdef __UCLIBC_HAS_IPV6__
1233 int v6;
1234 struct sockaddr_in6 sa6;
1235#endif
1236
1237 fd = -1;
1238
1239 if (!packet || !lookup || !nscount)
1240 goto fail;
1241
1242 DPRINTF("Looking up type %d answer for '%s'\n", type, name);
1243
[145]1244 SH_MUTEX_LOCK_UNSAFE(resolv_lock);
[1]1245 ns %= nscount;
[145]1246 SH_MUTEX_UNLOCK_UNSAFE(resolv_lock);
[1]1247
1248 while (retries++ < MAX_RETRIES) {
1249 if (fd != -1)
[252]1250 sl_close_fd(FIL__, __LINE__, fd);
[1]1251
1252 memset(packet, 0, PACKETSZ);
1253
1254 memset(&h, 0, sizeof(h));
1255
1256 /* Mess with globals while under lock */
[145]1257 SH_MUTEX_LOCK_UNSAFE(resolv_lock);
[1]1258 ++id;
1259 id &= 0xffff;
1260 h.id = id;
1261 dns = nsip[ns];
[145]1262 SH_MUTEX_UNLOCK_UNSAFE(resolv_lock);
[1]1263
1264 h.qdcount = 1;
1265 h.rd = 1;
1266
1267 DPRINTF("encoding header\n", h.rd);
1268
1269 i = __encode_header(&h, packet, PACKETSZ);
1270 if (i < 0)
1271 goto fail;
1272
[22]1273 sl_strlcpy(lookup,name,MAXDNAME);
[134]1274 SH_MUTEX_LOCK_UNSAFE(resolv_lock);
[1]1275 if (variant < __searchdomains && strchr(lookup, '.') == NULL)
1276 {
[22]1277 sl_strlcat(lookup,".", MAXDNAME);
1278 sl_strlcat(lookup,__searchdomain[variant], MAXDNAME);
[1]1279 }
[134]1280 SH_MUTEX_UNLOCK_UNSAFE(resolv_lock);
[1]1281 DPRINTF("lookup name: %s\n", lookup);
1282 q.dotted = (char *)lookup;
1283 q.qtype = type;
1284 q.qclass = C_IN; /* CLASS_IN */
1285
1286 j = __encode_question(&q, packet+i, PACKETSZ-i);
1287 if (j < 0)
1288 goto fail;
1289
1290 len = i + j;
1291
1292 DPRINTF("On try %d, sending query to port %d of machine %s\n",
1293 retries, NAMESERVER_PORT, dns);
1294
1295#ifdef __UCLIBC_HAS_IPV6__
1296 v6 = inet_pton(AF_INET6, dns, &sa6.sin6_addr) > 0;
1297 fd = socket(v6 ? AF_INET6 : AF_INET, SOCK_DGRAM, IPPROTO_UDP);
1298#else
1299 fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
1300#endif
1301 if (fd < 0) {
1302 continue;
1303 }
1304
1305 /* Connect to the UDP socket so that asyncronous errors are returned */
1306#ifdef __UCLIBC_HAS_IPV6__
1307 if (v6) {
1308 sa6.sin6_family = AF_INET6;
1309 sa6.sin6_port = htons(NAMESERVER_PORT);
1310 /* sa6.sin6_addr is already here */
1311 rc = connect(fd, (struct sockaddr *) &sa6, sizeof(sa6));
1312 } else {
1313#endif
1314 sa.sin_family = AF_INET;
1315 sa.sin_port = htons(NAMESERVER_PORT);
1316 sa.sin_addr.s_addr = inet_addr(dns);
1317 rc = connect(fd, (struct sockaddr *) &sa, sizeof(sa));
1318#ifdef __UCLIBC_HAS_IPV6__
1319 }
1320#endif
1321 if (rc < 0) {
1322 if (errno == ENETUNREACH) {
1323 /* routing error, presume not transient */
1324 goto tryall;
1325 } else
1326 /* retry */
1327 continue;
1328 }
1329
1330 DPRINTF("Transmitting packet of length %d, id=%d, qr=%d\n",
1331 len, h.id, h.qr);
1332
1333 send(fd, packet, len, 0);
1334
1335 FD_ZERO(&fds);
1336 FD_SET(fd, &fds);
1337 tv.tv_sec = REPLY_TIMEOUT;
1338 tv.tv_usec = 0;
1339 if (select(fd + 1, &fds, NULL, NULL, &tv) <= 0) {
1340 DPRINTF("Timeout\n");
1341
1342 /* timed out, so retry send and receive,
1343 * to next nameserver on queue */
1344 goto again;
1345 }
1346
1347 i = recv(fd, packet, 512, 0);
1348 if (i < HFIXEDSZ) {
1349 /* too short ! */
1350 goto again;
1351 }
1352
[502]1353 /* ok because we have checked that recv at least HFIXEDSZ */
[1]1354 __decode_header(packet, &h);
1355
1356 DPRINTF("id = %d, qr = %d\n", h.id, h.qr);
1357
[145]1358 SH_MUTEX_LOCK_UNSAFE(resolv_lock);
[1]1359 if ((h.id != id) || (!h.qr)) {
[145]1360 SH_MUTEX_UNLOCK_UNSAFE(resolv_lock);
[1]1361 /* unsolicited */
1362 goto again;
1363 }
[145]1364 SH_MUTEX_UNLOCK_UNSAFE(resolv_lock);
[1]1365
1366
1367 DPRINTF("Got response %s\n", "(i think)!");
1368 DPRINTF("qrcount=%d,ancount=%d,nscount=%d,arcount=%d\n",
1369 h.qdcount, h.ancount, h.nscount, h.arcount);
1370 DPRINTF("opcode=%d,aa=%d,tc=%d,rd=%d,ra=%d,rcode=%d\n",
1371 h.opcode, h.aa, h.tc, h.rd, h.ra, h.rcode);
1372
1373 if ((h.rcode) || (h.ancount < 1)) {
1374 /* negative result, not present */
1375 goto again;
1376 }
1377
1378 pos = HFIXEDSZ;
1379
1380 for (j = 0; j < h.qdcount; j++) {
1381 DPRINTF("Skipping question %d at %d\n", j, pos);
1382 i = __length_question(packet, pos);
1383 DPRINTF("Length of question %d is %d\n", j, i);
1384 if (i < 0)
1385 goto again;
1386 pos += i;
[502]1387 if (pos >= PACKETSZ)
1388 goto again;
[1]1389 }
1390 DPRINTF("Decoding answer at pos %d\n", pos);
1391
1392 for (j=0;j<h.ancount;j++)
1393 {
1394 i = __decode_answer(packet, pos, a);
1395
1396 if (i<0) {
1397 DPRINTF("failed decode %d\n", i);
1398 goto again;
1399 }
1400 /* For all but T_SIG, accept first answer */
1401 if (a->atype != T_SIG)
1402 break;
1403
1404 DPRINTF("skipping T_SIG %d\n", i);
1405 free(a->dotted);
1406 pos += i;
[502]1407 if (pos >= PACKETSZ)
1408 goto again;
[1]1409 }
1410
1411 DPRINTF("Answer name = |%s|\n", a->dotted);
1412 DPRINTF("Answer type = |%d|\n", a->atype);
1413
[252]1414 sl_close_fd(FIL__, __LINE__, fd);
[1]1415
1416 if (outpacket)
1417 *outpacket = packet;
1418 else
1419 free(packet);
1420 free(lookup);
1421 return (0); /* success! */
1422
1423 tryall:
1424 /* if there are other nameservers, give them a go,
1425 otherwise return with error */
1426 {
1427 int sdomains;
1428
[134]1429 SH_MUTEX_LOCK_UNSAFE(resolv_lock);
[1]1430 sdomains=__searchdomains;
[134]1431 SH_MUTEX_UNLOCK_UNSAFE(resolv_lock);
[1]1432 variant = 0;
1433 if (retries >= nscount*(sdomains+1))
1434 goto fail;
1435 }
1436
1437 again:
1438 /* if there are searchdomains, try them or fallback as passed */
1439 {
1440 int sdomains;
[134]1441 SH_MUTEX_LOCK_UNSAFE(resolv_lock);
[1]1442 sdomains=__searchdomains;
[134]1443 SH_MUTEX_UNLOCK_UNSAFE(resolv_lock);
[1]1444
1445 if (variant < sdomains) {
1446 /* next search */
1447 variant++;
1448 } else {
1449 /* next server, first search */
[145]1450 SH_MUTEX_LOCK_UNSAFE(resolv_lock);
[1]1451 ns = (ns + 1) % nscount;
[145]1452 SH_MUTEX_UNLOCK_UNSAFE(resolv_lock);
[1]1453 variant = 0;
1454 }
1455 }
1456 }
1457
1458fail:
1459 if (fd != -1)
[252]1460 sl_close_fd(FIL__, __LINE__, fd);
[1]1461 if (lookup)
1462 free(lookup);
1463 if (packet)
1464 free(packet);
1465 return -1;
1466}
1467
1468static void __open_etc_hosts(FILE **fp)
1469{
1470 if ((*fp = fopen("/etc/hosts", "r")) == NULL) {
1471 *fp = fopen("/etc/config/hosts", "r");
1472 }
1473 return;
1474}
1475
1476static int __read_etc_hosts_r(FILE * fp, const char * name, int type,
1477 enum etc_hosts_action action,
1478 struct hostent * result_buf,
1479 char * buf, size_t buflen,
1480 struct hostent ** result,
1481 int * h_errnop)
1482{
1483 struct in_addr *in=NULL;
1484 struct in_addr **addr_list=NULL;
1485#ifdef __UCLIBC_HAS_IPV6__
1486 struct in6_addr *in6=NULL;
1487 struct in6_addr **addr_list6=NULL;
1488#endif /* __UCLIBC_HAS_IPV6__ */
1489 char *cp;
1490 char **alias;
1491 int aliases, i;
1492 int ret=HOST_NOT_FOUND;
1493
1494 if (buflen < sizeof(char *)*(ALIAS_DIM))
1495 return ERANGE;
1496 alias=(char **)buf;
1497 buf+=sizeof(char **)*(ALIAS_DIM);
1498 buflen-=sizeof(char **)*(ALIAS_DIM);
1499
1500 if (action!=GETHOSTENT) {
1501#ifdef __UCLIBC_HAS_IPV6__
1502 char *p=buf;
1503 size_t len=buflen;
1504#endif /* __UCLIBC_HAS_IPV6__ */
1505 *h_errnop=NETDB_INTERNAL;
1506 if (buflen < sizeof(*in))
1507 return ERANGE;
1508 in=(struct in_addr*)buf;
1509 buf+=sizeof(*in);
1510 buflen-=sizeof(*in);
1511
1512 if (buflen < sizeof(*addr_list)*2)
1513 return ERANGE;
1514 addr_list=(struct in_addr **)buf;
1515 buf+=sizeof(*addr_list)*2;
1516 buflen-=sizeof(*addr_list)*2;
1517
1518#ifdef __UCLIBC_HAS_IPV6__
1519 if (len < sizeof(*in6))
1520 return ERANGE;
1521 in6=(struct in6_addr*)p;
1522 p+=sizeof(*in6);
1523 len-=sizeof(*in6);
1524
1525 if (len < sizeof(*addr_list6)*2)
1526 return ERANGE;
1527 addr_list6=(struct in6_addr**)p;
1528 p+=sizeof(*addr_list6)*2;
1529 len-=sizeof(*addr_list6)*2;
1530
1531 if (len < buflen) {
1532 buflen=len;
1533 buf=p;
1534 }
1535#endif /* __UCLIBC_HAS_IPV6__ */
1536
1537 if (buflen < 80)
1538 return ERANGE;
1539
1540 __open_etc_hosts(&fp);
1541 if (fp == NULL) {
1542 result=NULL;
1543 return errno;
1544 }
1545 }
1546
1547 *h_errnop=HOST_NOT_FOUND;
1548 while (fgets(buf, buflen, fp)) {
1549 if ((cp = strchr(buf, '#')))
1550 *cp = '\0';
1551 DPRINTF("Looking at: %s\n", buf);
1552 aliases = 0;
1553
1554 cp = buf;
1555 while (*cp) {
1556 while (*cp && isspace(*cp))
1557 *cp++ = '\0';
1558 if (!*cp)
1559 continue;
1560 if (aliases < (2+MAX_ALIASES))
1561 alias[aliases++] = cp;
1562 while (*cp && !isspace(*cp))
1563 cp++;
1564 }
1565 alias[aliases] = 0;
1566
1567 if (aliases < 2)
1568 continue; /* syntax error really */
1569
1570 if (action==GETHOSTENT) {
1571 /* Return whatever the next entry happens to be. */
1572 break;
1573 } else if (action==GET_HOSTS_BYADDR) {
1574 if (strcmp(name, alias[0]) != 0)
1575 continue;
1576 } else {
1577 /* GET_HOSTS_BYNAME */
1578 for (i = 1; i < aliases; i++)
1579 if (strcasecmp(name, alias[i]) == 0)
1580 break;
1581 if (i >= aliases)
1582 continue;
1583 }
1584
1585 if (type == AF_INET && inet_pton(AF_INET, alias[0], in) > 0) {
1586 DPRINTF("Found INET\n");
1587 addr_list[0] = in;
1588 addr_list[1] = 0;
1589 result_buf->h_name = alias[1];
1590 result_buf->h_addrtype = AF_INET;
1591 result_buf->h_length = sizeof(*in);
1592 result_buf->h_addr_list = (char**) addr_list;
1593 result_buf->h_aliases = alias + 2;
1594 *result=result_buf;
1595 ret=NETDB_SUCCESS;
1596#ifdef __UCLIBC_HAS_IPV6__
1597 } else if (type == AF_INET6 && inet_pton(AF_INET6, alias[0], in6) > 0) {
1598 DPRINTF("Found INET6\n");
1599 addr_list6[0] = in6;
1600 addr_list6[1] = 0;
1601 result_buf->h_name = alias[1];
1602 result_buf->h_addrtype = AF_INET6;
1603 result_buf->h_length = sizeof(*in6);
1604 result_buf->h_addr_list = (char**) addr_list6;
1605 result_buf->h_aliases = alias + 2;
1606 *result=result_buf;
1607 ret=NETDB_SUCCESS;
1608#endif /* __UCLIBC_HAS_IPV6__ */
1609 } else {
1610 DPRINTF("Error\n");
1611 ret=TRY_AGAIN;
1612 break; /* bad ip address */
1613 }
1614
1615 if (action!=GETHOSTENT) {
[252]1616 sl_fclose(FIL__, __LINE__, fp);
[1]1617 }
1618 return ret;
1619 }
1620 if (action!=GETHOSTENT) {
[252]1621 sl_fclose(FIL__, __LINE__, fp);
[1]1622 }
1623 return ret;
1624}
1625
1626/*
1627 * we currently read formats not quite the same as that on normal
1628 * unix systems, we can have a list of nameservers after the keyword.
1629 */
1630int __get_hosts_byname_r(const char * name, int type,
1631 struct hostent * result_buf,
1632 char * buf, size_t buflen,
1633 struct hostent ** result,
1634 int * h_errnop)
1635{
1636 return(__read_etc_hosts_r(NULL, name, type, GET_HOSTS_BYNAME, result_buf, buf, buflen, result, h_errnop));
1637}
1638
[170]1639static int __open_nameservers(void)
[1]1640{
1641 FILE *fp;
1642 int i;
1643#define RESOLV_ARGS 5
1644 char szBuffer[128], *p, *argv[RESOLV_ARGS];
1645 int argc;
1646
[134]1647 SH_MUTEX_LOCK(resolv_lock);
1648 if (__nameservers > 0) {
1649 goto the_end;
[1]1650 }
1651
1652 if ((fp = fopen("/etc/resolv.conf", "r")) ||
1653 (fp = fopen("/etc/config/resolv.conf", "r"))) {
1654
1655 while (fgets(szBuffer, sizeof(szBuffer), fp) != NULL) {
1656
1657 for (p = szBuffer; *p && isspace(*p); p++)
1658 /* skip white space */;
1659 if (*p == '\0' || *p == '\n' || *p == '#') /* skip comments etc */
1660 continue;
1661 argc = 0;
1662 while (*p && argc < RESOLV_ARGS) {
1663 argv[argc++] = p;
1664 while (*p && !isspace(*p) && *p != '\n')
1665 p++;
1666 while (*p && (isspace(*p) || *p == '\n')) /* remove spaces */
1667 *p++ = '\0';
1668 }
1669
1670 if (strcmp(argv[0], "nameserver") == 0) {
1671 for (i = 1; i < argc && __nameservers < MAX_SERVERS; i++) {
1672 __nameserver[__nameservers++] = strdup(argv[i]);
1673 DPRINTF("adding nameserver %s\n", argv[i]);
1674 }
1675 }
1676
1677 /* domain and search are mutually exclusive, the last one wins */
1678 if (strcmp(argv[0],"domain")==0 || strcmp(argv[0],"search")==0) {
1679 while (__searchdomains > 0) {
1680 free(__searchdomain[--__searchdomains]);
1681 __searchdomain[__searchdomains] = NULL;
1682 }
1683 for (i=1; i < argc && __searchdomains < MAX_SEARCH; i++) {
1684 __searchdomain[__searchdomains++] = strdup(argv[i]);
1685 DPRINTF("adding search %s\n", argv[i]);
1686 }
1687 }
1688 }
[252]1689 sl_fclose(FIL__, __LINE__, fp);
[1]1690 } else {
1691 DPRINTF("failed to open %s\n", "resolv.conf");
1692 }
1693 DPRINTF("nameservers = %d\n", __nameservers);
[134]1694 the_end:
[150]1695 ; /* 'label at end of compound statement' */
[134]1696 SH_MUTEX_UNLOCK(resolv_lock);
[473]1697 /* cppcheck-suppress resourceLeak */
[1]1698 return 0;
1699}
1700
1701static int sh_gethostbyname_r(const char * name,
1702 struct hostent * result_buf,
1703 char * buf, size_t buflen,
1704 struct hostent ** result,
1705 int * h_errnop)
1706{
1707 struct in_addr *in;
1708 struct in_addr **addr_list;
1709 unsigned char *packet;
1710 struct resolv_answer a;
1711 int i;
1712 int nest = 0;
1713 int __nameserversXX;
1714 char ** __nameserverXX;
1715
1716 __open_nameservers();
1717
1718 *result=NULL;
1719 if (!name)
1720 return EINVAL;
1721
1722 /* do /etc/hosts first */
1723 if ((i=__get_hosts_byname_r(name, AF_INET, result_buf,
1724 buf, buflen, result, h_errnop))==0)
1725 return i;
1726 switch (*h_errnop) {
1727 case HOST_NOT_FOUND:
1728 case NO_ADDRESS:
1729 break;
1730 case NETDB_INTERNAL:
1731 if (errno == ENOENT) {
1732 break;
1733 }
1734 /* else fall through */
1735 default:
1736 return i;
1737 }
1738
1739 DPRINTF("Nothing found in /etc/hosts\n");
1740
1741 *h_errnop = NETDB_INTERNAL;
1742 if (buflen < sizeof(*in))
1743 return ERANGE;
1744 in=(struct in_addr*)buf;
1745 buf+=sizeof(*in);
1746 buflen-=sizeof(*in);
1747
1748 if (buflen < sizeof(*addr_list)*2)
1749 return ERANGE;
1750 addr_list=(struct in_addr**)buf;
1751 buf+=sizeof(*addr_list)*2;
1752 buflen-=sizeof(*addr_list)*2;
1753
1754 addr_list[0] = in;
1755 addr_list[1] = 0;
1756
1757 if (buflen<256)
1758 return ERANGE;
1759 strncpy(buf, name, buflen);
1760
1761 /* First check if this is already an address */
1762 if (inet_aton(name, in)) {
1763 result_buf->h_name = buf;
1764 result_buf->h_addrtype = AF_INET;
1765 result_buf->h_length = sizeof(*in);
1766 result_buf->h_addr_list = (char **) addr_list;
1767 *result=result_buf;
1768 *h_errnop = NETDB_SUCCESS;
1769 return NETDB_SUCCESS;
1770 }
1771
1772 for (;;) {
1773
[134]1774 SH_MUTEX_LOCK_UNSAFE(resolv_lock);
[1]1775 __nameserversXX=__nameservers;
1776 __nameserverXX=__nameserver;
[134]1777 SH_MUTEX_UNLOCK_UNSAFE(resolv_lock);
[1]1778 i = __dns_lookup(buf, T_A, __nameserversXX, __nameserverXX, &packet, &a);
1779
1780 if (i < 0) {
1781 *h_errnop = HOST_NOT_FOUND;
1782 DPRINTF("__dns_lookup\n");
1783 return TRY_AGAIN;
1784 }
1785
1786 strncpy(buf, a.dotted, buflen);
1787 free(a.dotted);
1788
1789 if (a.atype == T_CNAME) { /* CNAME */
1790 DPRINTF("Got a CNAME in gethostbyname()\n");
1791 i = __decode_dotted(packet, a.rdoffset, buf, buflen);
1792 free(packet);
1793
1794 if (i < 0) {
1795 *h_errnop = NO_RECOVERY;
1796 DPRINTF("__decode_dotted\n");
1797 return -1;
1798 }
1799 if (++nest > MAX_RECURSE) {
1800 *h_errnop = NO_RECOVERY;
1801 DPRINTF("recursion\n");
1802 return -1;
1803 }
1804 continue;
1805 } else if (a.atype == T_A) { /* ADDRESS */
1806 memcpy(in, a.rdata, sizeof(*in));
1807 result_buf->h_name = buf;
1808 result_buf->h_addrtype = AF_INET;
1809 result_buf->h_length = sizeof(*in);
1810 result_buf->h_addr_list = (char **) addr_list;
1811 free(packet);
1812 break;
1813 } else {
1814 free(packet);
1815 *h_errnop=HOST_NOT_FOUND;
1816 return TRY_AGAIN;
1817 }
1818 }
1819
1820 *result=result_buf;
1821 *h_errnop = NETDB_SUCCESS;
1822 return NETDB_SUCCESS;
1823}
1824
1825struct hostent * sh_gethostbyname(const char *name)
1826{
1827 static struct hostent h;
1828 static char buf[sizeof(struct in_addr) +
1829 sizeof(struct in_addr *)*2 +
1830 sizeof(char *)*(ALIAS_DIM) + 256/*namebuffer*/ + 32/* margin */];
1831 struct hostent *hp;
1832
1833 sh_gethostbyname_r(name, &h, buf, sizeof(buf), &hp, &h_errno);
1834
1835 return hp;
1836}
1837
1838static int __get_hosts_byaddr_r(const char * addr, int len, int type,
1839 struct hostent * result_buf,
1840 char * buf, size_t buflen,
1841 struct hostent ** result,
1842 int * h_errnop)
1843{
1844#ifndef __UCLIBC_HAS_IPV6__
1845 char ipaddr[INET_ADDRSTRLEN];
1846#else
1847 char ipaddr[INET6_ADDRSTRLEN];
1848#endif /* __UCLIBC_HAS_IPV6__ */
1849
1850 switch (type) {
1851 case AF_INET:
1852 if (len != sizeof(struct in_addr))
1853 return 0;
1854 break;
1855#ifdef __UCLIBC_HAS_IPV6__
1856 case AF_INET6:
1857 if (len != sizeof(struct in6_addr))
1858 return 0;
1859 break;
1860#endif /* __UCLIBC_HAS_IPV6__ */
1861 default:
1862 return 0;
1863 }
1864
1865 inet_ntop(type, addr, ipaddr, sizeof(ipaddr));
1866
1867 return(__read_etc_hosts_r(NULL, ipaddr, type, GET_HOSTS_BYADDR,
1868 result_buf, buf, buflen, result, h_errnop));
1869}
1870
1871static int sh_gethostbyaddr_r (const void *addr, socklen_t len, int type,
1872 struct hostent * result_buf,
1873 char * buf, size_t buflen,
1874 struct hostent ** result,
1875 int * h_errnop)
1876
1877{
1878 struct in_addr *in;
1879 struct in_addr **addr_list;
1880#ifdef __UCLIBC_HAS_IPV6__
1881 char *qp;
1882 size_t plen;
1883 struct in6_addr *in6;
1884 struct in6_addr **addr_list6;
1885#endif /* __UCLIBC_HAS_IPV6__ */
1886 unsigned char *packet;
1887 struct resolv_answer a;
1888 int i;
1889 int nest = 0;
1890 int __nameserversXX;
1891 char ** __nameserverXX;
1892
1893 *result=NULL;
1894 if (!addr)
1895 return EINVAL;
1896
1897 switch (type) {
1898 case AF_INET:
1899 if (len != sizeof(struct in_addr))
1900 return EINVAL;
1901 break;
1902#ifdef __UCLIBC_HAS_IPV6__
1903 case AF_INET6:
1904 if (len != sizeof(struct in6_addr))
1905 return EINVAL;
1906 break;
1907#endif /* __UCLIBC_HAS_IPV6__ */
1908 default:
1909 return EINVAL;
1910 }
1911
1912 /* do /etc/hosts first */
1913 if ((i=__get_hosts_byaddr_r(addr, len, type, result_buf,
1914 buf, buflen, result, h_errnop))==0)
1915 return i;
1916 switch (*h_errnop) {
1917 case HOST_NOT_FOUND:
1918 case NO_ADDRESS:
1919 break;
1920 default:
1921 return i;
1922 }
1923
1924 __open_nameservers();
1925
1926#ifdef __UCLIBC_HAS_IPV6__
1927 qp=buf;
1928 plen=buflen;
1929#endif /* __UCLIBC_HAS_IPV6__ */
1930
1931 *h_errnop = NETDB_INTERNAL;
1932 if (buflen < sizeof(*in))
1933 return ERANGE;
1934 in=(struct in_addr*)buf;
1935 buf+=sizeof(*in);
1936 buflen-=sizeof(*in);
1937
1938 if (buflen < sizeof(*addr_list)*2)
1939 return ERANGE;
1940 addr_list=(struct in_addr**)buf;
1941 buf+=sizeof(*addr_list)*2;
1942 buflen-=sizeof(*addr_list)*2;
1943
1944#ifdef __UCLIBC_HAS_IPV6__
1945 if (plen < sizeof(*in6))
1946 return ERANGE;
1947 in6=(struct in6_addr*)qp;
1948 qp+=sizeof(*in6);
1949 plen-=sizeof(*in6);
1950
1951 if (plen < sizeof(*addr_list6)*2)
1952 return ERANGE;
1953 addr_list6=(struct in6_addr**)qp;
1954 qp+=sizeof(*addr_list6)*2;
1955 plen-=sizeof(*addr_list6)*2;
1956
1957 if (plen < buflen) {
1958 buflen=plen;
1959 buf=qp;
1960 }
1961#endif /* __UCLIBC_HAS_IPV6__ */
1962
1963 if (buflen<256)
1964 return ERANGE;
1965
1966 if(type == AF_INET) {
[170]1967 const unsigned char *tmp_addr = (const unsigned char *)addr;
[1]1968
1969 memcpy(&in->s_addr, addr, len);
1970
1971 addr_list[0] = in;
1972
1973 sprintf(buf, "%u.%u.%u.%u.in-addr.arpa",
1974 tmp_addr[3], tmp_addr[2], tmp_addr[1], tmp_addr[0]);
1975#ifdef __UCLIBC_HAS_IPV6__
1976 } else {
1977 memcpy(in6->s6_addr, addr, len);
1978
1979 addr_list6[0] = in6;
1980 qp = buf;
1981
1982 for (i = len - 1; i >= 0; i--) {
1983 qp += sprintf(qp, "%x.%x.", in6->s6_addr[i] & 0xf,
1984 (in6->s6_addr[i] >> 4) & 0xf);
1985 }
1986 strcpy(qp, "ip6.int");
1987#endif /* __UCLIBC_HAS_IPV6__ */
1988 }
1989
1990 addr_list[1] = 0;
1991
1992 for (;;) {
1993
[134]1994 SH_MUTEX_LOCK_UNSAFE(resolv_lock);
[1]1995 __nameserversXX=__nameservers;
1996 __nameserverXX=__nameserver;
[134]1997 SH_MUTEX_UNLOCK_UNSAFE(resolv_lock);
[1]1998 i = __dns_lookup(buf, T_PTR, __nameserversXX, __nameserverXX, &packet, &a);
1999
2000 if (i < 0) {
2001 *h_errnop = HOST_NOT_FOUND;
2002 return TRY_AGAIN;
2003 }
2004
2005 strncpy(buf, a.dotted, buflen);
2006 free(a.dotted);
2007
2008 if (a.atype == T_CNAME) { /* CNAME */
2009 DPRINTF("Got a CNAME in gethostbyaddr()\n");
2010 i = __decode_dotted(packet, a.rdoffset, buf, buflen);
2011 free(packet);
2012
2013 if (i < 0) {
2014 *h_errnop = NO_RECOVERY;
2015 return -1;
2016 }
2017 if (++nest > MAX_RECURSE) {
2018 *h_errnop = NO_RECOVERY;
2019 return -1;
2020 }
2021 continue;
2022 } else if (a.atype == T_PTR) { /* ADDRESS */
2023 i = __decode_dotted(packet, a.rdoffset, buf, buflen);
2024 free(packet);
2025
2026 result_buf->h_name = buf;
2027 result_buf->h_addrtype = type;
2028
2029 if(type == AF_INET) {
2030 result_buf->h_length = sizeof(*in);
2031#ifdef __UCLIBC_HAS_IPV6__
2032 } else {
2033 result_buf->h_length = sizeof(*in6);
2034#endif /* __UCLIBC_HAS_IPV6__ */
2035 }
2036
2037 result_buf->h_addr_list = (char **) addr_list;
2038 break;
2039 } else {
2040 free(packet);
2041 *h_errnop = NO_ADDRESS;
2042 return TRY_AGAIN;
2043 }
2044 }
2045
2046 *result=result_buf;
2047 *h_errnop = NETDB_SUCCESS;
2048 return NETDB_SUCCESS;
2049}
2050
2051struct hostent * sh_gethostbyaddr (const void *addr, socklen_t len, int type)
2052{
2053 static struct hostent h;
2054 static char buf[
2055#ifndef __UCLIBC_HAS_IPV6__
2056 sizeof(struct in_addr) + sizeof(struct in_addr *)*2 +
2057#else
2058 sizeof(struct in6_addr) + sizeof(struct in6_addr *)*2 +
2059#endif /* __UCLIBC_HAS_IPV6__ */
2060 sizeof(char *)*(ALIAS_DIM) + 256/*namebuffer*/ + 32/* margin */];
2061 struct hostent *hp;
2062
2063 sh_gethostbyaddr_r(addr, len, type, &h, buf, sizeof(buf), &hp, &h_errno);
2064
2065 return hp;
2066}
2067
2068/* NEED_STATIC_LIBS */
2069#else
2070
2071/* include something to avoid empty compilation unit */
2072#include <stdio.h>
2073
2074#endif
2075
Note: See TracBrowser for help on using the repository browser.