/* If buf already contains one or more sentences, add spaces to separate them
* from the next sentence. */
static void
add_spaces(struct k5buf *buf)
{
if (krb5int_buf_len(buf) > 0)
krb5int_buf_add(buf, " ");
}
krb5_error_code
krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
{
krb5_error_code retval = KRB5_ERR_HOST_REALM_UNKNOWN;
const unsigned char *p, *base;
char host[MAXDNAME];
int ret, rdlen, len;
struct krb5int_dns_state *ds = NULL;
struct k5buf buf;
/*
* Form our query, and send it via DNS
*/
krb5int_buf_init_fixed(&buf, host, sizeof(host));
if (name == NULL || name[0] == '\0') {
krb5int_buf_add(&buf, prefix);
} else {
krb5int_buf_add_fmt(&buf, "%s.%s", prefix, name);
/* Realm names don't (normally) end with ".", but if the query
doesn't end with "." and doesn't get an answer as is, the
resolv code will try appending the local domain. Since the
realm names are absolutes, let's stop that.
But only if a name has been specified. If we are performing
a search on the prefix alone then the intention is to allow
the local domain or domain search lists to be expanded.
*/
len = krb5int_buf_len(&buf);
if (len > 0 && host[len - 1] != '.')
krb5int_buf_add(&buf, ".");
}
if (krb5int_buf_data(&buf) == NULL)
return KRB5_ERR_HOST_REALM_UNKNOWN;
ret = krb5int_dns_init(&ds, host, C_IN, T_TXT);
if (ret < 0)
goto errout;
ret = krb5int_dns_nextans(ds, &base, &rdlen);
if (ret < 0 || base == NULL)
goto errout;
p = base;
if (!INCR_OK(base, rdlen, p, 1))
goto errout;
len = *p++;
*realm = malloc((size_t)len + 1);
if (*realm == NULL) {
retval = ENOMEM;
goto errout;
}
strncpy(*realm, (const char *)p, (size_t)len);
(*realm)[len] = '\0';
/* Avoid a common error. */
if ( (*realm)[len-1] == '.' )
(*realm)[len-1] = '\0';
retval = 0;
errout:
if (ds != NULL) {
krb5int_dns_fini(ds);
ds = NULL;
}
return retval;
}
static krb5_error_code
krb5_rc_io_store(krb5_context context, struct dfl_data *t,
krb5_donot_replay *rep)
{
size_t clientlen, serverlen;
unsigned int len;
krb5_error_code ret;
struct k5buf buf, extbuf;
char *ptr, *extstr;
clientlen = strlen(rep->client);
serverlen = strlen(rep->server);
if (rep->msghash) {
/*
* Write a hash extension record, to be followed by a record
* in regular format (without the message hash) for the
* benefit of old implementations.
*/
/* Format the extension value so we know its length. */
krb5int_buf_init_dynamic(&extbuf);
krb5int_buf_add_fmt(&extbuf, "HASH:%s %lu:%s %lu:%s", rep->msghash,
(unsigned long) clientlen, rep->client,
(unsigned long) serverlen, rep->server);
extstr = krb5int_buf_data(&extbuf);
if (!extstr)
return KRB5_RC_MALLOC;
/*
* Put the extension value into the server field of a
* regular-format record, with an empty client field.
*/
krb5int_buf_init_dynamic(&buf);
len = 1;
krb5int_buf_add_len(&buf, (char *) &len, sizeof(len));
krb5int_buf_add_len(&buf, "", 1);
len = strlen(extstr) + 1;
krb5int_buf_add_len(&buf, (char *) &len, sizeof(len));
krb5int_buf_add_len(&buf, extstr, len);
krb5int_buf_add_len(&buf, (char *) &rep->cusec, sizeof(rep->cusec));
krb5int_buf_add_len(&buf, (char *) &rep->ctime, sizeof(rep->ctime));
free(extstr);
} else /* No extension record needed. */
krb5int_buf_init_dynamic(&buf);
len = clientlen + 1;
krb5int_buf_add_len(&buf, (char *) &len, sizeof(len));
krb5int_buf_add_len(&buf, rep->client, len);
len = serverlen + 1;
krb5int_buf_add_len(&buf, (char *) &len, sizeof(len));
krb5int_buf_add_len(&buf, rep->server, len);
krb5int_buf_add_len(&buf, (char *) &rep->cusec, sizeof(rep->cusec));
krb5int_buf_add_len(&buf, (char *) &rep->ctime, sizeof(rep->ctime));
ptr = krb5int_buf_data(&buf);
if (ptr == NULL)
return KRB5_RC_MALLOC;
ret = krb5_rc_io_write(context, &t->d, ptr, krb5int_buf_len(&buf));
krb5int_free_buf(&buf);
return ret;
}
