1 files changed, 265 insertions, 0 deletions
diff --git a/src/lib/libc/net/getnameinfo.3 b/src/lib/libc/net/getnameinfo.3
new file mode 100644
index 0000000000..a91e8896b6
--- /dev/null
+++ b/src/lib/libc/net/getnameinfo.3
@@ -0,0 +1,265 @@
+.\"     $OpenBSD: getnameinfo.3,v 1.41 2008/12/22 12:18:56 jacekm Exp $
+.\"     $KAME: getnameinfo.3,v 1.37 2005/01/05 03:23:05 itojun Exp $
+.\"
+.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001  Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 22 2008 $
+.Dt GETNAMEINFO 3
+.Os
+.Sh NAME
+.Nm getnameinfo
+.Nd socket address structure to hostname and service name
+.Sh SYNOPSIS
+.Fd #include <sys/types.h>
+.Fd #include <sys/socket.h>
+.Fd #include <netdb.h>
+.Ft int
+.Fn getnameinfo "const struct sockaddr *sa" "socklen_t salen" "char *host" \
+    "size_t hostlen" "char *serv" "size_t servlen" "int flags"
+.Sh DESCRIPTION
+The
+.Fn getnameinfo
+function is used to convert a
+.Li sockaddr
+structure to a pair of host name and service strings.
+It is a replacement for and provides more flexibility than the
+.Xr gethostbyaddr 3
+and
+.Xr getservbyport 3
+functions and is the converse of the
+.Xr getaddrinfo 3
+function.
+.Pp
+The
+.Li sockaddr
+structure
+.Fa sa
+should point to either a
+.Li sockaddr_in
+or
+.Li sockaddr_in6
+structure (for IPv4 or IPv6 respectively) that is
+.Fa salen
+bytes long.
+.Pp
+The host and service names associated with
+.Fa sa
+are stored in
+.Fa host
+and
+.Fa serv
+which have length parameters
+.Fa hostlen
+and
+.Fa servlen .
+The maximum value for
+.Fa hostlen
+is
+.Dv NI_MAXHOST
+and
+the maximum value for
+.Fa servlen
+is
+.Dv NI_MAXSERV ,
+as defined by
+.Aq Pa netdb.h .
+If a length parameter is zero, no string will be stored.
+Otherwise, enough space must be provided to store the
+host name or service string plus a byte for the NUL terminator.
+.Pp
+The
+.Fa flags
+argument is formed by
+.Tn OR Ns 'ing
+the following values:
+.Bl -tag -width "NI_NUMERICHOSTXX"
+.It Dv NI_NOFQDN
+A fully qualified domain name is not required for local hosts.
+The local part of the fully qualified domain name is returned instead.
+.It Dv NI_NUMERICHOST
+Return the address in numeric form, as if calling
+.Xr inet_ntop 3 ,
+instead of a host name.
+.It Dv NI_NAMEREQD
+A name is required.
+If the host name cannot be found in DNS and this flag is set,
+a non-zero error code is returned.
+If the host name is not found and the flag is not set, the
+address is returned in numeric form.
+.It NI_NUMERICSERV
+The service name is returned as a digit string representing the port number.
+.It NI_DGRAM
+Specifies that the service being looked up is a datagram
+service, and causes
+.Xr getservbyport 3
+to be called with a second argument of
+.Dq udp
+instead of its default of
+.Dq tcp .
+This is required for the few ports (512\-514) that have different services
+for
+.Tn UDP
+and
+.Tn TCP .
+.El
+.Pp
+This implementation allows numeric IPv6 address notation with scope identifier,
+as documented in chapter 11 of draft-ietf-ipv6-scoping-arch-02.txt.
+IPv6 link-local address will appear as a string like
+.Dq Li fe80::1%ne0 .
+Refer to
+.Xr getaddrinfo 3
+for more information.
+.Sh RETURN VALUES
+.Fn getnameinfo
+returns zero on success or one of the error codes listed in
+.Xr gai_strerror 3
+if an error occurs.
+.Sh EXAMPLES
+The following code tries to get a numeric host name, and service name,
+for a given socket address.
+Observe that there is no hardcoded reference to a particular address family.
+.Bd -literal -offset indent
+struct sockaddr *sa;    /* input */
+char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
+if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), sbuf,
+    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV))
+        errx(1, "could not get numeric hostname");
+printf("host=%s, serv=%s\en", hbuf, sbuf);
+.Ed
+.Pp
+The following version checks if the socket address has a reverse address mapping:
+.Bd -literal -offset indent
+struct sockaddr *sa;    /* input */
+char hbuf[NI_MAXHOST];
+if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), NULL, 0,
+    NI_NAMEREQD))
+        errx(1, "could not resolve hostname");
+printf("host=%s\en", hbuf);
+.Ed
+.Sh SEE ALSO
+.Xr gai_strerror 3 ,
+.Xr getaddrinfo 3 ,
+.Xr gethostbyaddr 3 ,
+.Xr getservbyport 3 ,
+.Xr inet_ntop 3 ,
+.Xr resolver 3 ,
+.Xr hosts 5 ,
+.Xr resolv.conf 5 ,
+.Xr services 5 ,
+.Xr hostname 7 ,
+.Xr named 8
+.Rs
+.%A R. Gilligan
+.%A S. Thomson
+.%A J. Bound
+.%A W. Stevens
+.%T Basic Socket Interface Extensions for IPv6
+.%R RFC 2553
+.%D March 1999
+.Re
+.Rs
+.%A S. Deering
+.%A B. Haberman
+.%A T. Jinmei
+.%A E. Nordmark
+.%A B. Zill
+.%T "IPv6 Scoped Address Architecture"
+.%R internet draft
+.%N draft-ietf-ipv6-scoping-arch-02.txt
+.%O work in progress material
+.Re
+.Rs
+.%A Craig Metz
+.%T Protocol Independence Using the Sockets API
+.%B "Proceedings of the Freenix Track: 2000 USENIX Annual Technical Conference"
+.%D June 2000
+.Re
+.Sh STANDARDS
+The
+.Fn getnameinfo
+function is defined by the
+.St -p1003.1g-2000
+draft specification and documented in
+.Tn "RFC 2553" ,
+.Dq Basic Socket Interface Extensions for IPv6 .
+.Sh CAVEATS
+.Fn getnameinfo
+can return both numeric and FQDN forms of the address specified in
+.Fa sa .
+There is no return value that indicates whether the string returned in
+.Fa host
+is a result of binary to numeric-text translation (like
+.Xr inet_ntop 3 ) ,
+or is the result of a DNS reverse lookup.
+Because of this, malicious parties could set up a PTR record as follows:
+.Bd -literal -offset indent
+1.0.0.127.in-addr.arpa. IN PTR  10.1.1.1
+.Ed
+.Pp
+and trick the caller of
+.Fn getnameinfo
+into believing that
+.Fa sa
+is
+.Li 10.1.1.1
+when it is actually
+.Li 127.0.0.1 .
+.Pp
+To prevent such attacks, the use of
+.Dv NI_NAMEREQD
+is recommended when the result of
+.Fn getnameinfo
+is used
+for access control purposes:
+.Bd -literal -offset indent
+struct sockaddr *sa;
+char addr[NI_MAXHOST];
+struct addrinfo hints, *res;
+int error;
+error = getnameinfo(sa, sa->sa_len, addr, sizeof(addr),
+    NULL, 0, NI_NAMEREQD);
+if (error == 0) {
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+        hints.ai_flags = AI_NUMERICHOST;
+        if (getaddrinfo(addr, "0", &hints, &res) == 0) {
+                /* malicious PTR record */
+                freeaddrinfo(res);
+                printf("bogus PTR record\en");
+                return -1;
+        }
+        /* addr is FQDN as a result of PTR lookup */
+} else {
+        /* addr is numeric string */
+        error = getnameinfo(sa, sa->sa_len, addr, sizeof(addr),
+            NULL, 0, NI_NUMERICHOST);
+}
+.Ed
+.Sh BUGS
+The implementation of
+.Fn getnameinfo
+is not thread-safe.
+.Pp
+.Ox
+intentionally uses a different
+.Dv NI_MAXHOST
+value from what
+.Tn "RFC 2553"
+suggests, to avoid buffer length handling mistakes.

diff --git a/src/lib/libc/net/getnameinfo.3 b/src/lib/libc/net/getnameinfo.3 new file mode 100644 index 0000000000..a91e8896b6 --- /dev/null +++ b/src/lib/libc/net/getnameinfo.3
@@ -0,0 +1,265 @@
	1	.\" $OpenBSD: getnameinfo.3,v 1.41 2008/12/22 12:18:56 jacekm Exp $
	2	.\" $KAME: getnameinfo.3,v 1.37 2005/01/05 03:23:05 itojun Exp $
	3	.\"
	4	.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
	5	.\" Copyright (C) 2000, 2001 Internet Software Consortium.
	6	.\"
	7	.\" Permission to use, copy, modify, and distribute this software for any
	8	.\" purpose with or without fee is hereby granted, provided that the above
	9	.\" copyright notice and this permission notice appear in all copies.
	10	.\"
	11	.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
	12	.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
	13	.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
	14	.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
	15	.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
	16	.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
	17	.\" PERFORMANCE OF THIS SOFTWARE.
	18	.\"
	19	.Dd $Mdocdate: December 22 2008 $
	20	.Dt GETNAMEINFO 3
	21	.Os
	22	.Sh NAME
	23	.Nm getnameinfo
	24	.Nd socket address structure to hostname and service name
	25	.Sh SYNOPSIS
	26	.Fd #include <sys/types.h>
	27	.Fd #include <sys/socket.h>
	28	.Fd #include <netdb.h>
	29	.Ft int
	30	.Fn getnameinfo "const struct sockaddr sa" "socklen_t salen" "char host" \
	31	"size_t hostlen" "char *serv" "size_t servlen" "int flags"
	32	.Sh DESCRIPTION
	33	The
	34	.Fn getnameinfo
	35	function is used to convert a
	36	.Li sockaddr
	37	structure to a pair of host name and service strings.
	38	It is a replacement for and provides more flexibility than the
	39	.Xr gethostbyaddr 3
	40	and
	41	.Xr getservbyport 3
	42	functions and is the converse of the
	43	.Xr getaddrinfo 3
	44	function.
	45	.Pp
	46	The
	47	.Li sockaddr
	48	structure
	49	.Fa sa
	50	should point to either a
	51	.Li sockaddr_in
	52	or
	53	.Li sockaddr_in6
	54	structure (for IPv4 or IPv6 respectively) that is
	55	.Fa salen
	56	bytes long.
	57	.Pp
	58	The host and service names associated with
	59	.Fa sa
	60	are stored in
	61	.Fa host
	62	and
	63	.Fa serv
	64	which have length parameters
	65	.Fa hostlen
	66	and
	67	.Fa servlen .
	68	The maximum value for
	69	.Fa hostlen
	70	is
	71	.Dv NI_MAXHOST
	72	and
	73	the maximum value for
	74	.Fa servlen
	75	is
	76	.Dv NI_MAXSERV ,
	77	as defined by
	78	.Aq Pa netdb.h .
	79	If a length parameter is zero, no string will be stored.
	80	Otherwise, enough space must be provided to store the
	81	host name or service string plus a byte for the NUL terminator.
	82	.Pp
	83	The
	84	.Fa flags
	85	argument is formed by
	86	.Tn OR Ns 'ing
	87	the following values:
	88	.Bl -tag -width "NI_NUMERICHOSTXX"
	89	.It Dv NI_NOFQDN
	90	A fully qualified domain name is not required for local hosts.
	91	The local part of the fully qualified domain name is returned instead.
	92	.It Dv NI_NUMERICHOST
	93	Return the address in numeric form, as if calling
	94	.Xr inet_ntop 3 ,
	95	instead of a host name.
	96	.It Dv NI_NAMEREQD
	97	A name is required.
	98	If the host name cannot be found in DNS and this flag is set,
	99	a non-zero error code is returned.
	100	If the host name is not found and the flag is not set, the
	101	address is returned in numeric form.
	102	.It NI_NUMERICSERV
	103	The service name is returned as a digit string representing the port number.
	104	.It NI_DGRAM
	105	Specifies that the service being looked up is a datagram
	106	service, and causes
	107	.Xr getservbyport 3
	108	to be called with a second argument of
	109	.Dq udp
	110	instead of its default of
	111	.Dq tcp .
	112	This is required for the few ports (512\-514) that have different services
	113	for
	114	.Tn UDP
	115	and
	116	.Tn TCP .
	117	.El
	118	.Pp
	119	This implementation allows numeric IPv6 address notation with scope identifier,
	120	as documented in chapter 11 of draft-ietf-ipv6-scoping-arch-02.txt.
	121	IPv6 link-local address will appear as a string like
	122	.Dq Li fe80::1%ne0 .
	123	Refer to
	124	.Xr getaddrinfo 3
	125	for more information.
	126	.Sh RETURN VALUES
	127	.Fn getnameinfo
	128	returns zero on success or one of the error codes listed in
	129	.Xr gai_strerror 3
	130	if an error occurs.
	131	.Sh EXAMPLES
	132	The following code tries to get a numeric host name, and service name,
	133	for a given socket address.
	134	Observe that there is no hardcoded reference to a particular address family.
	135	.Bd -literal -offset indent
	136	struct sockaddr sa; / input */
	137	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
	138
	139	if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), sbuf,
	140	sizeof(sbuf), NI_NUMERICHOST \| NI_NUMERICSERV))
	141	errx(1, "could not get numeric hostname");
	142	printf("host=%s, serv=%s\en", hbuf, sbuf);
	143	.Ed
	144	.Pp
	145	The following version checks if the socket address has a reverse address mapping:
	146	.Bd -literal -offset indent
	147	struct sockaddr sa; / input */
	148	char hbuf[NI_MAXHOST];
	149
	150	if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), NULL, 0,
	151	NI_NAMEREQD))
	152	errx(1, "could not resolve hostname");
	153	printf("host=%s\en", hbuf);
	154	.Ed
	155	.Sh SEE ALSO
	156	.Xr gai_strerror 3 ,
	157	.Xr getaddrinfo 3 ,
	158	.Xr gethostbyaddr 3 ,
	159	.Xr getservbyport 3 ,
	160	.Xr inet_ntop 3 ,
	161	.Xr resolver 3 ,
	162	.Xr hosts 5 ,
	163	.Xr resolv.conf 5 ,
	164	.Xr services 5 ,
	165	.Xr hostname 7 ,
	166	.Xr named 8
	167	.Rs
	168	.%A R. Gilligan
	169	.%A S. Thomson
	170	.%A J. Bound
	171	.%A W. Stevens
	172	.%T Basic Socket Interface Extensions for IPv6
	173	.%R RFC 2553
	174	.%D March 1999
	175	.Re
	176	.Rs
	177	.%A S. Deering
	178	.%A B. Haberman
	179	.%A T. Jinmei
	180	.%A E. Nordmark
	181	.%A B. Zill
	182	.%T "IPv6 Scoped Address Architecture"
	183	.%R internet draft
	184	.%N draft-ietf-ipv6-scoping-arch-02.txt
	185	.%O work in progress material
	186	.Re
	187	.Rs
	188	.%A Craig Metz
	189	.%T Protocol Independence Using the Sockets API
	190	.%B "Proceedings of the Freenix Track: 2000 USENIX Annual Technical Conference"
	191	.%D June 2000
	192	.Re
	193	.Sh STANDARDS
	194	The
	195	.Fn getnameinfo
	196	function is defined by the
	197	.St -p1003.1g-2000
	198	draft specification and documented in
	199	.Tn "RFC 2553" ,
	200	.Dq Basic Socket Interface Extensions for IPv6 .
	201	.Sh CAVEATS
	202	.Fn getnameinfo
	203	can return both numeric and FQDN forms of the address specified in
	204	.Fa sa .
	205	There is no return value that indicates whether the string returned in
	206	.Fa host
	207	is a result of binary to numeric-text translation (like
	208	.Xr inet_ntop 3 ) ,
	209	or is the result of a DNS reverse lookup.
	210	Because of this, malicious parties could set up a PTR record as follows:
	211	.Bd -literal -offset indent
	212	1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1
	213	.Ed
	214	.Pp
	215	and trick the caller of
	216	.Fn getnameinfo
	217	into believing that
	218	.Fa sa
	219	is
	220	.Li 10.1.1.1
	221	when it is actually
	222	.Li 127.0.0.1 .
	223	.Pp
	224	To prevent such attacks, the use of
	225	.Dv NI_NAMEREQD
	226	is recommended when the result of
	227	.Fn getnameinfo
	228	is used
	229	for access control purposes:
	230	.Bd -literal -offset indent
	231	struct sockaddr *sa;
	232	char addr[NI_MAXHOST];
	233	struct addrinfo hints, *res;
	234	int error;
	235
	236	error = getnameinfo(sa, sa->sa_len, addr, sizeof(addr),
	237	NULL, 0, NI_NAMEREQD);
	238	if (error == 0) {
	239	memset(&hints, 0, sizeof(hints));
	240	hints.ai_socktype = SOCK_DGRAM; /dummy/
	241	hints.ai_flags = AI_NUMERICHOST;
	242	if (getaddrinfo(addr, "0", &hints, &res) == 0) {
	243	/* malicious PTR record */
	244	freeaddrinfo(res);
	245	printf("bogus PTR record\en");
	246	return -1;
	247	}
	248	/* addr is FQDN as a result of PTR lookup */
	249	} else {
	250	/* addr is numeric string */
	251	error = getnameinfo(sa, sa->sa_len, addr, sizeof(addr),
	252	NULL, 0, NI_NUMERICHOST);
	253	}
	254	.Ed
	255	.Sh BUGS
	256	The implementation of
	257	.Fn getnameinfo
	258	is not thread-safe.
	259	.Pp
	260	.Ox
	261	intentionally uses a different
	262	.Dv NI_MAXHOST
	263	value from what
	264	.Tn "RFC 2553"
	265	suggests, to avoid buffer length handling mistakes.