diff options
author | Colin Watson <cjwatson@debian.org> | 2003-09-23 18:08:35 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2003-09-23 18:08:35 +0000 |
commit | d59fd3e421aa81b8e5e118f3f806081df2aca879 (patch) | |
tree | 356a4e607edc979c625bb33db63c656d771478bd /canohost.c | |
parent | 7505658c58e96b8d270f1928a0e1fa7f3e0c266b (diff) | |
parent | 45431c9b4677608680cd071768cbf156b316a7e8 (diff) |
Merge 3.7.1p2 to the trunk. I have absolutely no idea yet whether this will
work.
Diffstat (limited to 'canohost.c')
-rw-r--r-- | canohost.c | 52 |
1 files changed, 32 insertions, 20 deletions
diff --git a/canohost.c b/canohost.c index 941db23b6..438175f76 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: canohost.c,v 1.35 2002/11/26 02:38:54 stevesk Exp $"); | 15 | RCSID("$OpenBSD: canohost.c,v 1.37 2003/06/02 09:17:34 markus Exp $"); |
16 | 16 | ||
17 | #include "packet.h" | 17 | #include "packet.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -27,7 +27,7 @@ static void check_ip_options(int, char *); | |||
27 | */ | 27 | */ |
28 | 28 | ||
29 | static char * | 29 | static char * |
30 | get_remote_hostname(int socket, int verify_reverse_mapping) | 30 | get_remote_hostname(int socket, int use_dns) |
31 | { | 31 | { |
32 | struct sockaddr_storage from; | 32 | struct sockaddr_storage from; |
33 | int i; | 33 | int i; |
@@ -72,6 +72,9 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
72 | NULL, 0, NI_NUMERICHOST) != 0) | 72 | NULL, 0, NI_NUMERICHOST) != 0) |
73 | fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); | 73 | fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); |
74 | 74 | ||
75 | if (!use_dns) | ||
76 | return xstrdup(ntop); | ||
77 | |||
75 | if (from.ss_family == AF_INET) | 78 | if (from.ss_family == AF_INET) |
76 | check_ip_options(socket, ntop); | 79 | check_ip_options(socket, ntop); |
77 | 80 | ||
@@ -80,14 +83,24 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
80 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), | 83 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), |
81 | NULL, 0, NI_NAMEREQD) != 0) { | 84 | NULL, 0, NI_NAMEREQD) != 0) { |
82 | /* Host name not found. Use ip address. */ | 85 | /* Host name not found. Use ip address. */ |
83 | #if 0 | ||
84 | log("Could not reverse map address %.100s.", ntop); | ||
85 | #endif | ||
86 | return xstrdup(ntop); | 86 | return xstrdup(ntop); |
87 | } | 87 | } |
88 | 88 | ||
89 | /* Got host name. */ | 89 | /* |
90 | name[sizeof(name) - 1] = '\0'; | 90 | * if reverse lookup result looks like a numeric hostname, |
91 | * someone is trying to trick us by PTR record like following: | ||
92 | * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 | ||
93 | */ | ||
94 | memset(&hints, 0, sizeof(hints)); | ||
95 | hints.ai_socktype = SOCK_DGRAM; /*dummy*/ | ||
96 | hints.ai_flags = AI_NUMERICHOST; | ||
97 | if (getaddrinfo(name, "0", &hints, &ai) == 0) { | ||
98 | logit("Nasty PTR record \"%s\" is set up for %s, ignoring", | ||
99 | name, ntop); | ||
100 | freeaddrinfo(ai); | ||
101 | return xstrdup(ntop); | ||
102 | } | ||
103 | |||
91 | /* | 104 | /* |
92 | * Convert it to all lowercase (which is expected by the rest | 105 | * Convert it to all lowercase (which is expected by the rest |
93 | * of this software). | 106 | * of this software). |
@@ -95,9 +108,6 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
95 | for (i = 0; name[i]; i++) | 108 | for (i = 0; name[i]; i++) |
96 | if (isupper(name[i])) | 109 | if (isupper(name[i])) |
97 | name[i] = tolower(name[i]); | 110 | name[i] = tolower(name[i]); |
98 | |||
99 | if (!verify_reverse_mapping) | ||
100 | return xstrdup(name); | ||
101 | /* | 111 | /* |
102 | * Map it back to an IP address and check that the given | 112 | * Map it back to an IP address and check that the given |
103 | * address actually is an address of this host. This is | 113 | * address actually is an address of this host. This is |
@@ -111,7 +121,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
111 | hints.ai_family = from.ss_family; | 121 | hints.ai_family = from.ss_family; |
112 | hints.ai_socktype = SOCK_STREAM; | 122 | hints.ai_socktype = SOCK_STREAM; |
113 | if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { | 123 | if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { |
114 | log("reverse mapping checking getaddrinfo for %.700s " | 124 | logit("reverse mapping checking getaddrinfo for %.700s " |
115 | "failed - POSSIBLE BREAKIN ATTEMPT!", name); | 125 | "failed - POSSIBLE BREAKIN ATTEMPT!", name); |
116 | return xstrdup(ntop); | 126 | return xstrdup(ntop); |
117 | } | 127 | } |
@@ -126,7 +136,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
126 | /* If we reached the end of the list, the address was not there. */ | 136 | /* If we reached the end of the list, the address was not there. */ |
127 | if (!ai) { | 137 | if (!ai) { |
128 | /* Address not found for the host name. */ | 138 | /* Address not found for the host name. */ |
129 | log("Address %.100s maps to %.600s, but this does not " | 139 | logit("Address %.100s maps to %.600s, but this does not " |
130 | "map back to the address - POSSIBLE BREAKIN ATTEMPT!", | 140 | "map back to the address - POSSIBLE BREAKIN ATTEMPT!", |
131 | ntop, name); | 141 | ntop, name); |
132 | return xstrdup(ntop); | 142 | return xstrdup(ntop); |
@@ -149,6 +159,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
149 | static void | 159 | static void |
150 | check_ip_options(int socket, char *ipaddr) | 160 | check_ip_options(int socket, char *ipaddr) |
151 | { | 161 | { |
162 | #ifdef IP_OPTIONS | ||
152 | u_char options[200]; | 163 | u_char options[200]; |
153 | char text[sizeof(options) * 3 + 1]; | 164 | char text[sizeof(options) * 3 + 1]; |
154 | socklen_t option_size; | 165 | socklen_t option_size; |
@@ -166,11 +177,12 @@ check_ip_options(int socket, char *ipaddr) | |||
166 | for (i = 0; i < option_size; i++) | 177 | for (i = 0; i < option_size; i++) |
167 | snprintf(text + i*3, sizeof(text) - i*3, | 178 | snprintf(text + i*3, sizeof(text) - i*3, |
168 | " %2.2x", options[i]); | 179 | " %2.2x", options[i]); |
169 | log("Connection from %.100s with IP options:%.800s", | 180 | logit("Connection from %.100s with IP options:%.800s", |
170 | ipaddr, text); | 181 | ipaddr, text); |
171 | packet_disconnect("Connection from %.100s with IP options:%.800s", | 182 | packet_disconnect("Connection from %.100s with IP options:%.800s", |
172 | ipaddr, text); | 183 | ipaddr, text); |
173 | } | 184 | } |
185 | #endif /* IP_OPTIONS */ | ||
174 | } | 186 | } |
175 | 187 | ||
176 | /* | 188 | /* |
@@ -180,14 +192,14 @@ check_ip_options(int socket, char *ipaddr) | |||
180 | */ | 192 | */ |
181 | 193 | ||
182 | const char * | 194 | const char * |
183 | get_canonical_hostname(int verify_reverse_mapping) | 195 | get_canonical_hostname(int use_dns) |
184 | { | 196 | { |
185 | static char *canonical_host_name = NULL; | 197 | static char *canonical_host_name = NULL; |
186 | static int verify_reverse_mapping_done = 0; | 198 | static int use_dns_done = 0; |
187 | 199 | ||
188 | /* Check if we have previously retrieved name with same option. */ | 200 | /* Check if we have previously retrieved name with same option. */ |
189 | if (canonical_host_name != NULL) { | 201 | if (canonical_host_name != NULL) { |
190 | if (verify_reverse_mapping_done != verify_reverse_mapping) | 202 | if (use_dns_done != use_dns) |
191 | xfree(canonical_host_name); | 203 | xfree(canonical_host_name); |
192 | else | 204 | else |
193 | return canonical_host_name; | 205 | return canonical_host_name; |
@@ -196,11 +208,11 @@ get_canonical_hostname(int verify_reverse_mapping) | |||
196 | /* Get the real hostname if socket; otherwise return UNKNOWN. */ | 208 | /* Get the real hostname if socket; otherwise return UNKNOWN. */ |
197 | if (packet_connection_is_on_socket()) | 209 | if (packet_connection_is_on_socket()) |
198 | canonical_host_name = get_remote_hostname( | 210 | canonical_host_name = get_remote_hostname( |
199 | packet_get_connection_in(), verify_reverse_mapping); | 211 | packet_get_connection_in(), use_dns); |
200 | else | 212 | else |
201 | canonical_host_name = xstrdup("UNKNOWN"); | 213 | canonical_host_name = xstrdup("UNKNOWN"); |
202 | 214 | ||
203 | verify_reverse_mapping_done = verify_reverse_mapping; | 215 | use_dns_done = use_dns; |
204 | return canonical_host_name; | 216 | return canonical_host_name; |
205 | } | 217 | } |
206 | 218 | ||
@@ -294,11 +306,11 @@ get_remote_ipaddr(void) | |||
294 | } | 306 | } |
295 | 307 | ||
296 | const char * | 308 | const char * |
297 | get_remote_name_or_ip(u_int utmp_len, int verify_reverse_mapping) | 309 | get_remote_name_or_ip(u_int utmp_len, int use_dns) |
298 | { | 310 | { |
299 | static const char *remote = ""; | 311 | static const char *remote = ""; |
300 | if (utmp_len > 0) | 312 | if (utmp_len > 0) |
301 | remote = get_canonical_hostname(verify_reverse_mapping); | 313 | remote = get_canonical_hostname(use_dns); |
302 | if (utmp_len == 0 || strlen(remote) > utmp_len) | 314 | if (utmp_len == 0 || strlen(remote) > utmp_len) |
303 | remote = get_remote_ipaddr(); | 315 | remote = get_remote_ipaddr(); |
304 | return remote; | 316 | return remote; |