diff options
Diffstat (limited to 'canohost.c')
-rw-r--r-- | canohost.c | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/canohost.c b/canohost.c index 417d95c18..533f2c24a 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: canohost.c,v 1.36 2003/04/08 20:21:28 itojun Exp $"); | 15 | RCSID("$OpenBSD: canohost.c,v 1.37 2003/06/02 09:17:34 markus Exp $"); |
16 | 16 | ||
17 | #include "packet.h" | 17 | #include "packet.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -27,7 +27,7 @@ static void check_ip_options(int, char *); | |||
27 | */ | 27 | */ |
28 | 28 | ||
29 | static char * | 29 | static char * |
30 | get_remote_hostname(int socket, int verify_reverse_mapping) | 30 | get_remote_hostname(int socket, int use_dns) |
31 | { | 31 | { |
32 | struct sockaddr_storage from; | 32 | struct sockaddr_storage from; |
33 | int i; | 33 | int i; |
@@ -72,6 +72,9 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
72 | NULL, 0, NI_NUMERICHOST) != 0) | 72 | NULL, 0, NI_NUMERICHOST) != 0) |
73 | fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); | 73 | fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); |
74 | 74 | ||
75 | if (!use_dns) | ||
76 | return xstrdup(ntop); | ||
77 | |||
75 | if (from.ss_family == AF_INET) | 78 | if (from.ss_family == AF_INET) |
76 | check_ip_options(socket, ntop); | 79 | check_ip_options(socket, ntop); |
77 | 80 | ||
@@ -80,14 +83,24 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
80 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), | 83 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), |
81 | NULL, 0, NI_NAMEREQD) != 0) { | 84 | NULL, 0, NI_NAMEREQD) != 0) { |
82 | /* Host name not found. Use ip address. */ | 85 | /* Host name not found. Use ip address. */ |
83 | #if 0 | ||
84 | logit("Could not reverse map address %.100s.", ntop); | ||
85 | #endif | ||
86 | return xstrdup(ntop); | 86 | return xstrdup(ntop); |
87 | } | 87 | } |
88 | 88 | ||
89 | /* Got host name. */ | 89 | /* |
90 | name[sizeof(name) - 1] = '\0'; | 90 | * if reverse lookup result looks like a numeric hostname, |
91 | * someone is trying to trick us by PTR record like following: | ||
92 | * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 | ||
93 | */ | ||
94 | memset(&hints, 0, sizeof(hints)); | ||
95 | hints.ai_socktype = SOCK_DGRAM; /*dummy*/ | ||
96 | hints.ai_flags = AI_NUMERICHOST; | ||
97 | if (getaddrinfo(name, "0", &hints, &ai) == 0) { | ||
98 | logit("Nasty PTR record \"%s\" is set up for %s, ignoring", | ||
99 | name, ntop); | ||
100 | freeaddrinfo(ai); | ||
101 | return xstrdup(ntop); | ||
102 | } | ||
103 | |||
91 | /* | 104 | /* |
92 | * Convert it to all lowercase (which is expected by the rest | 105 | * Convert it to all lowercase (which is expected by the rest |
93 | * of this software). | 106 | * of this software). |
@@ -95,9 +108,6 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
95 | for (i = 0; name[i]; i++) | 108 | for (i = 0; name[i]; i++) |
96 | if (isupper(name[i])) | 109 | if (isupper(name[i])) |
97 | name[i] = tolower(name[i]); | 110 | name[i] = tolower(name[i]); |
98 | |||
99 | if (!verify_reverse_mapping) | ||
100 | return xstrdup(name); | ||
101 | /* | 111 | /* |
102 | * Map it back to an IP address and check that the given | 112 | * Map it back to an IP address and check that the given |
103 | * address actually is an address of this host. This is | 113 | * address actually is an address of this host. This is |
@@ -180,14 +190,14 @@ check_ip_options(int socket, char *ipaddr) | |||
180 | */ | 190 | */ |
181 | 191 | ||
182 | const char * | 192 | const char * |
183 | get_canonical_hostname(int verify_reverse_mapping) | 193 | get_canonical_hostname(int use_dns) |
184 | { | 194 | { |
185 | static char *canonical_host_name = NULL; | 195 | static char *canonical_host_name = NULL; |
186 | static int verify_reverse_mapping_done = 0; | 196 | static int use_dns_done = 0; |
187 | 197 | ||
188 | /* Check if we have previously retrieved name with same option. */ | 198 | /* Check if we have previously retrieved name with same option. */ |
189 | if (canonical_host_name != NULL) { | 199 | if (canonical_host_name != NULL) { |
190 | if (verify_reverse_mapping_done != verify_reverse_mapping) | 200 | if (use_dns_done != use_dns) |
191 | xfree(canonical_host_name); | 201 | xfree(canonical_host_name); |
192 | else | 202 | else |
193 | return canonical_host_name; | 203 | return canonical_host_name; |
@@ -196,11 +206,11 @@ get_canonical_hostname(int verify_reverse_mapping) | |||
196 | /* Get the real hostname if socket; otherwise return UNKNOWN. */ | 206 | /* Get the real hostname if socket; otherwise return UNKNOWN. */ |
197 | if (packet_connection_is_on_socket()) | 207 | if (packet_connection_is_on_socket()) |
198 | canonical_host_name = get_remote_hostname( | 208 | canonical_host_name = get_remote_hostname( |
199 | packet_get_connection_in(), verify_reverse_mapping); | 209 | packet_get_connection_in(), use_dns); |
200 | else | 210 | else |
201 | canonical_host_name = xstrdup("UNKNOWN"); | 211 | canonical_host_name = xstrdup("UNKNOWN"); |
202 | 212 | ||
203 | verify_reverse_mapping_done = verify_reverse_mapping; | 213 | use_dns_done = use_dns; |
204 | return canonical_host_name; | 214 | return canonical_host_name; |
205 | } | 215 | } |
206 | 216 | ||
@@ -294,11 +304,11 @@ get_remote_ipaddr(void) | |||
294 | } | 304 | } |
295 | 305 | ||
296 | const char * | 306 | const char * |
297 | get_remote_name_or_ip(u_int utmp_len, int verify_reverse_mapping) | 307 | get_remote_name_or_ip(u_int utmp_len, int use_dns) |
298 | { | 308 | { |
299 | static const char *remote = ""; | 309 | static const char *remote = ""; |
300 | if (utmp_len > 0) | 310 | if (utmp_len > 0) |
301 | remote = get_canonical_hostname(verify_reverse_mapping); | 311 | remote = get_canonical_hostname(use_dns); |
302 | if (utmp_len == 0 || strlen(remote) > utmp_len) | 312 | if (utmp_len == 0 || strlen(remote) > utmp_len) |
303 | remote = get_remote_ipaddr(); | 313 | remote = get_remote_ipaddr(); |
304 | return remote; | 314 | return remote; |