diff options
Diffstat (limited to 'canohost.c')
| -rw-r--r-- | canohost.c | 79 |
1 files changed, 47 insertions, 32 deletions
diff --git a/canohost.c b/canohost.c index 3179ddc25..4209b6ab8 100644 --- a/canohost.c +++ b/canohost.c | |||
| @@ -14,14 +14,16 @@ | |||
| 14 | */ | 14 | */ |
| 15 | 15 | ||
| 16 | #include "includes.h" | 16 | #include "includes.h" |
| 17 | RCSID("$Id: canohost.c,v 1.3 1999/11/24 13:26:22 damien Exp $"); | 17 | RCSID("$Id: canohost.c,v 1.4 1999/11/25 00:54:58 damien Exp $"); |
| 18 | 18 | ||
| 19 | #include "packet.h" | 19 | #include "packet.h" |
| 20 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
| 21 | #include "ssh.h" | 21 | #include "ssh.h" |
| 22 | 22 | ||
| 23 | /* Return the canonical name of the host at the other end of the socket. | 23 | /* |
| 24 | The caller should free the returned string with xfree. */ | 24 | * Return the canonical name of the host at the other end of the socket. The |
| 25 | * caller should free the returned string with xfree. | ||
| 26 | */ | ||
| 25 | 27 | ||
| 26 | char * | 28 | char * |
| 27 | get_remote_hostname(int socket) | 29 | get_remote_hostname(int socket) |
| @@ -52,19 +54,23 @@ get_remote_hostname(int socket) | |||
| 52 | else | 54 | else |
| 53 | strlcpy(name, hp->h_name, sizeof(name)); | 55 | strlcpy(name, hp->h_name, sizeof(name)); |
| 54 | 56 | ||
| 55 | /* Convert it to all lowercase (which is expected by the | 57 | /* |
| 56 | rest of this software). */ | 58 | * Convert it to all lowercase (which is expected by the rest |
| 59 | * of this software). | ||
| 60 | */ | ||
| 57 | for (i = 0; name[i]; i++) | 61 | for (i = 0; name[i]; i++) |
| 58 | if (isupper(name[i])) | 62 | if (isupper(name[i])) |
| 59 | name[i] = tolower(name[i]); | 63 | name[i] = tolower(name[i]); |
| 60 | 64 | ||
| 61 | /* Map it back to an IP address and check that the given | 65 | /* |
| 62 | address actually is an address of this host. This is | 66 | * Map it back to an IP address and check that the given |
| 63 | necessary because anyone with access to a name server | 67 | * address actually is an address of this host. This is |
| 64 | can define arbitrary names for an IP address. Mapping | 68 | * necessary because anyone with access to a name server can |
| 65 | from name to IP address can be trusted better (but can | 69 | * define arbitrary names for an IP address. Mapping from |
| 66 | still be fooled if the intruder has access to the name | 70 | * name to IP address can be trusted better (but can still be |
| 67 | server of the domain). */ | 71 | * fooled if the intruder has access to the name server of |
| 72 | * the domain). | ||
| 73 | */ | ||
| 68 | hp = gethostbyname(name); | 74 | hp = gethostbyname(name); |
| 69 | if (!hp) { | 75 | if (!hp) { |
| 70 | log("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); | 76 | log("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); |
| @@ -76,8 +82,10 @@ get_remote_hostname(int socket) | |||
| 76 | if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr)) | 82 | if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr)) |
| 77 | == 0) | 83 | == 0) |
| 78 | break; | 84 | break; |
| 79 | /* If we reached the end of the list, the address was not | 85 | /* |
| 80 | there. */ | 86 | * If we reached the end of the list, the address was not |
| 87 | * there. | ||
| 88 | */ | ||
| 81 | if (!hp->h_addr_list[i]) { | 89 | if (!hp->h_addr_list[i]) { |
| 82 | /* Address not found for the host name. */ | 90 | /* Address not found for the host name. */ |
| 83 | log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", | 91 | log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", |
| @@ -94,16 +102,17 @@ get_remote_hostname(int socket) | |||
| 94 | 102 | ||
| 95 | check_ip_options: | 103 | check_ip_options: |
| 96 | 104 | ||
| 97 | /* If IP options are supported, make sure there are none (log and | 105 | /* |
| 98 | disconnect them if any are found). Basically we are worried | 106 | * If IP options are supported, make sure there are none (log and |
| 99 | about source routing; it can be used to pretend you are | 107 | * disconnect them if any are found). Basically we are worried about |
| 100 | somebody (ip-address) you are not. That itself may be "almost | 108 | * source routing; it can be used to pretend you are somebody |
| 101 | acceptable" under certain circumstances, but rhosts | 109 | * (ip-address) you are not. That itself may be "almost acceptable" |
| 102 | autentication is useless if source routing is accepted. Notice | 110 | * under certain circumstances, but rhosts autentication is useless |
| 103 | also that if we just dropped source routing here, the other | 111 | * if source routing is accepted. Notice also that if we just dropped |
| 104 | side could use IP spoofing to do rest of the interaction and | 112 | * source routing here, the other side could use IP spoofing to do |
| 105 | could still bypass security. So we exit here if we detect any | 113 | * rest of the interaction and could still bypass security. So we |
| 106 | IP options. */ | 114 | * exit here if we detect any IP options. |
| 115 | */ | ||
| 107 | { | 116 | { |
| 108 | unsigned char options[200], *ucp; | 117 | unsigned char options[200], *ucp; |
| 109 | char text[1024], *cp; | 118 | char text[1024], *cp; |
| @@ -134,9 +143,11 @@ check_ip_options: | |||
| 134 | static char *canonical_host_name = NULL; | 143 | static char *canonical_host_name = NULL; |
| 135 | static char *canonical_host_ip = NULL; | 144 | static char *canonical_host_ip = NULL; |
| 136 | 145 | ||
| 137 | /* Return the canonical name of the host in the other side of the current | 146 | /* |
| 138 | connection. The host name is cached, so it is efficient to call this | 147 | * Return the canonical name of the host in the other side of the current |
| 139 | several times. */ | 148 | * connection. The host name is cached, so it is efficient to call this |
| 149 | * several times. | ||
| 150 | */ | ||
| 140 | 151 | ||
| 141 | const char * | 152 | const char * |
| 142 | get_canonical_hostname() | 153 | get_canonical_hostname() |
| @@ -154,8 +165,10 @@ get_canonical_hostname() | |||
| 154 | return canonical_host_name; | 165 | return canonical_host_name; |
| 155 | } | 166 | } |
| 156 | 167 | ||
| 157 | /* Returns the IP-address of the remote host as a string. The returned | 168 | /* |
| 158 | string need not be freed. */ | 169 | * Returns the IP-address of the remote host as a string. The returned |
| 170 | * string need not be freed. | ||
| 171 | */ | ||
| 159 | 172 | ||
| 160 | const char * | 173 | const char * |
| 161 | get_remote_ipaddr() | 174 | get_remote_ipaddr() |
| @@ -163,7 +176,7 @@ get_remote_ipaddr() | |||
| 163 | struct sockaddr_in from; | 176 | struct sockaddr_in from; |
| 164 | int fromlen, socket; | 177 | int fromlen, socket; |
| 165 | 178 | ||
| 166 | /* Check if we have previously retrieved this same name. */ | 179 | /* Check whether we have chached the name. */ |
| 167 | if (canonical_host_ip != NULL) | 180 | if (canonical_host_ip != NULL) |
| 168 | return canonical_host_ip; | 181 | return canonical_host_ip; |
| 169 | 182 | ||
| @@ -215,8 +228,10 @@ get_remote_port() | |||
| 215 | { | 228 | { |
| 216 | int socket; | 229 | int socket; |
| 217 | 230 | ||
| 218 | /* If the connection is not a socket, return 65535. This is | 231 | /* |
| 219 | intentionally chosen to be an unprivileged port number. */ | 232 | * If the connection is not a socket, return 65535. This is |
| 233 | * intentionally chosen to be an unprivileged port number. | ||
| 234 | */ | ||
| 220 | if (packet_get_connection_in() != packet_get_connection_out()) | 235 | if (packet_get_connection_in() != packet_get_connection_out()) |
| 221 | return 65535; | 236 | return 65535; |
| 222 | 237 | ||