summaryrefslogtreecommitdiff
path: root/canohost.c
diff options
context:
space:
mode:
Diffstat (limited to 'canohost.c')
-rw-r--r--canohost.c52
1 files changed, 32 insertions, 20 deletions
diff --git a/canohost.c b/canohost.c
index 941db23b6..438175f76 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: canohost.c,v 1.35 2002/11/26 02:38:54 stevesk Exp $"); 15RCSID("$OpenBSD: canohost.c,v 1.37 2003/06/02 09:17:34 markus Exp $");
16 16
17#include "packet.h" 17#include "packet.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -27,7 +27,7 @@ static void check_ip_options(int, char *);
27 */ 27 */
28 28
29static char * 29static char *
30get_remote_hostname(int socket, int verify_reverse_mapping) 30get_remote_hostname(int socket, int use_dns)
31{ 31{
32 struct sockaddr_storage from; 32 struct sockaddr_storage from;
33 int i; 33 int i;
@@ -72,6 +72,9 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
72 NULL, 0, NI_NUMERICHOST) != 0) 72 NULL, 0, NI_NUMERICHOST) != 0)
73 fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); 73 fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
74 74
75 if (!use_dns)
76 return xstrdup(ntop);
77
75 if (from.ss_family == AF_INET) 78 if (from.ss_family == AF_INET)
76 check_ip_options(socket, ntop); 79 check_ip_options(socket, ntop);
77 80
@@ -80,14 +83,24 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
80 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 83 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
81 NULL, 0, NI_NAMEREQD) != 0) { 84 NULL, 0, NI_NAMEREQD) != 0) {
82 /* Host name not found. Use ip address. */ 85 /* Host name not found. Use ip address. */
83#if 0
84 log("Could not reverse map address %.100s.", ntop);
85#endif
86 return xstrdup(ntop); 86 return xstrdup(ntop);
87 } 87 }
88 88
89 /* Got host name. */ 89 /*
90 name[sizeof(name) - 1] = '\0'; 90 * if reverse lookup result looks like a numeric hostname,
91 * someone is trying to trick us by PTR record like following:
92 * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
93 */
94 memset(&hints, 0, sizeof(hints));
95 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
96 hints.ai_flags = AI_NUMERICHOST;
97 if (getaddrinfo(name, "0", &hints, &ai) == 0) {
98 logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
99 name, ntop);
100 freeaddrinfo(ai);
101 return xstrdup(ntop);
102 }
103
91 /* 104 /*
92 * Convert it to all lowercase (which is expected by the rest 105 * Convert it to all lowercase (which is expected by the rest
93 * of this software). 106 * of this software).
@@ -95,9 +108,6 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
95 for (i = 0; name[i]; i++) 108 for (i = 0; name[i]; i++)
96 if (isupper(name[i])) 109 if (isupper(name[i]))
97 name[i] = tolower(name[i]); 110 name[i] = tolower(name[i]);
98
99 if (!verify_reverse_mapping)
100 return xstrdup(name);
101 /* 111 /*
102 * Map it back to an IP address and check that the given 112 * Map it back to an IP address and check that the given
103 * address actually is an address of this host. This is 113 * address actually is an address of this host. This is
@@ -111,7 +121,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
111 hints.ai_family = from.ss_family; 121 hints.ai_family = from.ss_family;
112 hints.ai_socktype = SOCK_STREAM; 122 hints.ai_socktype = SOCK_STREAM;
113 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { 123 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
114 log("reverse mapping checking getaddrinfo for %.700s " 124 logit("reverse mapping checking getaddrinfo for %.700s "
115 "failed - POSSIBLE BREAKIN ATTEMPT!", name); 125 "failed - POSSIBLE BREAKIN ATTEMPT!", name);
116 return xstrdup(ntop); 126 return xstrdup(ntop);
117 } 127 }
@@ -126,7 +136,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
126 /* If we reached the end of the list, the address was not there. */ 136 /* If we reached the end of the list, the address was not there. */
127 if (!ai) { 137 if (!ai) {
128 /* Address not found for the host name. */ 138 /* Address not found for the host name. */
129 log("Address %.100s maps to %.600s, but this does not " 139 logit("Address %.100s maps to %.600s, but this does not "
130 "map back to the address - POSSIBLE BREAKIN ATTEMPT!", 140 "map back to the address - POSSIBLE BREAKIN ATTEMPT!",
131 ntop, name); 141 ntop, name);
132 return xstrdup(ntop); 142 return xstrdup(ntop);
@@ -149,6 +159,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
149static void 159static void
150check_ip_options(int socket, char *ipaddr) 160check_ip_options(int socket, char *ipaddr)
151{ 161{
162#ifdef IP_OPTIONS
152 u_char options[200]; 163 u_char options[200];
153 char text[sizeof(options) * 3 + 1]; 164 char text[sizeof(options) * 3 + 1];
154 socklen_t option_size; 165 socklen_t option_size;
@@ -166,11 +177,12 @@ check_ip_options(int socket, char *ipaddr)
166 for (i = 0; i < option_size; i++) 177 for (i = 0; i < option_size; i++)
167 snprintf(text + i*3, sizeof(text) - i*3, 178 snprintf(text + i*3, sizeof(text) - i*3,
168 " %2.2x", options[i]); 179 " %2.2x", options[i]);
169 log("Connection from %.100s with IP options:%.800s", 180 logit("Connection from %.100s with IP options:%.800s",
170 ipaddr, text); 181 ipaddr, text);
171 packet_disconnect("Connection from %.100s with IP options:%.800s", 182 packet_disconnect("Connection from %.100s with IP options:%.800s",
172 ipaddr, text); 183 ipaddr, text);
173 } 184 }
185#endif /* IP_OPTIONS */
174} 186}
175 187
176/* 188/*
@@ -180,14 +192,14 @@ check_ip_options(int socket, char *ipaddr)
180 */ 192 */
181 193
182const char * 194const char *
183get_canonical_hostname(int verify_reverse_mapping) 195get_canonical_hostname(int use_dns)
184{ 196{
185 static char *canonical_host_name = NULL; 197 static char *canonical_host_name = NULL;
186 static int verify_reverse_mapping_done = 0; 198 static int use_dns_done = 0;
187 199
188 /* Check if we have previously retrieved name with same option. */ 200 /* Check if we have previously retrieved name with same option. */
189 if (canonical_host_name != NULL) { 201 if (canonical_host_name != NULL) {
190 if (verify_reverse_mapping_done != verify_reverse_mapping) 202 if (use_dns_done != use_dns)
191 xfree(canonical_host_name); 203 xfree(canonical_host_name);
192 else 204 else
193 return canonical_host_name; 205 return canonical_host_name;
@@ -196,11 +208,11 @@ get_canonical_hostname(int verify_reverse_mapping)
196 /* Get the real hostname if socket; otherwise return UNKNOWN. */ 208 /* Get the real hostname if socket; otherwise return UNKNOWN. */
197 if (packet_connection_is_on_socket()) 209 if (packet_connection_is_on_socket())
198 canonical_host_name = get_remote_hostname( 210 canonical_host_name = get_remote_hostname(
199 packet_get_connection_in(), verify_reverse_mapping); 211 packet_get_connection_in(), use_dns);
200 else 212 else
201 canonical_host_name = xstrdup("UNKNOWN"); 213 canonical_host_name = xstrdup("UNKNOWN");
202 214
203 verify_reverse_mapping_done = verify_reverse_mapping; 215 use_dns_done = use_dns;
204 return canonical_host_name; 216 return canonical_host_name;
205} 217}
206 218
@@ -294,11 +306,11 @@ get_remote_ipaddr(void)
294} 306}
295 307
296const char * 308const char *
297get_remote_name_or_ip(u_int utmp_len, int verify_reverse_mapping) 309get_remote_name_or_ip(u_int utmp_len, int use_dns)
298{ 310{
299 static const char *remote = ""; 311 static const char *remote = "";
300 if (utmp_len > 0) 312 if (utmp_len > 0)
301 remote = get_canonical_hostname(verify_reverse_mapping); 313 remote = get_canonical_hostname(use_dns);
302 if (utmp_len == 0 || strlen(remote) > utmp_len) 314 if (utmp_len == 0 || strlen(remote) > utmp_len)
303 remote = get_remote_ipaddr(); 315 remote = get_remote_ipaddr();
304 return remote; 316 return remote;
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 00:07:31 +0000