diff options
Diffstat (limited to 'canohost.c')
-rw-r--r-- | canohost.c | 199 |
1 files changed, 104 insertions, 95 deletions
diff --git a/canohost.c b/canohost.c index f3a659328..8253e9b6e 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -12,35 +12,35 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: canohost.c,v 1.19 2001/01/29 19:42:33 markus Exp $"); | 15 | RCSID("$OpenBSD: canohost.c,v 1.20 2001/02/03 10:08:37 markus Exp $"); |
16 | 16 | ||
17 | #include "packet.h" | 17 | #include "packet.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
19 | #include "log.h" | 19 | #include "log.h" |
20 | 20 | ||
21 | void check_ip_options(int socket, char *ipaddr); | ||
22 | |||
21 | /* | 23 | /* |
22 | * Return the canonical name of the host at the other end of the socket. The | 24 | * Return the canonical name of the host at the other end of the socket. The |
23 | * caller should free the returned string with xfree. | 25 | * caller should free the returned string with xfree. |
24 | */ | 26 | */ |
25 | 27 | ||
26 | char * | 28 | char * |
27 | get_remote_hostname(int socket) | 29 | get_remote_hostname(int socket, int reverse_mapping_check) |
28 | { | 30 | { |
29 | struct sockaddr_storage from; | 31 | struct sockaddr_storage from; |
30 | int i; | 32 | int i; |
31 | socklen_t fromlen; | 33 | socklen_t fromlen; |
32 | struct addrinfo hints, *ai, *aitop; | 34 | struct addrinfo hints, *ai, *aitop; |
33 | char name[MAXHOSTNAMELEN]; | 35 | char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST]; |
34 | char ntop[NI_MAXHOST], ntop2[NI_MAXHOST]; | ||
35 | 36 | ||
36 | /* Get IP address of client. */ | 37 | /* Get IP address of client. */ |
37 | fromlen = sizeof(from); | 38 | fromlen = sizeof(from); |
38 | memset(&from, 0, sizeof(from)); | 39 | memset(&from, 0, sizeof(from)); |
39 | if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) { | 40 | if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) { |
40 | debug("getpeername failed: %.100s", strerror(errno)); | 41 | debug("getpeername failed: %.100s", strerror(errno)); |
41 | fatal_cleanup(); | 42 | fatal_cleanup(); |
42 | } | 43 | } |
43 | |||
44 | #ifdef IPV4_IN_IPV6 | 44 | #ifdef IPV4_IN_IPV6 |
45 | if (from.ss_family == AF_INET6) { | 45 | if (from.ss_family == AF_INET6) { |
46 | struct sockaddr_in6 *from6 = (struct sockaddr_in6 *)&from; | 46 | struct sockaddr_in6 *from6 = (struct sockaddr_in6 *)&from; |
@@ -63,6 +63,8 @@ get_remote_hostname(int socket) | |||
63 | } | 63 | } |
64 | } | 64 | } |
65 | #endif | 65 | #endif |
66 | if (from.ss_family == AF_INET) | ||
67 | check_ip_options(socket, ntop); | ||
66 | 68 | ||
67 | if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), | 69 | if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), |
68 | NULL, 0, NI_NUMERICHOST) != 0) | 70 | NULL, 0, NI_NUMERICHOST) != 0) |
@@ -70,120 +72,127 @@ get_remote_hostname(int socket) | |||
70 | 72 | ||
71 | /* Map the IP address to a host name. */ | 73 | /* Map the IP address to a host name. */ |
72 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), | 74 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), |
73 | NULL, 0, NI_NAMEREQD) == 0) { | 75 | NULL, 0, NI_NAMEREQD) != 0) { |
74 | /* Got host name. */ | 76 | /* Host name not found. Use ip address. */ |
75 | name[sizeof(name) - 1] = '\0'; | 77 | log("Could not reverse map address %.100s.", ntop); |
76 | /* | 78 | return xstrdup(ntop); |
77 | * Convert it to all lowercase (which is expected by the rest | ||
78 | * of this software). | ||
79 | */ | ||
80 | for (i = 0; name[i]; i++) | ||
81 | if (isupper(name[i])) | ||
82 | name[i] = tolower(name[i]); | ||
83 | |||
84 | /* | ||
85 | * Map it back to an IP address and check that the given | ||
86 | * address actually is an address of this host. This is | ||
87 | * necessary because anyone with access to a name server can | ||
88 | * define arbitrary names for an IP address. Mapping from | ||
89 | * name to IP address can be trusted better (but can still be | ||
90 | * fooled if the intruder has access to the name server of | ||
91 | * the domain). | ||
92 | */ | ||
93 | memset(&hints, 0, sizeof(hints)); | ||
94 | hints.ai_family = from.ss_family; | ||
95 | hints.ai_socktype = SOCK_STREAM; | ||
96 | if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { | ||
97 | log("reverse mapping checking getaddrinfo for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); | ||
98 | strlcpy(name, ntop, sizeof name); | ||
99 | goto check_ip_options; | ||
100 | } | ||
101 | /* Look for the address from the list of addresses. */ | ||
102 | for (ai = aitop; ai; ai = ai->ai_next) { | ||
103 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, | ||
104 | sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && | ||
105 | (strcmp(ntop, ntop2) == 0)) | ||
106 | break; | ||
107 | } | ||
108 | freeaddrinfo(aitop); | ||
109 | /* If we reached the end of the list, the address was not there. */ | ||
110 | if (!ai) { | ||
111 | /* Address not found for the host name. */ | ||
112 | log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", | ||
113 | ntop, name); | ||
114 | strlcpy(name, ntop, sizeof name); | ||
115 | goto check_ip_options; | ||
116 | } | ||
117 | /* Address was found for the host name. We accept the host name. */ | ||
118 | } else { | ||
119 | /* Host name not found. Use ascii representation of the address. */ | ||
120 | strlcpy(name, ntop, sizeof name); | ||
121 | log("Could not reverse map address %.100s.", name); | ||
122 | } | 79 | } |
123 | 80 | ||
124 | check_ip_options: | 81 | /* Got host name. */ |
82 | name[sizeof(name) - 1] = '\0'; | ||
83 | /* | ||
84 | * Convert it to all lowercase (which is expected by the rest | ||
85 | * of this software). | ||
86 | */ | ||
87 | for (i = 0; name[i]; i++) | ||
88 | if (isupper(name[i])) | ||
89 | name[i] = tolower(name[i]); | ||
125 | 90 | ||
91 | if (!reverse_mapping_check) | ||
92 | return xstrdup(name); | ||
126 | /* | 93 | /* |
127 | * If IP options are supported, make sure there are none (log and | 94 | * Map it back to an IP address and check that the given |
128 | * disconnect them if any are found). Basically we are worried about | 95 | * address actually is an address of this host. This is |
129 | * source routing; it can be used to pretend you are somebody | 96 | * necessary because anyone with access to a name server can |
130 | * (ip-address) you are not. That itself may be "almost acceptable" | 97 | * define arbitrary names for an IP address. Mapping from |
131 | * under certain circumstances, but rhosts autentication is useless | 98 | * name to IP address can be trusted better (but can still be |
132 | * if source routing is accepted. Notice also that if we just dropped | 99 | * fooled if the intruder has access to the name server of |
133 | * source routing here, the other side could use IP spoofing to do | 100 | * the domain). |
134 | * rest of the interaction and could still bypass security. So we | ||
135 | * exit here if we detect any IP options. | ||
136 | */ | 101 | */ |
137 | /* IP options -- IPv4 only */ | 102 | memset(&hints, 0, sizeof(hints)); |
138 | if (from.ss_family == AF_INET) { | 103 | hints.ai_family = from.ss_family; |
139 | u_char options[200], *ucp; | 104 | hints.ai_socktype = SOCK_STREAM; |
140 | char text[1024], *cp; | 105 | if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { |
141 | socklen_t option_size; | 106 | log("reverse mapping checking getaddrinfo for %.700s " |
142 | int ipproto; | 107 | "failed - POSSIBLE BREAKIN ATTEMPT!", name); |
143 | struct protoent *ip; | 108 | return xstrdup(ntop); |
144 | 109 | } | |
145 | if ((ip = getprotobyname("ip")) != NULL) | 110 | /* Look for the address from the list of addresses. */ |
146 | ipproto = ip->p_proto; | 111 | for (ai = aitop; ai; ai = ai->ai_next) { |
147 | else | 112 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, |
148 | ipproto = IPPROTO_IP; | 113 | sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && |
149 | option_size = sizeof(options); | 114 | (strcmp(ntop, ntop2) == 0)) |
150 | if (getsockopt(socket, ipproto, IP_OPTIONS, (char *) options, | 115 | break; |
151 | &option_size) >= 0 && option_size != 0) { | 116 | } |
152 | cp = text; | 117 | freeaddrinfo(aitop); |
153 | /* Note: "text" buffer must be at least 3x as big as options. */ | 118 | /* If we reached the end of the list, the address was not there. */ |
154 | for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) | 119 | if (!ai) { |
155 | sprintf(cp, " %2.2x", *ucp); | 120 | /* Address not found for the host name. */ |
156 | log("Connection from %.100s with IP options:%.800s", | 121 | log("Address %.100s maps to %.600s, but this does not " |
157 | ntop, text); | 122 | "map back to the address - POSSIBLE BREAKIN ATTEMPT!", |
158 | packet_disconnect("Connection from %.100s with IP options:%.800s", | 123 | ntop, name); |
159 | ntop, text); | 124 | return xstrdup(ntop); |
160 | } | ||
161 | } | 125 | } |
162 | |||
163 | return xstrdup(name); | 126 | return xstrdup(name); |
164 | } | 127 | } |
165 | 128 | ||
166 | /* | 129 | /* |
130 | * If IP options are supported, make sure there are none (log and | ||
131 | * disconnect them if any are found). Basically we are worried about | ||
132 | * source routing; it can be used to pretend you are somebody | ||
133 | * (ip-address) you are not. That itself may be "almost acceptable" | ||
134 | * under certain circumstances, but rhosts autentication is useless | ||
135 | * if source routing is accepted. Notice also that if we just dropped | ||
136 | * source routing here, the other side could use IP spoofing to do | ||
137 | * rest of the interaction and could still bypass security. So we | ||
138 | * exit here if we detect any IP options. | ||
139 | */ | ||
140 | /* IPv4 only */ | ||
141 | void | ||
142 | check_ip_options(int socket, char *ipaddr) | ||
143 | { | ||
144 | u_char options[200], *ucp; | ||
145 | char text[1024], *cp; | ||
146 | socklen_t option_size; | ||
147 | int ipproto; | ||
148 | struct protoent *ip; | ||
149 | |||
150 | if ((ip = getprotobyname("ip")) != NULL) | ||
151 | ipproto = ip->p_proto; | ||
152 | else | ||
153 | ipproto = IPPROTO_IP; | ||
154 | option_size = sizeof(options); | ||
155 | if (getsockopt(socket, ipproto, IP_OPTIONS, (void *)options, | ||
156 | &option_size) >= 0 && option_size != 0) { | ||
157 | cp = text; | ||
158 | /* Note: "text" buffer must be at least 3x as big as options. */ | ||
159 | for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) | ||
160 | sprintf(cp, " %2.2x", *ucp); | ||
161 | log("Connection from %.100s with IP options:%.800s", | ||
162 | ipaddr, text); | ||
163 | packet_disconnect("Connection from %.100s with IP options:%.800s", | ||
164 | ipaddr, text); | ||
165 | } | ||
166 | } | ||
167 | |||
168 | /* | ||
167 | * Return the canonical name of the host in the other side of the current | 169 | * Return the canonical name of the host in the other side of the current |
168 | * connection. The host name is cached, so it is efficient to call this | 170 | * connection. The host name is cached, so it is efficient to call this |
169 | * several times. | 171 | * several times. |
170 | */ | 172 | */ |
171 | 173 | ||
172 | const char * | 174 | const char * |
173 | get_canonical_hostname() | 175 | get_canonical_hostname(int reverse_mapping_check) |
174 | { | 176 | { |
175 | static char *canonical_host_name = NULL; | 177 | static char *canonical_host_name = NULL; |
178 | static int reverse_mapping_checked = 0; | ||
176 | 179 | ||
177 | /* Check if we have previously retrieved this same name. */ | 180 | /* Check if we have previously retrieved name with same option. */ |
178 | if (canonical_host_name != NULL) | 181 | if (canonical_host_name != NULL) { |
179 | return canonical_host_name; | 182 | if (reverse_mapping_checked != reverse_mapping_check) |
183 | xfree(canonical_host_name); | ||
184 | else | ||
185 | return canonical_host_name; | ||
186 | } | ||
180 | 187 | ||
181 | /* Get the real hostname if socket; otherwise return UNKNOWN. */ | 188 | /* Get the real hostname if socket; otherwise return UNKNOWN. */ |
182 | if (packet_connection_is_on_socket()) | 189 | if (packet_connection_is_on_socket()) |
183 | canonical_host_name = get_remote_hostname(packet_get_connection_in()); | 190 | canonical_host_name = get_remote_hostname( |
191 | packet_get_connection_in(), reverse_mapping_check); | ||
184 | else | 192 | else |
185 | canonical_host_name = xstrdup("UNKNOWN"); | 193 | canonical_host_name = xstrdup("UNKNOWN"); |
186 | 194 | ||
195 | reverse_mapping_checked = reverse_mapping_check; | ||
187 | return canonical_host_name; | 196 | return canonical_host_name; |
188 | } | 197 | } |
189 | 198 | ||