[rsync/rsync.git] / clientname.c

/* -*- c-file-style: "linux" -*-
   
   rsync -- fast file replication program
   
   Copyright (C) 1992-2001 by Andrew Tridgell <tridge@samba.org>
   Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
   
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

/**
 * @file clientname.c
 * 
 * Functions for looking up the remote name or addr of a socket.
 *
 * This file is now converted to use the new-style getaddrinfo()
 * interface, which supports IPv6 but is also supported on recent
 * IPv4-only machines.  On systems that don't have that interface, we
 * emulate it using the KAME implementation.
 **/

#include "rsync.h"

static const char default_name[] = "UNKNOWN";


/**
 * Return the IP addr of the client as a string 
 **/
char *client_addr(int fd)
{
	struct sockaddr_storage ss;
	socklen_t length = sizeof ss;
	static char addr_buf[100];
	static int initialised;

	if (initialised) return addr_buf;

	initialised = 1;

	client_sockaddr(fd, &ss, &length);

	getnameinfo((struct sockaddr *)&ss, length,
		    addr_buf, sizeof(addr_buf), NULL, 0, NI_NUMERICHOST);
	
	return addr_buf;
}


static int get_sockaddr_family(const struct sockaddr_storage *ss)
{
	return ((struct sockaddr *) ss)->sa_family;
}


/**
 * Return the DNS name of the client.
 *
 * The name is statically cached so that repeated lookups are quick,
 * so there is a limit of one lookup per customer.
 *
 * If anything goes wrong, including the name->addr->name check, then
 * we just use "UNKNOWN", so you can use that value in hosts allow
 * lines.
 **/
char *client_name(int fd)
{
	struct sockaddr_storage ss;
	socklen_t ss_len = sizeof ss;
	static char name_buf[100];
	static char port_buf[100];
	static int initialised;

	if (initialised) return name_buf;

	strcpy(name_buf, default_name);
	initialised = 1;

	client_sockaddr(fd, &ss, &ss_len);

	if (!lookup_name(fd, &ss, ss_len, name_buf, sizeof name_buf, port_buf, sizeof port_buf))
		check_name(fd, &ss, ss_len, name_buf, port_buf);

	return name_buf;
}


/**
 * Get the sockaddr for the client.
 *
 * If it comes in as an ipv4 address mapped into IPv6 format then we
 * convert it back to a regular IPv4.
 **/
void client_sockaddr(int fd,
		     struct sockaddr_storage *ss,
		     socklen_t *ss_len)
{
	if (getpeername(fd, (struct sockaddr *) ss, ss_len)) {
		/* FIXME: Can we really not continue? */
		rprintf(FERROR, RSYNC_NAME ": getpeername on fd%d failed: %s\n",
			fd, strerror(errno));
		exit_cleanup(RERR_SOCKETIO);
	}

#ifdef INET6
        if (get_sockaddr_family(ss) == AF_INET6 && 
	    IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)ss)->sin6_addr)) {
		/* OK, so ss is in the IPv6 family, but it is really
		 * an IPv4 address: something like
		 * "::ffff:10.130.1.2".  If we use it as-is, then the
		 * reverse lookup might fail or perhaps something else
		 * bad might happen.  So instead we convert it to an
		 * equivalent address in the IPv4 address family.  */
		struct sockaddr_in6 sin6;
		struct sockaddr_in *sin;

		memcpy(&sin6, ss, sizeof(sin6));
		sin = (struct sockaddr_in *)ss;
		memset(sin, 0, sizeof(*sin));
		sin->sin_family = AF_INET;
		*ss_len = sizeof(struct sockaddr_in);
#ifdef HAVE_SOCKADDR_LEN
		sin->sin_len = *ss_len;
#endif
		sin->sin_port = sin6.sin6_port;

		/* There is a macro to extract the mapped part
		 * (IN6_V4MAPPED_TO_SINADDR ?), but it does not seem
		 * to be present in the Linux headers. */
		memcpy(&sin->sin_addr, &sin6.sin6_addr.s6_addr[12],
			sizeof(sin->sin_addr));
        }
#endif
}


/**
 * Look up a name from @p ss into @p name_buf.
 **/
int lookup_name(int fd, const struct sockaddr_storage *ss,
		socklen_t ss_len,
		char *name_buf, size_t name_buf_len,
		char *port_buf, size_t port_buf_len)
{
	int name_err;
	
	/* reverse lookup */
	name_err = getnameinfo((struct sockaddr *) ss, ss_len,
			       name_buf, name_buf_len,
			       port_buf, port_buf_len,
			       NI_NAMEREQD | NI_NUMERICSERV);
	if (name_err != 0) {
		strcpy(name_buf, default_name);
		rprintf(FERROR, RSYNC_NAME ": name lookup failed for %s: %s\n",
			client_addr(fd),
			gai_strerror(name_err));
		return name_err;
	}

	return 0;
}


/**
 * Do a forward lookup on @p name_buf and make sure it corresponds to
 * @p ss -- otherwise we may be being spoofed.  If we suspect we are,
 * then we don't abort the connection but just emit a warning, and
 * change @p name_buf to be "UNKNOWN".
 **/
int check_name(int fd,
	       const struct sockaddr_storage *ss,
	       socklen_t ss_len,
	       char *name_buf,
	       const char *port_buf)
{
	struct addrinfo hints, *res, *res0;
	int error;
	int ss_family = get_sockaddr_family(ss);

	memset(&hints, 0, sizeof(hints));
	hints.ai_family = PF_UNSPEC;
	hints.ai_flags = ss_family;
	hints.ai_socktype = SOCK_STREAM;
	error = getaddrinfo(name_buf, port_buf, &hints, &res0);
	if (error) {
		rprintf(FERROR,
			RSYNC_NAME ": forward name lookup for %s failed: %s\n",
			name_buf, gai_strerror(error));
		strcpy(name_buf, default_name);
		return error;
	}


	/* We expect that one of the results will be the same as ss. */
	for (res = res0; res; res = res->ai_next) {
		if (res->ai_family != ss_family) {
			rprintf(FERROR,
				"check_name: response family %d != %d\n",
				res->ai_family, ss_family);
			continue;
		}
		if (res->ai_addrlen != ss_len) {
			rprintf(FERROR,
				"check_name: addrlen %d != %d\n",
				res->ai_addrlen, ss_len);
			continue;
		}
		if (memcmp(res->ai_addr, ss, res->ai_addrlen) == 0) {
			rprintf(FERROR,
				"check_name: %d bytes of address identical\n",
				res->ai_addrlen);
			break;
		} else{
			rprintf(FERROR,
				"check_name: %d bytes of address NOT identical\n",
				res->ai_addrlen);
		}
	}

	if (!res0) {
		/* We hit the end of the list without finding an
		 * address that was the same as ss. */
		rprintf(FERROR, RSYNC_NAME
			": no known address for \"%s\": "
			"spoofed address?\n",
			name_buf);
		strcpy(name_buf, default_name);
	}
	if (res == NULL) {
		/* We hit the end of the list without finding an
		 * address that was the same as ss. */
		rprintf(FERROR, RSYNC_NAME
			": %s is not a known address for \"%s\": "
			"spoofed address?\n",
			client_addr(fd),
			name_buf);
		strcpy(name_buf, default_name);
	}

	freeaddrinfo(res0);
	return 0;
}
Commit	Line	Data
0cd2f407 MP	1	/* -- c-file-style: "linux" --
	2
	3	rsync -- fast file replication program
	4
	5	Copyright (C) 1992-2001 by Andrew Tridgell <tridge@samba.org>
	6	Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
	7
	8	This program is free software; you can redistribute it and/or modify
	9	it under the terms of the GNU General Public License as published by
	10	the Free Software Foundation; either version 2 of the License, or
	11	(at your option) any later version.
	12
	13	This program is distributed in the hope that it will be useful,
	14	but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	GNU General Public License for more details.
	17
	18	You should have received a copy of the GNU General Public License
	19	along with this program; if not, write to the Free Software
	20	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	21	*/
	22
	23	/**
	24	* @file clientname.c
	25	*
	26	* Functions for looking up the remote name or addr of a socket.
	27	*
	28	* This file is now converted to use the new-style getaddrinfo()
	29	* interface, which supports IPv6 but is also supported on recent
	30	* IPv4-only machines. On systems that don't have that interface, we
	31	* emulate it using the KAME implementation.
	32	**/
	33
	34	#include "rsync.h"
	35
	36	static const char default_name[] = "UNKNOWN";
	37
	38
	39	/**
	40	* Return the IP addr of the client as a string
	41	**/
	42	char *client_addr(int fd)
	43	{
	44	struct sockaddr_storage ss;
	45	socklen_t length = sizeof ss;
	46	static char addr_buf[100];
	47	static int initialised;
	48
	49	if (initialised) return addr_buf;
	50
	51	initialised = 1;
	52
	53	client_sockaddr(fd, &ss, &length);
	54
	55	getnameinfo((struct sockaddr *)&ss, length,
	56	addr_buf, sizeof(addr_buf), NULL, 0, NI_NUMERICHOST);
	57
	58	return addr_buf;
	59	}
	60
	61
	62	static int get_sockaddr_family(const struct sockaddr_storage *ss)
	63	{
	64	return ((struct sockaddr *) ss)->sa_family;
65	}
66
67
68	/**
69	* Return the DNS name of the client.
70	*
71	* The name is statically cached so that repeated lookups are quick,
72	* so there is a limit of one lookup per customer.
73	*
74	* If anything goes wrong, including the name->addr->name check, then
75	* we just use "UNKNOWN", so you can use that value in hosts allow
76	* lines.
77	**/
78	char *client_name(int fd)
79	{
80	struct sockaddr_storage ss;
81	socklen_t ss_len = sizeof ss;
82	static char name_buf[100];
83	static char port_buf[100];
84	static int initialised;
85
86	if (initialised) return name_buf;
87
88	strcpy(name_buf, default_name);
89	initialised = 1;
90
91	client_sockaddr(fd, &ss, &ss_len);
92
93	if (!lookup_name(fd, &ss, ss_len, name_buf, sizeof name_buf, port_buf, sizeof port_buf))
94	check_name(fd, &ss, ss_len, name_buf, port_buf);
95
96	return name_buf;
97	}
98
99
100
101	/**
af32f69e MP	102	* Get the sockaddr for the client.
	103	*
	104	* If it comes in as an ipv4 address mapped into IPv6 format then we
	105	* convert it back to a regular IPv4.
0cd2f407 MP	106	**/
	107	void client_sockaddr(int fd,
	108	struct sockaddr_storage *ss,
	109	socklen_t *ss_len)
	110	{
	111	if (getpeername(fd, (struct sockaddr *) ss, ss_len)) {
	112	/* FIXME: Can we really not continue? */
	113	rprintf(FERROR, RSYNC_NAME ": getpeername on fd%d failed: %s\n",
	114	fd, strerror(errno));
	115	exit_cleanup(RERR_SOCKETIO);
	116	}
	117
	118	#ifdef INET6
	119	if (get_sockaddr_family(ss) == AF_INET6 &&
	120	IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)ss)->sin6_addr)) {
	121	/* OK, so ss is in the IPv6 family, but it is really
	122	* an IPv4 address: something like
	123	* "::ffff:10.130.1.2". If we use it as-is, then the
	124	* reverse lookup might fail or perhaps something else
	125	* bad might happen. So instead we convert it to an
	126	* equivalent address in the IPv4 address family. */
	127	struct sockaddr_in6 sin6;
	128	struct sockaddr_in *sin;
	129
	130	memcpy(&sin6, ss, sizeof(sin6));
	131	sin = (struct sockaddr_in *)ss;
	132	memset(sin, 0, sizeof(*sin));
	133	sin->sin_family = AF_INET;
	134	*ss_len = sizeof(struct sockaddr_in);
	135	#ifdef HAVE_SOCKADDR_LEN
	136	sin->sin_len = *ss_len;
	137	#endif
	138	sin->sin_port = sin6.sin6_port;
	139
	140	/* There is a macro to extract the mapped part
	141	* (IN6_V4MAPPED_TO_SINADDR ?), but it does not seem
	142	* to be present in the Linux headers. */
	143	memcpy(&sin->sin_addr, &sin6.sin6_addr.s6_addr[12],
	144	sizeof(sin->sin_addr));
	145	}
	146	#endif
	147	}
	148
	149
	150	/**
	151	* Look up a name from @p ss into @p name_buf.
	152	**/
	153	int lookup_name(int fd, const struct sockaddr_storage *ss,
	154	socklen_t ss_len,
	155	char *name_buf, size_t name_buf_len,
	156	char *port_buf, size_t port_buf_len)
	157	{
	158	int name_err;
	159
	160	/* reverse lookup */
	161	name_err = getnameinfo((struct sockaddr *) ss, ss_len,
	162	name_buf, name_buf_len,
	163	port_buf, port_buf_len,
	164	NI_NAMEREQD \| NI_NUMERICSERV);
	165	if (name_err != 0) {
	166	strcpy(name_buf, default_name);
	167	rprintf(FERROR, RSYNC_NAME ": name lookup failed for %s: %s\n",
	168	client_addr(fd),
	169	gai_strerror(name_err));
170	return name_err;
171	}
172
173	return 0;
174	}
175
176
177
af32f69e MP	178	/**
	179	* Do a forward lookup on @p name_buf and make sure it corresponds to
	180	* @p ss -- otherwise we may be being spoofed. If we suspect we are,
	181	* then we don't abort the connection but just emit a warning, and
	182	* change @p name_buf to be "UNKNOWN".
	183	**/
0cd2f407 MP	184	int check_name(int fd,
	185	const struct sockaddr_storage *ss,
	186	socklen_t ss_len,
	187	char *name_buf,
	188	const char *port_buf)
	189	{
	190	struct addrinfo hints, res, res0;
	191	int error;
	192	int ss_family = get_sockaddr_family(ss);
	193
	194	memset(&hints, 0, sizeof(hints));
	195	hints.ai_family = PF_UNSPEC;
	196	hints.ai_flags = ss_family;
	197	hints.ai_socktype = SOCK_STREAM;
	198	error = getaddrinfo(name_buf, port_buf, &hints, &res0);
	199	if (error) {
	200	rprintf(FERROR,
af32f69e MP	201	RSYNC_NAME ": forward name lookup for %s failed: %s\n",
af32f69e MP	202	name_buf, gai_strerror(error));
0cd2f407 MP	203	strcpy(name_buf, default_name);
	204	return error;
	205	}
	206
	207
	208	/* We expect that one of the results will be the same as ss. */
	209	for (res = res0; res; res = res->ai_next) {
	210	if (res->ai_family != ss_family) {
	211	rprintf(FERROR,
	212	"check_name: response family %d != %d\n",
	213	res->ai_family, ss_family);
	214	continue;
	215	}
	216	if (res->ai_addrlen != ss_len) {
	217	rprintf(FERROR,
	218	"check_name: addrlen %d != %d\n",
	219	res->ai_addrlen, ss_len);
	220	continue;
	221	}
	222	if (memcmp(res->ai_addr, ss, res->ai_addrlen) == 0) {
	223	rprintf(FERROR,
	224	"check_name: %d bytes of address identical\n",
	225	res->ai_addrlen);
	226	break;
	227	} else{
	228	rprintf(FERROR,
	229	"check_name: %d bytes of address NOT identical\n",
	230	res->ai_addrlen);
	231	}
	232	}
	233
	234	if (!res0) {
	235	/* We hit the end of the list without finding an
	236	* address that was the same as ss. */
	237	rprintf(FERROR, RSYNC_NAME
	238	": no known address for \"%s\": "
	239	"spoofed address?\n",
	240	name_buf);
	241	strcpy(name_buf, default_name);
	242	}
	243	if (res == NULL) {
	244	/* We hit the end of the list without finding an
	245	* address that was the same as ss. */
	246	rprintf(FERROR, RSYNC_NAME
	247	": %s is not a known address for \"%s\": "
	248	"spoofed address?\n",
	249	client_addr(fd),
	250	name_buf);
	251	strcpy(name_buf, default_name);
	252	}
	253
	254	freeaddrinfo(res0);
	255	return 0;
	256	}
	257