Matt McCutchen's Web Site - rsync/rsync.git/blame_incremental

... / ...

Commit	Line	Data
	1	/* -- c-file-style: "linux" --
	2
	3	rsync -- fast file replication program
	4
	5	Copyright (C) 1992-2001 by Andrew Tridgell <tridge@samba.org>
	6	Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
	7
	8	This program is free software; you can redistribute it and/or modify
	9	it under the terms of the GNU General Public License as published by
	10	the Free Software Foundation; either version 2 of the License, or
	11	(at your option) any later version.
	12
	13	This program is distributed in the hope that it will be useful,
	14	but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	GNU General Public License for more details.
	17
	18	You should have received a copy of the GNU General Public License
	19	along with this program; if not, write to the Free Software
	20	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	21	*/
	22
	23	/**
	24	* @file clientname.c
	25	*
	26	* Functions for looking up the remote name or addr of a socket.
	27	*
	28	* This file is now converted to use the new-style getaddrinfo()
	29	* interface, which supports IPv6 but is also supported on recent
	30	* IPv4-only machines. On systems that don't have that interface, we
	31	* emulate it using the KAME implementation.
	32	**/
	33
	34	#include "rsync.h"
	35
	36	static const char default_name[] = "UNKNOWN";
	37
	38
	39	/**
	40	* Return the IP addr of the client as a string
	41	**/
	42	char *client_addr(int fd)
	43	{
	44	struct sockaddr_storage ss;
	45	socklen_t length = sizeof ss;
	46	static char addr_buf[100];
	47	static int initialised;
	48
	49	if (initialised) return addr_buf;
	50
	51	initialised = 1;
	52
	53	client_sockaddr(fd, &ss, &length);
	54
	55	getnameinfo((struct sockaddr *)&ss, length,
	56	addr_buf, sizeof(addr_buf), NULL, 0, NI_NUMERICHOST);
	57
	58	return addr_buf;
	59	}
	60
	61
	62	static int get_sockaddr_family(const struct sockaddr_storage *ss)
	63	{
	64	return ((struct sockaddr *) ss)->sa_family;
	65	}
	66
	67
	68	/**
	69	* Return the DNS name of the client.
	70	*
	71	* The name is statically cached so that repeated lookups are quick,
	72	* so there is a limit of one lookup per customer.
	73	*
	74	* If anything goes wrong, including the name->addr->name check, then
	75	* we just use "UNKNOWN", so you can use that value in hosts allow
	76	* lines.
	77	**/
	78	char *client_name(int fd)
	79	{
	80	struct sockaddr_storage ss;
	81	socklen_t ss_len = sizeof ss;
	82	static char name_buf[100];
	83	static char port_buf[100];
	84	static int initialised;
	85
	86	if (initialised) return name_buf;
	87
	88	strcpy(name_buf, default_name);
	89	initialised = 1;
	90
	91	client_sockaddr(fd, &ss, &ss_len);
	92
	93	if (!lookup_name(fd, &ss, ss_len, name_buf, sizeof name_buf, port_buf, sizeof port_buf))
	94	check_name(fd, &ss, ss_len, name_buf, port_buf);
	95
	96	return name_buf;
	97	}
	98
	99
	100
	101	/**
	102	* Get the sockaddr for the client.
	103	**/
	104	void client_sockaddr(int fd,
	105	struct sockaddr_storage *ss,
	106	socklen_t *ss_len)
	107	{
	108	if (getpeername(fd, (struct sockaddr *) ss, ss_len)) {
	109	/* FIXME: Can we really not continue? */
	110	rprintf(FERROR, RSYNC_NAME ": getpeername on fd%d failed: %s\n",
	111	fd, strerror(errno));
	112	exit_cleanup(RERR_SOCKETIO);
	113	}
	114
	115	#ifdef INET6
	116	if (get_sockaddr_family(ss) == AF_INET6 &&
	117	IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)ss)->sin6_addr)) {
	118	/* OK, so ss is in the IPv6 family, but it is really
	119	* an IPv4 address: something like
	120	* "::ffff:10.130.1.2". If we use it as-is, then the
	121	* reverse lookup might fail or perhaps something else
	122	* bad might happen. So instead we convert it to an
	123	* equivalent address in the IPv4 address family. */
	124	struct sockaddr_in6 sin6;
	125	struct sockaddr_in *sin;
	126
	127	memcpy(&sin6, ss, sizeof(sin6));
	128	sin = (struct sockaddr_in *)ss;
	129	memset(sin, 0, sizeof(*sin));
	130	sin->sin_family = AF_INET;
	131	*ss_len = sizeof(struct sockaddr_in);
	132	#ifdef HAVE_SOCKADDR_LEN
	133	sin->sin_len = *ss_len;
	134	#endif
	135	sin->sin_port = sin6.sin6_port;
	136
	137	/* There is a macro to extract the mapped part
	138	* (IN6_V4MAPPED_TO_SINADDR ?), but it does not seem
	139	* to be present in the Linux headers. */
	140	memcpy(&sin->sin_addr, &sin6.sin6_addr.s6_addr[12],
	141	sizeof(sin->sin_addr));
	142	}
	143	#endif
	144	}
	145
	146
	147	/**
	148	* Look up a name from @p ss into @p name_buf.
	149	**/
	150	int lookup_name(int fd, const struct sockaddr_storage *ss,
	151	socklen_t ss_len,
	152	char *name_buf, size_t name_buf_len,
	153	char *port_buf, size_t port_buf_len)
	154	{
	155	int name_err;
	156
	157	/* reverse lookup */
	158	name_err = getnameinfo((struct sockaddr *) ss, ss_len,
	159	name_buf, name_buf_len,
	160	port_buf, port_buf_len,
	161	NI_NAMEREQD \| NI_NUMERICSERV);
	162	if (name_err != 0) {
	163	strcpy(name_buf, default_name);
	164	rprintf(FERROR, RSYNC_NAME ": name lookup failed for %s: %s\n",
	165	client_addr(fd),
	166	gai_strerror(name_err));
	167	return name_err;
	168	}
	169
	170	return 0;
	171	}
	172
	173
	174
	175	/* Do a forward lookup on name_buf and make sure it corresponds to ss
	176	* -- otherwise we may be being spoofed. If we suspect we are, then
	177	* we don't abort the connection but just emit a warning. */
	178	int check_name(int fd,
	179	const struct sockaddr_storage *ss,
	180	socklen_t ss_len,
	181	char *name_buf,
	182	const char *port_buf)
	183	{
	184	struct addrinfo hints, res, res0;
	185	int error;
	186	int ss_family = get_sockaddr_family(ss);
	187
	188	memset(&hints, 0, sizeof(hints));
	189	hints.ai_family = PF_UNSPEC;
	190	hints.ai_flags = ss_family;
	191	hints.ai_socktype = SOCK_STREAM;
	192	error = getaddrinfo(name_buf, port_buf, &hints, &res0);
	193	if (error) {
	194	rprintf(FERROR,
	195	RSYNC_NAME ": forward name lookup for %s:%s failed: %s\n",
	196	name_buf, port_buf,
	197	gai_strerror(error));
	198	strcpy(name_buf, default_name);
	199	return error;
	200	}
	201
	202
	203	/* We expect that one of the results will be the same as ss. */
	204	for (res = res0; res; res = res->ai_next) {
	205	if (res->ai_family != ss_family) {
	206	rprintf(FERROR,
	207	"check_name: response family %d != %d\n",
	208	res->ai_family, ss_family);
	209	continue;
	210	}
	211	if (res->ai_addrlen != ss_len) {
	212	rprintf(FERROR,
	213	"check_name: addrlen %d != %d\n",
	214	res->ai_addrlen, ss_len);
	215	continue;
	216	}
	217	if (memcmp(res->ai_addr, ss, res->ai_addrlen) == 0) {
	218	rprintf(FERROR,
	219	"check_name: %d bytes of address identical\n",
	220	res->ai_addrlen);
	221	break;
	222	} else{
	223	rprintf(FERROR,
	224	"check_name: %d bytes of address NOT identical\n",
	225	res->ai_addrlen);
	226	}
	227	}
	228
	229	if (!res0) {
	230	/* We hit the end of the list without finding an
	231	* address that was the same as ss. */
	232	rprintf(FERROR, RSYNC_NAME
	233	": no known address for \"%s\": "
	234	"spoofed address?\n",
	235	name_buf);
	236	strcpy(name_buf, default_name);
	237	}
	238	if (res == NULL) {
	239	/* We hit the end of the list without finding an
	240	* address that was the same as ss. */
	241	rprintf(FERROR, RSYNC_NAME
	242	": %s is not a known address for \"%s\": "
	243	"spoofed address?\n",
	244	client_addr(fd),
	245	name_buf);
	246	strcpy(name_buf, default_name);
	247	}
	248
	249	freeaddrinfo(res0);
	250	return 0;
	251	}
	252