#include "rsync.h"
-static const char default_name[] = "UNKNOWN";
-
/* Establish a proxy connection on an open socket to a web roxy by
* using the CONNECT method. */
}
}
-/**
- * Return the IP addr of the client as a string
- **/
-char *client_addr(int fd)
-{
- struct sockaddr_storage ss;
- socklen_t length = sizeof ss;
- static char addr_buf[100];
- static int initialised;
-
- if (initialised) return addr_buf;
-
- initialised = 1;
-
- client_sockaddr(fd, &ss, &length);
-
- getnameinfo((struct sockaddr *)&ss, length,
- addr_buf, sizeof(addr_buf), NULL, 0, NI_NUMERICHOST);
-
- return addr_buf;
-}
-
-
-static int get_sockaddr_family(const struct sockaddr_storage *ss)
-{
- return ((struct sockaddr *) ss)->sa_family;
-}
-
-
-/**
- * Return the DNS name of the client.
- *
- * The name is statically cached so that repeated lookups are quick,
- * so there is a limit of one lookup per customer.
- *
- * If anything goes wrong, including the name->addr->name check, then
- * we just use "UNKNOWN", so you can use that value in hosts allow
- * lines.
- **/
-char *client_name(int fd)
-{
- struct sockaddr_storage ss;
- socklen_t ss_len = sizeof ss;
- static char name_buf[100];
- static char port_buf[100];
- static int initialised;
-
- if (initialised) return name_buf;
-
- strcpy(name_buf, default_name);
- initialised = 1;
-
- client_sockaddr(fd, &ss, &ss_len);
-
- if (!lookup_name(fd, &ss, ss_len, name_buf, sizeof name_buf, port_buf, sizeof port_buf))
- check_name(fd, &ss, ss_len, name_buf, port_buf);
-
- return name_buf;
-}
-
-
-
-/**
- * Get the sockaddr for the client.
- **/
-void client_sockaddr(int fd,
- struct sockaddr_storage *ss,
- socklen_t *ss_len)
-{
- if (getpeername(fd, (struct sockaddr *) ss, ss_len)) {
- /* FIXME: Can we really not continue? */
- rprintf(FERROR, RSYNC_NAME ": getpeername on fd%d failed: %s\n",
- fd, strerror(errno));
- exit_cleanup(RERR_SOCKETIO);
- }
-
-#ifdef INET6
- if (get_sockaddr_family(ss) == AF_INET6 &&
- IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)ss)->sin6_addr)) {
- /* OK, so ss is in the IPv6 family, but it is really
- * an IPv4 address: something like
- * "::ffff:10.130.1.2". If we use it as-is, then the
- * reverse lookup might fail or perhaps something else
- * bad might happen. So instead we convert it to an
- * equivalent address in the IPv4 address family. */
- struct sockaddr_in6 sin6;
- struct sockaddr_in *sin;
-
- memcpy(&sin6, ss, sizeof(sin6));
- sin = (struct sockaddr_in *)ss;
- memset(sin, 0, sizeof(*sin));
- sin->sin_family = AF_INET;
- *ss_len = sizeof(struct sockaddr_in);
-#ifdef HAVE_SOCKADDR_LEN
- sin->sin_len = *ss_len;
-#endif
- sin->sin_port = sin6.sin6_port;
-
- /* There is a macro to extract the mapped part
- * (IN6_V4MAPPED_TO_SINADDR ?), but it does not seem
- * to be present in the Linux headers. */
- memcpy(&sin->sin_addr, &sin6.sin6_addr.s6_addr[12],
- sizeof(sin->sin_addr));
- }
-#endif
-}
-
-
-/**
- * Look up a name from @p ss into @p name_buf.
- **/
-int lookup_name(int fd, const struct sockaddr_storage *ss,
- socklen_t ss_len,
- char *name_buf, size_t name_buf_len,
- char *port_buf, size_t port_buf_len)
-{
- int name_err;
-
- /* reverse lookup */
- name_err = getnameinfo((struct sockaddr *) ss, ss_len,
- name_buf, name_buf_len,
- port_buf, port_buf_len,
- NI_NAMEREQD | NI_NUMERICSERV);
- if (name_err != 0) {
- strcpy(name_buf, default_name);
- rprintf(FERROR, RSYNC_NAME ": name lookup failed for %s: %s\n",
- client_addr(fd),
- gai_strerror(name_err));
- return name_err;
- }
-
- return 0;
-}
-
-
-
-/* Do a forward lookup on name_buf and make sure it corresponds to ss
- * -- otherwise we may be being spoofed. If we suspect we are, then
- * we don't abort the connection but just emit a warning. */
-int check_name(int fd,
- const struct sockaddr_storage *ss,
- socklen_t ss_len,
- char *name_buf,
- const char *port_buf)
-{
- struct addrinfo hints, *res, *res0;
- int error;
- int ss_family = get_sockaddr_family(ss);
-
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = PF_UNSPEC;
- hints.ai_flags = ss_family;
- hints.ai_socktype = SOCK_STREAM;
- error = getaddrinfo(name_buf, port_buf, &hints, &res0);
- if (error) {
- rprintf(FERROR,
- RSYNC_NAME ": forward name lookup for %s:%s failed: %s\n",
- name_buf, port_buf,
- gai_strerror(error));
- strcpy(name_buf, default_name);
- return error;
- }
-
-
- /* We expect that one of the results will be the same as ss. */
- for (res = res0; res; res = res->ai_next) {
- if (res->ai_family != ss_family) {
- rprintf(FERROR,
- "check_name: response family %d != %d\n",
- res->ai_family, ss_family);
- continue;
- }
- if (res->ai_addrlen != ss_len) {
- rprintf(FERROR,
- "check_name: addrlen %d != %d\n",
- res->ai_addrlen, ss_len);
- continue;
- }
- if (memcmp(res->ai_addr, ss, res->ai_addrlen) == 0) {
- rprintf(FERROR,
- "check_name: %d bytes of address identical\n",
- res->ai_addrlen);
- break;
- } else{
- rprintf(FERROR,
- "check_name: %d bytes of address NOT identical\n",
- res->ai_addrlen);
- }
- }
-
- if (!res0) {
- /* We hit the end of the list without finding an
- * address that was the same as ss. */
- rprintf(FERROR, RSYNC_NAME
- ": no known address for \"%s\": "
- "spoofed address?\n",
- name_buf);
- strcpy(name_buf, default_name);
- }
- if (res == NULL) {
- /* We hit the end of the list without finding an
- * address that was the same as ss. */
- rprintf(FERROR, RSYNC_NAME
- ": %s is not a known address for \"%s\": "
- "spoofed address?\n",
- client_addr(fd),
- name_buf);
- strcpy(name_buf, default_name);
- }
-
- freeaddrinfo(res0);
- return 0;
-}
-
/*******************************************************************
this is like socketpair but uses tcp. It is used by the Samba
Matt McCutchen's Web Site / rsync / rsync.git / blobdiff