/* -*- c-file-style: "linux" -*-
+ rsync -- fast file replication program
+
Copyright (C) 1992-2001 by Andrew Tridgell <tridge@samba.org>
- Copyright (C) 2001 by Martin Pool <mbp@samba.org>
+ Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
* @file socket.c
*
* Socket functions used in rsync.
+ *
+ * This file is now converted to use the new-style getaddrinfo()
+ * interface, which supports IPv6 but is also supported on recent
+ * IPv4-only machines. On systems that don't have that interface, we
+ * emulate it using the KAME implementation.
**/
#include "rsync.h"
+static const char default_name[] = "UNKNOWN";
+
+static int lookup_name(const struct sockaddr_storage *ss,
+ socklen_t ss_len,
+ char *name_buf, size_t name_buf_len,
+ char *port_buf, size_t port_buf_len);
+
+static int check_name(const struct sockaddr_storage *ss,
+ socklen_t ss_len,
+ char *name_buf,
+ const char *port_buf);
+
/* Establish a proxy connection on an open socket to a web roxy by
* using the CONNECT method. */
static int establish_proxy_connection(int fd, char *host, int port)
bhints.ai_family = ai_family;
bhints.ai_socktype = ai_socktype;
bhints.ai_flags = AI_PASSIVE;
- if (getaddrinfo(bind_address, NULL, &bhints, &bres_all) == -1) {
+ if ((error = getaddrinfo(bind_address, NULL, &bhints, &bres_all))) {
rprintf(FERROR, RSYNC_NAME ": getaddrinfo %s: %s\n",
bind_address, gai_strerror(error));
return -1;
int type = SOCK_STREAM;
int error;
int s;
- int result;
struct addrinfo hints, *res0, *res;
char portbuf[10];
char *h;
fd_set fds;
int fd;
struct sockaddr_storage addr;
- int addrlen = sizeof(addr);
+ socklen_t addrlen = sizeof addr;
/* close log file before the potentially very long select so
file can be trimmed by another process instead of growing
char *client_addr(int fd)
{
struct sockaddr_storage ss;
- int length = sizeof(ss);
+ socklen_t length = sizeof ss;
static char addr_buf[100];
static int initialised;
/**
- * Return the DNS name of the client
+ * Return the DNS name of the client.
+ *
+ * The name is statically cached so that repeated lookups are quick,
+ * so there is a limit of one lookup per customer.
+ *
+ * If anything goes wrong, including the name->addr->name check, then
+ * we just use "UNKNOWN", so you can use that value in hosts allow
+ * lines.
**/
char *client_name(int fd)
{
struct sockaddr_storage ss;
- int length = sizeof(ss);
+ socklen_t ss_len = sizeof ss;
static char name_buf[100];
static char port_buf[100];
- char *def = "UNKNOWN";
static int initialised;
- struct addrinfo hints, *res, *res0;
- int error;
if (initialised) return name_buf;
+ strcpy(name_buf, default_name);
initialised = 1;
- strcpy(name_buf,def);
-
- if (getpeername(fd, (struct sockaddr *)&ss, &length)) {
+ if (getpeername(fd, (struct sockaddr *)&ss, &ss_len)) {
/* FIXME: Can we really not continue? */
rprintf(FERROR, RSYNC_NAME ": getpeername on fd%d failed: %s\n",
fd, strerror(errno));
exit_cleanup(RERR_SOCKETIO);
}
+ if (!lookup_name(&ss, ss_len, name_buf, sizeof name_buf, port_buf, sizeof port_buf))
+ check_name(&ss, ss_len, name_buf, port_buf);
+
+ return name_buf;
+}
+
+
+/**
+ * Look up a name from @p ss into @p name_buf.
+ **/
+static int lookup_name(const struct sockaddr_storage *ss,
+ socklen_t ss_len,
+ char *name_buf, size_t name_buf_len,
+ char *port_buf, size_t port_buf_len)
+{
+ int name_err;
+
#ifdef INET6
- if (get_sockaddr_family(&ss) == AF_INET6 &&
- IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&ss)->sin6_addr)) {
+ if (get_sockaddr_family(ss) == AF_INET6 &&
+ IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)ss)->sin6_addr)) {
+ /* OK, so ss is in the IPv6 family, but it is really
+ * an IPv4 address: something like
+ * "::ffff:10.130.1.2". If we use it as-is, then the
+ * reverse lookup might fail or perhaps something else
+ * bad might happen. So instead we convert it to an
+ * equivalent address in the IPv4 address family. */
struct sockaddr_in6 sin6;
struct sockaddr_in *sin;
- memcpy(&sin6, &ss, sizeof(sin6));
- sin = (struct sockaddr_in *)&ss;
+ memcpy(&sin6, ss, sizeof(sin6));
+ sin = (struct sockaddr_in *)ss;
memset(sin, 0, sizeof(*sin));
sin->sin_family = AF_INET;
- length = sizeof(struct sockaddr_in);
+ ss_len = sizeof(struct sockaddr_in);
#ifdef HAVE_SOCKADDR_LEN
- sin->sin_len = length;
+ sin->sin_len = ss_len;
#endif
sin->sin_port = sin6.sin6_port;
+ /* FIXME: Isn't there a macro we can use here rather
+ * than grovelling through the struct? It might be
+ * wrong on some systems. */
memcpy(&sin->sin_addr, &sin6.sin6_addr.s6_addr[12],
sizeof(sin->sin_addr));
}
#endif
/* reverse lookup */
- if (getnameinfo((struct sockaddr *)&ss, length,
- name_buf, sizeof(name_buf), port_buf, sizeof(port_buf),
- NI_NAMEREQD | NI_NUMERICSERV) != 0) {
- strcpy(name_buf, def);
- rprintf(FERROR, "reverse name lookup failed\n");
+ name_err = getnameinfo((struct sockaddr *) ss, ss_len,
+ name_buf, name_buf_len,
+ port_buf, port_buf_len,
+ NI_NAMEREQD | NI_NUMERICSERV);
+ if (name_err != 0) {
+ strcpy(name_buf, default_name);
+ rprintf(FERROR, RSYNC_NAME ": name lookup failed: %s\n",
+ gai_strerror(name_err));
+ return name_err;
}
- /* forward lookup */
+ return 0;
+}
+
+
+
+/* Do a forward lookup on name_buf and make sure it corresponds to ss
+ * -- otherwise we may be being spoofed. If we suspect we are, then
+ * we don't abort the connection but just emit a warning. */
+static int check_name(const struct sockaddr_storage *ss,
+ socklen_t ss_len,
+ char *name_buf,
+ const char *port_buf)
+{
+ struct addrinfo hints, *res, *res0;
+ int error;
+
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_flags = AI_CANONNAME;
hints.ai_socktype = SOCK_STREAM;
error = getaddrinfo(name_buf, port_buf, &hints, &res0);
if (error) {
- strcpy(name_buf, def);
+ strcpy(name_buf, default_name);
rprintf(FERROR,
- RSYNC_NAME ": forward name lookup for %s failed: %s\n",
- port_buf,
+ RSYNC_NAME ": forward name lookup for %s:%s failed: %s\n",
+ name_buf, port_buf,
gai_strerror(error));
- return name_buf;
+ return error;
}
- /* XXX sin6_flowinfo and other fields */
+
+ /* We expect that one of the results will be the same as ss. */
for (res = res0; res; res = res->ai_next) {
- if (res->ai_family != get_sockaddr_family(&ss))
+ if (res->ai_family != get_sockaddr_family(ss))
continue;
- if (res->ai_addrlen != length)
+ if (res->ai_addrlen != ss_len)
continue;
- if (memcmp(res->ai_addr, &ss, res->ai_addrlen) == 0)
+ if (memcmp(res->ai_addr, ss, res->ai_addrlen) == 0)
break;
}
- /* TODO: Do a forward lookup as well to prevent spoofing */
-
if (res == NULL) {
- strcpy(name_buf, def);
- rprintf(FERROR, RSYNC_NAME ": "
- "reverse name lookup mismatch on fd%d - spoofed address?\n",
- fd);
+ strcpy(name_buf, default_name);
+ /* We hit the end of the list without finding an
+ * address that was the same as ss. */
+ rprintf(FERROR, RSYNC_NAME
+ ": no address record for \"%s\" corresponds to peer name: spoofed address?\n",
+ name_buf);
}
freeaddrinfo(res0);
- return name_buf;
+ return 0;
}
}
-/*******************************************************************
-run a program on a local tcp socket, this is used to launch smbd
-when regression testing
-the return value is a socket which is attached to a subprocess
-running "prog". stdin and stdout are attached. stderr is left
-attached to the original stderr
- ******************************************************************/
+
+/**
+ * Run a program on a local tcp socket, so that we can talk to it's
+ * stdin and stdout. This is used to fake a connection to a daemon
+ * for testing -- not for the normal case of running SSH.
+ *
+ * @return a socket which is attached to a subprocess running
+ * "prog". stdin and stdout are attached. stderr is left attached to
+ * the original stderr
+ **/
int sock_exec(const char *prog)
{
int fd[2];
+
if (socketpair_tcp(fd) != 0) {
rprintf (FERROR, RSYNC_NAME
": socketpair_tcp failed (%s)\n",
close(1);
dup(fd[1]);
dup(fd[1]);
- if (verbose > 3)
+ if (verbose > 3) {
+ /* Can't use rprintf because we've forked. */
fprintf (stderr,
RSYNC_NAME ": execute socket program \"%s\"\n",
prog);
+ }
exit (system (prog));
}
close (fd[1]);
Matt McCutchen's Web Site / rsync / rsync.git / blobdiff