+
+/**
+ * Return the IP addr of the client as a string
+ **/
+char *client_addr(int fd)
+{
+ struct sockaddr_storage ss;
+ socklen_t length = sizeof ss;
+ static char addr_buf[100];
+ static int initialised;
+
+ if (initialised) return addr_buf;
+
+ initialised = 1;
+
+ client_sockaddr(fd, &ss, &length);
+
+ getnameinfo((struct sockaddr *)&ss, length,
+ addr_buf, sizeof(addr_buf), NULL, 0, NI_NUMERICHOST);
+
+ return addr_buf;
+}
+
+
+static int get_sockaddr_family(const struct sockaddr_storage *ss)
+{
+ return ((struct sockaddr *) ss)->sa_family;
+}
+
+
+/**
+ * Return the DNS name of the client.
+ *
+ * The name is statically cached so that repeated lookups are quick,
+ * so there is a limit of one lookup per customer.
+ *
+ * If anything goes wrong, including the name->addr->name check, then
+ * we just use "UNKNOWN", so you can use that value in hosts allow
+ * lines.
+ **/
+char *client_name(int fd)
+{
+ struct sockaddr_storage ss;
+ socklen_t ss_len = sizeof ss;
+ static char name_buf[100];
+ static char port_buf[100];
+ static int initialised;
+
+ if (initialised) return name_buf;
+
+ strcpy(name_buf, default_name);
+ initialised = 1;
+
+ client_sockaddr(fd, &ss, &ss_len);
+
+ if (!lookup_name(fd, &ss, ss_len, name_buf, sizeof name_buf, port_buf, sizeof port_buf))
+ check_name(fd, &ss, ss_len, name_buf, port_buf);
+
+ return name_buf;
+}
+
+
+
+/**
+ * Get the sockaddr for the client.
+ **/
+void client_sockaddr(int fd,
+ struct sockaddr_storage *ss,
+ socklen_t *ss_len)
+{
+ if (getpeername(fd, (struct sockaddr *) ss, ss_len)) {
+ /* FIXME: Can we really not continue? */
+ rprintf(FERROR, RSYNC_NAME ": getpeername on fd%d failed: %s\n",
+ fd, strerror(errno));
+ exit_cleanup(RERR_SOCKETIO);
+ }
+
+#ifdef INET6
+ if (get_sockaddr_family(ss) == AF_INET6 &&
+ IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)ss)->sin6_addr)) {
+ /* OK, so ss is in the IPv6 family, but it is really
+ * an IPv4 address: something like
+ * "::ffff:10.130.1.2". If we use it as-is, then the
+ * reverse lookup might fail or perhaps something else
+ * bad might happen. So instead we convert it to an
+ * equivalent address in the IPv4 address family. */
+ struct sockaddr_in6 sin6;
+ struct sockaddr_in *sin;
+
+ memcpy(&sin6, ss, sizeof(sin6));
+ sin = (struct sockaddr_in *)ss;
+ memset(sin, 0, sizeof(*sin));
+ sin->sin_family = AF_INET;
+ *ss_len = sizeof(struct sockaddr_in);
+#ifdef HAVE_SOCKADDR_LEN
+ sin->sin_len = *ss_len;
+#endif
+ sin->sin_port = sin6.sin6_port;
+
+ /* There is a macro to extract the mapped part
+ * (IN6_V4MAPPED_TO_SINADDR ?), but it does not seem
+ * to be present in the Linux headers. */
+ memcpy(&sin->sin_addr, &sin6.sin6_addr.s6_addr[12],
+ sizeof(sin->sin_addr));
+ }
+#endif
+}
+
+
+/**
+ * Look up a name from @p ss into @p name_buf.
+ **/
+int lookup_name(int fd, const struct sockaddr_storage *ss,
+ socklen_t ss_len,
+ char *name_buf, size_t name_buf_len,
+ char *port_buf, size_t port_buf_len)
+{
+ int name_err;
+
+ /* reverse lookup */
+ name_err = getnameinfo((struct sockaddr *) ss, ss_len,
+ name_buf, name_buf_len,
+ port_buf, port_buf_len,
+ NI_NAMEREQD | NI_NUMERICSERV);
+ if (name_err != 0) {
+ strcpy(name_buf, default_name);
+ rprintf(FERROR, RSYNC_NAME ": name lookup failed for %s: %s\n",
+ client_addr(fd),
+ gai_strerror(name_err));
+ return name_err;
+ }
+
+ return 0;
+}
+
+
+
+/* Do a forward lookup on name_buf and make sure it corresponds to ss
+ * -- otherwise we may be being spoofed. If we suspect we are, then
+ * we don't abort the connection but just emit a warning. */
+int check_name(int fd,
+ const struct sockaddr_storage *ss,
+ socklen_t ss_len,
+ char *name_buf,
+ const char *port_buf)
+{
+ struct addrinfo hints, *res, *res0;
+ int error;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_flags = get_sockaddr_family(ss);
+ hints.ai_socktype = SOCK_STREAM;
+ error = getaddrinfo(name_buf, port_buf, &hints, &res0);
+ if (error) {
+ rprintf(FERROR,
+ RSYNC_NAME ": forward name lookup for %s:%s failed: %s\n",
+ name_buf, port_buf,
+ gai_strerror(error));
+ strcpy(name_buf, default_name);
+ return error;
+ }
+
+
+ /* We expect that one of the results will be the same as ss. */
+ for (res = res0; res; res = res->ai_next) {
+ if (res->ai_family != get_sockaddr_family(ss))
+ continue;
+ if (res->ai_addrlen != ss_len)
+ continue;
+ if (memcmp(res->ai_addr, ss, res->ai_addrlen) == 0)
+ break;
+ }
+
+ if (res == NULL) {
+ /* We hit the end of the list without finding an
+ * address that was the same as ss. */
+ rprintf(FERROR, RSYNC_NAME
+ ": %s is not a known address for \"%s\": "
+ "spoofed address?\n",
+ client_addr(fd),
+ name_buf);
+ strcpy(name_buf, default_name);
+ }
+
+ freeaddrinfo(res0);
+ return 0;
+}
+
+
+/*******************************************************************
+this is like socketpair but uses tcp. It is used by the Samba
+regression test code
+The function guarantees that nobody else can attach to the socket,
+or if they do that this function fails and the socket gets closed
+returns 0 on success, -1 on failure
+the resulting file descriptors are symmetrical
+ ******************************************************************/
+static int socketpair_tcp(int fd[2])
+{
+ int listener;
+ struct sockaddr_in sock;
+ struct sockaddr_in sock2;
+ socklen_t socklen = sizeof(sock);
+ int connect_done = 0;
+
+ fd[0] = fd[1] = listener = -1;
+
+ memset(&sock, 0, sizeof(sock));
+
+ if ((listener = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed;
+
+ memset(&sock2, 0, sizeof(sock2));
+#ifdef HAVE_SOCK_SIN_LEN
+ sock2.sin_len = sizeof(sock2);
+#endif
+ sock2.sin_family = PF_INET;
+
+ bind(listener, (struct sockaddr *)&sock2, sizeof(sock2));
+
+ if (listen(listener, 1) != 0) goto failed;
+
+ if (getsockname(listener, (struct sockaddr *)&sock, &socklen) != 0) goto failed;
+
+ if ((fd[1] = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed;
+
+ set_nonblocking(fd[1]);
+
+ sock.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+
+ if (connect(fd[1],(struct sockaddr *)&sock,sizeof(sock)) == -1) {
+ if (errno != EINPROGRESS) goto failed;
+ } else {
+ connect_done = 1;
+ }
+
+ if ((fd[0] = accept(listener, (struct sockaddr *)&sock, &socklen)) == -1) goto failed;
+
+ close(listener);
+ if (connect_done == 0) {
+ if (connect(fd[1],(struct sockaddr *)&sock,sizeof(sock)) != 0
+ && errno != EISCONN) goto failed;
+ }
+
+ set_blocking (fd[1]);
+
+ /* all OK! */
+ return 0;
+
+ failed:
+ if (fd[0] != -1) close(fd[0]);
+ if (fd[1] != -1) close(fd[1]);
+ if (listener != -1) close(listener);
+ return -1;
+}
+
+
+
+/**
+ * Run a program on a local tcp socket, so that we can talk to it's
+ * stdin and stdout. This is used to fake a connection to a daemon
+ * for testing -- not for the normal case of running SSH.
+ *
+ * @return a socket which is attached to a subprocess running
+ * "prog". stdin and stdout are attached. stderr is left attached to
+ * the original stderr
+ **/
+int sock_exec(const char *prog)
+{
+ int fd[2];
+
+ if (socketpair_tcp(fd) != 0) {
+ rprintf (FERROR, RSYNC_NAME
+ ": socketpair_tcp failed (%s)\n",
+ strerror(errno));
+ return -1;
+ }
+ if (fork() == 0) {
+ close(fd[0]);
+ close(0);
+ close(1);
+ dup(fd[1]);
+ dup(fd[1]);
+ if (verbose > 3) {
+ /* Can't use rprintf because we've forked. */
+ fprintf (stderr,
+ RSYNC_NAME ": execute socket program \"%s\"\n",
+ prog);
+ }
+ exit (system (prog));
+ }
+ close (fd[1]);
+ return fd[0];
+}
+
+
+