1 /* -*- c-file-style: "linux" -*-
3 rsync -- fast file replication program
5 Copyright (C) 1992-2001 by Andrew Tridgell <tridge@samba.org>
6 Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 * Functions for looking up the remote name or addr of a socket.
28 * This file is now converted to use the new-style getaddrinfo()
29 * interface, which supports IPv6 but is also supported on recent
30 * IPv4-only machines. On systems that don't have that interface, we
31 * emulate it using the KAME implementation.
36 static const char default_name
[] = "UNKNOWN";
42 * Return the IP addr of the client as a string
44 char *client_addr(int fd
)
46 struct sockaddr_storage ss
;
47 socklen_t length
= sizeof ss
;
50 static char addr_buf
[100];
51 static int initialised
;
53 if (initialised
) return addr_buf
;
58 /* daemon over --rsh mode */
59 strcpy(addr_buf
, "0.0.0.0");
60 if ((ssh_client
= getenv("SSH_CLIENT")) != NULL
) {
61 /* truncate SSH_CLIENT to just IP address */
62 p
= strchr(ssh_client
, ' ');
64 len
= MIN((unsigned int) (p
- ssh_client
),
65 sizeof(addr_buf
) - 1);
66 strncpy(addr_buf
, ssh_client
, len
);
67 *(addr_buf
+ len
) = '\0';
71 client_sockaddr(fd
, &ss
, &length
);
72 getnameinfo((struct sockaddr
*)&ss
, length
,
73 addr_buf
, sizeof addr_buf
, NULL
, 0, NI_NUMERICHOST
);
80 static int get_sockaddr_family(const struct sockaddr_storage
*ss
)
82 return ((struct sockaddr
*) ss
)->sa_family
;
87 * Return the DNS name of the client.
89 * The name is statically cached so that repeated lookups are quick,
90 * so there is a limit of one lookup per customer.
92 * If anything goes wrong, including the name->addr->name check, then
93 * we just use "UNKNOWN", so you can use that value in hosts allow
96 * After translation from sockaddr to name we do a forward lookup to
97 * make sure nobody is spoofing PTR records.
99 char *client_name(int fd
)
101 static char name_buf
[100];
102 static char port_buf
[100];
103 static int initialised
;
104 struct sockaddr_storage ss
, *ssp
;
105 struct sockaddr_in sin
;
107 struct sockaddr_in6 sin6
;
111 if (initialised
) return name_buf
;
113 strcpy(name_buf
, default_name
);
117 /* daemon over --rsh mode */
119 char *addr
= client_addr(fd
);
124 for (p
= addr
; *p
&& (dots
<= 3); p
++) {
129 /* more than 4 parts to IP address, must be ipv6 */
130 ssp
= (struct sockaddr_storage
*) &sin6
;
131 ss_len
= sizeof sin6
;
132 memset(ssp
, 0, ss_len
);
133 inet_pton(AF_INET6
, addr
, &sin6
.sin6_addr
.s6_addr
);
134 sin6
.sin6_family
= AF_INET6
;
138 ssp
= (struct sockaddr_storage
*) &sin
;
140 memset(ssp
, 0, ss_len
);
141 inet_pton(AF_INET
, addr
, &sin
.sin_addr
.s_addr
);
142 sin
.sin_family
= AF_INET
;
149 client_sockaddr(fd
, &ss
, &ss_len
);
153 if (!lookup_name(fd
, ssp
, ss_len
, name_buf
, sizeof name_buf
,
154 port_buf
, sizeof port_buf
))
155 check_name(fd
, ssp
, name_buf
);
163 * Get the sockaddr for the client.
165 * If it comes in as an ipv4 address mapped into IPv6 format then we
166 * convert it back to a regular IPv4.
168 void client_sockaddr(int fd
,
169 struct sockaddr_storage
*ss
,
172 if (getpeername(fd
, (struct sockaddr
*) ss
, ss_len
)) {
173 /* FIXME: Can we really not continue? */
174 rprintf(FERROR
, RSYNC_NAME
": getpeername on fd%d failed: %s\n",
175 fd
, strerror(errno
));
176 exit_cleanup(RERR_SOCKETIO
);
180 if (get_sockaddr_family(ss
) == AF_INET6
&&
181 IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6
*)ss
)->sin6_addr
)) {
182 /* OK, so ss is in the IPv6 family, but it is really
183 * an IPv4 address: something like
184 * "::ffff:10.130.1.2". If we use it as-is, then the
185 * reverse lookup might fail or perhaps something else
186 * bad might happen. So instead we convert it to an
187 * equivalent address in the IPv4 address family. */
188 struct sockaddr_in6 sin6
;
189 struct sockaddr_in
*sin
;
191 memcpy(&sin6
, ss
, sizeof(sin6
));
192 sin
= (struct sockaddr_in
*)ss
;
193 memset(sin
, 0, sizeof(*sin
));
194 sin
->sin_family
= AF_INET
;
195 *ss_len
= sizeof(struct sockaddr_in
);
196 #ifdef HAVE_SOCKADDR_LEN
197 sin
->sin_len
= *ss_len
;
199 sin
->sin_port
= sin6
.sin6_port
;
201 /* There is a macro to extract the mapped part
202 * (IN6_V4MAPPED_TO_SINADDR ?), but it does not seem
203 * to be present in the Linux headers. */
204 memcpy(&sin
->sin_addr
, &sin6
.sin6_addr
.s6_addr
[12],
205 sizeof(sin
->sin_addr
));
212 * Look up a name from @p ss into @p name_buf.
214 * @param fd file descriptor for client socket.
216 int lookup_name(int fd
, const struct sockaddr_storage
*ss
,
218 char *name_buf
, size_t name_buf_len
,
219 char *port_buf
, size_t port_buf_len
)
224 name_err
= getnameinfo((struct sockaddr
*) ss
, ss_len
,
225 name_buf
, name_buf_len
,
226 port_buf
, port_buf_len
,
227 NI_NAMEREQD
| NI_NUMERICSERV
);
229 strcpy(name_buf
, default_name
);
230 rprintf(FERROR
, RSYNC_NAME
": name lookup failed for %s: %s\n",
232 gai_strerror(name_err
));
242 * Compare an addrinfo from the resolver to a sockinfo.
244 * Like strcmp, returns 0 for identical.
246 int compare_addrinfo_sockaddr(const struct addrinfo
*ai
,
247 const struct sockaddr_storage
*ss
)
249 int ss_family
= get_sockaddr_family(ss
);
250 const char fn
[] = "compare_addrinfo_sockaddr";
252 if (ai
->ai_family
!= ss_family
) {
254 "%s: response family %d != %d\n",
255 fn
, ai
->ai_family
, ss_family
);
259 /* The comparison method depends on the particular AF. */
260 if (ss_family
== AF_INET
) {
261 const struct sockaddr_in
*sin1
, *sin2
;
263 sin1
= (const struct sockaddr_in
*) ss
;
264 sin2
= (const struct sockaddr_in
*) ai
->ai_addr
;
266 return memcmp(&sin1
->sin_addr
, &sin2
->sin_addr
,
267 sizeof sin1
->sin_addr
);
270 else if (ss_family
== AF_INET6
) {
271 const struct sockaddr_in6
*sin1
, *sin2
;
273 sin1
= (const struct sockaddr_in6
*) ss
;
274 sin2
= (const struct sockaddr_in6
*) ai
->ai_addr
;
276 return memcmp(&sin1
->sin6_addr
, &sin2
->sin6_addr
,
277 sizeof sin1
->sin6_addr
);
288 * Do a forward lookup on @p name_buf and make sure it corresponds to
289 * @p ss -- otherwise we may be being spoofed. If we suspect we are,
290 * then we don't abort the connection but just emit a warning, and
291 * change @p name_buf to be "UNKNOWN".
293 * We don't do anything with the service when checking the name,
294 * because it doesn't seem that it could be spoofed in any way, and
295 * getaddrinfo on random service names seems to cause problems on AIX.
297 int check_name(int fd
,
298 const struct sockaddr_storage
*ss
,
301 struct addrinfo hints
, *res
, *res0
;
303 int ss_family
= get_sockaddr_family(ss
);
305 memset(&hints
, 0, sizeof(hints
));
306 hints
.ai_family
= ss_family
;
307 hints
.ai_flags
= AI_CANONNAME
;
308 hints
.ai_socktype
= SOCK_STREAM
;
309 error
= getaddrinfo(name_buf
, NULL
, &hints
, &res0
);
312 RSYNC_NAME
": forward name lookup for %s failed: %s\n",
313 name_buf
, gai_strerror(error
));
314 strcpy(name_buf
, default_name
);
319 /* Given all these results, we expect that one of them will be
320 * the same as ss. The comparison is a bit complicated. */
321 for (res
= res0
; res
; res
= res
->ai_next
) {
322 if (!compare_addrinfo_sockaddr(res
, ss
))
323 break; /* OK, identical */
327 /* We hit the end of the list without finding an
328 * address that was the same as ss. */
329 rprintf(FERROR
, RSYNC_NAME
330 ": no known address for \"%s\": "
331 "spoofed address?\n",
333 strcpy(name_buf
, default_name
);
334 } else if (res
== NULL
) {
335 /* We hit the end of the list without finding an
336 * address that was the same as ss. */
337 rprintf(FERROR
, RSYNC_NAME
338 ": %s is not a known address for \"%s\": "
339 "spoofed address?\n",
342 strcpy(name_buf
, default_name
);