1 /* 2 * 3 * canohost.c 4 * 5 * Author: Tatu Ylonen <ylo@cs.hut.fi> 6 * 7 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8 * All rights reserved 9 * 10 * Created: Sun Jul 2 17:52:22 1995 ylo 11 * 12 * Functions for returning the canonical host name of the remote site. 13 * 14 */ 15 16 #include "includes.h" 17 RCSID("$Id: canohost.c,v 1.11 2000/01/04 13:41:32 markus Exp $"); 18 19 #include "packet.h" 20 #include "xmalloc.h" 21 #include "ssh.h" 22 23 /* 24 * Return the canonical name of the host at the other end of the socket. The 25 * caller should free the returned string with xfree. 26 */ 27 28 char * 29 get_remote_hostname(int socket) 30 { 31 struct sockaddr_storage from; 32 int i; 33 socklen_t fromlen; 34 struct addrinfo hints, *ai, *aitop; 35 char name[MAXHOSTNAMELEN]; 36 char ntop[NI_MAXHOST], ntop2[NI_MAXHOST]; 37 38 /* Get IP address of client. */ 39 fromlen = sizeof(from); 40 memset(&from, 0, sizeof(from)); 41 if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) { 42 debug("getpeername failed: %.100s", strerror(errno)); 43 fatal_cleanup(); 44 } 45 if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), 46 NULL, 0, NI_NUMERICHOST) != 0) 47 fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); 48 49 /* Map the IP address to a host name. */ 50 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 51 NULL, 0, NI_NAMEREQD) == 0) { 52 /* Got host name. */ 53 name[sizeof(name) - 1] = '\0'; 54 /* 55 * Convert it to all lowercase (which is expected by the rest 56 * of this software). 57 */ 58 for (i = 0; name[i]; i++) 59 if (isupper(name[i])) 60 name[i] = tolower(name[i]); 61 62 /* 63 * Map it back to an IP address and check that the given 64 * address actually is an address of this host. This is 65 * necessary because anyone with access to a name server can 66 * define arbitrary names for an IP address. Mapping from 67 * name to IP address can be trusted better (but can still be 68 * fooled if the intruder has access to the name server of 69 * the domain). 70 */ 71 memset(&hints, 0, sizeof(hints)); 72 hints.ai_family = from.ss_family; 73 hints.ai_socktype = SOCK_STREAM; 74 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { 75 log("reverse mapping checking getaddrinfo for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); 76 strlcpy(name, ntop, sizeof name); 77 goto check_ip_options; 78 } 79 /* Look for the address from the list of addresses. */ 80 for (ai = aitop; ai; ai = ai->ai_next) { 81 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, 82 sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && 83 (strcmp(ntop, ntop2) == 0)) 84 break; 85 } 86 freeaddrinfo(aitop); 87 /* If we reached the end of the list, the address was not there. */ 88 if (!ai) { 89 /* Address not found for the host name. */ 90 log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", 91 ntop, name); 92 strlcpy(name, ntop, sizeof name); 93 goto check_ip_options; 94 } 95 /* Address was found for the host name. We accept the host name. */ 96 } else { 97 /* Host name not found. Use ascii representation of the address. */ 98 strlcpy(name, ntop, sizeof name); 99 log("Could not reverse map address %.100s.", name); 100 } 101 102 check_ip_options: 103 104 /* 105 * If IP options are supported, make sure there are none (log and 106 * disconnect them if any are found). Basically we are worried about 107 * source routing; it can be used to pretend you are somebody 108 * (ip-address) you are not. That itself may be "almost acceptable" 109 * under certain circumstances, but rhosts autentication is useless 110 * if source routing is accepted. Notice also that if we just dropped 111 * source routing here, the other side could use IP spoofing to do 112 * rest of the interaction and could still bypass security. So we 113 * exit here if we detect any IP options. 114 */ 115 /* IP options -- IPv4 only */ 116 if (from.ss_family == AF_INET) { 117 unsigned char options[200], *ucp; 118 char text[1024], *cp; 119 socklen_t option_size; 120 int ipproto; 121 struct protoent *ip; 122 123 if ((ip = getprotobyname("ip")) != NULL) 124 ipproto = ip->p_proto; 125 else 126 ipproto = IPPROTO_IP; 127 option_size = sizeof(options); 128 if (getsockopt(0, ipproto, IP_OPTIONS, (char *) options, 129 &option_size) >= 0 && option_size != 0) { 130 cp = text; 131 /* Note: "text" buffer must be at least 3x as big as options. */ 132 for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) 133 sprintf(cp, " %2.2x", *ucp); 134 log("Connection from %.100s with IP options:%.800s", 135 ntop, text); 136 packet_disconnect("Connection from %.100s with IP options:%.800s", 137 ntop, text); 138 } 139 } 140 141 return xstrdup(name); 142 } 143 144 /* 145 * Return the canonical name of the host in the other side of the current 146 * connection. The host name is cached, so it is efficient to call this 147 * several times. 148 */ 149 150 const char * 151 get_canonical_hostname() 152 { 153 static char *canonical_host_name = NULL; 154 155 /* Check if we have previously retrieved this same name. */ 156 if (canonical_host_name != NULL) 157 return canonical_host_name; 158 159 /* Get the real hostname if socket; otherwise return UNKNOWN. */ 160 if (packet_connection_is_on_socket()) 161 canonical_host_name = get_remote_hostname(packet_get_connection_in()); 162 else 163 canonical_host_name = xstrdup("UNKNOWN"); 164 165 return canonical_host_name; 166 } 167 168 /* 169 * Returns the IP-address of the remote host as a string. The returned 170 * string must not be freed. 171 */ 172 173 const char * 174 get_remote_ipaddr() 175 { 176 static char *canonical_host_ip = NULL; 177 struct sockaddr_storage from; 178 socklen_t fromlen; 179 int socket; 180 char ntop[NI_MAXHOST]; 181 182 /* Check whether we have chached the name. */ 183 if (canonical_host_ip != NULL) 184 return canonical_host_ip; 185 186 /* If not a socket, return UNKNOWN. */ 187 if (!packet_connection_is_on_socket()) { 188 canonical_host_ip = xstrdup("UNKNOWN"); 189 return canonical_host_ip; 190 } 191 /* Get client socket. */ 192 socket = packet_get_connection_in(); 193 194 /* Get IP address of client. */ 195 fromlen = sizeof(from); 196 memset(&from, 0, sizeof(from)); 197 if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) { 198 debug("getpeername failed: %.100s", strerror(errno)); 199 fatal_cleanup(); 200 } 201 /* Get the IP address in ascii. */ 202 if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), 203 NULL, 0, NI_NUMERICHOST) != 0) 204 fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); 205 206 canonical_host_ip = xstrdup(ntop); 207 208 /* Return ip address string. */ 209 return canonical_host_ip; 210 } 211 212 /* Returns the local/remote port for the socket. */ 213 214 int 215 get_sock_port(int sock, int local) 216 { 217 struct sockaddr_storage from; 218 socklen_t fromlen; 219 char strport[NI_MAXSERV]; 220 221 /* Get IP address of client. */ 222 fromlen = sizeof(from); 223 memset(&from, 0, sizeof(from)); 224 if (local) { 225 if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) { 226 error("getsockname failed: %.100s", strerror(errno)); 227 return 0; 228 } 229 } else { 230 if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) { 231 debug("getpeername failed: %.100s", strerror(errno)); 232 fatal_cleanup(); 233 } 234 } 235 /* Return port number. */ 236 if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, 237 strport, sizeof(strport), NI_NUMERICSERV) != 0) 238 fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed"); 239 return atoi(strport); 240 } 241 242 /* Returns remote/local port number for the current connection. */ 243 244 int 245 get_port(int local) 246 { 247 /* 248 * If the connection is not a socket, return 65535. This is 249 * intentionally chosen to be an unprivileged port number. 250 */ 251 if (!packet_connection_is_on_socket()) 252 return 65535; 253 254 /* Get socket and return the port number. */ 255 return get_sock_port(packet_get_connection_in(), local); 256 } 257 258 int 259 get_peer_port(int sock) 260 { 261 return get_sock_port(sock, 0); 262 } 263 264 int 265 get_remote_port() 266 { 267 return get_port(0); 268 } 269 270 int 271 get_local_port() 272 { 273 return get_port(1); 274 } 275