1 /* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Functions for returning the canonical host name of the remote site. 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include "includes.h" 15 RCSID("$OpenBSD: canohost.c,v 1.31 2002/02/27 21:23:13 stevesk Exp $"); 16 RCSID("$FreeBSD$"); 17 18 #include "packet.h" 19 #include "xmalloc.h" 20 #include "log.h" 21 #include "canohost.h" 22 23 static void check_ip_options(int, char *); 24 25 /* 26 * Return the canonical name of the host at the other end of the socket. The 27 * caller should free the returned string with xfree. 28 */ 29 30 static char * 31 get_remote_hostname(int socket, int verify_reverse_mapping) 32 { 33 struct sockaddr_storage from; 34 int i; 35 socklen_t fromlen; 36 struct addrinfo hints, *ai, *aitop; 37 char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST]; 38 39 /* Get IP address of client. */ 40 fromlen = sizeof(from); 41 memset(&from, 0, sizeof(from)); 42 if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) { 43 debug("getpeername failed: %.100s", strerror(errno)); 44 fatal_cleanup(); 45 } 46 if (from.ss_family == AF_INET) 47 check_ip_options(socket, ntop); 48 49 if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), 50 NULL, 0, NI_NUMERICHOST) != 0) 51 fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); 52 53 debug3("Trying to reverse map address %.100s.", ntop); 54 /* Map the IP address to a host name. */ 55 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 56 NULL, 0, NI_NAMEREQD) != 0) { 57 /* Host name not found. Use ip address. */ 58 log("Could not reverse map address %.100s.", ntop); 59 return xstrdup(ntop); 60 } 61 62 /* Got host name. */ 63 name[sizeof(name) - 1] = '\0'; 64 /* 65 * Convert it to all lowercase (which is expected by the rest 66 * of this software). 67 */ 68 for (i = 0; name[i]; i++) 69 if (isupper(name[i])) 70 name[i] = tolower(name[i]); 71 72 if (!verify_reverse_mapping) 73 return xstrdup(name); 74 /* 75 * Map it back to an IP address and check that the given 76 * address actually is an address of this host. This is 77 * necessary because anyone with access to a name server can 78 * define arbitrary names for an IP address. Mapping from 79 * name to IP address can be trusted better (but can still be 80 * fooled if the intruder has access to the name server of 81 * the domain). 82 */ 83 memset(&hints, 0, sizeof(hints)); 84 hints.ai_family = from.ss_family; 85 hints.ai_socktype = SOCK_STREAM; 86 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { 87 log("reverse mapping checking getaddrinfo for %.700s " 88 "failed - POSSIBLE BREAKIN ATTEMPT!", name); 89 return xstrdup(ntop); 90 } 91 /* Look for the address from the list of addresses. */ 92 for (ai = aitop; ai; ai = ai->ai_next) { 93 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, 94 sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && 95 (strcmp(ntop, ntop2) == 0)) 96 break; 97 } 98 freeaddrinfo(aitop); 99 /* If we reached the end of the list, the address was not there. */ 100 if (!ai) { 101 /* Address not found for the host name. */ 102 log("Address %.100s maps to %.600s, but this does not " 103 "map back to the address - POSSIBLE BREAKIN ATTEMPT!", 104 ntop, name); 105 return xstrdup(ntop); 106 } 107 return xstrdup(name); 108 } 109 110 /* 111 * If IP options are supported, make sure there are none (log and 112 * disconnect them if any are found). Basically we are worried about 113 * source routing; it can be used to pretend you are somebody 114 * (ip-address) you are not. That itself may be "almost acceptable" 115 * under certain circumstances, but rhosts autentication is useless 116 * if source routing is accepted. Notice also that if we just dropped 117 * source routing here, the other side could use IP spoofing to do 118 * rest of the interaction and could still bypass security. So we 119 * exit here if we detect any IP options. 120 */ 121 /* IPv4 only */ 122 static void 123 check_ip_options(int socket, char *ipaddr) 124 { 125 u_char options[200]; 126 char text[sizeof(options) * 3 + 1]; 127 socklen_t option_size; 128 int i, ipproto; 129 struct protoent *ip; 130 131 if ((ip = getprotobyname("ip")) != NULL) 132 ipproto = ip->p_proto; 133 else 134 ipproto = IPPROTO_IP; 135 option_size = sizeof(options); 136 if (getsockopt(socket, ipproto, IP_OPTIONS, options, 137 &option_size) >= 0 && option_size != 0) { 138 text[0] = '\0'; 139 for (i = 0; i < option_size; i++) 140 snprintf(text + i*3, sizeof(text) - i*3, 141 " %2.2x", options[i]); 142 log("Connection from %.100s with IP options:%.800s", 143 ipaddr, text); 144 packet_disconnect("Connection from %.100s with IP options:%.800s", 145 ipaddr, text); 146 } 147 } 148 149 /* 150 * Return the canonical name of the host in the other side of the current 151 * connection. The host name is cached, so it is efficient to call this 152 * several times. 153 */ 154 155 const char * 156 get_canonical_hostname(int verify_reverse_mapping) 157 { 158 static char *canonical_host_name = NULL; 159 static int verify_reverse_mapping_done = 0; 160 161 /* Check if we have previously retrieved name with same option. */ 162 if (canonical_host_name != NULL) { 163 if (verify_reverse_mapping_done != verify_reverse_mapping) 164 xfree(canonical_host_name); 165 else 166 return canonical_host_name; 167 } 168 169 /* Get the real hostname if socket; otherwise return UNKNOWN. */ 170 if (packet_connection_is_on_socket()) 171 canonical_host_name = get_remote_hostname( 172 packet_get_connection_in(), verify_reverse_mapping); 173 else 174 canonical_host_name = xstrdup("UNKNOWN"); 175 176 verify_reverse_mapping_done = verify_reverse_mapping; 177 return canonical_host_name; 178 } 179 180 /* 181 * Returns the remote IP-address of socket as a string. The returned 182 * string must be freed. 183 */ 184 static char * 185 get_socket_address(int socket, int remote, int flags) 186 { 187 struct sockaddr_storage addr; 188 socklen_t addrlen; 189 char ntop[NI_MAXHOST]; 190 191 /* Get IP address of client. */ 192 addrlen = sizeof(addr); 193 memset(&addr, 0, sizeof(addr)); 194 195 if (remote) { 196 if (getpeername(socket, (struct sockaddr *)&addr, &addrlen) 197 < 0) { 198 debug("get_socket_ipaddr: getpeername failed: %.100s", 199 strerror(errno)); 200 return NULL; 201 } 202 } else { 203 if (getsockname(socket, (struct sockaddr *)&addr, &addrlen) 204 < 0) { 205 debug("get_socket_ipaddr: getsockname failed: %.100s", 206 strerror(errno)); 207 return NULL; 208 } 209 } 210 /* Get the address in ascii. */ 211 if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), 212 NULL, 0, flags) != 0) { 213 error("get_socket_ipaddr: getnameinfo %d failed", flags); 214 return NULL; 215 } 216 return xstrdup(ntop); 217 } 218 219 char * 220 get_peer_ipaddr(int socket) 221 { 222 return get_socket_address(socket, 1, NI_NUMERICHOST); 223 } 224 225 char * 226 get_local_ipaddr(int socket) 227 { 228 return get_socket_address(socket, 0, NI_NUMERICHOST); 229 } 230 231 char * 232 get_local_name(int socket) 233 { 234 return get_socket_address(socket, 0, NI_NAMEREQD); 235 } 236 237 /* 238 * Returns the IP-address of the remote host as a string. The returned 239 * string must not be freed. 240 */ 241 242 const char * 243 get_remote_ipaddr(void) 244 { 245 static char *canonical_host_ip = NULL; 246 247 /* Check whether we have cached the ipaddr. */ 248 if (canonical_host_ip == NULL) { 249 if (packet_connection_is_on_socket()) { 250 canonical_host_ip = 251 get_peer_ipaddr(packet_get_connection_in()); 252 if (canonical_host_ip == NULL) 253 fatal_cleanup(); 254 } else { 255 /* If not on socket, return UNKNOWN. */ 256 canonical_host_ip = xstrdup("UNKNOWN"); 257 } 258 } 259 return canonical_host_ip; 260 } 261 262 const char * 263 get_remote_name_or_ip(u_int utmp_len, int verify_reverse_mapping) 264 { 265 static const char *remote = ""; 266 if (utmp_len > 0) 267 remote = get_canonical_hostname(verify_reverse_mapping); 268 if (utmp_len == 0 || strlen(remote) > utmp_len) 269 remote = get_remote_ipaddr(); 270 return remote; 271 } 272 273 /* Returns the local/remote port for the socket. */ 274 275 static int 276 get_sock_port(int sock, int local) 277 { 278 struct sockaddr_storage from; 279 socklen_t fromlen; 280 char strport[NI_MAXSERV]; 281 282 /* Get IP address of client. */ 283 fromlen = sizeof(from); 284 memset(&from, 0, sizeof(from)); 285 if (local) { 286 if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) { 287 error("getsockname failed: %.100s", strerror(errno)); 288 return 0; 289 } 290 } else { 291 if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) { 292 debug("getpeername failed: %.100s", strerror(errno)); 293 fatal_cleanup(); 294 } 295 } 296 /* Return port number. */ 297 if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, 298 strport, sizeof(strport), NI_NUMERICSERV) != 0) 299 fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed"); 300 return atoi(strport); 301 } 302 303 /* Returns remote/local port number for the current connection. */ 304 305 static int 306 get_port(int local) 307 { 308 /* 309 * If the connection is not a socket, return 65535. This is 310 * intentionally chosen to be an unprivileged port number. 311 */ 312 if (!packet_connection_is_on_socket()) 313 return 65535; 314 315 /* Get socket and return the port number. */ 316 return get_sock_port(packet_get_connection_in(), local); 317 } 318 319 int 320 get_peer_port(int sock) 321 { 322 return get_sock_port(sock, 0); 323 } 324 325 int 326 get_remote_port(void) 327 { 328 return get_port(0); 329 } 330 331 int 332 get_local_port(void) 333 { 334 return get_port(1); 335 } 336