[openssh.git] / canohost.c

/*
 * 
 * canohost.c
 * 
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * 
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
 * 
 * Created: Sun Jul  2 17:52:22 1995 ylo
 * 
 * Functions for returning the canonical host name of the remote site.
 * 
 */

#include "includes.h"
RCSID("$Id$");

#include "packet.h"
#include "xmalloc.h"
#include "ssh.h"

/*
 * Return the canonical name of the host at the other end of the socket. The
 * caller should free the returned string with xfree.
 */

char *
get_remote_hostname(int socket)
{
	struct sockaddr_in from;
	int fromlen, i;
	struct hostent *hp;
	char name[MAXHOSTNAMELEN];

	/* Get IP address of client. */
	fromlen = sizeof(from);
	memset(&from, 0, sizeof(from));
	if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) {
		debug("getpeername failed: %.100s", strerror(errno));
		fatal_cleanup();
	}
	/* Map the IP address to a host name. */
	hp = gethostbyaddr((char *) &from.sin_addr, sizeof(struct in_addr),
			   from.sin_family);
	if (hp) {
		/* Got host name, find canonic host name. */
		if (strchr(hp->h_name, '.') != 0)
			strlcpy(name, hp->h_name, sizeof(name));
		else if (hp->h_aliases != 0
			 && hp->h_aliases[0] != 0
			 && strchr(hp->h_aliases[0], '.') != 0)
			strlcpy(name, hp->h_aliases[0], sizeof(name));
		else
			strlcpy(name, hp->h_name, sizeof(name));

		/*
		 * Convert it to all lowercase (which is expected by the rest
		 * of this software).
		 */
		for (i = 0; name[i]; i++)
			if (isupper(name[i]))
				name[i] = tolower(name[i]);

		/*
		 * Map it back to an IP address and check that the given
		 * address actually is an address of this host.  This is
		 * necessary because anyone with access to a name server can
		 * define arbitrary names for an IP address. Mapping from
		 * name to IP address can be trusted better (but can still be
		 * fooled if the intruder has access to the name server of
		 * the domain).
		 */
		hp = gethostbyname(name);
		if (!hp) {
			log("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name);
			strlcpy(name, inet_ntoa(from.sin_addr), sizeof name);
			goto check_ip_options;
		}
		/* Look for the address from the list of addresses. */
		for (i = 0; hp->h_addr_list[i]; i++)
			if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr))
			    == 0)
				break;
		/*
		 * If we reached the end of the list, the address was not
		 * there.
		 */
		if (!hp->h_addr_list[i]) {
			/* Address not found for the host name. */
			log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!",
			    inet_ntoa(from.sin_addr), name);
			strlcpy(name, inet_ntoa(from.sin_addr), sizeof name);
			goto check_ip_options;
		}
		/* Address was found for the host name.  We accept the host name. */
	} else {
		/* Host name not found.  Use ascii representation of the address. */
		strlcpy(name, inet_ntoa(from.sin_addr), sizeof name);
		log("Could not reverse map address %.100s.", name);
	}

check_ip_options:

	/*
	 * If IP options are supported, make sure there are none (log and
	 * disconnect them if any are found).  Basically we are worried about
	 * source routing; it can be used to pretend you are somebody
	 * (ip-address) you are not. That itself may be "almost acceptable"
	 * under certain circumstances, but rhosts autentication is useless
	 * if source routing is accepted. Notice also that if we just dropped
	 * source routing here, the other side could use IP spoofing to do
	 * rest of the interaction and could still bypass security.  So we
	 * exit here if we detect any IP options.
	 */
	{
		unsigned char options[200], *ucp;
		char text[1024], *cp;
		int option_size, ipproto;
		struct protoent *ip;

		if ((ip = getprotobyname("ip")) != NULL)
			ipproto = ip->p_proto;
		else
			ipproto = IPPROTO_IP;
		option_size = sizeof(options);
		if (getsockopt(0, ipproto, IP_OPTIONS, (char *) options,
			       &option_size) >= 0 && option_size != 0) {
			cp = text;
			/* Note: "text" buffer must be at least 3x as big as options. */
			for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3)
				sprintf(cp, " %2.2x", *ucp);
			log("Connection from %.100s with IP options:%.800s",
			    inet_ntoa(from.sin_addr), text);
			packet_disconnect("Connection from %.100s with IP options:%.800s",
					  inet_ntoa(from.sin_addr), text);
		}
	}

	return xstrdup(name);
}

static char *canonical_host_name = NULL;
static char *canonical_host_ip = NULL;

/* Returns 1 if remote host is connected via socket, 0 if not. */

int
peer_connection_is_on_socket()
{
	struct sockaddr_in from;
	int fromlen;
	int in = packet_get_connection_in();
	int out = packet_get_connection_out();

	/* filedescriptors in and out are the same, so it's a socket */
	if (in == out)
		return 1;
	fromlen = sizeof(from);
	memset(&from, 0, sizeof(from));
	if (getpeername(in, (struct sockaddr *) & from, &fromlen) < 0)
		return 0;
	if (from.sin_family != AF_INET && from.sin_family != AF_INET6)
		return 0;
	return 1;
}

/*
 * Return the canonical name of the host in the other side of the current
 * connection.  The host name is cached, so it is efficient to call this
 * several times.
 */

const char *
get_canonical_hostname()
{
	/* Check if we have previously retrieved this same name. */
	if (canonical_host_name != NULL)
		return canonical_host_name;

	/* Get the real hostname if socket; otherwise return UNKNOWN. */
	if (peer_connection_is_on_socket())
		canonical_host_name = get_remote_hostname(packet_get_connection_in());
	else
		canonical_host_name = xstrdup("UNKNOWN");

	return canonical_host_name;
}

/*
 * Returns the IP-address of the remote host as a string.  The returned
 * string need not be freed.
 */

const char *
get_remote_ipaddr()
{
	struct sockaddr_in from;
	int fromlen, socket;

	/* Check whether we have chached the name. */
	if (canonical_host_ip != NULL)
		return canonical_host_ip;

	/* If not a socket, return UNKNOWN. */
	if (!peer_connection_is_on_socket()) {
		canonical_host_ip = xstrdup("UNKNOWN");
		return canonical_host_ip;
	}
	/* Get client socket. */
	socket = packet_get_connection_in();

	/* Get IP address of client. */
	fromlen = sizeof(from);
	memset(&from, 0, sizeof(from));
	if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) {
		debug("getpeername failed: %.100s", strerror(errno));
		fatal_cleanup();
	}
	/* Get the IP address in ascii. */
	canonical_host_ip = xstrdup(inet_ntoa(from.sin_addr));

	/* Return ip address string. */
	return canonical_host_ip;
}

/* Returns the port of the peer of the socket. */

int 
get_peer_port(int sock)
{
	struct sockaddr_in from;
	int fromlen;

	/* Get IP address of client. */
	fromlen = sizeof(from);
	memset(&from, 0, sizeof(from));
	if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) {
		debug("getpeername failed: %.100s", strerror(errno));
		fatal_cleanup();
	}
	/* Return port number. */
	return ntohs(from.sin_port);
}

/* Returns the port number of the remote host.  */

int 
get_remote_port()
{
	int socket;

	/*
	 * If the connection is not a socket, return 65535.  This is
	 * intentionally chosen to be an unprivileged port number.
	 */
	if (!peer_connection_is_on_socket())
		return 65535;

	/* Get client socket. */
	socket = packet_get_connection_in();

	/* Get and return the peer port number. */
	return get_peer_port(socket);
}
Commit	Line	Data
8efc0c15	1	/*
5260325f	2	*
	3	* canohost.c
	4	*
	5	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	6	*
	7	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	8	* All rights reserved
	9	*
	10	* Created: Sun Jul 2 17:52:22 1995 ylo
	11	*
	12	* Functions for returning the canonical host name of the remote site.
	13	*
	14	*/
8efc0c15	15
	16	#include "includes.h"
	17	RCSID("$Id$");
	18
	19	#include "packet.h"
	20	#include "xmalloc.h"
	21	#include "ssh.h"
	22
aa3378df	23	/*
	24	* Return the canonical name of the host at the other end of the socket. The
	25	* caller should free the returned string with xfree.
	26	*/
8efc0c15	27
5260325f	28	char *
5260325f	29	get_remote_hostname(int socket)
8efc0c15	30	{
5260325f	31	struct sockaddr_in from;
	32	int fromlen, i;
	33	struct hostent *hp;
	34	char name[MAXHOSTNAMELEN];
	35
	36	/* Get IP address of client. */
	37	fromlen = sizeof(from);
	38	memset(&from, 0, sizeof(from));
	39	if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) {
	40	debug("getpeername failed: %.100s", strerror(errno));
	41	fatal_cleanup();
	42	}
	43	/* Map the IP address to a host name. */
	44	hp = gethostbyaddr((char *) &from.sin_addr, sizeof(struct in_addr),
	45	from.sin_family);
	46	if (hp) {
	47	/* Got host name, find canonic host name. */
	48	if (strchr(hp->h_name, '.') != 0)
	49	strlcpy(name, hp->h_name, sizeof(name));
	50	else if (hp->h_aliases != 0
	51	&& hp->h_aliases[0] != 0
	52	&& strchr(hp->h_aliases[0], '.') != 0)
	53	strlcpy(name, hp->h_aliases[0], sizeof(name));
	54	else
	55	strlcpy(name, hp->h_name, sizeof(name));
	56
aa3378df	57	/*
	58	* Convert it to all lowercase (which is expected by the rest
	59	* of this software).
	60	*/
5260325f	61	for (i = 0; name[i]; i++)
	62	if (isupper(name[i]))
	63	name[i] = tolower(name[i]);
	64
aa3378df	65	/*
	66	* Map it back to an IP address and check that the given
	67	* address actually is an address of this host. This is
	68	* necessary because anyone with access to a name server can
	69	* define arbitrary names for an IP address. Mapping from
	70	* name to IP address can be trusted better (but can still be
	71	* fooled if the intruder has access to the name server of
	72	* the domain).
	73	*/
5260325f	74	hp = gethostbyname(name);
	75	if (!hp) {
	76	log("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name);
	77	strlcpy(name, inet_ntoa(from.sin_addr), sizeof name);
	78	goto check_ip_options;
	79	}
	80	/* Look for the address from the list of addresses. */
	81	for (i = 0; hp->h_addr_list[i]; i++)
	82	if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr))
	83	== 0)
	84	break;
aa3378df	85	/*
	86	* If we reached the end of the list, the address was not
	87	* there.
	88	*/
5260325f	89	if (!hp->h_addr_list[i]) {
	90	/* Address not found for the host name. */
	91	log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!",
	92	inet_ntoa(from.sin_addr), name);
	93	strlcpy(name, inet_ntoa(from.sin_addr), sizeof name);
	94	goto check_ip_options;
	95	}
	96	/* Address was found for the host name. We accept the host name. */
	97	} else {
	98	/* Host name not found. Use ascii representation of the address. */
	99	strlcpy(name, inet_ntoa(from.sin_addr), sizeof name);
	100	log("Could not reverse map address %.100s.", name);
8efc0c15	101	}
5260325f	102
	103	check_ip_options:
	104
aa3378df	105	/*
	106	* If IP options are supported, make sure there are none (log and
	107	* disconnect them if any are found). Basically we are worried about
	108	* source routing; it can be used to pretend you are somebody
	109	* (ip-address) you are not. That itself may be "almost acceptable"
	110	* under certain circumstances, but rhosts autentication is useless
	111	* if source routing is accepted. Notice also that if we just dropped
	112	* source routing here, the other side could use IP spoofing to do
	113	* rest of the interaction and could still bypass security. So we
	114	* exit here if we detect any IP options.
	115	*/
8efc0c15	116	{
5260325f	117	unsigned char options[200], *ucp;
	118	char text[1024], *cp;
	119	int option_size, ipproto;
	120	struct protoent *ip;
	121
	122	if ((ip = getprotobyname("ip")) != NULL)
	123	ipproto = ip->p_proto;
	124	else
	125	ipproto = IPPROTO_IP;
	126	option_size = sizeof(options);
	127	if (getsockopt(0, ipproto, IP_OPTIONS, (char *) options,
	128	&option_size) >= 0 && option_size != 0) {
	129	cp = text;
	130	/* Note: "text" buffer must be at least 3x as big as options. */
	131	for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3)
	132	sprintf(cp, " %2.2x", *ucp);
	133	log("Connection from %.100s with IP options:%.800s",
	134	inet_ntoa(from.sin_addr), text);
	135	packet_disconnect("Connection from %.100s with IP options:%.800s",
	136	inet_ntoa(from.sin_addr), text);
	137	}
8efc0c15	138	}
5260325f	139
5260325f	140	return xstrdup(name);
8efc0c15	141	}
	142
	143	static char *canonical_host_name = NULL;
	144	static char *canonical_host_ip = NULL;
	145
95f1eccc	146	/* Returns 1 if remote host is connected via socket, 0 if not. */
	147
	148	int
	149	peer_connection_is_on_socket()
	150	{
	151	struct sockaddr_in from;
	152	int fromlen;
	153	int in = packet_get_connection_in();
	154	int out = packet_get_connection_out();
	155
	156	/* filedescriptors in and out are the same, so it's a socket */
	157	if (in == out)
	158	return 1;
	159	fromlen = sizeof(from);
	160	memset(&from, 0, sizeof(from));
	161	if (getpeername(in, (struct sockaddr *) & from, &fromlen) < 0)
	162	return 0;
	163	if (from.sin_family != AF_INET && from.sin_family != AF_INET6)
	164	return 0;
	165	return 1;
	166	}
	167
aa3378df	168	/*
	169	* Return the canonical name of the host in the other side of the current
	170	* connection. The host name is cached, so it is efficient to call this
	171	* several times.
	172	*/
8efc0c15	173
5260325f	174	const char *
5260325f	175	get_canonical_hostname()
8efc0c15	176	{
5260325f	177	/* Check if we have previously retrieved this same name. */
	178	if (canonical_host_name != NULL)
	179	return canonical_host_name;
8efc0c15	180
5260325f	181	/* Get the real hostname if socket; otherwise return UNKNOWN. */
95f1eccc	182	if (peer_connection_is_on_socket())
5260325f	183	canonical_host_name = get_remote_hostname(packet_get_connection_in());
	184	else
	185	canonical_host_name = xstrdup("UNKNOWN");
8efc0c15	186
5260325f	187	return canonical_host_name;
8efc0c15	188	}
8efc0c15	189
aa3378df	190	/*
	191	* Returns the IP-address of the remote host as a string. The returned
	192	* string need not be freed.
	193	*/
8efc0c15	194
5260325f	195	const char *
5260325f	196	get_remote_ipaddr()
8efc0c15	197	{
5260325f	198	struct sockaddr_in from;
	199	int fromlen, socket;
	200
aa3378df	201	/* Check whether we have chached the name. */
5260325f	202	if (canonical_host_ip != NULL)
	203	return canonical_host_ip;
	204
	205	/* If not a socket, return UNKNOWN. */
95f1eccc	206	if (!peer_connection_is_on_socket()) {
5260325f	207	canonical_host_ip = xstrdup("UNKNOWN");
	208	return canonical_host_ip;
	209	}
	210	/* Get client socket. */
	211	socket = packet_get_connection_in();
	212
	213	/* Get IP address of client. */
	214	fromlen = sizeof(from);
	215	memset(&from, 0, sizeof(from));
	216	if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) {
	217	debug("getpeername failed: %.100s", strerror(errno));
	218	fatal_cleanup();
	219	}
	220	/* Get the IP address in ascii. */
	221	canonical_host_ip = xstrdup(inet_ntoa(from.sin_addr));
	222
	223	/* Return ip address string. */
	224	return canonical_host_ip;
8efc0c15	225	}
	226
	227	/* Returns the port of the peer of the socket. */
	228
5260325f	229	int
5260325f	230	get_peer_port(int sock)
8efc0c15	231	{
5260325f	232	struct sockaddr_in from;
	233	int fromlen;
	234
	235	/* Get IP address of client. */
	236	fromlen = sizeof(from);
	237	memset(&from, 0, sizeof(from));
	238	if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) {
	239	debug("getpeername failed: %.100s", strerror(errno));
	240	fatal_cleanup();
	241	}
	242	/* Return port number. */
	243	return ntohs(from.sin_port);
8efc0c15	244	}
	245
	246	/* Returns the port number of the remote host. */
	247
5260325f	248	int
5260325f	249	get_remote_port()
8efc0c15	250	{
5260325f	251	int socket;
8efc0c15	252
aa3378df	253	/*
	254	* If the connection is not a socket, return 65535. This is
	255	* intentionally chosen to be an unprivileged port number.
	256	*/
95f1eccc	257	if (!peer_connection_is_on_socket())
5260325f	258	return 65535;
8efc0c15	259
5260325f	260	/* Get client socket. */
5260325f	261	socket = packet_get_connection_in();
8efc0c15	262
5260325f	263	/* Get and return the peer port number. */
5260325f	264	return get_peer_port(socket);
8efc0c15	265	}