src/usr.bin/ssh/canohost.c - diff

Return to canohost.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/canohost.c between version 1.34.2.1 and 1.34.2.2

version 1.34.2.1, 2003/04/01 00:12:13

version 1.34.2.2, 2003/09/16 21:20:25

Line 27

static char *

get_remote_hostname(int socket, int verify_reverse_mapping)

get_remote_hostname(int socket, int use_dns)

{

struct sockaddr_storage from;

int i;

Line 47

NULL, 0, NI_NUMERICHOST) != 0)

fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");

if (!use_dns)

return xstrdup(ntop);

if (from.ss_family == AF_INET)

check_ip_options(socket, ntop);

Line 55

Line 58

if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),

NULL, 0, NI_NAMEREQD) != 0) {

/* Host name not found. Use ip address. */

#if 0

log("Could not reverse map address %.100s.", ntop);

#endif

return xstrdup(ntop);

}

/* Got host name. */

name[sizeof(name) - 1] = '\0';

* if reverse lookup result looks like a numeric hostname,

* someone is trying to trick us by PTR record like following:

* 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5

memset(&hints, 0, sizeof(hints));

hints.ai_socktype = SOCK_DGRAM; /*dummy*/

hints.ai_flags = AI_NUMERICHOST;

if (getaddrinfo(name, "0", &hints, &ai) == 0) {

logit("Nasty PTR record \"%s\" is set up for %s, ignoring",

name, ntop);

freeaddrinfo(ai);

return xstrdup(ntop);

}

* Convert it to all lowercase (which is expected by the rest

* of this software).

for (i = 0; name[i]; i++)

if (isupper(name[i]))

name[i] = tolower(name[i]);

if (!verify_reverse_mapping)

return xstrdup(name);

* Map it back to an IP address and check that the given

* address actually is an address of this host. This is

Line 86

Line 96

hints.ai_family = from.ss_family;

hints.ai_socktype = SOCK_STREAM;

if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {

log("reverse mapping checking getaddrinfo for %.700s "

logit("reverse mapping checking getaddrinfo for %.700s "

"failed - POSSIBLE BREAKIN ATTEMPT!", name);

return xstrdup(ntop);

}

Line 101

Line 111

/* If we reached the end of the list, the address was not there. */

if (!ai) {

/* Address not found for the host name. */

log("Address %.100s maps to %.600s, but this does not "

logit("Address %.100s maps to %.600s, but this does not "

"map back to the address - POSSIBLE BREAKIN ATTEMPT!",

ntop, name);

return xstrdup(ntop);

Line 141

Line 151

for (i = 0; i < option_size; i++)

snprintf(text + i*3, sizeof(text) - i*3,

" %2.2x", options[i]);

log("Connection from %.100s with IP options:%.800s",

logit("Connection from %.100s with IP options:%.800s",

ipaddr, text);

packet_disconnect("Connection from %.100s with IP options:%.800s",

ipaddr, text);

Line 155

Line 165

const char *

get_canonical_hostname(int verify_reverse_mapping)

get_canonical_hostname(int use_dns)

{

static char *canonical_host_name = NULL;

static int verify_reverse_mapping_done = 0;

static int use_dns_done = 0;

/* Check if we have previously retrieved name with same option. */

if (canonical_host_name != NULL) {

if (verify_reverse_mapping_done != verify_reverse_mapping)

if (use_dns_done != use_dns)

xfree(canonical_host_name);

else

return canonical_host_name;

Line 171

Line 181

/* Get the real hostname if socket; otherwise return UNKNOWN. */

if (packet_connection_is_on_socket())

canonical_host_name = get_remote_hostname(

packet_get_connection_in(), verify_reverse_mapping);

packet_get_connection_in(), use_dns);

else

canonical_host_name = xstrdup("UNKNOWN");

verify_reverse_mapping_done = verify_reverse_mapping;

use_dns_done = use_dns;

return canonical_host_name;

}

Line 264

Line 274

}

const char *

get_remote_name_or_ip(u_int utmp_len, int verify_reverse_mapping)

get_remote_name_or_ip(u_int utmp_len, int use_dns)

{

static const char *remote = "";

if (utmp_len > 0)

remote = get_canonical_hostname(verify_reverse_mapping);

remote = get_canonical_hostname(use_dns);

if (utmp_len == 0 || strlen(remote) > utmp_len)

remote = get_remote_ipaddr();

return remote;