Annotation of ircnowd/src/ngircd/resolve.c, Revision 1.1.1.1
1.1 tomglok 1: /*
2: * ngIRCd -- The Next Generation IRC Daemon
3: * Copyright (c)2001-2014 Alexander Barton (alex@barton.de) and Contributors.
4: *
5: * This program is free software; you can redistribute it and/or modify
6: * it under the terms of the GNU General Public License as published by
7: * the Free Software Foundation; either version 2 of the License, or
8: * (at your option) any later version.
9: * Please read the file COPYING, README and AUTHORS for more information.
10: */
11:
12: #define RESOLVER_TIMEOUT (Conf_PongTimeout*3)/4
13:
14: #include "portab.h"
15:
16: /**
17: * @file
18: * Asynchronous resolver
19: */
20:
21: #include <assert.h>
22: #include <errno.h>
23: #include <stdlib.h>
24: #include <string.h>
25: #include <unistd.h>
26: #include <sys/stat.h>
27: #include <sys/types.h>
28: #include <sys/socket.h>
29: #include <netinet/in.h>
30: #include <netdb.h>
31:
32: #ifdef IDENTAUTH
33: #ifdef HAVE_IDENT_H
34: #include <ident.h>
35: #endif
36: #endif
37:
38: #include "conn.h"
39: #include "conf.h"
40: #include "log.h"
41: #include "ng_ipaddr.h"
42:
43: #include "resolve.h"
44:
45: static void Do_ResolveAddr PARAMS(( const ng_ipaddr_t *Addr, int Sock, int w_fd ));
46: static void Do_ResolveName PARAMS(( const char *Host, int w_fd ));
47:
48: #ifdef WANT_IPV6
49: extern bool Conf_ConnectIPv4;
50: extern bool Conf_ConnectIPv6;
51: #endif
52:
53:
54: /**
55: * Resolve IP (asynchronous!).
56: */
57: GLOBAL bool
58: Resolve_Addr(PROC_STAT * s, const ng_ipaddr_t *Addr, int identsock,
59: void (*cbfunc) (int, short))
60: {
61: int pipefd[2];
62: pid_t pid;
63:
64: assert(s != NULL);
65:
66: pid = Proc_Fork(s, pipefd, cbfunc, RESOLVER_TIMEOUT);
67: if (pid > 0) {
68: LogDebug("Resolver for %s created (PID %d).", ng_ipaddr_tostr(Addr), pid);
69: return true;
70: } else if( pid == 0 ) {
71: /* Sub process */
72: Log_Init_Subprocess("Resolver");
73: Conn_CloseAllSockets(identsock);
74: Do_ResolveAddr(Addr, identsock, pipefd[1]);
75: Log_Exit_Subprocess("Resolver");
76: exit(0);
77: }
78: return false;
79: } /* Resolve_Addr */
80:
81:
82: /**
83: * Resolve hostname (asynchronous!).
84: */
85: GLOBAL bool
86: Resolve_Name( PROC_STAT *s, const char *Host, void (*cbfunc)(int, short))
87: {
88: int pipefd[2];
89: pid_t pid;
90:
91: assert(s != NULL);
92:
93: pid = Proc_Fork(s, pipefd, cbfunc, RESOLVER_TIMEOUT);
94: if (pid > 0) {
95: /* Main process */
96: #ifdef DEBUG
97: Log( LOG_DEBUG, "Resolver for \"%s\" created (PID %d).", Host, pid );
98: #endif
99: return true;
100: } else if( pid == 0 ) {
101: /* Sub process */
102: Log_Init_Subprocess("Resolver");
103: Conn_CloseAllSockets(NONE);
104: Do_ResolveName(Host, pipefd[1]);
105: Log_Exit_Subprocess("Resolver");
106: exit(0);
107: }
108: return false;
109: } /* Resolve_Name */
110:
111: #if !defined(HAVE_WORKING_GETADDRINFO) || !defined(HAVE_GETNAMEINFO)
112: #ifdef h_errno
113: static char *
114: Get_Error( int H_Error )
115: {
116: /* Get error message for H_Error */
117: switch( H_Error ) {
118: case HOST_NOT_FOUND:
119: return "host not found";
120: case NO_DATA:
121: return "name valid but no IP address defined";
122: case NO_RECOVERY:
123: return "name server error";
124: case TRY_AGAIN:
125: return "name server temporary not available";
126: }
127: return "unknown error";
128: }
129: #endif
130: #endif
131:
132:
133: /* Do "IDENT" (aka "AUTH") lookup and append result to resolved_addr array */
134: static void
135: Do_IdentQuery(int identsock, array *resolved_addr)
136: {
137: #ifdef IDENTAUTH
138: char *res;
139:
140: if (identsock < 0)
141: return;
142:
143: #ifdef DEBUG
144: Log_Subprocess(LOG_DEBUG, "Doing IDENT lookup on socket %d ...",
145: identsock);
146: #endif
147: res = ident_id( identsock, 10 );
148: #ifdef DEBUG
149: Log_Subprocess(LOG_DEBUG, "Ok, IDENT lookup on socket %d done: \"%s\"",
150: identsock, res ? res : "(NULL)");
151: #endif
152: if (!res) /* no result */
153: return;
154: if (!array_cats(resolved_addr, res))
155: Log_Subprocess(LOG_WARNING,
156: "Resolver: Cannot copy IDENT result: %s!",
157: strerror(errno));
158:
159: free(res);
160: #else
161: (void) identsock;
162: (void) resolved_addr;
163: #endif
164: }
165:
166:
167: /**
168: * perform reverse DNS lookup and put result string into resbuf.
169: * If no hostname could be obtained, this function stores the string representation of
170: * the IP address in resbuf and returns false.
171: * @param IpAddr ip address to resolve
172: * @param resbuf result buffer to store DNS name/string representation of ip address
173: * @param reslen size of result buffer (must be >= NGT_INET_ADDRSTRLEN)
174: * @return true if reverse lookup successful, false otherwise
175: */
176: static bool
177: ReverseLookup(const ng_ipaddr_t *IpAddr, char *resbuf, size_t reslen)
178: {
179: char tmp_ip_str[NG_INET_ADDRSTRLEN];
180: const char *errmsg;
181: #ifdef HAVE_GETNAMEINFO
182: static const char funcname[]="getnameinfo";
183: int res;
184:
185: *resbuf = 0;
186:
187: res = getnameinfo((struct sockaddr *) IpAddr, ng_ipaddr_salen(IpAddr),
188: resbuf, (socklen_t)reslen, NULL, 0, NI_NAMEREQD);
189: if (res == 0)
190: return true;
191:
192: if (res == EAI_SYSTEM)
193: errmsg = strerror(errno);
194: else
195: errmsg = gai_strerror(res);
196: #else
197: const struct sockaddr_in *Addr = (const struct sockaddr_in *) IpAddr;
198: struct hostent *h;
199: static const char funcname[]="gethostbyaddr";
200:
201: h = gethostbyaddr((char *)&Addr->sin_addr, sizeof(Addr->sin_addr), AF_INET);
202: if (h) {
203: if (strlcpy(resbuf, h->h_name, reslen) < reslen)
204: return true;
205: errmsg = "hostname too long";
206: } else {
207: # ifdef h_errno
208: errmsg = Get_Error(h_errno);
209: # else
210: errmsg = "unknown error";
211: # endif /* h_errno */
212: }
213: #endif /* HAVE_GETNAMEINFO */
214:
215: assert(errmsg);
216: assert(reslen >= NG_INET_ADDRSTRLEN);
217: ng_ipaddr_tostr_r(IpAddr, tmp_ip_str);
218:
219: Log_Subprocess(LOG_WARNING, "Can't resolve address \"%s\": %s [%s].",
220: tmp_ip_str, errmsg, funcname);
221: strlcpy(resbuf, tmp_ip_str, reslen);
222: return false;
223: }
224:
225:
226: /**
227: * perform DNS lookup of given host name and fill IpAddr with a list of
228: * ip addresses associated with that name.
229: * ip addresses found are stored in the "array *IpAddr" argument (type ng_ipaddr_t)
230: * @param hostname The domain name to look up.
231: * @param IpAddr pointer to empty and initialized array to store results
232: * @return true if lookup successful, false if domain name not found
233: */
234: static bool
235: #ifdef HAVE_WORKING_GETADDRINFO
236: ForwardLookup(const char *hostname, array *IpAddr, int af)
237: #else
238: ForwardLookup(const char *hostname, array *IpAddr, UNUSED int af)
239: #endif
240: {
241: ng_ipaddr_t addr;
242:
243: #ifdef HAVE_WORKING_GETADDRINFO
244: int res;
245: struct addrinfo *a, *ai_results;
246: static struct addrinfo hints;
247:
248: hints.ai_socktype = SOCK_STREAM;
249: hints.ai_protocol = IPPROTO_TCP;
250: hints.ai_family = af;
251:
252: memset(&addr, 0, sizeof(addr));
253:
254: res = getaddrinfo(hostname, NULL, &hints, &ai_results);
255: switch (res) {
256: case 0: break;
257: case EAI_SYSTEM:
258: Log_Subprocess(LOG_WARNING, "Can't resolve \"%s\": %s", hostname, strerror(errno));
259: return false;
260: default:
261: Log_Subprocess(LOG_WARNING, "Can't resolve \"%s\": %s", hostname, gai_strerror(res));
262: return false;
263: }
264:
265: for (a = ai_results; a != NULL; a = a->ai_next) {
266: assert((size_t)a->ai_addrlen <= sizeof(addr));
267:
268: if ((size_t)a->ai_addrlen > sizeof(addr))
269: continue;
270:
271: memcpy(&addr, a->ai_addr, a->ai_addrlen);
272:
273: if (!array_catb(IpAddr, (char *)&addr, sizeof(addr)))
274: break;
275: }
276:
277: freeaddrinfo(ai_results);
278: return a == NULL;
279: #else
280: struct hostent *h = gethostbyname(hostname);
281:
282: if (!h) {
283: #ifdef h_errno
284: Log_Subprocess(LOG_WARNING, "Can't resolve \"%s\": %s",
285: hostname, Get_Error(h_errno));
286: #else
287: Log_Subprocess(LOG_WARNING, "Can't resolve \"%s\"", hostname);
288: #endif
289: return false;
290: }
291: memset(&addr, 0, sizeof(addr));
292:
293: addr.sin4.sin_family = AF_INET;
294: memcpy(&addr.sin4.sin_addr, h->h_addr, sizeof(struct in_addr));
295:
296: return array_copyb(IpAddr, (char *)&addr, sizeof(addr));
297: #endif /* HAVE_GETADDRINFO */
298: }
299:
300:
301: static bool
302: Addr_in_list(const array *resolved_addr, const ng_ipaddr_t *Addr)
303: {
304: char tmp_ip_str[NG_INET_ADDRSTRLEN];
305: const ng_ipaddr_t *tmpAddrs = array_start(resolved_addr);
306: size_t len = array_length(resolved_addr, sizeof(*tmpAddrs));
307:
308: assert(len > 0);
309: assert(tmpAddrs);
310:
311: while (len > 0) {
312: if (ng_ipaddr_ipequal(Addr, tmpAddrs))
313: return true;
314: tmpAddrs++;
315: len--;
316: }
317: /* failed; print list of addresses */
318: ng_ipaddr_tostr_r(Addr, tmp_ip_str);
319: len = array_length(resolved_addr, sizeof(*tmpAddrs));
320: tmpAddrs = array_start(resolved_addr);
321:
322: while (len > 0) {
323: Log_Subprocess(LOG_WARNING, "Address mismatch: %s != %s",
324: tmp_ip_str, ng_ipaddr_tostr(tmpAddrs));
325: tmpAddrs++;
326: len--;
327: }
328:
329: return false;
330: }
331:
332:
333: static void
334: Log_Forgery_NoIP(const char *ip, const char *host)
335: {
336: Log_Subprocess(LOG_WARNING,
337: "Possible forgery: %s resolved to \"%s\", which has no IP address!",
338: ip, host);
339: }
340:
341: static void
342: Log_Forgery_WrongIP(const char *ip, const char *host)
343: {
344: Log_Subprocess(LOG_WARNING,
345: "Possible forgery: %s resolved to \"%s\", which points to a different address!",
346: ip, host);
347: }
348:
349:
350: static void
351: ArrayWrite(int fd, const array *a)
352: {
353: size_t len = array_bytes(a);
354: const char *data = array_start(a);
355:
356: assert(data);
357:
358: if( (size_t)write(fd, data, len) != len )
359: Log_Subprocess( LOG_CRIT, "Resolver: Can't write to parent: %s!",
360: strerror(errno));
361: }
362:
363:
364: static void
365: Do_ResolveAddr(const ng_ipaddr_t *Addr, int identsock, int w_fd)
366: {
367: /* Resolver sub-process: resolve IP address and write result into
368: * pipe to parent. */
369: char hostname[CLIENT_HOST_LEN];
370: char tmp_ip_str[NG_INET_ADDRSTRLEN];
371: size_t len;
372: array resolved_addr;
373:
374: array_init(&resolved_addr);
375: ng_ipaddr_tostr_r(Addr, tmp_ip_str);
376: #ifdef DEBUG
377: Log_Subprocess(LOG_DEBUG, "Now resolving %s ...", tmp_ip_str);
378: #endif
379: if (!ReverseLookup(Addr, hostname, sizeof(hostname)))
380: goto dns_done;
381:
382: if (ForwardLookup(hostname, &resolved_addr, ng_ipaddr_af(Addr))) {
383: if (!Addr_in_list(&resolved_addr, Addr)) {
384: Log_Forgery_WrongIP(tmp_ip_str, hostname);
385: strlcpy(hostname, tmp_ip_str, sizeof(hostname));
386: }
387: } else {
388: Log_Forgery_NoIP(tmp_ip_str, hostname);
389: strlcpy(hostname, tmp_ip_str, sizeof(hostname));
390: }
391: #ifdef DEBUG
392: Log_Subprocess(LOG_DEBUG, "Ok, translated %s to \"%s\".", tmp_ip_str, hostname);
393: #endif
394: dns_done:
395: len = strlen(hostname);
396: hostname[len] = '\n';
397: if (!array_copyb(&resolved_addr, hostname, ++len)) {
398: Log_Subprocess(LOG_CRIT,
399: "Resolver: Can't copy resolved name: %s!",
400: strerror(errno));
401: array_free(&resolved_addr);
402: return;
403: }
404:
405: Do_IdentQuery(identsock, &resolved_addr);
406:
407: ArrayWrite(w_fd, &resolved_addr);
408:
409: array_free(&resolved_addr);
410: } /* Do_ResolveAddr */
411:
412:
413: static void
414: Do_ResolveName( const char *Host, int w_fd )
415: {
416: /* Resolver sub-process: resolve name and write result into pipe
417: * to parent. */
418: array IpAddrs;
419: int af;
420: #ifdef DEBUG
421: ng_ipaddr_t *addr;
422: size_t len;
423: #endif
424: Log_Subprocess(LOG_DEBUG, "Now resolving \"%s\" ...", Host);
425:
426: array_init(&IpAddrs);
427:
428: #ifdef WANT_IPV6
429: af = AF_UNSPEC;
430: assert(Conf_ConnectIPv6 || Conf_ConnectIPv4);
431:
432: if (!Conf_ConnectIPv6)
433: af = AF_INET;
434: if (!Conf_ConnectIPv4)
435: af = AF_INET6;
436: #else
437: af = AF_INET;
438: #endif
439: if (!ForwardLookup(Host, &IpAddrs, af)) {
440: close(w_fd);
441: return;
442: }
443: #ifdef DEBUG
444: len = array_length(&IpAddrs, sizeof(*addr));
445: assert(len > 0);
446: addr = array_start(&IpAddrs);
447: assert(addr);
448: for (; len > 0; --len,addr++) {
449: Log_Subprocess(LOG_DEBUG, "translated \"%s\" to %s.",
450: Host, ng_ipaddr_tostr(addr));
451: }
452: #endif
453: /* Write result into pipe to parent */
454: ArrayWrite(w_fd, &IpAddrs);
455:
456: array_free(&IpAddrs);
457: } /* Do_ResolveName */
458:
459:
460: /* -eof- */
CVSweb
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to resolve.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [local] / ircnowd / src / ngircd