secret/postfix_src/qmqpd__peer_8c_source.html

 /*++

 /* NAME

 /*  qmqpd_peer 3

 /* SUMMARY

 /*  look up peer name/address information

 /* SYNOPSIS

 /*  #include "qmqpd.h"

 /*

 /*  void    qmqpd_peer_init(state)

 /*  QMQPD_STATE *state;

 /*

 /*  void    qmqpd_peer_reset(state)

 /*  QMQPD_STATE *state;

 /* DESCRIPTION

 /*  The qmqpd_peer_init() routine attempts to produce a printable

 /*  version of the peer name and address of the specified socket.

 /*  Where information is unavailable, the name and/or address

 /*  are set to "unknown".

 /*

 /*  qmqpd_peer_init() updates the following fields:

 /* .IP name

 /*  The client hostname. An unknown name is represented by the

 /*  string "unknown".

 /* .IP addr

 /*  Printable representation of the client address.

 /* .IP namaddr

 /*  String of the form: "name[addr]:port".

 /* .PP

 /*  qmqpd_peer_reset() releases memory allocated by qmqpd_peer_init().

 /* LICENSE

 /* .ad

 /* .fi

 /*  The Secure Mailer license must be distributed with this software.

 /* AUTHOR(S)

 /*  Wietse Venema

 /*  IBM T.J. Watson Research

 /*  P.O. Box 704

 /*  Yorktown Heights, NY 10598, USA

 /*--*/


 /* System library. */


 #include <sys_defs.h>

 #include <sys/socket.h>

 #include <netinet/in.h>

 #include <arpa/inet.h>

 #include <stdio.h>          /* strerror() */

 #include <errno.h>

 #include <netdb.h>

 #include <string.h>


 /* Utility library. */


 #include <msg.h>

 #include <mymalloc.h>

 #include <stringops.h>

 #include <myaddrinfo.h>

 #include <sock_addr.h>

 #include <inet_proto.h>

 #include <split_at.h>


 /* Global library. */


 #include <mail_proto.h>

 #include <valid_mailhost_addr.h>

 #include <mail_params.h>


 /* Application-specific. */


 #include "qmqpd.h"


 /* qmqpd_peer_init - initialize peer information */


 void    qmqpd_peer_init(QMQPD_STATE *state)

 {

     const char *myname = "qmqpd_peer_init";

     struct sockaddr_storage ss;

     struct sockaddr *sa;

     SOCKADDR_SIZE sa_length;

     INET_PROTO_INFO *proto_info = inet_proto_info();


     sa = (struct sockaddr *) &ss;

     sa_length = sizeof(ss);


     /*

      * Look up the peer address information.

      */

     if (getpeername(vstream_fileno(state->client), sa, &sa_length) >= 0) {

     errno = 0;

     }


     /*

      * If peer went away, give up.

      */

     if (errno != 0 && errno != ENOTSOCK) {

     state->name = mystrdup(CLIENT_NAME_UNKNOWN);

     state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);

     state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);

     state->addr_family = AF_UNSPEC;

     state->port = mystrdup(CLIENT_PORT_UNKNOWN);

     }


     /*

      * Convert the client address to printable address and hostname.

      *

      * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while

      * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final

      * else clause, pretend the origin is localhost[127.0.0.1], and become an

      * open relay).

      */

     else if (errno == 0

          && (sa->sa_family == AF_INET

 #ifdef AF_INET6

          || sa->sa_family == AF_INET6

 #endif

          )) {

     MAI_HOSTNAME_STR client_name;

     MAI_HOSTADDR_STR client_addr;

     MAI_SERVPORT_STR client_port;

     int     aierr;

     char   *colonp;


     /*

      * Sanity check: we can't use sockets that we're not configured for.

      */

     if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)

         msg_fatal("cannot handle socket type %s with \"%s = %s\"",

 #ifdef AF_INET6

               sa->sa_family == AF_INET6 ? "AF_INET6" :

 #endif

               sa->sa_family == AF_INET ? "AF_INET" :

               "other", VAR_INET_PROTOCOLS, var_inet_protocols);


     /*

      * Sorry, but there are some things that we just cannot do while

      * connected to the network.

      */

     if (geteuid() != var_owner_uid || getuid() != var_owner_uid) {

         msg_error("incorrect QMQP server privileges: uid=%lu euid=%lu",

               (unsigned long) getuid(), (unsigned long) geteuid());

         msg_fatal("the Postfix QMQP server must run with $%s privileges",

               VAR_MAIL_OWNER);

     }


     /*

      * Convert the client address to printable form.

      */

     if ((aierr = sockaddr_to_hostaddr(sa, sa_length, &client_addr,

                       &client_port, 0)) != 0)

         msg_fatal("%s: cannot convert client address/port to string: %s",

               myname, MAI_STRERROR(aierr));

     state->port = mystrdup(client_port.buf);


     /*

      * XXX Require that the infrastructure strips off the IPv6 datalink

      * suffix to avoid false alarms with strict address syntax checks.

      */

 #ifdef HAS_IPV6

     if (strchr(client_addr.buf, '%') != 0)

         msg_panic("%s: address %s has datalink suffix",

               myname, client_addr.buf);

 #endif


     /*

      * We convert IPv4-in-IPv6 address to 'true' IPv4 address early on,

      * but only if IPv4 support is enabled (why would anyone want to turn

      * it off)? With IPv4 support enabled we have no need for the IPv6

      * form in logging, hostname verification and access checks.

      */

 #ifdef HAS_IPV6

     if (sa->sa_family == AF_INET6) {

         if (strchr((char *) proto_info->sa_family_list, AF_INET) != 0

         && IN6_IS_ADDR_V4MAPPED(&SOCK_ADDR_IN6_ADDR(sa))

         && (colonp = strrchr(client_addr.buf, ':')) != 0) {

         struct addrinfo *res0;


         if (msg_verbose > 1)

             msg_info("%s: rewriting V4-mapped address \"%s\" to \"%s\"",

                  myname, client_addr.buf, colonp + 1);


         state->addr = mystrdup(colonp + 1);

         state->rfc_addr = mystrdup(colonp + 1);

         state->addr_family = AF_INET;

         aierr = hostaddr_to_sockaddr(state->addr, (char *) 0, 0, &res0);

         if (aierr)

             msg_fatal("%s: cannot convert %s from string to binary: %s",

                   myname, state->addr, MAI_STRERROR(aierr));

         sa_length = res0->ai_addrlen;

         if (sa_length > sizeof(ss))

             sa_length = sizeof(ss);

         memcpy((void *) sa, res0->ai_addr, sa_length);

         freeaddrinfo(res0);

         }


         /*

          * Following RFC 2821 section 4.1.3, an IPv6 address literal gets

          * a prefix of 'IPv6:'. We do this consistently for all IPv6

          * addresses that that appear in headers or envelopes. The fact

          * that valid_mailhost_addr() enforces the form helps of course.

          * We use the form without IPV6: prefix when doing access

          * control, or when accessing the connection cache.

          */

         else {

         state->addr = mystrdup(client_addr.buf);

         state->rfc_addr =

             concatenate(IPV6_COL, client_addr.buf, (char *) 0);

         state->addr_family = sa->sa_family;

         }

     }


     /*

      * An IPv4 address is in dotted quad decimal form.

      */

     else

 #endif

     {

         state->addr = mystrdup(client_addr.buf);

         state->rfc_addr = mystrdup(client_addr.buf);

         state->addr_family = sa->sa_family;

     }


     /*

      * Look up and sanity check the client hostname.

      *

      * It is unsafe to allow numeric hostnames, especially because there

      * exists pressure to turn off the name->addr double check. In that

      * case an attacker could trivally bypass access restrictions.

      *

      * sockaddr_to_hostname() already rejects malformed or numeric names.

      */

 #define REJECT_PEER_NAME(state) { \

     myfree(state->name); \

     state->name = mystrdup(CLIENT_NAME_UNKNOWN); \

     }


     if ((aierr = sockaddr_to_hostname(sa, sa_length, &client_name,

                       (MAI_SERVNAME_STR *) 0, 0)) != 0) {

         state->name = mystrdup(CLIENT_NAME_UNKNOWN);

     } else {

         struct addrinfo *res0;

         struct addrinfo *res;


         state->name = mystrdup(client_name.buf);


         /*

          * Reject the hostname if it does not list the peer address.

          */

         aierr = hostname_to_sockaddr_pf(state->name, state->addr_family,

                         (char *) 0, 0, &res0);

         if (aierr) {

         msg_warn("hostname %s does not resolve to address %s: %s",

              state->name, state->addr, MAI_STRERROR(aierr));

         REJECT_PEER_NAME(state);

         } else {

         for (res = res0; /* void */ ; res = res->ai_next) {

             if (res == 0) {

             msg_warn("hostname %s does not resolve to address %s",

                  state->addr, state->name);

             REJECT_PEER_NAME(state);

             break;

             }

             if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) {

             msg_info("skipping address family %d for host %s",

                  res->ai_family, state->name);

             continue;

             }

             if (sock_addr_cmp_addr(res->ai_addr, sa) == 0)

             break;          /* keep peer name */

         }

         freeaddrinfo(res0);

         }

     }

     }


     /*

      * If it's not Internet, assume the client is local, and avoid using the

      * naming service because that can hang when the machine is disconnected.

      */

     else {

     state->name = mystrdup("localhost");

     state->addr = mystrdup("127.0.0.1");    /* XXX bogus. */

     state->rfc_addr = mystrdup("127.0.0.1");/* XXX bogus. */

     state->addr_family = AF_UNSPEC;

     state->port = mystrdup("0");        /* XXX bogus. */

     }


     /*

      * Do the name[addr]:port formatting for pretty reports.

      */

     state->namaddr =

     concatenate(state->name, "[", state->addr, "]",

             var_qmqpd_client_port_log ? ":" : (char *) 0,

             state->port, (char *) 0);

 }


 /* qmqpd_peer_reset - destroy peer information */


 void    qmqpd_peer_reset(QMQPD_STATE *state)

 {

     myfree(state->name);

     myfree(state->addr);

     myfree(state->namaddr);

     myfree(state->rfc_addr);

     myfree(state->port);

 }

msg_verbose
int msg_verbose
Definition: msg.c:177

REJECT_PEER_NAME
#define REJECT_PEER_NAME(state)

msg_error
void msg_error(const char *fmt,...)
Definition: msg.c:231

mail_proto.h

qmqpd_peer_reset
void qmqpd_peer_reset(QMQPD_STATE *state)
Definition: qmqpd_peer.c:298

myfree
void myfree(void *ptr)
Definition: mymalloc.c:207

QMQPD_STATE::rfc_addr
char * rfc_addr
Definition: qmqpd.h:40

freeaddrinfo
void freeaddrinfo(struct addrinfo *ai)
Definition: myaddrinfo.c:742

mystrdup
char * mystrdup(const char *str)
Definition: mymalloc.c:225

QMQPD_STATE::port
char * port
Definition: qmqpd.h:38

sock_addr_cmp_addr
int sock_addr_cmp_addr(const struct sockaddr *sa, const struct sockaddr *sb)
Definition: sock_addr.c:109

QMQPD_STATE::client
VSTREAM * client
Definition: qmqpd.h:32

msg_panic
NORETURN msg_panic(const char *fmt,...)
Definition: msg.c:295

inet_proto_info
#define inet_proto_info()
Definition: inet_proto.h:29

myaddrinfo.h

QMQPD_STATE::addr
char * addr
Definition: qmqpd.h:37

QMQPD_STATE::addr_family
int addr_family
Definition: qmqpd.h:41

var_qmqpd_client_port_log
bool var_qmqpd_client_port_log
Definition: qmqpd.c:236

MAI_HOSTNAME_STR
Definition: myaddrinfo.h:141

MAI_HOSTADDR_STR
Definition: myaddrinfo.h:145

hostaddr_to_sockaddr
int hostaddr_to_sockaddr(const char *hostaddr, const char *service, int socktype, struct addrinfo **res)
Definition: myaddrinfo.c:464

sockaddr_to_hostaddr
int sockaddr_to_hostaddr(const struct sockaddr *sa, SOCKADDR_SIZE salen, MAI_HOSTADDR_STR *hostaddr, MAI_SERVPORT_STR *portnum, int unused_socktype)
Definition: myaddrinfo.c:580

SOCKADDR_SIZE
#define SOCKADDR_SIZE
Definition: sys_defs.h:1411

stringops.h

MAI_HOSTADDR_STR::buf
char buf[MAI_HOSTADDR_STRSIZE]
Definition: myaddrinfo.h:146

var_owner_uid
uid_t var_owner_uid
Definition: mail_params.c:234

MAI_SERVNAME_STR
Definition: myaddrinfo.h:149

QMQPD_STATE::namaddr
char * namaddr
Definition: qmqpd.h:39

QMQPD_STATE::name
char * name
Definition: qmqpd.h:36

VAR_MAIL_OWNER
#define VAR_MAIL_OWNER
Definition: mail_params.h:87

hostname_to_sockaddr_pf
int hostname_to_sockaddr_pf(const char *hostname, int pf, const char *service, int socktype, struct addrinfo **res)
Definition: myaddrinfo.c:295

msg.h

msg_warn
void msg_warn(const char *fmt,...)
Definition: msg.c:215

INET_PROTO_INFO::sa_family_list
unsigned char * sa_family_list
Definition: inet_proto.h:21

VAR_INET_PROTOCOLS
#define VAR_INET_PROTOCOLS
Definition: mail_params.h:994

IPV6_COL
#define IPV6_COL
Definition: valid_mailhost_addr.h:22

split_at.h

sys_defs.h

qmqpd_peer_init
void qmqpd_peer_init(QMQPD_STATE *state)
Definition: qmqpd_peer.c:74

msg_fatal
NORETURN msg_fatal(const char *fmt,...)
Definition: msg.c:249

CLIENT_NAME_UNKNOWN
#define CLIENT_NAME_UNKNOWN
Definition: qmqpd.h:62

concatenate
char * concatenate(const char *arg0,...)
Definition: concatenate.c:42

MAI_HOSTNAME_STR::buf
char buf[MAI_HOSTNAME_STRSIZE]
Definition: myaddrinfo.h:142

CLIENT_ADDR_UNKNOWN
#define CLIENT_ADDR_UNKNOWN
Definition: qmqpd.h:63

mail_params.h

vstream_fileno
#define vstream_fileno(vp)
Definition: vstream.h:115

MAI_STRERROR
#define MAI_STRERROR(e)
Definition: myaddrinfo.h:169

var_inet_protocols
char * var_inet_protocols
Definition: mail_params.c:260

MAI_SERVPORT_STR::buf
char buf[MAI_SERVPORT_STRSIZE]
Definition: myaddrinfo.h:154

CLIENT_PORT_UNKNOWN
#define CLIENT_PORT_UNKNOWN
Definition: qmqpd.h:64

inet_proto.h

sockaddr_to_hostname
int sockaddr_to_hostname(const struct sockaddr *sa, SOCKADDR_SIZE salen, MAI_HOSTNAME_STR *hostname, MAI_SERVNAME_STR *service, int socktype)
Definition: myaddrinfo.c:631

INET_PROTO_INFO
Definition: inet_proto.h:17

mymalloc.h

sock_addr.h

MAI_SERVPORT_STR
Definition: myaddrinfo.h:153

valid_mailhost_addr.h

QMQPD_STATE
Definition: qmqpd.h:30

qmqpd.h

msg_info
void msg_info(const char *fmt,...)
Definition: msg.c:199