/* Print an allowed sender list. The caller must tell us which one.
* iListToPrint = 1 means UDP, 2 means TCP
* rgerhards, 2005-09-27
*/
static void
PrintAllowedSenders(int iListToPrint)
{
struct AllowedSenders *pSender;
uchar szIP[64];
assert((iListToPrint == 1) || (iListToPrint == 2)
#ifdef USE_GSSAPI
|| (iListToPrint == 3)
#endif
);
dbgprintf("Allowed %s Senders:\n",
(iListToPrint == 1) ? "UDP" :
#ifdef USE_GSSAPI
(iListToPrint == 3) ? "GSS" :
#endif
"TCP");
pSender = (iListToPrint == 1) ? pAllowedSenders_UDP :
#ifdef USE_GSSAPI
(iListToPrint == 3) ? pAllowedSenders_GSS :
#endif
pAllowedSenders_TCP;
if(pSender == NULL) {
dbgprintf("\tNo restrictions set.\n");
} else {
while(pSender != NULL) {
if (F_ISSET(pSender->allowedSender.flags, ADDR_NAME))
dbgprintf ("\t%s\n", pSender->allowedSender.addr.HostWildcard);
else {
if(mygetnameinfo (pSender->allowedSender.addr.NetAddr,
SALEN(pSender->allowedSender.addr.NetAddr),
(char*)szIP, 64, NULL, 0, NI_NUMERICHOST) == 0) {
dbgprintf ("\t%s/%u\n", szIP, pSender->SignificantBits);
} else {
/* getnameinfo() failed - but as this is only a
* debug function, we simply spit out an error and do
* not care much about it.
*/
dbgprintf("\tERROR in getnameinfo() - something may be wrong "
"- ignored for now\n");
}
}
pSender = pSender->pNext;
}
}
}
resolveAddr(struct sockaddr_storage *addr, dnscache_entry_t *etry)
{
DEFiRet;
int error;
sigset_t omask, nmask;
struct addrinfo hints, *res;
char szIP[80]; /* large enough for IPv6 */
char fqdnBuf[NI_MAXHOST];
rs_size_t fqdnLen;
rs_size_t i;
error = mygetnameinfo((struct sockaddr *)addr, SALEN((struct sockaddr *)addr),
(char*) szIP, sizeof(szIP), NULL, 0, NI_NUMERICHOST);
if(error) {
dbgprintf("Malformed from address %s\n", gai_strerror(error));
ABORT_FINALIZE(RS_RET_INVALID_SOURCE);
}
if(!glbl.GetDisableDNS()) {
sigemptyset(&nmask);
sigaddset(&nmask, SIGHUP);
pthread_sigmask(SIG_BLOCK, &nmask, &omask);
error = mygetnameinfo((struct sockaddr *)addr, SALEN((struct sockaddr *) addr),
fqdnBuf, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
if(error == 0) {
memset (&hints, 0, sizeof (struct addrinfo));
hints.ai_flags = AI_NUMERICHOST;
/* we now do a lookup once again. This one should fail,
* because we should not have obtained a non-numeric address. If
* we got a numeric one, someone messed with DNS!
*/
if(getaddrinfo (fqdnBuf, NULL, &hints, &res) == 0) {
uchar szErrMsg[1024];
freeaddrinfo (res);
/* OK, we know we have evil. The question now is what to do about
* it. One the one hand, the message might probably be intended
* to harm us. On the other hand, losing the message may also harm us.
* Thus, the behaviour is controlled by the $DropMsgsWithMaliciousDnsPTRRecords
* option. If it tells us we should discard, we do so, else we proceed,
* but log an error message together with it.
* time being, we simply drop the name we obtained and use the IP - that one
* is OK in any way. We do also log the error message. rgerhards, 2007-07-16
*/
if(glbl.GetDropMalPTRMsgs() == 1) {
snprintf((char*)szErrMsg, sizeof(szErrMsg),
"Malicious PTR record, message dropped "
"IP = \"%s\" HOST = \"%s\"",
szIP, fqdnBuf);
LogError(0, RS_RET_MALICIOUS_ENTITY, "%s", szErrMsg);
pthread_sigmask(SIG_SETMASK, &omask, NULL);
ABORT_FINALIZE(RS_RET_MALICIOUS_ENTITY);
}
/* Please note: we deal with a malicous entry. Thus, we have crafted
* the snprintf() below so that all text is in front of the entry - maybe
* it contains characters that make the message unreadable
* (OK, I admit this is more or less impossible, but I am paranoid...)
* rgerhards, 2007-07-16
*/
snprintf((char*)szErrMsg, sizeof(szErrMsg),
"Malicious PTR record (message accepted, but used IP "
"instead of PTR name: IP = \"%s\" HOST = \"%s\"",
szIP, fqdnBuf);
LogError(0, NO_ERRCODE, "%s", szErrMsg);
error = 1; /* that will trigger using IP address below. */
} else {/* we have a valid entry, so let's create the respective properties */
fqdnLen = strlen(fqdnBuf);
prop.CreateStringProp(&etry->fqdn, (uchar*)fqdnBuf, fqdnLen);
for(i = 0 ; i < fqdnLen ; ++i)
fqdnBuf[i] = tolower(fqdnBuf[i]);
prop.CreateStringProp(&etry->fqdnLowerCase, (uchar*)fqdnBuf, fqdnLen);
}
}
pthread_sigmask(SIG_SETMASK, &omask, NULL);
}
finalize_it:
if(iRet != RS_RET_OK) {
strcpy(szIP, "?error.obtaining.ip?");
error = 1; /* trigger hostname copies below! */
}
/* we need to create the inputName property (only once during our lifetime) */
prop.CreateStringProp(&etry->ip, (uchar*)szIP, strlen(szIP));
if(error || glbl.GetDisableDNS()) {
dbgprintf("Host name for your address (%s) unknown\n", szIP);
prop.AddRef(etry->ip);
etry->fqdn = etry->ip;
prop.AddRef(etry->ip);
etry->fqdnLowerCase = etry->ip;
}
setLocalHostName(etry);
RETiRet;
}
