in sql/hostname.cc [409:1006]
int ip_to_hostname(struct sockaddr_storage *ip_storage,
const char *ip_string,
char **hostname,
uint *connect_errors)
{
const struct sockaddr *ip= (const sockaddr *) ip_storage;
int err_code;
bool err_status MY_ATTRIBUTE((unused));
Host_errors errors;
DBUG_ENTER("ip_to_hostname");
DBUG_PRINT("info", ("IP address: '%s'; family: %d.",
(const char *) ip_string,
(int) ip->sa_family));
/* Default output values, for most cases. */
*hostname= NULL;
*connect_errors= 0;
/* Check if we have loopback address (127.0.0.1 or ::1). */
if (is_ip_loopback(ip))
{
DBUG_PRINT("info", ("Loopback address detected."));
/* Do not count connect errors from localhost. */
*hostname= (char *) my_localhost;
DBUG_RETURN(0);
}
/* Prepare host name cache key. */
char ip_key[HOST_ENTRY_KEY_SIZE];
prepare_hostname_cache_key(ip_string, ip_key);
/* Check first if we have host name in the cache. */
if (!(specialflag & SPECIAL_NO_HOST_CACHE))
{
ulonglong now= my_micro_time();
mysql_mutex_lock(&hostname_cache->lock);
Host_entry *entry= hostname_cache_search(ip_key);
if (entry)
{
entry->m_last_seen= now;
*connect_errors= entry->m_errors.m_connect;
if (entry->m_errors.m_connect >= max_connect_errors)
{
entry->m_errors.m_host_blocked++;
entry->set_error_timestamps(now);
mysql_mutex_unlock(&hostname_cache->lock);
DBUG_RETURN(RC_BLOCKED_HOST);
}
/*
If there is an IP -> HOSTNAME association in the cache,
but for a hostname that was not validated,
do not return that hostname: perform the network validation again.
*/
if (entry->m_host_validated)
{
if (entry->m_hostname_length)
*hostname= my_strdup(entry->m_hostname, MYF(0));
DBUG_PRINT("info",("IP (%s) has been found in the cache. "
"Hostname: '%s'",
(const char *) ip_key,
(const char *) (*hostname? *hostname : "null")
));
mysql_mutex_unlock(&hostname_cache->lock);
DBUG_RETURN(0);
}
}
mysql_mutex_unlock(&hostname_cache->lock);
}
/*
Resolve host name. Return an error if a host name can not be resolved
(instead of returning the numeric form of the host name).
*/
char hostname_buffer[NI_MAXHOST];
DBUG_PRINT("info", ("Resolving '%s'...", (const char *) ip_key));
err_code= vio_getnameinfo(ip, hostname_buffer, NI_MAXHOST, NULL, 0,
NI_NAMEREQD);
/*
===========================================================================
DEBUG code only (begin)
Simulate various output from vio_getnameinfo().
===========================================================================
*/
DBUG_EXECUTE_IF("getnameinfo_error_noname",
{
strcpy(hostname_buffer, "<garbage>");
err_code= EAI_NONAME;
}
);
DBUG_EXECUTE_IF("getnameinfo_error_again",
{
strcpy(hostname_buffer, "<garbage>");
err_code= EAI_AGAIN;
}
);
DBUG_EXECUTE_IF("getnameinfo_fake_ipv4",
{
strcpy(hostname_buffer, "santa.claus.ipv4.example.com");
err_code= 0;
}
);
DBUG_EXECUTE_IF("getnameinfo_fake_ipv6",
{
strcpy(hostname_buffer, "santa.claus.ipv6.example.com");
err_code= 0;
}
);
DBUG_EXECUTE_IF("getnameinfo_format_ipv4",
{
strcpy(hostname_buffer, "12.12.12.12");
err_code= 0;
}
);
DBUG_EXECUTE_IF("getnameinfo_format_ipv6",
{
strcpy(hostname_buffer, "12:DEAD:BEEF:0");
err_code= 0;
}
);
/*
===========================================================================
DEBUG code only (end)
===========================================================================
*/
if (err_code)
{
// NOTE: gai_strerror() returns a string ending by a dot.
DBUG_PRINT("error", ("IP address '%s' could not be resolved: %s",
(const char *) ip_key,
(const char *) gai_strerror(err_code)));
sql_print_warning("IP address '%s' could not be resolved: %s",
(const char *) ip_key,
(const char *) gai_strerror(err_code));
bool validated;
if (vio_is_no_name_error(err_code))
{
/*
The no-name error means that there is no reverse address mapping
for the IP address. A host name can not be resolved.
*/
errors.m_nameinfo_permanent= 1;
validated= true;
}
else
{
/*
If it is not the no-name error, we should not cache the hostname
(or rather its absence), because the failure might be transient.
Only the ip error statistics are cached.
*/
errors.m_nameinfo_transient= 1;
validated= false;
}
add_hostname(ip_key, NULL, validated, &errors);
DBUG_RETURN(0);
}
DBUG_PRINT("info", ("IP '%s' resolved to '%s'.",
(const char *) ip_key,
(const char *) hostname_buffer));
/*
Validate hostname: the server does not accept host names, which
resemble IP addresses.
The thing is that theoretically, a host name can be in a form of IPv4
address (123.example.org, or 1.2 or even 1.2.3.4). We have to deny such
host names because ACL-systems is not designed to work with them.
For example, it is possible to specify a host name mask (like
192.168.1.%) for an ACL rule. Then, if IPv4-like hostnames are allowed,
there is a security hole: instead of allowing access for
192.168.1.0/255 network (which was assumed by the user), the access
will be allowed for host names like 192.168.1.example.org.
*/
if (!is_hostname_valid(hostname_buffer))
{
DBUG_PRINT("error", ("IP address '%s' has been resolved "
"to the host name '%s', which resembles "
"IPv4-address itself.",
(const char *) ip_key,
(const char *) hostname_buffer));
sql_print_warning("IP address '%s' has been resolved "
"to the host name '%s', which resembles "
"IPv4-address itself.",
(const char *) ip_key,
(const char *) hostname_buffer);
errors.m_format= 1;
add_hostname(ip_key, hostname_buffer, false, &errors);
DBUG_RETURN(false);
}
/* Get IP-addresses for the resolved host name (FCrDNS technique). */
struct addrinfo hints;
struct addrinfo *addr_info_list;
/*
Makes fault injection with DBUG_EXECUTE_IF easier.
Invoking free_addr_info(NULL) crashes on some platforms.
*/
bool free_addr_info_list= false;
memset(&hints, 0, sizeof (struct addrinfo));
hints.ai_flags= AI_PASSIVE;
hints.ai_socktype= SOCK_STREAM;
hints.ai_family= AF_UNSPEC;
DBUG_PRINT("info", ("Getting IP addresses for hostname '%s'...",
(const char *) hostname_buffer));
err_code= getaddrinfo(hostname_buffer, NULL, &hints, &addr_info_list);
if (err_code == 0)
free_addr_info_list= true;
/*
===========================================================================
DEBUG code only (begin)
Simulate various output from getaddrinfo().
===========================================================================
*/
DBUG_EXECUTE_IF("getaddrinfo_error_noname",
{
if (free_addr_info_list)
freeaddrinfo(addr_info_list);
addr_info_list= NULL;
err_code= EAI_NONAME;
free_addr_info_list= false;
}
);
DBUG_EXECUTE_IF("getaddrinfo_error_again",
{
if (free_addr_info_list)
freeaddrinfo(addr_info_list);
addr_info_list= NULL;
err_code= EAI_AGAIN;
free_addr_info_list= false;
}
);
DBUG_EXECUTE_IF("getaddrinfo_fake_bad_ipv4",
{
if (free_addr_info_list)
freeaddrinfo(addr_info_list);
struct sockaddr_in *debug_addr;
/*
Not thread safe, which is ok.
Only one connection at a time is tested with
fault injection.
*/
static struct sockaddr_in debug_sock_addr[2];
static struct addrinfo debug_addr_info[2];
/* Simulating ipv4 192.0.2.126 */
debug_addr= & debug_sock_addr[0];
debug_addr->sin_family= AF_INET;
debug_addr->sin_addr.s_addr= inet_addr("192.0.2.126");
/* Simulating ipv4 192.0.2.127 */
debug_addr= & debug_sock_addr[1];
debug_addr->sin_family= AF_INET;
debug_addr->sin_addr.s_addr= inet_addr("192.0.2.127");
debug_addr_info[0].ai_addr= (struct sockaddr*) & debug_sock_addr[0];
debug_addr_info[0].ai_addrlen= sizeof (struct sockaddr_in);
debug_addr_info[0].ai_next= & debug_addr_info[1];
debug_addr_info[1].ai_addr= (struct sockaddr*) & debug_sock_addr[1];
debug_addr_info[1].ai_addrlen= sizeof (struct sockaddr_in);
debug_addr_info[1].ai_next= NULL;
addr_info_list= & debug_addr_info[0];
err_code= 0;
free_addr_info_list= false;
}
);
DBUG_EXECUTE_IF("getaddrinfo_fake_good_ipv4",
{
if (free_addr_info_list)
freeaddrinfo(addr_info_list);
struct sockaddr_in *debug_addr;
static struct sockaddr_in debug_sock_addr[2];
static struct addrinfo debug_addr_info[2];
/* Simulating ipv4 192.0.2.5 */
debug_addr= & debug_sock_addr[0];
debug_addr->sin_family= AF_INET;
debug_addr->sin_addr.s_addr= inet_addr("192.0.2.5");
/* Simulating ipv4 192.0.2.4 */
debug_addr= & debug_sock_addr[1];
debug_addr->sin_family= AF_INET;
debug_addr->sin_addr.s_addr= inet_addr("192.0.2.4");
debug_addr_info[0].ai_addr= (struct sockaddr*) & debug_sock_addr[0];
debug_addr_info[0].ai_addrlen= sizeof (struct sockaddr_in);
debug_addr_info[0].ai_next= & debug_addr_info[1];
debug_addr_info[1].ai_addr= (struct sockaddr*) & debug_sock_addr[1];
debug_addr_info[1].ai_addrlen= sizeof (struct sockaddr_in);
debug_addr_info[1].ai_next= NULL;
addr_info_list= & debug_addr_info[0];
err_code= 0;
free_addr_info_list= false;
}
);
#ifdef HAVE_IPV6
DBUG_EXECUTE_IF("getaddrinfo_fake_bad_ipv6",
{
if (free_addr_info_list)
freeaddrinfo(addr_info_list);
struct sockaddr_in6 *debug_addr;
struct in6_addr *ip6;
/*
Not thread safe, which is ok.
Only one connection at a time is tested with
fault injection.
*/
static struct sockaddr_in6 debug_sock_addr[2];
static struct addrinfo debug_addr_info[2];
/* Simulating ipv6 2001:DB8::6:7E */
debug_addr= & debug_sock_addr[0];
debug_addr->sin6_family= AF_INET6;
ip6= & debug_addr->sin6_addr;
/* inet_pton not available on Windows XP. */
ip6->s6_addr[ 0] = 0x20;
ip6->s6_addr[ 1] = 0x01;
ip6->s6_addr[ 2] = 0x0d;
ip6->s6_addr[ 3] = 0xb8;
ip6->s6_addr[ 4] = 0x00;
ip6->s6_addr[ 5] = 0x00;
ip6->s6_addr[ 6] = 0x00;
ip6->s6_addr[ 7] = 0x00;
ip6->s6_addr[ 8] = 0x00;
ip6->s6_addr[ 9] = 0x00;
ip6->s6_addr[10] = 0x00;
ip6->s6_addr[11] = 0x00;
ip6->s6_addr[12] = 0x00;
ip6->s6_addr[13] = 0x06;
ip6->s6_addr[14] = 0x00;
ip6->s6_addr[15] = 0x7e;
/* Simulating ipv6 2001:DB8::6:7F */
debug_addr= & debug_sock_addr[1];
debug_addr->sin6_family= AF_INET6;
ip6= & debug_addr->sin6_addr;
ip6->s6_addr[ 0] = 0x20;
ip6->s6_addr[ 1] = 0x01;
ip6->s6_addr[ 2] = 0x0d;
ip6->s6_addr[ 3] = 0xb8;
ip6->s6_addr[ 4] = 0x00;
ip6->s6_addr[ 5] = 0x00;
ip6->s6_addr[ 6] = 0x00;
ip6->s6_addr[ 7] = 0x00;
ip6->s6_addr[ 8] = 0x00;
ip6->s6_addr[ 9] = 0x00;
ip6->s6_addr[10] = 0x00;
ip6->s6_addr[11] = 0x00;
ip6->s6_addr[12] = 0x00;
ip6->s6_addr[13] = 0x06;
ip6->s6_addr[14] = 0x00;
ip6->s6_addr[15] = 0x7f;
debug_addr_info[0].ai_addr= (struct sockaddr*) & debug_sock_addr[0];
debug_addr_info[0].ai_addrlen= sizeof (struct sockaddr_in6);
debug_addr_info[0].ai_next= & debug_addr_info[1];
debug_addr_info[1].ai_addr= (struct sockaddr*) & debug_sock_addr[1];
debug_addr_info[1].ai_addrlen= sizeof (struct sockaddr_in6);
debug_addr_info[1].ai_next= NULL;
addr_info_list= & debug_addr_info[0];
err_code= 0;
free_addr_info_list= false;
}
);
DBUG_EXECUTE_IF("getaddrinfo_fake_good_ipv6",
{
if (free_addr_info_list)
freeaddrinfo(addr_info_list);
struct sockaddr_in6 *debug_addr;
struct in6_addr *ip6;
/*
Not thread safe, which is ok.
Only one connection at a time is tested with
fault injection.
*/
static struct sockaddr_in6 debug_sock_addr[2];
static struct addrinfo debug_addr_info[2];
/* Simulating ipv6 2001:DB8::6:7 */
debug_addr= & debug_sock_addr[0];
debug_addr->sin6_family= AF_INET6;
ip6= & debug_addr->sin6_addr;
ip6->s6_addr[ 0] = 0x20;
ip6->s6_addr[ 1] = 0x01;
ip6->s6_addr[ 2] = 0x0d;
ip6->s6_addr[ 3] = 0xb8;
ip6->s6_addr[ 4] = 0x00;
ip6->s6_addr[ 5] = 0x00;
ip6->s6_addr[ 6] = 0x00;
ip6->s6_addr[ 7] = 0x00;
ip6->s6_addr[ 8] = 0x00;
ip6->s6_addr[ 9] = 0x00;
ip6->s6_addr[10] = 0x00;
ip6->s6_addr[11] = 0x00;
ip6->s6_addr[12] = 0x00;
ip6->s6_addr[13] = 0x06;
ip6->s6_addr[14] = 0x00;
ip6->s6_addr[15] = 0x07;
/* Simulating ipv6 2001:DB8::6:6 */
debug_addr= & debug_sock_addr[1];
debug_addr->sin6_family= AF_INET6;
ip6= & debug_addr->sin6_addr;
ip6->s6_addr[ 0] = 0x20;
ip6->s6_addr[ 1] = 0x01;
ip6->s6_addr[ 2] = 0x0d;
ip6->s6_addr[ 3] = 0xb8;
ip6->s6_addr[ 4] = 0x00;
ip6->s6_addr[ 5] = 0x00;
ip6->s6_addr[ 6] = 0x00;
ip6->s6_addr[ 7] = 0x00;
ip6->s6_addr[ 8] = 0x00;
ip6->s6_addr[ 9] = 0x00;
ip6->s6_addr[10] = 0x00;
ip6->s6_addr[11] = 0x00;
ip6->s6_addr[12] = 0x00;
ip6->s6_addr[13] = 0x06;
ip6->s6_addr[14] = 0x00;
ip6->s6_addr[15] = 0x06;
debug_addr_info[0].ai_addr= (struct sockaddr*) & debug_sock_addr[0];
debug_addr_info[0].ai_addrlen= sizeof (struct sockaddr_in6);
debug_addr_info[0].ai_next= & debug_addr_info[1];
debug_addr_info[1].ai_addr= (struct sockaddr*) & debug_sock_addr[1];
debug_addr_info[1].ai_addrlen= sizeof (struct sockaddr_in6);
debug_addr_info[1].ai_next= NULL;
addr_info_list= & debug_addr_info[0];
err_code= 0;
free_addr_info_list= false;
}
);
#endif /* HAVE_IPV6 */
/*
===========================================================================
DEBUG code only (end)
===========================================================================
*/
if (err_code != 0)
{
sql_print_warning("Host name '%s' could not be resolved: %s",
(const char *) hostname_buffer,
(const char *) gai_strerror(err_code));
bool validated;
if (err_code == EAI_NONAME)
{
errors.m_addrinfo_permanent= 1;
validated= true;
}
else
{
/*
Don't cache responses when the DNS server is down, as otherwise
transient DNS failure may leave any number of clients (those
that attempted to connect during the outage) unable to connect
indefinitely.
Only cache error statistics.
*/
errors.m_addrinfo_transient= 1;
validated= false;
}
add_hostname(ip_key, NULL, validated, &errors);
DBUG_RETURN(false);
}
/* Check that getaddrinfo() returned the used IP (FCrDNS technique). */
DBUG_PRINT("info", ("The following IP addresses found for '%s':",
(const char *) hostname_buffer));
for (struct addrinfo *addr_info= addr_info_list;
addr_info; addr_info= addr_info->ai_next)
{
char ip_buffer[HOST_ENTRY_KEY_SIZE];
{
err_status=
vio_get_normalized_ip_string(addr_info->ai_addr, addr_info->ai_addrlen,
ip_buffer, sizeof (ip_buffer));
DBUG_ASSERT(!err_status);
}
DBUG_PRINT("info", (" - '%s'", (const char *) ip_buffer));
if (strcasecmp(ip_key, ip_buffer) == 0)
{
/* Copy host name string to be stored in the cache. */
*hostname= my_strdup(hostname_buffer, MYF(0));
if (!*hostname)
{
DBUG_PRINT("error", ("Out of memory."));
if (free_addr_info_list)
freeaddrinfo(addr_info_list);
DBUG_RETURN(true);
}
break;
}
}
/* Log resolved IP-addresses if no match was found. */
if (!*hostname)
{
errors.m_FCrDNS= 1;
sql_print_warning("Hostname '%s' does not resolve to '%s'.",
(const char *) hostname_buffer,
(const char *) ip_key);
sql_print_information("Hostname '%s' has the following IP addresses:",
(const char *) hostname_buffer);
for (struct addrinfo *addr_info= addr_info_list;
addr_info; addr_info= addr_info->ai_next)
{
char ip_buffer[HOST_ENTRY_KEY_SIZE];
err_status=
vio_get_normalized_ip_string(addr_info->ai_addr, addr_info->ai_addrlen,
ip_buffer, sizeof (ip_buffer));
DBUG_ASSERT(!err_status);
sql_print_information(" - %s", (const char *) ip_buffer);
}
}
/* Add an entry for the IP to the cache. */
add_hostname(ip_key, *hostname, true, &errors);
/* Free the result of getaddrinfo(). */
if (free_addr_info_list)
freeaddrinfo(addr_info_list);
DBUG_RETURN(false);
}