xref: /openssh-portable/srclimit.c (revision 31d8d231)
1*3a923129Sdtucker@openbsd.org /*
2*3a923129Sdtucker@openbsd.org  * Copyright (c) 2020 Darren Tucker <dtucker@openbsd.org>
3*3a923129Sdtucker@openbsd.org  *
4*3a923129Sdtucker@openbsd.org  * Permission to use, copy, modify, and distribute this software for any
5*3a923129Sdtucker@openbsd.org  * purpose with or without fee is hereby granted, provided that the above
6*3a923129Sdtucker@openbsd.org  * copyright notice and this permission notice appear in all copies.
7*3a923129Sdtucker@openbsd.org  *
8*3a923129Sdtucker@openbsd.org  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9*3a923129Sdtucker@openbsd.org  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10*3a923129Sdtucker@openbsd.org  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11*3a923129Sdtucker@openbsd.org  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12*3a923129Sdtucker@openbsd.org  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13*3a923129Sdtucker@openbsd.org  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14*3a923129Sdtucker@openbsd.org  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15*3a923129Sdtucker@openbsd.org  */
16*3a923129Sdtucker@openbsd.org 
17*3a923129Sdtucker@openbsd.org #include "includes.h"
18*3a923129Sdtucker@openbsd.org 
19*3a923129Sdtucker@openbsd.org #include <sys/socket.h>
20*3a923129Sdtucker@openbsd.org #include <sys/types.h>
21*3a923129Sdtucker@openbsd.org 
22*3a923129Sdtucker@openbsd.org #include <limits.h>
23*3a923129Sdtucker@openbsd.org #include <netdb.h>
24*3a923129Sdtucker@openbsd.org #include <stdio.h>
25*3a923129Sdtucker@openbsd.org #include <string.h>
26*3a923129Sdtucker@openbsd.org 
27*3a923129Sdtucker@openbsd.org #include "addr.h"
28*3a923129Sdtucker@openbsd.org #include "canohost.h"
29*3a923129Sdtucker@openbsd.org #include "log.h"
30*3a923129Sdtucker@openbsd.org #include "misc.h"
31*3a923129Sdtucker@openbsd.org #include "srclimit.h"
32*3a923129Sdtucker@openbsd.org #include "xmalloc.h"
33*3a923129Sdtucker@openbsd.org 
34*3a923129Sdtucker@openbsd.org static int max_children, max_persource, ipv4_masklen, ipv6_masklen;
35*3a923129Sdtucker@openbsd.org 
36*3a923129Sdtucker@openbsd.org /* Per connection state, used to enforce unauthenticated connection limit. */
37*3a923129Sdtucker@openbsd.org static struct child_info {
38*3a923129Sdtucker@openbsd.org 	int id;
39*3a923129Sdtucker@openbsd.org 	struct xaddr addr;
40*3a923129Sdtucker@openbsd.org } *child;
41*3a923129Sdtucker@openbsd.org 
42*3a923129Sdtucker@openbsd.org void
srclimit_init(int max,int persource,int ipv4len,int ipv6len)43*3a923129Sdtucker@openbsd.org srclimit_init(int max, int persource, int ipv4len, int ipv6len)
44*3a923129Sdtucker@openbsd.org {
45*3a923129Sdtucker@openbsd.org 	int i;
46*3a923129Sdtucker@openbsd.org 
47*3a923129Sdtucker@openbsd.org 	max_children = max;
48*3a923129Sdtucker@openbsd.org 	ipv4_masklen = ipv4len;
49*3a923129Sdtucker@openbsd.org 	ipv6_masklen = ipv6len;
50*3a923129Sdtucker@openbsd.org 	max_persource = persource;
51*3a923129Sdtucker@openbsd.org 	if (max_persource == INT_MAX)	/* no limit */
52*3a923129Sdtucker@openbsd.org 		return;
53*3a923129Sdtucker@openbsd.org 	debug("%s: max connections %d, per source %d, masks %d,%d", __func__,
54*3a923129Sdtucker@openbsd.org 	    max, persource, ipv4len, ipv6len);
55*3a923129Sdtucker@openbsd.org 	if (max <= 0)
56*3a923129Sdtucker@openbsd.org 		fatal("%s: invalid number of sockets: %d", __func__, max);
57*3a923129Sdtucker@openbsd.org 	child = xcalloc(max_children, sizeof(*child));
58*3a923129Sdtucker@openbsd.org 	for (i = 0; i < max_children; i++)
59*3a923129Sdtucker@openbsd.org 		child[i].id = -1;
60*3a923129Sdtucker@openbsd.org }
61*3a923129Sdtucker@openbsd.org 
62*3a923129Sdtucker@openbsd.org /* returns 1 if connection allowed, 0 if not allowed. */
63*3a923129Sdtucker@openbsd.org int
srclimit_check_allow(int sock,int id)64*3a923129Sdtucker@openbsd.org srclimit_check_allow(int sock, int id)
65*3a923129Sdtucker@openbsd.org {
66*3a923129Sdtucker@openbsd.org 	struct xaddr xa, xb, xmask;
67*3a923129Sdtucker@openbsd.org 	struct sockaddr_storage addr;
68*3a923129Sdtucker@openbsd.org 	socklen_t addrlen = sizeof(addr);
69*3a923129Sdtucker@openbsd.org 	struct sockaddr *sa = (struct sockaddr *)&addr;
70*3a923129Sdtucker@openbsd.org 	int i, bits, first_unused, count = 0;
71*3a923129Sdtucker@openbsd.org 	char xas[NI_MAXHOST];
72*3a923129Sdtucker@openbsd.org 
73*3a923129Sdtucker@openbsd.org 	if (max_persource == INT_MAX)	/* no limit */
74*3a923129Sdtucker@openbsd.org 		return 1;
75*3a923129Sdtucker@openbsd.org 
76*3a923129Sdtucker@openbsd.org 	debug("%s: sock %d id %d limit %d", __func__, sock, id, max_persource);
77*3a923129Sdtucker@openbsd.org 	if (getpeername(sock, sa, &addrlen) != 0)
78*3a923129Sdtucker@openbsd.org 		return 1;	/* not remote socket? */
79*3a923129Sdtucker@openbsd.org 	if (addr_sa_to_xaddr(sa, addrlen, &xa) != 0)
80*3a923129Sdtucker@openbsd.org 		return 1;	/* unknown address family? */
81*3a923129Sdtucker@openbsd.org 
82*3a923129Sdtucker@openbsd.org 	/* Mask address off address to desired size. */
83*3a923129Sdtucker@openbsd.org 	bits = xa.af == AF_INET ? ipv4_masklen : ipv6_masklen;
84*3a923129Sdtucker@openbsd.org 	if (addr_netmask(xa.af, bits, &xmask) != 0 ||
85*3a923129Sdtucker@openbsd.org 	    addr_and(&xb, &xa, &xmask) != 0) {
86*3a923129Sdtucker@openbsd.org 		debug3("%s: invalid mask %d bits", __func__, bits);
87*3a923129Sdtucker@openbsd.org 		return 1;
88*3a923129Sdtucker@openbsd.org 	}
89*3a923129Sdtucker@openbsd.org 
90*3a923129Sdtucker@openbsd.org 	first_unused = max_children;
91*3a923129Sdtucker@openbsd.org 	/* Count matching entries and find first unused one. */
92*3a923129Sdtucker@openbsd.org 	for (i = 0; i < max_children; i++) {
93*3a923129Sdtucker@openbsd.org 		if (child[i].id == -1) {
94*3a923129Sdtucker@openbsd.org 			if (i < first_unused)
95*3a923129Sdtucker@openbsd.org 				first_unused = i;
96*3a923129Sdtucker@openbsd.org 		} else if (addr_cmp(&child[i].addr, &xb) == 0) {
97*3a923129Sdtucker@openbsd.org 			count++;
98*3a923129Sdtucker@openbsd.org 		}
99*3a923129Sdtucker@openbsd.org 	}
100*3a923129Sdtucker@openbsd.org 	if (addr_ntop(&xa, xas, sizeof(xas)) != 0) {
101*3a923129Sdtucker@openbsd.org 		debug3("%s: addr ntop failed", __func__);
102*3a923129Sdtucker@openbsd.org 		return 1;
103*3a923129Sdtucker@openbsd.org 	}
104*3a923129Sdtucker@openbsd.org 	debug3("%s: new unauthenticated connection from %s/%d, at %d of %d",
105*3a923129Sdtucker@openbsd.org 	    __func__, xas, bits, count, max_persource);
106*3a923129Sdtucker@openbsd.org 
107*3a923129Sdtucker@openbsd.org 	if (first_unused == max_children) { /* no free slot found */
108*3a923129Sdtucker@openbsd.org 		debug3("%s: no free slot", __func__);
109*3a923129Sdtucker@openbsd.org 		return 0;
110*3a923129Sdtucker@openbsd.org 	}
111*3a923129Sdtucker@openbsd.org 	if (first_unused < 0 || first_unused >= max_children)
112*3a923129Sdtucker@openbsd.org 		fatal("%s: internal error: first_unused out of range",
113*3a923129Sdtucker@openbsd.org 		    __func__);
114*3a923129Sdtucker@openbsd.org 
115*3a923129Sdtucker@openbsd.org 	if (count >= max_persource)
116*3a923129Sdtucker@openbsd.org 		return 0;
117*3a923129Sdtucker@openbsd.org 
118*3a923129Sdtucker@openbsd.org 	/* Connection allowed, store masked address. */
119*3a923129Sdtucker@openbsd.org 	child[first_unused].id = id;
120*3a923129Sdtucker@openbsd.org 	memcpy(&child[first_unused].addr, &xb, sizeof(xb));
121*3a923129Sdtucker@openbsd.org 	return 1;
122*3a923129Sdtucker@openbsd.org }
123*3a923129Sdtucker@openbsd.org 
124*3a923129Sdtucker@openbsd.org void
srclimit_done(int id)125*3a923129Sdtucker@openbsd.org srclimit_done(int id)
126*3a923129Sdtucker@openbsd.org {
127*3a923129Sdtucker@openbsd.org 	int i;
128*3a923129Sdtucker@openbsd.org 
129*3a923129Sdtucker@openbsd.org 	if (max_persource == INT_MAX)	/* no limit */
130*3a923129Sdtucker@openbsd.org 		return;
131*3a923129Sdtucker@openbsd.org 
132*3a923129Sdtucker@openbsd.org 	debug("%s: id %d", __func__, id);
133*3a923129Sdtucker@openbsd.org 	/* Clear corresponding state entry. */
134*3a923129Sdtucker@openbsd.org 	for (i = 0; i < max_children; i++) {
135*3a923129Sdtucker@openbsd.org 		if (child[i].id == id) {
136*3a923129Sdtucker@openbsd.org 			child[i].id = -1;
137*3a923129Sdtucker@openbsd.org 			return;
138*3a923129Sdtucker@openbsd.org 		}
139*3a923129Sdtucker@openbsd.org 	}
140*3a923129Sdtucker@openbsd.org }
141