[solanum.git] / authd / providers / ident.c

/* authd/providers/ident.c - ident lookup provider for authd
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

/* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
 * moved to its own provider.
 *
 * --Elizafox 13 March 2016
 */

#include "stdinc.h"
#include "match.h"
#include "authd.h"
#include "notice.h"
#include "provider.h"
#include "res.h"

#define IDENT_BUFSIZE 128

struct ident_query
{
	time_t timeout;				/* Timeout interval */
	rb_fde_t *F;				/* Our FD */
};

/* Goinked from old s_auth.c --Elizafox */
static const char *messages[] =
{
	"*** Checking Ident",
	"*** Got Ident response",
	"*** No Ident response",
	"*** Cannot verify ident validity, ignoring ident",
	"*** Ident disabled, not checking ident",
};

typedef enum
{
	REPORT_LOOKUP,
	REPORT_FOUND,
	REPORT_FAIL,
	REPORT_INVALID,
	REPORT_DISABLED,
} ident_message;

static EVH timeout_ident_queries_event;
static CNCB ident_connected;
static PF read_ident_reply;

static void client_fail(struct auth_client *auth, ident_message message);
static void client_success(struct auth_client *auth);
static char * get_valid_ident(char *buf);

static struct ev_entry *timeout_ev;
static int ident_timeout = 5;
static bool ident_enable = true;


/* Timeout outstanding queries */
static void
timeout_ident_queries_event(void *notused __unused)
{
	struct auth_client *auth;
	rb_dictionary_iter iter;

	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
	{
		struct ident_query *query = auth->data[PROVIDER_IDENT];

		if(query != NULL && query->timeout < rb_current_time())
			client_fail(auth, REPORT_FAIL);
	}
}

/*
 * ident_connected() - deal with the result of rb_connect_tcp()
 *
 * If the connection failed, we simply close the auth fd and report
 * a failure. If the connection suceeded send the ident server a query
 * giving "theirport , ourport". The write is only attempted *once* so
 * it is deemed to be a fail if the entire write doesn't write all the
 * data given.  This shouldnt be a problem since the socket should have
 * a write buffer far greater than this message to store it in should
 * problems arise. -avalon
 */
static void
ident_connected(rb_fde_t *F __unused, int error, void *data)
{
	struct auth_client *auth = data;
	struct ident_query *query;
	char authbuf[32];
	int authlen;

	if(auth == NULL)
		return;

	query = auth->data[PROVIDER_IDENT];

	if(query == NULL)
		return;

	/* Check the error */
	if(error != RB_OK)
	{
		/* We had an error during connection :( */
		client_fail(auth, REPORT_FAIL);
		return;
	}

	snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
			auth->c_port, auth->l_port);
	authlen = strlen(authbuf);

	if(rb_write(query->F, authbuf, authlen) != authlen)
	{
		client_fail(auth, REPORT_FAIL);
		return;
	}

	read_ident_reply(query->F, auth);
}

static void
read_ident_reply(rb_fde_t *F, void *data)
{
	struct auth_client *auth = data;
	struct ident_query *query;
	char buf[IDENT_BUFSIZE + 1];	/* buffer to read auth reply into */
	ident_message message = REPORT_FAIL;
	char *s = NULL;
	char *t = NULL;
	ssize_t len;
	int count;

	if(auth == NULL)
		return;

	query = auth->data[PROVIDER_IDENT];

	if(query == NULL)
		return;

	len = rb_read(F, buf, IDENT_BUFSIZE);
	if(len < 0 && rb_ignore_errno(errno))
	{
		rb_setselect(F, RB_SELECT_READ, read_ident_reply, auth);
		return;
	}

	if(len > 0)
	{
		if((s = get_valid_ident(buf)) != NULL)
		{
			t = auth->username;

			while (*s == '~' || *s == '^')
				s++;

			for (count = USERLEN; *s && count; s++)
			{
				if(*s == '@' || *s == '\r' || *s == '\n')
					break;

				if(*s != ' ' && *s != ':' && *s != '[')
				{
					*t++ = *s;
					count--;
				}
			}
			*t = '\0';
		}
		else
			message = REPORT_INVALID;
	}

	if(s == NULL)
		client_fail(auth, message);
	else
		client_success(auth);
}

static void
client_fail(struct auth_client *auth, ident_message report)
{
	struct ident_query *query = auth->data[PROVIDER_IDENT];

	if(query == NULL)
		return;

	rb_strlcpy(auth->username, "*", sizeof(auth->username));

	if(query->F != NULL)
		rb_close(query->F);

	rb_free(query);
	auth->data[PROVIDER_IDENT] = NULL;

	notice_client(auth->cid, messages[report]);
	provider_done(auth, PROVIDER_IDENT);
}

static void
client_success(struct auth_client *auth)
{
	struct ident_query *query = auth->data[PROVIDER_IDENT];

	if(query == NULL)
		return;

	if(query->F != NULL)
		rb_close(query->F);

	rb_free(query);
	auth->data[PROVIDER_IDENT] = NULL;

	notice_client(auth->cid, messages[REPORT_FOUND]);
	provider_done(auth, PROVIDER_IDENT);
}

/* get_valid_ident
 * parse ident query reply from identd server
 *
 * Taken from old s_auth.c --Elizafox
 *
 * Inputs	- pointer to ident buf
 * Outputs	- NULL if no valid ident found, otherwise pointer to name
 * Side effects - None
 */
static char *
get_valid_ident(char *buf)
{
	int remp = 0;
	int locp = 0;
	char *colon1Ptr;
	char *colon2Ptr;
	char *colon3Ptr;
	char *commaPtr;
	char *remotePortString;

	/* All this to get rid of a sscanf() fun. */
	remotePortString = buf;

	colon1Ptr = strchr(remotePortString, ':');
	if(!colon1Ptr)
		return NULL;

	*colon1Ptr = '\0';
	colon1Ptr++;
	colon2Ptr = strchr(colon1Ptr, ':');
	if(!colon2Ptr)
		return NULL;

	*colon2Ptr = '\0';
	colon2Ptr++;
	commaPtr = strchr(remotePortString, ',');

	if(!commaPtr)
		return NULL;

	*commaPtr = '\0';
	commaPtr++;

	remp = atoi(remotePortString);
	if(!remp)
		return NULL;

	locp = atoi(commaPtr);
	if(!locp)
		return NULL;

	/* look for USERID bordered by first pair of colons */
	if(!strstr(colon1Ptr, "USERID"))
		return NULL;

	colon3Ptr = strchr(colon2Ptr, ':');
	if(!colon3Ptr)
		return NULL;

	*colon3Ptr = '\0';
	colon3Ptr++;
	return (colon3Ptr);
}

static bool
ident_init(void)
{
	timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
	return (timeout_ev != NULL);
}

static void
ident_destroy(void)
{
	struct auth_client *auth;
	rb_dictionary_iter iter;

	/* Nuke all ident queries */
	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
	{
		if(auth->data[PROVIDER_IDENT] != NULL)
			client_fail(auth, REPORT_FAIL);
	}
}

static bool ident_start(struct auth_client *auth)
{
	struct ident_query *query = rb_malloc(sizeof(struct ident_query));
	struct rb_sockaddr_storage l_addr, c_addr;
	int family = GET_SS_FAMILY(&auth->c_addr);

	if(auth->data[PROVIDER_IDENT] != NULL)
	{
		set_provider_done(auth, PROVIDER_IDENT); /* for blacklists */
		return true;
	}
	else if(!ident_enable)
	{
		notice_client(auth->cid, messages[REPORT_DISABLED]);
		set_provider_done(auth, PROVIDER_IDENT);
		return true;
	}

	notice_client(auth->cid, messages[REPORT_LOOKUP]);

	auth->data[PROVIDER_IDENT] = query;
	query->timeout = rb_current_time() + ident_timeout;

	if((query->F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
	{
		warn_opers(L_DEBUG, "Could not create ident socket: %s", strerror(errno));
		client_fail(auth, REPORT_FAIL);
		return true;	/* Not a fatal error */
	}

	/* Build sockaddr_storages for rb_connect_tcp below */
	memcpy(&l_addr, &auth->l_addr, sizeof(l_addr));
	memcpy(&c_addr, &auth->c_addr, sizeof(c_addr));

	/* Set the ports correctly */
#ifdef RB_IPV6
	if(GET_SS_FAMILY(&l_addr) == AF_INET6)
		((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
	else
#endif
		((struct sockaddr_in *)&l_addr)->sin_port = 0;

#ifdef RB_IPV6
	if(GET_SS_FAMILY(&c_addr) == AF_INET6)
		((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
	else
#endif
		((struct sockaddr_in *)&c_addr)->sin_port = htons(113);

	rb_connect_tcp(query->F, (struct sockaddr *)&c_addr,
			(struct sockaddr *)&l_addr,
			GET_SS_LEN(&l_addr), ident_connected,
			auth, ident_timeout);

	set_provider_on(auth, PROVIDER_IDENT);

	return true;
}

static void
ident_cancel(struct auth_client *auth)
{
	struct ident_query *query = auth->data[PROVIDER_IDENT];

	if(query != NULL)
		client_fail(auth, REPORT_FAIL);
}

static void
add_conf_ident_timeout(const char *key __unused, int parc __unused, const char **parv)
{
	int timeout = atoi(parv[0]);

	if(timeout < 0)
	{
		warn_opers(L_CRIT, "BUG: ident timeout < 0 (value: %d)", timeout);
		return;
	}

	ident_timeout = timeout;
}

static void
set_ident_enabled(const char *key __unused, int parc __unused, const char **parv)
{
	ident_enable = (*parv[0] == '1');
}

struct auth_opts_handler ident_options[] =
{
	{ "ident_timeout", 1, add_conf_ident_timeout },
	{ "ident_enabled", 1, set_ident_enabled },
	{ NULL, 0, NULL },
};


struct auth_provider ident_provider =
{
	.id = PROVIDER_IDENT,
	.init = ident_init,
	.destroy = ident_destroy,
	.start = ident_start,
	.cancel = ident_cancel,
	.completed = NULL,
	.opt_handlers = ident_options,
};
Commit	Line	Data
2b0cc3d3 EM	1	/* authd/providers/ident.c - ident lookup provider for authd
	2	* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
	3	*
	4	* Permission to use, copy, modify, and/or distribute this software for any
	5	* purpose with or without fee is hereby granted, provided that the above
	6	* copyright notice and this permission notice is present in all copies.
	7	*
	8	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	9	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	10	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	11	* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
	12	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	13	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	14	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	15	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	16	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
	17	* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	18	* POSSIBILITY OF SUCH DAMAGE.
	19	*/
	20
06f3496a EM	21	/* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
	22	* moved to its own provider.
	23	*
	24	* --Elizafox 13 March 2016
	25	*/
	26
2b0cc3d3 EM	27	#include "stdinc.h"
	28	#include "match.h"
	29	#include "authd.h"
db821ee9	30	#include "notice.h"
2b0cc3d3 EM	31	#include "provider.h"
	32	#include "res.h"
	33
	34	#define IDENT_BUFSIZE 128
	35
	36	struct ident_query
	37	{
2b0cc3d3 EM	38	time_t timeout; /* Timeout interval */
	39	rb_fde_t F; / Our FD */
	40	};
	41
	42	/* Goinked from old s_auth.c --Elizafox */
	43	static const char *messages[] =
	44	{
f875cb84 EM	45	"*** Checking Ident",
	46	"*** Got Ident response",
	47	"*** No Ident response",
22946d30	48	"*** Cannot verify ident validity, ignoring ident",
1345a41d	49	"*** Ident disabled, not checking ident",
2b0cc3d3 EM	50	};
	51
	52	typedef enum
	53	{
	54	REPORT_LOOKUP,
	55	REPORT_FOUND,
	56	REPORT_FAIL,
22946d30	57	REPORT_INVALID,
1345a41d	58	REPORT_DISABLED,
2b0cc3d3 EM	59	} ident_message;
	60
	61	static EVH timeout_ident_queries_event;
	62	static CNCB ident_connected;
	63	static PF read_ident_reply;
	64
3e875f62 EM	65	static void client_fail(struct auth_client *auth, ident_message message);
3e875f62 EM	66	static void client_success(struct auth_client *auth);
2b0cc3d3 EM	67	static char * get_valid_ident(char *buf);
2b0cc3d3 EM	68
2b0cc3d3 EM	69	static struct ev_entry *timeout_ev;
2b0cc3d3 EM	70	static int ident_timeout = 5;
54fb109d	71	static bool ident_enable = true;
2b0cc3d3 EM	72
2b0cc3d3 EM	73
2b0cc3d3	74	/* Timeout outstanding queries */
06f3496a	75	static void
d1b70e35	76	timeout_ident_queries_event(void *notused __unused)
2b0cc3d3	77	{
3e875f62	78	struct auth_client *auth;
aba29d5a	79	rb_dictionary_iter iter;
2b0cc3d3	80
ab33d608	81	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
2b0cc3d3	82	{
3e875f62	83	struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3	84
3e875f62 EM	85	if(query != NULL && query->timeout < rb_current_time())
3e875f62 EM	86	client_fail(auth, REPORT_FAIL);
2b0cc3d3 EM	87	}
	88	}
	89
	90	/*
	91	* ident_connected() - deal with the result of rb_connect_tcp()
	92	*
	93	* If the connection failed, we simply close the auth fd and report
	94	* a failure. If the connection suceeded send the ident server a query
	95	* giving "theirport , ourport". The write is only attempted once so
	96	* it is deemed to be a fail if the entire write doesn't write all the
	97	* data given. This shouldnt be a problem since the socket should have
	98	* a write buffer far greater than this message to store it in should
	99	* problems arise. -avalon
	100	*/
06f3496a	101	static void
d1b70e35	102	ident_connected(rb_fde_t F __unused, int error, void data)
2b0cc3d3	103	{
3e875f62	104	struct auth_client *auth = data;
d1b70e35	105	struct ident_query *query;
2b0cc3d3 EM	106	char authbuf[32];
	107	int authlen;
	108
d1b70e35 EM	109	if(auth == NULL)
	110	return;
	111
	112	query = auth->data[PROVIDER_IDENT];
	113
f875cb84 EM	114	if(query == NULL)
	115	return;
	116
2b0cc3d3 EM	117	/* Check the error */
	118	if(error != RB_OK)
	119	{
	120	/* We had an error during connection :( */
3e875f62	121	client_fail(auth, REPORT_FAIL);
2b0cc3d3 EM	122	return;
	123	}
	124
	125	snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
	126	auth->c_port, auth->l_port);
	127	authlen = strlen(authbuf);
	128
	129	if(rb_write(query->F, authbuf, authlen) != authlen)
	130	{
3e875f62	131	client_fail(auth, REPORT_FAIL);
2b0cc3d3 EM	132	return;
	133	}
	134
3e875f62	135	read_ident_reply(query->F, auth);
2b0cc3d3 EM	136	}
	137
	138	static void
	139	read_ident_reply(rb_fde_t F, void data)
	140	{
3e875f62	141	struct auth_client *auth = data;
d1b70e35	142	struct ident_query *query;
22946d30 EM	143	char buf[IDENT_BUFSIZE + 1]; /* buffer to read auth reply into */
22946d30 EM	144	ident_message message = REPORT_FAIL;
2b0cc3d3 EM	145	char *s = NULL;
2b0cc3d3 EM	146	char *t = NULL;
22946d30	147	ssize_t len;
2b0cc3d3	148	int count;
2b0cc3d3	149
d1b70e35 EM	150	if(auth == NULL)
	151	return;
	152
	153	query = auth->data[PROVIDER_IDENT];
	154
f875cb84 EM	155	if(query == NULL)
	156	return;
	157
2b0cc3d3 EM	158	len = rb_read(F, buf, IDENT_BUFSIZE);
	159	if(len < 0 && rb_ignore_errno(errno))
	160	{
d1b70e35	161	rb_setselect(F, RB_SELECT_READ, read_ident_reply, auth);
2b0cc3d3 EM	162	return;
	163	}
	164
	165	if(len > 0)
	166	{
22946d30	167	if((s = get_valid_ident(buf)) != NULL)
2b0cc3d3 EM	168	{
	169	t = auth->username;
	170
	171	while (s == '~' \|\| s == '^')
	172	s++;
	173
	174	for (count = USERLEN; *s && count; s++)
	175	{
22946d30	176	if(s == '@' \|\| s == '\r' \|\| *s == '\n')
2b0cc3d3	177	break;
22946d30	178
2b0cc3d3 EM	179	if(s != ' ' && s != ':' && *s != '[')
	180	{
	181	t++ = s;
	182	count--;
	183	}
	184	}
	185	*t = '\0';
	186	}
22946d30 EM	187	else
22946d30 EM	188	message = REPORT_INVALID;
2b0cc3d3 EM	189	}
	190
	191	if(s == NULL)
22946d30	192	client_fail(auth, message);
2b0cc3d3	193	else
3e875f62	194	client_success(auth);
2b0cc3d3 EM	195	}
2b0cc3d3 EM	196
06f3496a EM	197	static void
06f3496a EM	198	client_fail(struct auth_client *auth, ident_message report)
2b0cc3d3	199	{
3e875f62	200	struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3	201
f875cb84 EM	202	if(query == NULL)
	203	return;
	204
3e875f62	205	rb_strlcpy(auth->username, "*", sizeof(auth->username));
2b0cc3d3	206
f875cb84 EM	207	if(query->F != NULL)
	208	rb_close(query->F);
	209
3e875f62 EM	210	rb_free(query);
3e875f62 EM	211	auth->data[PROVIDER_IDENT] = NULL;
2b0cc3d3	212
db821ee9	213	notice_client(auth->cid, messages[report]);
3e875f62	214	provider_done(auth, PROVIDER_IDENT);
2b0cc3d3 EM	215	}
2b0cc3d3 EM	216
06f3496a EM	217	static void
06f3496a EM	218	client_success(struct auth_client *auth)
2b0cc3d3	219	{
3e875f62	220	struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3	221
f875cb84 EM	222	if(query == NULL)
	223	return;
	224
	225	if(query->F != NULL)
	226	rb_close(query->F);
	227
3e875f62 EM	228	rb_free(query);
3e875f62 EM	229	auth->data[PROVIDER_IDENT] = NULL;
2b0cc3d3	230
db821ee9	231	notice_client(auth->cid, messages[REPORT_FOUND]);
3e875f62	232	provider_done(auth, PROVIDER_IDENT);
2b0cc3d3 EM	233	}
	234
	235	/* get_valid_ident
	236	* parse ident query reply from identd server
	237	*
06f3496a	238	* Taken from old s_auth.c --Elizafox
2b0cc3d3 EM	239	*
	240	* Inputs - pointer to ident buf
	241	* Outputs - NULL if no valid ident found, otherwise pointer to name
	242	* Side effects - None
	243	*/
	244	static char *
	245	get_valid_ident(char *buf)
	246	{
	247	int remp = 0;
	248	int locp = 0;
	249	char *colon1Ptr;
	250	char *colon2Ptr;
	251	char *colon3Ptr;
	252	char *commaPtr;
	253	char *remotePortString;
	254
	255	/* All this to get rid of a sscanf() fun. */
	256	remotePortString = buf;
	257
	258	colon1Ptr = strchr(remotePortString, ':');
	259	if(!colon1Ptr)
22946d30	260	return NULL;
2b0cc3d3 EM	261
	262	*colon1Ptr = '\0';
	263	colon1Ptr++;
	264	colon2Ptr = strchr(colon1Ptr, ':');
	265	if(!colon2Ptr)
22946d30	266	return NULL;
2b0cc3d3 EM	267
	268	*colon2Ptr = '\0';
	269	colon2Ptr++;
	270	commaPtr = strchr(remotePortString, ',');
	271
	272	if(!commaPtr)
22946d30	273	return NULL;
2b0cc3d3 EM	274
	275	*commaPtr = '\0';
	276	commaPtr++;
	277
	278	remp = atoi(remotePortString);
	279	if(!remp)
22946d30	280	return NULL;
2b0cc3d3 EM	281
	282	locp = atoi(commaPtr);
	283	if(!locp)
22946d30	284	return NULL;
2b0cc3d3 EM	285
	286	/* look for USERID bordered by first pair of colons */
	287	if(!strstr(colon1Ptr, "USERID"))
22946d30	288	return NULL;
2b0cc3d3 EM	289
	290	colon3Ptr = strchr(colon2Ptr, ':');
	291	if(!colon3Ptr)
22946d30	292	return NULL;
2b0cc3d3 EM	293
	294	*colon3Ptr = '\0';
	295	colon3Ptr++;
	296	return (colon3Ptr);
	297	}
	298
06f3496a EM	299	static bool
	300	ident_init(void)
	301	{
	302	timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
	303	return (timeout_ev != NULL);
	304	}
	305
	306	static void
	307	ident_destroy(void)
	308	{
	309	struct auth_client *auth;
	310	rb_dictionary_iter iter;
	311
	312	/* Nuke all ident queries */
	313	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
	314	{
	315	if(auth->data[PROVIDER_IDENT] != NULL)
	316	client_fail(auth, REPORT_FAIL);
	317	}
	318	}
	319
	320	static bool ident_start(struct auth_client *auth)
	321	{
	322	struct ident_query *query = rb_malloc(sizeof(struct ident_query));
	323	struct rb_sockaddr_storage l_addr, c_addr;
47ab6f6e EM	324	int family = GET_SS_FAMILY(&auth->c_addr);
47ab6f6e EM	325
1345a41d	326	if(auth->data[PROVIDER_IDENT] != NULL)
54fb109d EM	327	{
54fb109d EM	328	set_provider_done(auth, PROVIDER_IDENT); /* for blacklists */
f681e277	329	return true;
54fb109d	330	}
1345a41d EM	331	else if(!ident_enable)
	332	{
	333	notice_client(auth->cid, messages[REPORT_DISABLED]);
	334	set_provider_done(auth, PROVIDER_IDENT);
	335	return true;
	336	}
f681e277	337
47ab6f6e	338	notice_client(auth->cid, messages[REPORT_LOOKUP]);
06f3496a EM	339
	340	auth->data[PROVIDER_IDENT] = query;
	341	query->timeout = rb_current_time() + ident_timeout;
	342
47ab6f6e	343	if((query->F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
06f3496a	344	{
47ab6f6e	345	warn_opers(L_DEBUG, "Could not create ident socket: %s", strerror(errno));
06f3496a EM	346	client_fail(auth, REPORT_FAIL);
	347	return true; /* Not a fatal error */
	348	}
	349
06f3496a EM	350	/* Build sockaddr_storages for rb_connect_tcp below */
	351	memcpy(&l_addr, &auth->l_addr, sizeof(l_addr));
	352	memcpy(&c_addr, &auth->c_addr, sizeof(c_addr));
	353
	354	/* Set the ports correctly */
	355	#ifdef RB_IPV6
	356	if(GET_SS_FAMILY(&l_addr) == AF_INET6)
	357	((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
	358	else
	359	#endif
	360	((struct sockaddr_in *)&l_addr)->sin_port = 0;
	361
	362	#ifdef RB_IPV6
	363	if(GET_SS_FAMILY(&c_addr) == AF_INET6)
	364	((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
	365	else
	366	#endif
	367	((struct sockaddr_in *)&c_addr)->sin_port = htons(113);
	368
47ab6f6e	369	rb_connect_tcp(query->F, (struct sockaddr *)&c_addr,
06f3496a EM	370	(struct sockaddr *)&l_addr,
06f3496a EM	371	GET_SS_LEN(&l_addr), ident_connected,
d1b70e35	372	auth, ident_timeout);
06f3496a	373
06f3496a EM	374	set_provider_on(auth, PROVIDER_IDENT);
	375
	376	return true;
	377	}
	378
	379	static void
	380	ident_cancel(struct auth_client *auth)
	381	{
	382	struct ident_query *query = auth->data[PROVIDER_IDENT];
	383
	384	if(query != NULL)
	385	client_fail(auth, REPORT_FAIL);
	386	}
	387
67acafca	388	static void
d1b70e35	389	add_conf_ident_timeout(const char key __unused, int parc __unused, const char *parv)
67acafca EM	390	{
	391	int timeout = atoi(parv[0]);
	392
	393	if(timeout < 0)
	394	{
	395	warn_opers(L_CRIT, "BUG: ident timeout < 0 (value: %d)", timeout);
	396	return;
	397	}
	398
	399	ident_timeout = timeout;
	400	}
	401
54fb109d EM	402	static void
	403	set_ident_enabled(const char key __unused, int parc __unused, const char *parv)
	404	{
1345a41d	405	ident_enable = (*parv[0] == '1');
54fb109d EM	406	}
54fb109d EM	407
67acafca EM	408	struct auth_opts_handler ident_options[] =
	409	{
	410	{ "ident_timeout", 1, add_conf_ident_timeout },
54fb109d	411	{ "ident_enabled", 1, set_ident_enabled },
67acafca EM	412	{ NULL, 0, NULL },
	413	};
	414
2b0cc3d3 EM	415
	416	struct auth_provider ident_provider =
	417	{
	418	.id = PROVIDER_IDENT,
	419	.init = ident_init,
	420	.destroy = ident_destroy,
	421	.start = ident_start,
	422	.cancel = ident_cancel,
	423	.completed = NULL,
67acafca	424	.opt_handlers = ident_options,
2b0cc3d3	425	};