]> jfr.im git - solanum.git/blame - authd/providers/ident.c
ident: use new *_addr fields
[solanum.git] / authd / providers / ident.c
CommitLineData
2b0cc3d3
EM
1/* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
7 *
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
19 */
20
21#include "stdinc.h"
22#include "match.h"
23#include "authd.h"
24#include "provider.h"
25#include "res.h"
26
27#define IDENT_BUFSIZE 128
28
29struct ident_query
30{
2b0cc3d3
EM
31 time_t timeout; /* Timeout interval */
32 rb_fde_t *F; /* Our FD */
33};
34
35/* Goinked from old s_auth.c --Elizafox */
36static const char *messages[] =
37{
38 ":*** Checking Ident",
39 ":*** Got Ident response",
40 ":*** No Ident response",
41};
42
43typedef enum
44{
45 REPORT_LOOKUP,
46 REPORT_FOUND,
47 REPORT_FAIL,
48} ident_message;
49
50static EVH timeout_ident_queries_event;
51static CNCB ident_connected;
52static PF read_ident_reply;
53
3e875f62
EM
54static void client_fail(struct auth_client *auth, ident_message message);
55static void client_success(struct auth_client *auth);
2b0cc3d3
EM
56static char * get_valid_ident(char *buf);
57
2b0cc3d3
EM
58static struct ev_entry *timeout_ev;
59static int ident_timeout = 5;
60
61
62bool ident_init(void)
63{
64 timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
65 return (timeout_ev != NULL);
66}
67
68void ident_destroy(void)
69{
3e875f62 70 struct auth_client *auth;
aba29d5a 71 rb_dictionary_iter iter;
2b0cc3d3
EM
72
73 /* Nuke all ident queries */
ab33d608 74 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
2b0cc3d3 75 {
3e875f62
EM
76 if(auth->data[PROVIDER_IDENT] != NULL)
77 client_fail(auth, REPORT_FAIL);
2b0cc3d3
EM
78 }
79}
80
81bool ident_start(struct auth_client *auth)
82{
83 struct ident_query *query = rb_malloc(sizeof(struct ident_query));
84 struct rb_sockaddr_storage l_addr, c_addr;
85 int family;
86 rb_fde_t *F;
87
3e875f62 88 auth->data[PROVIDER_IDENT] = query;
2b0cc3d3
EM
89 query->timeout = rb_current_time() + ident_timeout;
90
91 if((F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
92 {
3e875f62 93 client_fail(auth, REPORT_FAIL);
2b0cc3d3
EM
94 return true; /* Not a fatal error */
95 }
96
97 query->F = F;
98
99 /* Build sockaddr_storages for rb_connect_tcp below */
6cd3964d
EM
100 memcpy(&l_addr, auth->l_addr, sizeof(l_addr));
101 memcpy(&c_addr, auth->c_addr, sizeof(c_addr));
2b0cc3d3
EM
102
103 /* Set the ports correctly */
104#ifdef RB_IPV6
105 if(GET_SS_FAMILY(&l_addr) == AF_INET6)
106 ((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
107 else
108#endif
109 ((struct sockaddr_in *)&l_addr)->sin_port = 0;
110
111#ifdef RB_IPV6
112 if(GET_SS_FAMILY(&c_addr) == AF_INET6)
113 ((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
114 else
115#endif
116 ((struct sockaddr_in *)&c_addr)->sin_port = htons(113);
117
118 rb_connect_tcp(F, (struct sockaddr *)&c_addr,
119 (struct sockaddr *)&l_addr,
120 GET_SS_LEN(&l_addr), ident_connected,
121 query, ident_timeout);
122
2b0cc3d3 123 notice_client(auth, messages[REPORT_LOOKUP]);
3e875f62 124 set_provider(auth, PROVIDER_IDENT);
2b0cc3d3
EM
125
126 return true;
127}
128
129void ident_cancel(struct auth_client *auth)
130{
3e875f62 131 struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3 132
3e875f62
EM
133 if(query != NULL)
134 client_fail(auth, REPORT_FAIL);
2b0cc3d3
EM
135}
136
137/* Timeout outstanding queries */
138static void timeout_ident_queries_event(void *notused)
139{
3e875f62 140 struct auth_client *auth;
aba29d5a 141 rb_dictionary_iter iter;
2b0cc3d3 142
ab33d608 143 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
2b0cc3d3 144 {
3e875f62 145 struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3 146
3e875f62
EM
147 if(query != NULL && query->timeout < rb_current_time())
148 client_fail(auth, REPORT_FAIL);
2b0cc3d3
EM
149 }
150}
151
152/*
153 * ident_connected() - deal with the result of rb_connect_tcp()
154 *
155 * If the connection failed, we simply close the auth fd and report
156 * a failure. If the connection suceeded send the ident server a query
157 * giving "theirport , ourport". The write is only attempted *once* so
158 * it is deemed to be a fail if the entire write doesn't write all the
159 * data given. This shouldnt be a problem since the socket should have
160 * a write buffer far greater than this message to store it in should
161 * problems arise. -avalon
162 */
163static void ident_connected(rb_fde_t *F, int error, void *data)
164{
3e875f62
EM
165 struct auth_client *auth = data;
166 struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3
EM
167 char authbuf[32];
168 int authlen;
169
170 /* Check the error */
171 if(error != RB_OK)
172 {
173 /* We had an error during connection :( */
3e875f62 174 client_fail(auth, REPORT_FAIL);
2b0cc3d3
EM
175 return;
176 }
177
178 snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
179 auth->c_port, auth->l_port);
180 authlen = strlen(authbuf);
181
182 if(rb_write(query->F, authbuf, authlen) != authlen)
183 {
3e875f62 184 client_fail(auth, REPORT_FAIL);
2b0cc3d3
EM
185 return;
186 }
187
3e875f62 188 read_ident_reply(query->F, auth);
2b0cc3d3
EM
189}
190
191static void
192read_ident_reply(rb_fde_t *F, void *data)
193{
3e875f62
EM
194 struct auth_client *auth = data;
195 struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3
EM
196 char *s = NULL;
197 char *t = NULL;
198 int len;
199 int count;
200 char buf[IDENT_BUFSIZE + 1]; /* buffer to read auth reply into */
201
202 len = rb_read(F, buf, IDENT_BUFSIZE);
203 if(len < 0 && rb_ignore_errno(errno))
204 {
205 rb_setselect(F, RB_SELECT_READ, read_ident_reply, query);
206 return;
207 }
208
209 if(len > 0)
210 {
211 buf[len] = '\0';
212
213 if((s = get_valid_ident(buf)))
214 {
215 t = auth->username;
216
217 while (*s == '~' || *s == '^')
218 s++;
219
220 for (count = USERLEN; *s && count; s++)
221 {
222 if(*s == '@')
223 {
224 break;
225 }
226 if(*s != ' ' && *s != ':' && *s != '[')
227 {
228 *t++ = *s;
229 count--;
230 }
231 }
232 *t = '\0';
233 }
234 }
235
236 if(s == NULL)
3e875f62 237 client_fail(auth, REPORT_FAIL);
2b0cc3d3 238 else
3e875f62 239 client_success(auth);
2b0cc3d3
EM
240}
241
3e875f62 242static void client_fail(struct auth_client *auth, ident_message report)
2b0cc3d3 243{
3e875f62 244 struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3 245
3e875f62 246 rb_strlcpy(auth->username, "*", sizeof(auth->username));
2b0cc3d3 247
3e875f62
EM
248 rb_close(query->F);
249 rb_free(query);
250 auth->data[PROVIDER_IDENT] = NULL;
2b0cc3d3 251
3e875f62
EM
252 notice_client(auth, messages[report]);
253 provider_done(auth, PROVIDER_IDENT);
2b0cc3d3
EM
254}
255
3e875f62 256static void client_success(struct auth_client *auth)
2b0cc3d3 257{
3e875f62 258 struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3 259
3e875f62
EM
260 rb_close(query->F);
261 rb_free(query);
262 auth->data[PROVIDER_IDENT] = NULL;
2b0cc3d3 263
3e875f62
EM
264 notice_client(auth, messages[REPORT_FOUND]);
265 provider_done(auth, PROVIDER_IDENT);
2b0cc3d3
EM
266}
267
268/* get_valid_ident
269 * parse ident query reply from identd server
270 *
271 * Torn out of old s_auth.c because there was nothing wrong with it
272 * --Elizafox
273 *
274 * Inputs - pointer to ident buf
275 * Outputs - NULL if no valid ident found, otherwise pointer to name
276 * Side effects - None
277 */
278static char *
279get_valid_ident(char *buf)
280{
281 int remp = 0;
282 int locp = 0;
283 char *colon1Ptr;
284 char *colon2Ptr;
285 char *colon3Ptr;
286 char *commaPtr;
287 char *remotePortString;
288
289 /* All this to get rid of a sscanf() fun. */
290 remotePortString = buf;
291
292 colon1Ptr = strchr(remotePortString, ':');
293 if(!colon1Ptr)
294 return 0;
295
296 *colon1Ptr = '\0';
297 colon1Ptr++;
298 colon2Ptr = strchr(colon1Ptr, ':');
299 if(!colon2Ptr)
300 return 0;
301
302 *colon2Ptr = '\0';
303 colon2Ptr++;
304 commaPtr = strchr(remotePortString, ',');
305
306 if(!commaPtr)
307 return 0;
308
309 *commaPtr = '\0';
310 commaPtr++;
311
312 remp = atoi(remotePortString);
313 if(!remp)
314 return 0;
315
316 locp = atoi(commaPtr);
317 if(!locp)
318 return 0;
319
320 /* look for USERID bordered by first pair of colons */
321 if(!strstr(colon1Ptr, "USERID"))
322 return 0;
323
324 colon3Ptr = strchr(colon2Ptr, ':');
325 if(!colon3Ptr)
326 return 0;
327
328 *colon3Ptr = '\0';
329 colon3Ptr++;
330 return (colon3Ptr);
331}
332
333
334struct auth_provider ident_provider =
335{
336 .id = PROVIDER_IDENT,
337 .init = ident_init,
338 .destroy = ident_destroy,
339 .start = ident_start,
340 .cancel = ident_cancel,
341 .completed = NULL,
342};