[solanum.git] / ircd / authproc.c

/*
 *  authd.c: An interface to authd.
 *  (based somewhat on ircd-ratbox dns.c)
 *
 *  Copyright (C) 2005 Aaron Sethman <androsyn@ratbox.org>
 *  Copyright (C) 2005-2012 ircd-ratbox development team
 *  Copyright (C) 2016 William Pitcock <nenolod@dereferenced.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
 *  USA
 */

#include "stdinc.h"
#include "rb_lib.h"
#include "client.h"
#include "ircd_defs.h"
#include "parse.h"
#include "authproc.h"
#include "match.h"
#include "logger.h"
#include "s_conf.h"
#include "s_stats.h"
#include "client.h"
#include "packet.h"
#include "hash.h"
#include "send.h"
#include "numeric.h"
#include "msg.h"
#include "dns.h"

typedef void (*authd_cb_t)(int, char **);

struct authd_cb
{
	authd_cb_t fn;
	int min_parc;
};

static int start_authd(void);
static void parse_authd_reply(rb_helper * helper);
static void restart_authd_cb(rb_helper * helper);
static EVH timeout_dead_authd_clients;

static void cmd_accept_client(int parc, char **parv);
static void cmd_reject_client(int parc, char **parv);
static void cmd_dns_result(int parc, char **parv);
static void cmd_notice_client(int parc, char **parv);
static void cmd_oper_warn(int parc, char **parv);
static void cmd_stats_results(int parc, char **parv);

rb_helper *authd_helper;
static char *authd_path;

uint32_t cid;
static rb_dictionary *cid_clients;
static struct ev_entry *timeout_ev;

rb_dictionary *bl_stats;

static struct authd_cb authd_cmd_tab[256] =
{
	['A'] = { cmd_accept_client,	4 },
	['E'] = { cmd_dns_result,	5 },
	['N'] = { cmd_notice_client,	3 },
	['R'] = { cmd_reject_client,	7 },
	['W'] = { cmd_oper_warn,	3 },
	['X'] = { cmd_stats_results,	3 },
	['Y'] = { cmd_stats_results,	3 },
	['Z'] = { cmd_stats_results,	3 },
};

static int
start_authd(void)
{
	char fullpath[PATH_MAX + 1];
#ifdef _WIN32
	const char *suffix = ".exe";
#else
	const char *suffix = "";
#endif
	if(authd_path == NULL)
	{
		snprintf(fullpath, sizeof(fullpath), "%s%cauthd%s", ircd_paths[IRCD_PATH_LIBEXEC], RB_PATH_SEPARATOR, suffix);

		if(access(fullpath, X_OK) == -1)
		{
			snprintf(fullpath, sizeof(fullpath), "%s%cbin%cauthd%s",
				 ConfigFileEntry.dpath, RB_PATH_SEPARATOR, RB_PATH_SEPARATOR, suffix);
			if(access(fullpath, X_OK) == -1)
			{
				ierror("Unable to execute authd in %s or %s/bin",
					ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
				sendto_realops_snomask(SNO_GENERAL, L_ALL,
						       "Unable to execute authd in %s or %s/bin",
						       ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
				return 1;
			}

		}

		authd_path = rb_strdup(fullpath);
	}

	if(cid_clients == NULL)
		cid_clients = rb_dictionary_create("authd cid to uid mapping", rb_uint32cmp);

	if(bl_stats == NULL)
		bl_stats = rb_dictionary_create("blacklist statistics", strcasecmp);

	if(timeout_ev == NULL)
		timeout_ev = rb_event_addish("timeout_dead_authd_clients", timeout_dead_authd_clients, NULL, 1);

	authd_helper = rb_helper_start("authd", authd_path, parse_authd_reply, restart_authd_cb);

	if(authd_helper == NULL)
	{
		ierror("Unable to start authd helper: %s", strerror(errno));
		sendto_realops_snomask(SNO_GENERAL, L_ALL, "Unable to start authd helper: %s", strerror(errno));
		return 1;
	}
	ilog(L_MAIN, "authd helper started");
	sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd helper started");
	rb_helper_run(authd_helper);
	return 0;
}

static inline uint32_t
str_to_cid(const char *str)
{
	long lcid = strtol(str, NULL, 16);

	if(lcid > UINT32_MAX || lcid <= 0)
	{
		iwarn("authd sent us back a bad client ID: %lx", lcid);
		restart_authd();
		return 0;
	}

	return (uint32_t)lcid;
}

static inline struct Client *
cid_to_client(uint32_t cid, bool delete)
{
	struct Client *client_p;

	if(delete)
		client_p = rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(cid));
	else
		client_p = rb_dictionary_retrieve(cid_clients, RB_UINT_TO_POINTER(cid));

	/* If the client's not found, that's okay, it may have already gone away.
	 * --Elizafox */

	return client_p;
}

static inline struct Client *
str_cid_to_client(const char *str, bool delete)
{
	uint32_t cid = str_to_cid(str);

	if(cid == 0)
		return NULL;

	return cid_to_client(cid, delete);
}

static void
cmd_accept_client(int parc, char **parv)
{
	struct Client *client_p;

	/* cid to uid (retrieve and delete) */
	if((client_p = str_cid_to_client(parv[1], true)) == NULL)
		return;

	authd_accept_client(client_p, parv[2], parv[3]);
}

static void
cmd_dns_result(int parc, char **parv)
{
	dns_results_callback(parv[1], parv[2], parv[3], parv[4]);
}

static void
cmd_notice_client(int parc, char **parv)
{
	struct Client *client_p;

	if((client_p = str_cid_to_client(parv[1], false)) == NULL)
		return;

	sendto_one_notice(client_p, ":%s", parv[2]);
}

static void
cmd_reject_client(int parc, char **parv)
{
	struct Client *client_p;

	/* cid to uid (retrieve and delete) */
	if((client_p = str_cid_to_client(parv[1], true)) == NULL)
		return;

	authd_reject_client(client_p, parv[3], parv[4], toupper(*parv[2]), parv[5], parv[6]);
}

static void
cmd_oper_warn(int parc, char **parv)
{
	switch(*parv[1])
	{
	case 'D':	/* Debug */
		sendto_realops_snomask(SNO_DEBUG, L_ALL, "authd debug: %s", parv[2]);
		idebug("authd: %s", parv[2]);
		break;
	case 'I':	/* Info */
		sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd info: %s", parv[2]);
		inotice("authd: %s", parv[2]);
		break;
	case 'W':	/* Warning */
		sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd WARNING: %s", parv[2]);
		iwarn("authd: %s", parv[2]);
		break;
	case 'C':	/* Critical (error) */
		sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd CRITICAL: %s", parv[2]);
		ierror("authd: %s", parv[2]);
		break;
	default:	/* idk */
		sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd sent us an unknown oper notice type (%s): %s", parv[1], parv[2]);
		ilog(L_MAIN, "authd unknown oper notice type (%s): %s", parv[1], parv[2]);
		break;
	}
}

static void
cmd_stats_results(int parc, char **parv)
{
	/* Select by type */
	switch(*parv[2])
	{
	case 'D':
		/* parv[0] conveys status */
		if(parc < 4)
		{
			iwarn("authd sent a result with wrong number of arguments: got %d", parc);
			restart_authd();
			return;
		}
		dns_stats_results_callback(parv[1], parv[0], parc - 3, (const char **)&parv[3]);
		break;
	default:
		break;
	}
}

static void
parse_authd_reply(rb_helper * helper)
{
	ssize_t len;
	int parc;
	char buf[READBUF_SIZE];
	char *parv[MAXPARA + 1];

	while((len = rb_helper_read(helper, buf, sizeof(buf))) > 0)
	{
		struct authd_cb *cmd;

		parc = rb_string_to_array(buf, parv, MAXPARA+1);
		cmd = &authd_cmd_tab[*parv[0]];
		if(cmd->fn != NULL)
		{
			if(cmd->min_parc > parc)
			{
				iwarn("authd sent a result with wrong number of arguments: expected %d, got %d",
					cmd->min_parc, parc);
				restart_authd();
				continue;
			}

			cmd->fn(parc, parv);
		}
		else
		{
			iwarn("authd sent us a bad command type: %c", *parv[0]);
			restart_authd();
			continue;
		}
	}
}

void
init_authd(void)
{
	if(start_authd())
	{
		ierror("Unable to start authd helper: %s", strerror(errno));
		exit(0);
	}
}

void
configure_authd(void)
{
	/* These will do for now */
	set_authd_timeout("ident_timeout", GlobalSetOptions.ident_timeout);
	set_authd_timeout("rdns_timeout", ConfigFileEntry.connect_timeout);
	set_authd_timeout("rbl_timeout", ConfigFileEntry.connect_timeout);
	ident_check_enable(!ConfigFileEntry.disable_auth);
}

static void
restart_authd_cb(rb_helper * helper)
{
	rb_dictionary_iter iter;
	struct Client *client_p;

	iwarn("authd: restart_authd_cb called, authd died?");
	sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd: restart_authd_cb called, authd died?");

	if(helper != NULL)
	{
		rb_helper_close(helper);
		authd_helper = NULL;
	}

	RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients)
	{
		/* Abort any existing clients */
		authd_abort_client(client_p);
	}

	start_authd();
	configure_authd();
	rehash(false);	/* FIXME - needed to reload authd configuration */
}

void
restart_authd(void)
{
	restart_authd_cb(authd_helper);
}

void
rehash_authd(void)
{
	rb_helper_write(authd_helper, "R");
}

void
check_authd(void)
{
	if(authd_helper == NULL)
		restart_authd();
}

static inline uint32_t
generate_cid(void)
{
	if(++cid == 0)
		cid = 1;

	return cid;
}

/* Basically when this is called we begin handing off the client to authd for
 * processing. authd "owns" the client until processing is finished, or we
 * timeout from authd. authd will make a decision whether or not to accept the
 * client, but it's up to other parts of the code (for now) to decide if we're
 * gonna accept the client and ignore authd's suggestion.
 *
 * --Elizafox
 */
void
authd_initiate_client(struct Client *client_p)
{
	char client_ipaddr[HOSTIPLEN+1];
	char listen_ipaddr[HOSTIPLEN+1];
	uint16_t client_port, listen_port;
	uint32_t authd_cid;

	if(client_p->preClient == NULL || client_p->preClient->authd_cid != 0)
		return;

	authd_cid = client_p->preClient->authd_cid = generate_cid();

	/* Collisions are extremely unlikely, so disregard the possibility */
	rb_dictionary_add(cid_clients, RB_UINT_TO_POINTER(authd_cid), client_p);

	/* Retrieve listener and client IP's */
	rb_inet_ntop_sock((struct sockaddr *)&client_p->preClient->lip, listen_ipaddr, sizeof(listen_ipaddr));
	rb_inet_ntop_sock((struct sockaddr *)&client_p->localClient->ip, client_ipaddr, sizeof(client_ipaddr));

	/* Retrieve listener and client ports */
	listen_port = ntohs(GET_SS_PORT(&client_p->preClient->lip));
	client_port = ntohs(GET_SS_PORT(&client_p->localClient->ip));

	/* Add a bit of a fudge factor... */
	client_p->preClient->authd_timeout = rb_current_time() + ConfigFileEntry.connect_timeout + 10;

	rb_helper_write(authd_helper, "C %x %s %hu %s %hu", authd_cid, listen_ipaddr, listen_port, client_ipaddr, client_port);
}

/* When this is called we have a decision on client acceptance.
 *
 * After this point authd no longer "owns" the client.
 */
static inline void
authd_decide_client(struct Client *client_p, const char *ident, const char *host, bool accept, char cause, const char *data, const char *reason)
{
	if(client_p->preClient == NULL || client_p->preClient->authd_cid == 0)
		return;

	if(*ident != '*')
	{
		rb_strlcpy(client_p->username, ident, sizeof(client_p->username));
		ServerStats.is_asuc++;
	}
	else
		ServerStats.is_abad++; /* s_auth used to do this, stay compatible */

	if(*host != '*')
		rb_strlcpy(client_p->host, host, sizeof(client_p->host));

	rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->authd_cid));

	client_p->preClient->authd_accepted = accept;
	client_p->preClient->authd_cause = cause;
	client_p->preClient->authd_data = (data == NULL ? NULL : rb_strdup(data));
	client_p->preClient->authd_reason = (reason == NULL ? NULL : rb_strdup(reason));
	client_p->preClient->authd_cid = 0;

	/*
	 * When a client has auth'ed, we want to start reading what it sends
	 * us. This is what read_packet() does.
	 *     -- adrian
	 *
	 * Above comment was originally in s_auth.c, but moved here with below code.
	 * --Elizafox
	 */
	rb_dlinkAddTail(client_p, &client_p->node, &global_client_list);
	read_packet(client_p->localClient->F, client_p);
}

/* Convenience function to accept client */
void
authd_accept_client(struct Client *client_p, const char *ident, const char *host)
{
	authd_decide_client(client_p, ident, host, true, '\0', NULL, NULL);
}

/* Convenience function to reject client */
void
authd_reject_client(struct Client *client_p, const char *ident, const char *host, char cause, const char *data, const char *reason)
{
	authd_decide_client(client_p, ident, host, false, cause, data, reason);
}

void
authd_abort_client(struct Client *client_p)
{
	if(client_p == NULL || client_p->preClient == NULL)
		return;

	if(client_p->preClient->authd_cid == 0)
		return;

	rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->authd_cid));

	if(authd_helper != NULL)
		rb_helper_write(authd_helper, "E %x", client_p->preClient->authd_cid);

	client_p->preClient->authd_accepted = true;
	client_p->preClient->authd_cid = 0;
}

static void
timeout_dead_authd_clients(void *notused __unused)
{
	rb_dictionary_iter iter;
	struct Client *client_p;

	RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients)
	{
		if(client_p->preClient->authd_timeout < rb_current_time())
			authd_abort_client(client_p);
	}
}

/* Send a new blacklist to authd */
void
add_blacklist(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters)
{
	rb_dlink_node *ptr;
	struct blacklist_stats *stats = rb_malloc(sizeof(struct blacklist_stats));
	char filterbuf[BUFSIZE] = "*";
	size_t s = 0;

	/* Build a list of comma-separated values for authd.
	 * We don't check for validity - do it elsewhere.
	 */
	RB_DLINK_FOREACH(ptr, filters->head)
	{
		char *filter = ptr->data;
		size_t filterlen = strlen(filter) + 1;

		if(s + filterlen > sizeof(filterbuf))
			break;

		snprintf(&filterbuf[s], sizeof(filterbuf) - s, "%s,", filter);

		s += filterlen;
	}

	if(s)
		filterbuf[s - 1] = '\0';

	stats->iptype = iptype;
	stats->hits = 0;
	rb_dictionary_add(bl_stats, host, stats);

	rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", host, iptype, filterbuf, reason);
}

/* Delete a blacklist */
void
del_blacklist(const char *host)
{
	rb_free(rb_dictionary_delete(bl_stats, host));

	rb_helper_write(authd_helper, "O rbl_del %s", host);
}

/* Delete all the blacklists */
void
del_blacklist_all(void)
{
	struct blacklist_stats *stats;
	rb_dictionary_iter iter;

	RB_DICTIONARY_FOREACH(stats, &iter, bl_stats)
	{
		rb_free(stats);
		rb_dictionary_delete(bl_stats, iter.cur->key);
	}

	rb_helper_write(authd_helper, "O rbl_del_all");
}

/* Adjust an authd timeout value */
bool
set_authd_timeout(const char *key, int timeout)
{
	if(timeout <= 0)
		return false;

	rb_helper_write(authd_helper, "O %s %d", key, timeout);
	return true;
}

/* Enable identd checks */
void
ident_check_enable(bool enabled)
{
	rb_helper_write(authd_helper, "O ident_enabled %d", enabled ? 1 : 0);
}

/* Create an OPM listener */
void
create_opm_listener(const char *ip, uint16_t port)
{
	char ipbuf[HOSTIPLEN];
	rb_strlcpy(ipbuf, ip, sizeof(ipbuf));
	if(ipbuf[0] == ':')
	{
		memmove(ipbuf + 1, ipbuf, sizeof(ipbuf) - 1);
		ipbuf[0] = '0';
	}

	rb_helper_write(authd_helper, "O opm_listener %s %hu", ipbuf, port);
}

/* Disable all OPM scans */
void
opm_check_enable(bool enabled)
{
	rb_helper_write(authd_helper, "O opm_enabled %d", enabled ? 1 : 0);
}

/* Create an OPM proxy scanner */
void
create_opm_proxy_scanner(const char *type, uint16_t port)
{
	rb_helper_write(authd_helper, "O opm_scanner %s %hu", type, port);
}

void
delete_opm_proxy_scanner(const char *type, uint16_t port)
{
	rb_helper_write(authd_helper, "O opm_scanner_del %s %hu", type, port);
}

void
delete_opm_proxy_scanner_all(void)
{
	rb_helper_write(authd_helper, "O opm_scanner_del_all");
}
Commit	Line	Data
fb7d74ef AC	1	/*
	2	* authd.c: An interface to authd.
	3	* (based somewhat on ircd-ratbox dns.c)
	4	*
	5	* Copyright (C) 2005 Aaron Sethman <androsyn@ratbox.org>
	6	* Copyright (C) 2005-2012 ircd-ratbox development team
	7	* Copyright (C) 2016 William Pitcock <nenolod@dereferenced.org>
	8	*
	9	* This program is free software; you can redistribute it and/or modify
	10	* it under the terms of the GNU General Public License as published by
	11	* the Free Software Foundation; either version 2 of the License, or
	12	* (at your option) any later version.
	13	*
	14	* This program is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	* GNU General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU General Public License
	20	* along with this program; if not, write to the Free Software
	21	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
	22	* USA
	23	*/
	24
d3f6b808 EM	25	#include "stdinc.h"
	26	#include "rb_lib.h"
	27	#include "client.h"
	28	#include "ircd_defs.h"
	29	#include "parse.h"
64fae260	30	#include "authproc.h"
d3f6b808 EM	31	#include "match.h"
	32	#include "logger.h"
	33	#include "s_conf.h"
	34	#include "s_stats.h"
	35	#include "client.h"
	36	#include "packet.h"
	37	#include "hash.h"
	38	#include "send.h"
	39	#include "numeric.h"
	40	#include "msg.h"
	41	#include "dns.h"
fb7d74ef	42
ae0a0585 EM	43	typedef void (authd_cb_t)(int, char *);
	44
	45	struct authd_cb
	46	{
	47	authd_cb_t fn;
	48	int min_parc;
	49	};
	50
fb7d74ef AC	51	static int start_authd(void);
	52	static void parse_authd_reply(rb_helper * helper);
	53	static void restart_authd_cb(rb_helper * helper);
ef0b13b9	54	static EVH timeout_dead_authd_clients;
fb7d74ef	55
ae0a0585 EM	56	static void cmd_accept_client(int parc, char **parv);
	57	static void cmd_reject_client(int parc, char **parv);
	58	static void cmd_dns_result(int parc, char **parv);
	59	static void cmd_notice_client(int parc, char **parv);
	60	static void cmd_oper_warn(int parc, char **parv);
	61	static void cmd_stats_results(int parc, char **parv);
	62
fb7d74ef AC	63	rb_helper *authd_helper;
	64	static char *authd_path;
	65
50808796	66	uint32_t cid;
d3f6b808	67	static rb_dictionary *cid_clients;
ef0b13b9	68	static struct ev_entry *timeout_ev;
d3f6b808 EM	69
	70	rb_dictionary *bl_stats;
	71
ae0a0585 EM	72	static struct authd_cb authd_cmd_tab[256] =
	73	{
	74	['A'] = { cmd_accept_client, 4 },
	75	['E'] = { cmd_dns_result, 5 },
	76	['N'] = { cmd_notice_client, 3 },
	77	['R'] = { cmd_reject_client, 7 },
	78	['W'] = { cmd_oper_warn, 3 },
	79	['X'] = { cmd_stats_results, 3 },
	80	['Y'] = { cmd_stats_results, 3 },
	81	['Z'] = { cmd_stats_results, 3 },
	82	};
	83
fb7d74ef AC	84	static int
	85	start_authd(void)
	86	{
	87	char fullpath[PATH_MAX + 1];
	88	#ifdef _WIN32
	89	const char *suffix = ".exe";
	90	#else
	91	const char *suffix = "";
	92	#endif
	93	if(authd_path == NULL)
	94	{
4d8cfacd	95	snprintf(fullpath, sizeof(fullpath), "%s%cauthd%s", ircd_paths[IRCD_PATH_LIBEXEC], RB_PATH_SEPARATOR, suffix);
fb7d74ef AC	96
	97	if(access(fullpath, X_OK) == -1)
	98	{
4d8cfacd AC	99	snprintf(fullpath, sizeof(fullpath), "%s%cbin%cauthd%s",
4d8cfacd AC	100	ConfigFileEntry.dpath, RB_PATH_SEPARATOR, RB_PATH_SEPARATOR, suffix);
fb7d74ef AC	101	if(access(fullpath, X_OK) == -1)
fb7d74ef AC	102	{
7ad083b0 EM	103	ierror("Unable to execute authd in %s or %s/bin",
7ad083b0 EM	104	ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
fb7d74ef	105	sendto_realops_snomask(SNO_GENERAL, L_ALL,
4d8cfacd AC	106	"Unable to execute authd in %s or %s/bin",
4d8cfacd AC	107	ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
fb7d74ef AC	108	return 1;
	109	}
	110
	111	}
	112
	113	authd_path = rb_strdup(fullpath);
	114	}
	115
d3f6b808 EM	116	if(cid_clients == NULL)
	117	cid_clients = rb_dictionary_create("authd cid to uid mapping", rb_uint32cmp);
	118
	119	if(bl_stats == NULL)
	120	bl_stats = rb_dictionary_create("blacklist statistics", strcasecmp);
	121
ef0b13b9 EM	122	if(timeout_ev == NULL)
	123	timeout_ev = rb_event_addish("timeout_dead_authd_clients", timeout_dead_authd_clients, NULL, 1);
	124
fb7d74ef AC	125	authd_helper = rb_helper_start("authd", authd_path, parse_authd_reply, restart_authd_cb);
	126
	127	if(authd_helper == NULL)
	128	{
7ad083b0	129	ierror("Unable to start authd helper: %s", strerror(errno));
fb7d74ef AC	130	sendto_realops_snomask(SNO_GENERAL, L_ALL, "Unable to start authd helper: %s", strerror(errno));
	131	return 1;
	132	}
	133	ilog(L_MAIN, "authd helper started");
	134	sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd helper started");
	135	rb_helper_run(authd_helper);
	136	return 0;
	137	}
	138
6a7bb6f1 EM	139	static inline uint32_t
	140	str_to_cid(const char *str)
	141	{
	142	long lcid = strtol(str, NULL, 16);
	143
	144	if(lcid > UINT32_MAX \|\| lcid <= 0)
	145	{
	146	iwarn("authd sent us back a bad client ID: %lx", lcid);
	147	restart_authd();
	148	return 0;
	149	}
	150
	151	return (uint32_t)lcid;
	152	}
	153
	154	static inline struct Client *
	155	cid_to_client(uint32_t cid, bool delete)
	156	{
	157	struct Client *client_p;
	158
	159	if(delete)
	160	client_p = rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(cid));
	161	else
	162	client_p = rb_dictionary_retrieve(cid_clients, RB_UINT_TO_POINTER(cid));
	163
61d1befa EM	164	/* If the client's not found, that's okay, it may have already gone away.
61d1befa EM	165	* --Elizafox */
6a7bb6f1 EM	166
	167	return client_p;
	168	}
	169
adfe7b83 EM	170	static inline struct Client *
	171	str_cid_to_client(const char *str, bool delete)
	172	{
	173	uint32_t cid = str_to_cid(str);
	174
	175	if(cid == 0)
	176	return NULL;
	177
	178	return cid_to_client(cid, delete);
	179	}
	180
fb7d74ef	181	static void
ae0a0585	182	cmd_accept_client(int parc, char **parv)
fb7d74ef	183	{
d3f6b808	184	struct Client *client_p;
6d0fafec	185
ae0a0585 EM	186	/* cid to uid (retrieve and delete) */
	187	if((client_p = str_cid_to_client(parv[1], true)) == NULL)
	188	return;
394b8dde	189
ae0a0585 EM	190	authd_accept_client(client_p, parv[2], parv[3]);
ae0a0585 EM	191	}
fb7d74ef	192
ae0a0585 EM	193	static void
	194	cmd_dns_result(int parc, char **parv)
	195	{
	196	dns_results_callback(parv[1], parv[2], parv[3], parv[4]);
	197	}
d3f6b808	198
ae0a0585 EM	199	static void
	200	cmd_notice_client(int parc, char **parv)
	201	{
	202	struct Client *client_p;
d3f6b808	203
ae0a0585 EM	204	if((client_p = str_cid_to_client(parv[1], false)) == NULL)
ae0a0585 EM	205	return;
d3f6b808	206
ae0a0585 EM	207	sendto_one_notice(client_p, ":%s", parv[2]);
ae0a0585 EM	208	}
d3f6b808	209
ae0a0585 EM	210	static void
	211	cmd_reject_client(int parc, char **parv)
	212	{
	213	struct Client *client_p;
50808796	214
ae0a0585 EM	215	/* cid to uid (retrieve and delete) */
	216	if((client_p = str_cid_to_client(parv[1], true)) == NULL)
	217	return;
cc4d3931	218
ae0a0585 EM	219	authd_reject_client(client_p, parv[3], parv[4], toupper(*parv[2]), parv[5], parv[6]);
ae0a0585 EM	220	}
adfe7b83	221
ae0a0585 EM	222	static void
	223	cmd_oper_warn(int parc, char **parv)
	224	{
e2a8228f	225	switch(*parv[1])
ae0a0585 EM	226	{
ae0a0585 EM	227	case 'D': /* Debug */
e2a8228f EM	228	sendto_realops_snomask(SNO_DEBUG, L_ALL, "authd debug: %s", parv[2]);
e2a8228f EM	229	idebug("authd: %s", parv[2]);
ae0a0585 EM	230	break;
ae0a0585 EM	231	case 'I': /* Info */
e2a8228f EM	232	sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd info: %s", parv[2]);
e2a8228f EM	233	inotice("authd: %s", parv[2]);
ae0a0585 EM	234	break;
ae0a0585 EM	235	case 'W': /* Warning */
e2a8228f EM	236	sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd WARNING: %s", parv[2]);
e2a8228f EM	237	iwarn("authd: %s", parv[2]);
ae0a0585 EM	238	break;
ae0a0585 EM	239	case 'C': /* Critical (error) */
e2a8228f EM	240	sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd CRITICAL: %s", parv[2]);
e2a8228f EM	241	ierror("authd: %s", parv[2]);
ae0a0585 EM	242	break;
ae0a0585 EM	243	default: /* idk */
e2a8228f EM	244	sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd sent us an unknown oper notice type (%s): %s", parv[1], parv[2]);
e2a8228f EM	245	ilog(L_MAIN, "authd unknown oper notice type (%s): %s", parv[1], parv[2]);
ae0a0585 EM	246	break;
	247	}
	248	}
0a659bf0	249
ae0a0585 EM	250	static void
	251	cmd_stats_results(int parc, char **parv)
	252	{
	253	/* Select by type */
	254	switch(*parv[2])
	255	{
	256	case 'D':
	257	/* parv[0] conveys status */
	258	if(parc < 4)
	259	{
	260	iwarn("authd sent a result with wrong number of arguments: got %d", parc);
	261	restart_authd();
	262	return;
	263	}
	264	dns_stats_results_callback(parv[1], parv[0], parc - 3, (const char **)&parv[3]);
	265	break;
	266	default:
	267	break;
	268	}
	269	}
	270
	271	static void
	272	parse_authd_reply(rb_helper * helper)
	273	{
	274	ssize_t len;
	275	int parc;
6d0fafec	276	char buf[READBUF_SIZE];
ae0a0585	277	char *parv[MAXPARA + 1];
0a659bf0	278
6d0fafec	279	while((len = rb_helper_read(helper, buf, sizeof(buf))) > 0)
ae0a0585 EM	280	{
	281	struct authd_cb *cmd;
	282
6d0fafec	283	parc = rb_string_to_array(buf, parv, MAXPARA+1);
ae0a0585 EM	284	cmd = &authd_cmd_tab[*parv[0]];
	285	if(cmd->fn != NULL)
	286	{
	287	if(cmd->min_parc > parc)
394b8dde	288	{
ae0a0585 EM	289	iwarn("authd sent a result with wrong number of arguments: expected %d, got %d",
ae0a0585 EM	290	cmd->min_parc, parc);
394b8dde	291	restart_authd();
ae0a0585	292	continue;
394b8dde EM	293	}
394b8dde EM	294
ae0a0585	295	cmd->fn(parc, parv);
fb7d74ef	296	}
b0326abd EM	297	else
	298	{
	299	iwarn("authd sent us a bad command type: %c", *parv[0]);
	300	restart_authd();
	301	continue;
	302	}
fb7d74ef AC	303	}
	304	}
	305
	306	void
	307	init_authd(void)
	308	{
	309	if(start_authd())
	310	{
7ad083b0	311	ierror("Unable to start authd helper: %s", strerror(errno));
fb7d74ef AC	312	exit(0);
	313	}
	314	}
	315
d3f6b808 EM	316	void
	317	configure_authd(void)
	318	{
	319	/* These will do for now */
	320	set_authd_timeout("ident_timeout", GlobalSetOptions.ident_timeout);
	321	set_authd_timeout("rdns_timeout", ConfigFileEntry.connect_timeout);
50808796 EM	322	set_authd_timeout("rbl_timeout", ConfigFileEntry.connect_timeout);
50808796 EM	323	ident_check_enable(!ConfigFileEntry.disable_auth);
d3f6b808 EM	324	}
d3f6b808 EM	325
fb7d74ef AC	326	static void
	327	restart_authd_cb(rb_helper * helper)
	328	{
e1582810 EM	329	rb_dictionary_iter iter;
	330	struct Client *client_p;
	331
7ad083b0	332	iwarn("authd: restart_authd_cb called, authd died?");
3949459b	333	sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd: restart_authd_cb called, authd died?");
e1582810	334
fb7d74ef AC	335	if(helper != NULL)
	336	{
	337	rb_helper_close(helper);
	338	authd_helper = NULL;
	339	}
e1582810 EM	340
	341	RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients)
	342	{
	343	/* Abort any existing clients */
	344	authd_abort_client(client_p);
	345	}
	346
fb7d74ef	347	start_authd();
e2a8228f	348	configure_authd();
1d657e0b	349	rehash(false); /* FIXME - needed to reload authd configuration */
fb7d74ef AC	350	}
	351
	352	void
	353	restart_authd(void)
	354	{
	355	restart_authd_cb(authd_helper);
	356	}
	357
	358	void
	359	rehash_authd(void)
	360	{
	361	rb_helper_write(authd_helper, "R");
	362	}
	363
	364	void
	365	check_authd(void)
	366	{
	367	if(authd_helper == NULL)
	368	restart_authd();
	369	}
d3f6b808 EM	370
	371	static inline uint32_t
	372	generate_cid(void)
	373	{
	374	if(++cid == 0)
	375	cid = 1;
	376
	377	return cid;
	378	}
	379
	380	/* Basically when this is called we begin handing off the client to authd for
	381	* processing. authd "owns" the client until processing is finished, or we
	382	* timeout from authd. authd will make a decision whether or not to accept the
	383	* client, but it's up to other parts of the code (for now) to decide if we're
	384	* gonna accept the client and ignore authd's suggestion.
	385	*
	386	* --Elizafox
	387	*/
	388	void
	389	authd_initiate_client(struct Client *client_p)
	390	{
	391	char client_ipaddr[HOSTIPLEN+1];
	392	char listen_ipaddr[HOSTIPLEN+1];
	393	uint16_t client_port, listen_port;
	394	uint32_t authd_cid;
	395
50808796	396	if(client_p->preClient == NULL \|\| client_p->preClient->authd_cid != 0)
d3f6b808 EM	397	return;
	398
	399	authd_cid = client_p->preClient->authd_cid = generate_cid();
	400
	401	/* Collisions are extremely unlikely, so disregard the possibility */
50808796	402	rb_dictionary_add(cid_clients, RB_UINT_TO_POINTER(authd_cid), client_p);
d3f6b808 EM	403
	404	/* Retrieve listener and client IP's */
	405	rb_inet_ntop_sock((struct sockaddr *)&client_p->preClient->lip, listen_ipaddr, sizeof(listen_ipaddr));
	406	rb_inet_ntop_sock((struct sockaddr *)&client_p->localClient->ip, client_ipaddr, sizeof(client_ipaddr));
	407
	408	/* Retrieve listener and client ports */
d86692fa EM	409	listen_port = ntohs(GET_SS_PORT(&client_p->preClient->lip));
d86692fa EM	410	client_port = ntohs(GET_SS_PORT(&client_p->localClient->ip));
d3f6b808	411
59d42a9f	412	/* Add a bit of a fudge factor... */
d86692fa	413	client_p->preClient->authd_timeout = rb_current_time() + ConfigFileEntry.connect_timeout + 10;
d3f6b808 EM	414
	415	rb_helper_write(authd_helper, "C %x %s %hu %s %hu", authd_cid, listen_ipaddr, listen_port, client_ipaddr, client_port);
	416	}
	417
	418	/* When this is called we have a decision on client acceptance.
	419	*
	420	* After this point authd no longer "owns" the client.
	421	*/
b1a577f2	422	static inline void
d3f6b808 EM	423	authd_decide_client(struct Client client_p, const char ident, const char host, bool accept, char cause, const char data, const char *reason)
	424	{
	425	if(client_p->preClient == NULL \|\| client_p->preClient->authd_cid == 0)
	426	return;
	427
	428	if(ident != '')
	429	{
	430	rb_strlcpy(client_p->username, ident, sizeof(client_p->username));
4f6119cd	431	ServerStats.is_asuc++;
d3f6b808 EM	432	}
d3f6b808 EM	433	else
4f6119cd	434	ServerStats.is_abad++; /* s_auth used to do this, stay compatible */
d3f6b808 EM	435
	436	if(host != '')
	437	rb_strlcpy(client_p->host, host, sizeof(client_p->host));
	438
6d5edc6f EM	439	rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->authd_cid));
6d5edc6f EM	440
d3f6b808 EM	441	client_p->preClient->authd_accepted = accept;
	442	client_p->preClient->authd_cause = cause;
	443	client_p->preClient->authd_data = (data == NULL ? NULL : rb_strdup(data));
	444	client_p->preClient->authd_reason = (reason == NULL ? NULL : rb_strdup(reason));
d3f6b808 EM	445	client_p->preClient->authd_cid = 0;
	446
	447	/*
	448	* When a client has auth'ed, we want to start reading what it sends
	449	* us. This is what read_packet() does.
	450	* -- adrian
	451	*
	452	* Above comment was originally in s_auth.c, but moved here with below code.
	453	* --Elizafox
	454	*/
	455	rb_dlinkAddTail(client_p, &client_p->node, &global_client_list);
	456	read_packet(client_p->localClient->F, client_p);
	457	}
	458
b1a577f2 EM	459	/* Convenience function to accept client */
	460	void
	461	authd_accept_client(struct Client client_p, const char ident, const char *host)
	462	{
	463	authd_decide_client(client_p, ident, host, true, '\0', NULL, NULL);
	464	}
	465
	466	/* Convenience function to reject client */
	467	void
	468	authd_reject_client(struct Client client_p, const char ident, const char host, char cause, const char data, const char *reason)
	469	{
	470	authd_decide_client(client_p, ident, host, false, cause, data, reason);
	471	}
	472
d3f6b808 EM	473	void
	474	authd_abort_client(struct Client *client_p)
	475	{
e1582810	476	if(client_p == NULL \|\| client_p->preClient == NULL)
d3f6b808 EM	477	return;
	478
	479	if(client_p->preClient->authd_cid == 0)
	480	return;
	481
	482	rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->authd_cid));
	483
e1582810 EM	484	if(authd_helper != NULL)
	485	rb_helper_write(authd_helper, "E %x", client_p->preClient->authd_cid);
	486
6d5edc6f	487	client_p->preClient->authd_accepted = true;
d3f6b808 EM	488	client_p->preClient->authd_cid = 0;
	489	}
	490
ef0b13b9 EM	491	static void
	492	timeout_dead_authd_clients(void *notused __unused)
	493	{
	494	rb_dictionary_iter iter;
0bb5d3f0	495	struct Client *client_p;
ef0b13b9	496
0bb5d3f0	497	RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients)
ef0b13b9	498	{
ef0b13b9	499	if(client_p->preClient->authd_timeout < rb_current_time())
e1582810	500	authd_abort_client(client_p);
ef0b13b9 EM	501	}
	502	}
	503
d3f6b808 EM	504	/* Send a new blacklist to authd */
	505	void
	506	add_blacklist(const char host, const char reason, uint8_t iptype, rb_dlink_list *filters)
	507	{
	508	rb_dlink_node *ptr;
	509	struct blacklist_stats *stats = rb_malloc(sizeof(struct blacklist_stats));
50808796	510	char filterbuf[BUFSIZE] = "*";
d3f6b808 EM	511	size_t s = 0;
	512
	513	/* Build a list of comma-separated values for authd.
	514	* We don't check for validity - do it elsewhere.
	515	*/
	516	RB_DLINK_FOREACH(ptr, filters->head)
	517	{
	518	char *filter = ptr->data;
	519	size_t filterlen = strlen(filter) + 1;
	520
	521	if(s + filterlen > sizeof(filterbuf))
	522	break;
	523
	524	snprintf(&filterbuf[s], sizeof(filterbuf) - s, "%s,", filter);
	525
	526	s += filterlen;
	527	}
	528
	529	if(s)
	530	filterbuf[s - 1] = '\0';
	531
	532	stats->iptype = iptype;
	533	stats->hits = 0;
	534	rb_dictionary_add(bl_stats, host, stats);
	535
	536	rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", host, iptype, filterbuf, reason);
	537	}
	538
	539	/* Delete a blacklist */
	540	void
	541	del_blacklist(const char *host)
	542	{
e2a8228f	543	rb_free(rb_dictionary_delete(bl_stats, host));
d3f6b808 EM	544
	545	rb_helper_write(authd_helper, "O rbl_del %s", host);
	546	}
	547
	548	/* Delete all the blacklists */
	549	void
	550	del_blacklist_all(void)
	551	{
	552	struct blacklist_stats *stats;
	553	rb_dictionary_iter iter;
	554
	555	RB_DICTIONARY_FOREACH(stats, &iter, bl_stats)
	556	{
	557	rb_free(stats);
	558	rb_dictionary_delete(bl_stats, iter.cur->key);
	559	}
	560
	561	rb_helper_write(authd_helper, "O rbl_del_all");
	562	}
	563
	564	/* Adjust an authd timeout value */
4f6119cd	565	bool
d3f6b808 EM	566	set_authd_timeout(const char *key, int timeout)
d3f6b808 EM	567	{
4f6119cd EM	568	if(timeout <= 0)
	569	return false;
	570
d3f6b808	571	rb_helper_write(authd_helper, "O %s %d", key, timeout);
4f6119cd	572	return true;
d3f6b808	573	}
ad043803	574
4f6119cd	575	/* Enable identd checks */
ad043803 EM	576	void
	577	ident_check_enable(bool enabled)
	578	{
	579	rb_helper_write(authd_helper, "O ident_enabled %d", enabled ? 1 : 0);
	580	}
4f6119cd EM	581
4f6119cd EM	582	/* Create an OPM listener */
b1a577f2	583	void
34f16c46	584	create_opm_listener(const char *ip, uint16_t port)
4f6119cd	585	{
d9364d29 EM	586	char ipbuf[HOSTIPLEN];
	587	rb_strlcpy(ipbuf, ip, sizeof(ipbuf));
	588	if(ipbuf[0] == ':')
	589	{
	590	memmove(ipbuf + 1, ipbuf, sizeof(ipbuf) - 1);
	591	ipbuf[0] = '0';
	592	}
	593
	594	rb_helper_write(authd_helper, "O opm_listener %s %hu", ipbuf, port);
b1a577f2 EM	595	}
	596
	597	/* Disable all OPM scans */
	598	void
	599	opm_check_enable(bool enabled)
	600	{
3d2fc110	601	rb_helper_write(authd_helper, "O opm_enabled %d", enabled ? 1 : 0);
b1a577f2 EM	602	}
b1a577f2 EM	603
51fa2ab8	604	/* Create an OPM proxy scanner */
b1a577f2	605	void
51fa2ab8	606	create_opm_proxy_scanner(const char *type, uint16_t port)
b1a577f2	607	{
51fa2ab8	608	rb_helper_write(authd_helper, "O opm_scanner %s %hu", type, port);
4f6119cd	609	}
3d2fc110 EM	610
	611	void
	612	delete_opm_proxy_scanner(const char *type, uint16_t port)
	613	{
	614	rb_helper_write(authd_helper, "O opm_scanner_del %s %hu", type, port);
	615	}
	616
	617	void
	618	delete_opm_proxy_scanner_all(void)
	619	{
	620	rb_helper_write(authd_helper, "O opm_scanner_del_all");
	621	}