[solanum.git] / authd / providers / ident.c

/* authd/providers/ident.c - ident lookup provider for authd
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include "stdinc.h"
#include "match.h"
#include "authd.h"
#include "provider.h"
#include "res.h"

#define IDENT_BUFSIZE 128

struct ident_query
{
	time_t timeout;				/* Timeout interval */
	rb_fde_t *F;				/* Our FD */
};

/* Goinked from old s_auth.c --Elizafox */
static const char *messages[] =
{
	":*** Checking Ident",
	":*** Got Ident response",
	":*** No Ident response",
};

typedef enum
{
	REPORT_LOOKUP,
	REPORT_FOUND,
	REPORT_FAIL,
} ident_message;

static EVH timeout_ident_queries_event;
static CNCB ident_connected;
static PF read_ident_reply;

static void client_fail(struct auth_client *auth, ident_message message);
static void client_success(struct auth_client *auth);
static char * get_valid_ident(char *buf);

static struct ev_entry *timeout_ev;
static int ident_timeout = 5;


bool ident_init(void)
{
	timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
	return (timeout_ev != NULL);
}

void ident_destroy(void)
{
	struct auth_client *auth;
	rb_dictionary_iter iter;

	/* Nuke all ident queries */
	DICTIONARY_FOREACH(auth, &iter, auth_clients)
	{
		if(auth->data[PROVIDER_IDENT] != NULL)
			client_fail(auth, REPORT_FAIL);
	}
}

bool ident_start(struct auth_client *auth)
{
	struct ident_query *query = rb_malloc(sizeof(struct ident_query));
	struct rb_sockaddr_storage l_addr, c_addr;
	int family;
	rb_fde_t *F;

	auth->data[PROVIDER_IDENT] = query;
	query->timeout = rb_current_time() + ident_timeout;

	if((F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
	{
		client_fail(auth, REPORT_FAIL);
		return true;	/* Not a fatal error */
	}

	query->F = F;

	/* Build sockaddr_storages for rb_connect_tcp below */
	if(!rb_inet_ntop_sock((struct sockaddr *)&l_addr, auth->l_ip, sizeof(l_addr)) ||
		!rb_inet_ntop_sock((struct sockaddr *)&c_addr, auth->c_ip, sizeof(c_addr)))
	{
		client_fail(auth, REPORT_FAIL);
		return true;
	}

	/* Set the ports correctly */
#ifdef RB_IPV6
	if(GET_SS_FAMILY(&l_addr) == AF_INET6)
		((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
	else
#endif
		((struct sockaddr_in *)&l_addr)->sin_port = 0;

#ifdef RB_IPV6
	if(GET_SS_FAMILY(&c_addr) == AF_INET6)
		((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
	else
#endif
		((struct sockaddr_in *)&c_addr)->sin_port = htons(113);

	rb_connect_tcp(F, (struct sockaddr *)&c_addr,
			(struct sockaddr *)&l_addr,
			GET_SS_LEN(&l_addr), ident_connected,
			query, ident_timeout);

	notice_client(auth, messages[REPORT_LOOKUP]);
	set_provider(auth, PROVIDER_IDENT);

	return true;
}

void ident_cancel(struct auth_client *auth)
{
	struct ident_query *query = auth->data[PROVIDER_IDENT];

	if(query != NULL)
		client_fail(auth, REPORT_FAIL);
}

/* Timeout outstanding queries */
static void timeout_ident_queries_event(void *notused)
{
	struct auth_client *auth;
	rb_dictionary_iter iter;

	DICTIONARY_FOREACH(auth, &iter, auth_clients)
	{
		struct ident_query *query = auth->data[PROVIDER_IDENT];

		if(query != NULL && query->timeout < rb_current_time())
			client_fail(auth, REPORT_FAIL);
	}
}

/*
 * ident_connected() - deal with the result of rb_connect_tcp()
 *
 * If the connection failed, we simply close the auth fd and report
 * a failure. If the connection suceeded send the ident server a query
 * giving "theirport , ourport". The write is only attempted *once* so
 * it is deemed to be a fail if the entire write doesn't write all the
 * data given.  This shouldnt be a problem since the socket should have
 * a write buffer far greater than this message to store it in should
 * problems arise. -avalon
 */
static void ident_connected(rb_fde_t *F, int error, void *data)
{
	struct auth_client *auth = data;
	struct ident_query *query = auth->data[PROVIDER_IDENT];
	char authbuf[32];
	int authlen;

	/* Check the error */
	if(error != RB_OK)
	{
		/* We had an error during connection :( */
		client_fail(auth, REPORT_FAIL);
		return;
	}

	snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
			auth->c_port, auth->l_port);
	authlen = strlen(authbuf);

	if(rb_write(query->F, authbuf, authlen) != authlen)
	{
		client_fail(auth, REPORT_FAIL);
		return;
	}

	read_ident_reply(query->F, auth);
}

static void
read_ident_reply(rb_fde_t *F, void *data)
{
	struct auth_client *auth = data;
	struct ident_query *query = auth->data[PROVIDER_IDENT];
	char *s = NULL;
	char *t = NULL;
	int len;
	int count;
	char buf[IDENT_BUFSIZE + 1];	/* buffer to read auth reply into */

	len = rb_read(F, buf, IDENT_BUFSIZE);
	if(len < 0 && rb_ignore_errno(errno))
	{
		rb_setselect(F, RB_SELECT_READ, read_ident_reply, query);
		return;
	}

	if(len > 0)
	{
		buf[len] = '\0';

		if((s = get_valid_ident(buf)))
		{
			t = auth->username;

			while (*s == '~' || *s == '^')
				s++;

			for (count = USERLEN; *s && count; s++)
			{
				if(*s == '@')
				{
					break;
				}
				if(*s != ' ' && *s != ':' && *s != '[')
				{
					*t++ = *s;
					count--;
				}
			}
			*t = '\0';
		}
	}

	if(s == NULL)
		client_fail(auth, REPORT_FAIL);
	else
		client_success(auth);
}

static void client_fail(struct auth_client *auth, ident_message report)
{
	struct ident_query *query = auth->data[PROVIDER_IDENT];

	rb_strlcpy(auth->username, "*", sizeof(auth->username));

	rb_close(query->F);
	rb_free(query);
	auth->data[PROVIDER_IDENT] = NULL;

	notice_client(auth, messages[report]);
	provider_done(auth, PROVIDER_IDENT);
}

static void client_success(struct auth_client *auth)
{
	struct ident_query *query = auth->data[PROVIDER_IDENT];

	rb_close(query->F);
	rb_free(query);
	auth->data[PROVIDER_IDENT] = NULL;

	notice_client(auth, messages[REPORT_FOUND]);
	provider_done(auth, PROVIDER_IDENT);
}

/* get_valid_ident
 * parse ident query reply from identd server
 *
 * Torn out of old s_auth.c because there was nothing wrong with it
 * --Elizafox
 *
 * Inputs	- pointer to ident buf
 * Outputs	- NULL if no valid ident found, otherwise pointer to name
 * Side effects - None
 */
static char *
get_valid_ident(char *buf)
{
	int remp = 0;
	int locp = 0;
	char *colon1Ptr;
	char *colon2Ptr;
	char *colon3Ptr;
	char *commaPtr;
	char *remotePortString;

	/* All this to get rid of a sscanf() fun. */
	remotePortString = buf;

	colon1Ptr = strchr(remotePortString, ':');
	if(!colon1Ptr)
		return 0;

	*colon1Ptr = '\0';
	colon1Ptr++;
	colon2Ptr = strchr(colon1Ptr, ':');
	if(!colon2Ptr)
		return 0;

	*colon2Ptr = '\0';
	colon2Ptr++;
	commaPtr = strchr(remotePortString, ',');

	if(!commaPtr)
		return 0;

	*commaPtr = '\0';
	commaPtr++;

	remp = atoi(remotePortString);
	if(!remp)
		return 0;

	locp = atoi(commaPtr);
	if(!locp)
		return 0;

	/* look for USERID bordered by first pair of colons */
	if(!strstr(colon1Ptr, "USERID"))
		return 0;

	colon3Ptr = strchr(colon2Ptr, ':');
	if(!colon3Ptr)
		return 0;

	*colon3Ptr = '\0';
	colon3Ptr++;
	return (colon3Ptr);
}


struct auth_provider ident_provider =
{
	.id = PROVIDER_IDENT,
	.init = ident_init,
	.destroy = ident_destroy,
	.start = ident_start,
	.cancel = ident_cancel,
	.completed = NULL,
};
Commit	Line	Data
2b0cc3d3 EM	1	/* authd/providers/ident.c - ident lookup provider for authd
	2	* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
	3	*
	4	* Permission to use, copy, modify, and/or distribute this software for any
	5	* purpose with or without fee is hereby granted, provided that the above
	6	* copyright notice and this permission notice is present in all copies.
	7	*
	8	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	9	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	10	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	11	* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
	12	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	13	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	14	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	15	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	16	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
	17	* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	18	* POSSIBILITY OF SUCH DAMAGE.
	19	*/
	20
	21	#include "stdinc.h"
	22	#include "match.h"
	23	#include "authd.h"
	24	#include "provider.h"
	25	#include "res.h"
	26
	27	#define IDENT_BUFSIZE 128
	28
	29	struct ident_query
	30	{
2b0cc3d3 EM	31	time_t timeout; /* Timeout interval */
	32	rb_fde_t F; / Our FD */
	33	};
	34
	35	/* Goinked from old s_auth.c --Elizafox */
	36	static const char *messages[] =
	37	{
	38	":*** Checking Ident",
	39	":*** Got Ident response",
	40	":*** No Ident response",
	41	};
	42
	43	typedef enum
	44	{
	45	REPORT_LOOKUP,
	46	REPORT_FOUND,
	47	REPORT_FAIL,
	48	} ident_message;
	49
	50	static EVH timeout_ident_queries_event;
	51	static CNCB ident_connected;
	52	static PF read_ident_reply;
	53
3e875f62 EM	54	static void client_fail(struct auth_client *auth, ident_message message);
3e875f62 EM	55	static void client_success(struct auth_client *auth);
2b0cc3d3 EM	56	static char * get_valid_ident(char *buf);
2b0cc3d3 EM	57
2b0cc3d3 EM	58	static struct ev_entry *timeout_ev;
	59	static int ident_timeout = 5;
	60
	61
	62	bool ident_init(void)
	63	{
	64	timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
	65	return (timeout_ev != NULL);
	66	}
	67
	68	void ident_destroy(void)
	69	{
3e875f62	70	struct auth_client *auth;
aba29d5a	71	rb_dictionary_iter iter;
2b0cc3d3 EM	72
2b0cc3d3 EM	73	/* Nuke all ident queries */
3e875f62	74	DICTIONARY_FOREACH(auth, &iter, auth_clients)
2b0cc3d3	75	{
3e875f62 EM	76	if(auth->data[PROVIDER_IDENT] != NULL)
3e875f62 EM	77	client_fail(auth, REPORT_FAIL);
2b0cc3d3 EM	78	}
	79	}
	80
	81	bool ident_start(struct auth_client *auth)
	82	{
	83	struct ident_query *query = rb_malloc(sizeof(struct ident_query));
	84	struct rb_sockaddr_storage l_addr, c_addr;
	85	int family;
	86	rb_fde_t *F;
	87
3e875f62	88	auth->data[PROVIDER_IDENT] = query;
2b0cc3d3 EM	89	query->timeout = rb_current_time() + ident_timeout;
	90
	91	if((F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
	92	{
3e875f62	93	client_fail(auth, REPORT_FAIL);
2b0cc3d3 EM	94	return true; /* Not a fatal error */
	95	}
	96
	97	query->F = F;
	98
	99	/* Build sockaddr_storages for rb_connect_tcp below */
	100	if(!rb_inet_ntop_sock((struct sockaddr *)&l_addr, auth->l_ip, sizeof(l_addr)) \|\|
	101	!rb_inet_ntop_sock((struct sockaddr *)&c_addr, auth->c_ip, sizeof(c_addr)))
	102	{
3e875f62	103	client_fail(auth, REPORT_FAIL);
2b0cc3d3 EM	104	return true;
	105	}
	106
	107	/* Set the ports correctly */
	108	#ifdef RB_IPV6
	109	if(GET_SS_FAMILY(&l_addr) == AF_INET6)
	110	((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
	111	else
	112	#endif
	113	((struct sockaddr_in *)&l_addr)->sin_port = 0;
	114
	115	#ifdef RB_IPV6
	116	if(GET_SS_FAMILY(&c_addr) == AF_INET6)
	117	((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
	118	else
	119	#endif
	120	((struct sockaddr_in *)&c_addr)->sin_port = htons(113);
	121
	122	rb_connect_tcp(F, (struct sockaddr *)&c_addr,
	123	(struct sockaddr *)&l_addr,
	124	GET_SS_LEN(&l_addr), ident_connected,
	125	query, ident_timeout);
	126
2b0cc3d3	127	notice_client(auth, messages[REPORT_LOOKUP]);
3e875f62	128	set_provider(auth, PROVIDER_IDENT);
2b0cc3d3 EM	129
	130	return true;
	131	}
	132
	133	void ident_cancel(struct auth_client *auth)
	134	{
3e875f62	135	struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3	136
3e875f62 EM	137	if(query != NULL)
3e875f62 EM	138	client_fail(auth, REPORT_FAIL);
2b0cc3d3 EM	139	}
	140
	141	/* Timeout outstanding queries */
	142	static void timeout_ident_queries_event(void *notused)
	143	{
3e875f62	144	struct auth_client *auth;
aba29d5a	145	rb_dictionary_iter iter;
2b0cc3d3	146
3e875f62	147	DICTIONARY_FOREACH(auth, &iter, auth_clients)
2b0cc3d3	148	{
3e875f62	149	struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3	150
3e875f62 EM	151	if(query != NULL && query->timeout < rb_current_time())
3e875f62 EM	152	client_fail(auth, REPORT_FAIL);
2b0cc3d3 EM	153	}
	154	}
	155
	156	/*
	157	* ident_connected() - deal with the result of rb_connect_tcp()
	158	*
	159	* If the connection failed, we simply close the auth fd and report
	160	* a failure. If the connection suceeded send the ident server a query
	161	* giving "theirport , ourport". The write is only attempted once so
	162	* it is deemed to be a fail if the entire write doesn't write all the
	163	* data given. This shouldnt be a problem since the socket should have
	164	* a write buffer far greater than this message to store it in should
	165	* problems arise. -avalon
	166	*/
	167	static void ident_connected(rb_fde_t F, int error, void data)
	168	{
3e875f62 EM	169	struct auth_client *auth = data;
3e875f62 EM	170	struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3 EM	171	char authbuf[32];
	172	int authlen;
	173
	174	/* Check the error */
	175	if(error != RB_OK)
	176	{
	177	/* We had an error during connection :( */
3e875f62	178	client_fail(auth, REPORT_FAIL);
2b0cc3d3 EM	179	return;
	180	}
	181
	182	snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
	183	auth->c_port, auth->l_port);
	184	authlen = strlen(authbuf);
	185
	186	if(rb_write(query->F, authbuf, authlen) != authlen)
	187	{
3e875f62	188	client_fail(auth, REPORT_FAIL);
2b0cc3d3 EM	189	return;
	190	}
	191
3e875f62	192	read_ident_reply(query->F, auth);
2b0cc3d3 EM	193	}
	194
	195	static void
	196	read_ident_reply(rb_fde_t F, void data)
	197	{
3e875f62 EM	198	struct auth_client *auth = data;
3e875f62 EM	199	struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3 EM	200	char *s = NULL;
	201	char *t = NULL;
	202	int len;
	203	int count;
	204	char buf[IDENT_BUFSIZE + 1]; /* buffer to read auth reply into */
	205
	206	len = rb_read(F, buf, IDENT_BUFSIZE);
	207	if(len < 0 && rb_ignore_errno(errno))
	208	{
	209	rb_setselect(F, RB_SELECT_READ, read_ident_reply, query);
	210	return;
	211	}
	212
	213	if(len > 0)
	214	{
	215	buf[len] = '\0';
	216
	217	if((s = get_valid_ident(buf)))
	218	{
	219	t = auth->username;
	220
	221	while (s == '~' \|\| s == '^')
	222	s++;
	223
	224	for (count = USERLEN; *s && count; s++)
	225	{
	226	if(*s == '@')
	227	{
	228	break;
	229	}
	230	if(s != ' ' && s != ':' && *s != '[')
	231	{
	232	t++ = s;
	233	count--;
	234	}
	235	}
	236	*t = '\0';
	237	}
	238	}
	239
	240	if(s == NULL)
3e875f62	241	client_fail(auth, REPORT_FAIL);
2b0cc3d3	242	else
3e875f62	243	client_success(auth);
2b0cc3d3 EM	244	}
2b0cc3d3 EM	245
3e875f62	246	static void client_fail(struct auth_client *auth, ident_message report)
2b0cc3d3	247	{
3e875f62	248	struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3	249
3e875f62	250	rb_strlcpy(auth->username, "*", sizeof(auth->username));
2b0cc3d3	251
3e875f62 EM	252	rb_close(query->F);
	253	rb_free(query);
	254	auth->data[PROVIDER_IDENT] = NULL;
2b0cc3d3	255
3e875f62 EM	256	notice_client(auth, messages[report]);
3e875f62 EM	257	provider_done(auth, PROVIDER_IDENT);
2b0cc3d3 EM	258	}
2b0cc3d3 EM	259
3e875f62	260	static void client_success(struct auth_client *auth)
2b0cc3d3	261	{
3e875f62	262	struct ident_query *query = auth->data[PROVIDER_IDENT];
2b0cc3d3	263
3e875f62 EM	264	rb_close(query->F);
	265	rb_free(query);
	266	auth->data[PROVIDER_IDENT] = NULL;
2b0cc3d3	267
3e875f62 EM	268	notice_client(auth, messages[REPORT_FOUND]);
3e875f62 EM	269	provider_done(auth, PROVIDER_IDENT);
2b0cc3d3 EM	270	}
	271
	272	/* get_valid_ident
	273	* parse ident query reply from identd server
	274	*
	275	* Torn out of old s_auth.c because there was nothing wrong with it
	276	* --Elizafox
	277	*
	278	* Inputs - pointer to ident buf
	279	* Outputs - NULL if no valid ident found, otherwise pointer to name
	280	* Side effects - None
	281	*/
	282	static char *
	283	get_valid_ident(char *buf)
	284	{
	285	int remp = 0;
	286	int locp = 0;
	287	char *colon1Ptr;
	288	char *colon2Ptr;
	289	char *colon3Ptr;
	290	char *commaPtr;
	291	char *remotePortString;
	292
	293	/* All this to get rid of a sscanf() fun. */
	294	remotePortString = buf;
	295
	296	colon1Ptr = strchr(remotePortString, ':');
	297	if(!colon1Ptr)
	298	return 0;
	299
	300	*colon1Ptr = '\0';
	301	colon1Ptr++;
	302	colon2Ptr = strchr(colon1Ptr, ':');
	303	if(!colon2Ptr)
	304	return 0;
	305
	306	*colon2Ptr = '\0';
	307	colon2Ptr++;
	308	commaPtr = strchr(remotePortString, ',');
	309
	310	if(!commaPtr)
	311	return 0;
	312
	313	*commaPtr = '\0';
	314	commaPtr++;
	315
	316	remp = atoi(remotePortString);
	317	if(!remp)
	318	return 0;
	319
	320	locp = atoi(commaPtr);
	321	if(!locp)
	322	return 0;
	323
	324	/* look for USERID bordered by first pair of colons */
	325	if(!strstr(colon1Ptr, "USERID"))
	326	return 0;
	327
	328	colon3Ptr = strchr(colon2Ptr, ':');
	329	if(!colon3Ptr)
	330	return 0;
	331
	332	*colon3Ptr = '\0';
	333	colon3Ptr++;
334	return (colon3Ptr);
335	}
336
337
338	struct auth_provider ident_provider =
339	{
340	.id = PROVIDER_IDENT,
341	.init = ident_init,
342	.destroy = ident_destroy,
343	.start = ident_start,
344	.cancel = ident_cancel,
345	.completed = NULL,
346	};