]> jfr.im git - solanum.git/blame - authd/providers/opm.c
projects / solanum.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
authd: assume all providers are running
[solanum.git] / authd / providers / opm.c
CommitLineData
4e85459a
EM		 1/* authd/providers/opm.c - small open proxy monitor
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
7 *
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
19 */
20
4e85459a 21#include "stdinc.h"
9057170c
EM		 22#include "rb_lib.h"
23#include "defaults.h"
4e85459a
EM		 24#include "setup.h"
25#include "authd.h"
26#include "notice.h"
27#include "provider.h"
28
731d1289
EM		 29#define SELF_PID (opm_provider.id)
30
4e85459a
EM		 31#define OPM_READSIZE 128
32
33typedef enum protocol_t
34{
35 PROTO_NONE,
36 PROTO_SOCKS4,
37 PROTO_SOCKS5,
fabe8b94 38 PROTO_HTTP_CONNECT,
eb0814b3 39 PROTO_HTTPS_CONNECT,
4e85459a
EM		 40} protocol_t;
41
34f65493 42/* Lookup data associated with auth client */
4e85459a
EM		 43struct opm_lookup
44{
45 rb_dlink_list scans; /* List of scans */
85589ba3 46 bool in_progress;
4e85459a
EM		 47};
48
34f65493
EM		 49struct opm_scan;
50typedef void (*opm_callback_t)(struct opm_scan *);
51
52/* A proxy scanner */
4e85459a
EM		 53struct opm_proxy
54{
1de169a2 55 char note[16];
4e85459a
EM		 56 protocol_t proto;
57 uint16_t port;
34f65493
EM		 58 bool ssl; /* Connect to proxy with SSL */
59 bool ipv6; /* Proxy supports IPv6 */
4e85459a 60
34f65493 61 opm_callback_t callback;
4e85459a
EM		 62
63 rb_dlink_node node;
64};
65
34f65493 66/* A listener for proxy replies */
4e85459a
EM		 67struct opm_listener
68{
69 char ip[HOSTIPLEN];
70 uint16_t port;
766d4ffc 71 struct rb_sockaddr_storage addr;
4e85459a
EM		 72 rb_fde_t *F;
73};
74
34f65493
EM		 75/* An individual proxy scan */
76struct opm_scan
77{
78 struct auth_client *auth;
79 rb_fde_t *F; /* fd for scan */
80
81 struct opm_proxy *proxy; /* Associated proxy */
82 struct opm_listener *listener; /* Associated listener */
83
84 rb_dlink_node node;
85};
86
4e85459a 87/* Proxies that we scan for */
1de169a2 88static rb_dlink_list proxy_scanners;
4e85459a
EM		 89
90static ACCB accept_opm;
91static PF read_opm_reply;
92
34f65493 93static CNCB opm_connected;
4e85459a
EM		 94
95static void opm_cancel(struct auth_client *auth);
4deb334f 96static bool create_listener(const char *ip, uint16_t port);
4e85459a 97
9057170c 98static int opm_timeout = OPM_TIMEOUT_DEFAULT;
4e85459a
EM		 99static bool opm_enable = false;
100
5e9a3f86
EM		 101enum
102{
103 LISTEN_IPV4,
104 LISTEN_IPV6,
105 LISTEN_LAST,
106};
4e85459a
EM		 107
108/* IPv4 and IPv6 */
5e9a3f86 109static struct opm_listener listeners[LISTEN_LAST];
4e85459a 110
1de169a2 111static inline protocol_t
fabe8b94 112get_protocol_from_string(const char *str)
1de169a2 113{
fabe8b94 114 if(strcasecmp(str, "socks4") == 0)
1de169a2 115 return PROTO_SOCKS4;
fabe8b94 116 else if(strcasecmp(str, "socks5") == 0)
1de169a2 117 return PROTO_SOCKS5;
fabe8b94
EM		 118 else if(strcasecmp(str, "httpconnect") == 0)
119 return PROTO_HTTP_CONNECT;
eb0814b3
EM		 120 else if(strcasecmp(str, "httpsconnect") == 0)
121 return PROTO_HTTPS_CONNECT;
1de169a2
EM		 122 else
123 return PROTO_NONE;
124}
125
126static inline struct opm_proxy *
127find_proxy_scanner(protocol_t proto, uint16_t port)
128{
129 rb_dlink_node *ptr;
130
131 RB_DLINK_FOREACH(ptr, proxy_scanners.head)
132 {
133 struct opm_proxy *proxy = ptr->data;
134
135 if(proxy->proto == proto && proxy->port == port)
136 return proxy;
137 }
138
139 return NULL;
140}
4e85459a 141
a8322b52 142/* This is called when an open proxy connects to us */
4e85459a
EM		 143static void
144read_opm_reply(rb_fde_t *F, void *data)
145{
1de169a2 146 rb_dlink_node *ptr;
4e85459a
EM		 147 struct auth_client *auth = data;
148 struct opm_lookup *lookup;
149 char readbuf[OPM_READSIZE];
150 ssize_t len;
151
a8322b52 152 lrb_assert(auth != NULL);
731d1289 153 lookup = get_provider_data(auth, SELF_PID);
a8322b52 154 lrb_assert(lookup != NULL);
4e85459a
EM		 155
156 if((len = rb_read(F, readbuf, sizeof(readbuf))) < 0 && rb_ignore_errno(errno))
157 {
158 rb_setselect(F, RB_SELECT_READ, read_opm_reply, auth);
159 return;
160 }
161 else if(len <= 0)
162 {
163 /* Dead */
164 rb_close(F);
165 return;
166 }
167
1de169a2 168 RB_DLINK_FOREACH(ptr, proxy_scanners.head)
4e85459a 169 {
1de169a2
EM		 170 struct opm_proxy *proxy = ptr->data;
171
fabe8b94 172 if(strncmp(proxy->note, readbuf, strlen(proxy->note)) == 0)
8860e46a
EM		 173 {
174 rb_dlink_node *ptr, *nptr;
175
176 /* Cancel outstanding lookups */
177 RB_DLINK_FOREACH_SAFE(ptr, nptr, lookup->scans.head)
178 {
179 struct opm_scan *scan = ptr->data;
180
181 rb_close(scan->F);
182 rb_free(scan);
183 }
184
185 /* No longer needed, client is going away */
186 rb_free(lookup);
187
731d1289 188 reject_client(auth, SELF_PID, readbuf, "Open proxy detected");
8860e46a
EM		 189 break;
190 }
4e85459a
EM		 191 }
192
193 rb_close(F);
194}
195
196static void
197accept_opm(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t len, void *data)
198{
a71b65b1 199 struct auth_client *auth = NULL;
4e85459a 200 struct opm_listener *listener = data;
272af6a5 201 struct rb_sockaddr_storage localaddr;
4e85459a 202 unsigned int llen = sizeof(struct rb_sockaddr_storage);
a71b65b1 203 rb_dictionary_iter iter;
4e85459a
EM		 204
205 if(status != 0 || listener == NULL)
206 {
207 rb_close(F);
208 return;
209 }
210
272af6a5 211 if(getsockname(rb_get_fd(F), (struct sockaddr *)&localaddr, &llen))
4e85459a
EM		 212 {
213 /* This can happen if the client goes away after accept */
214 rb_close(F);
215 return;
216 }
217
218 /* Correlate connection with client(s) */
a71b65b1 219 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
4e85459a 220 {
272af6a5 221 if(GET_SS_FAMILY(&auth->c_addr) != GET_SS_FAMILY(&localaddr))
4e85459a
EM		 222 continue;
223
224 /* Compare the addresses */
272af6a5 225 switch(GET_SS_FAMILY(&localaddr))
4e85459a
EM		 226 {
227 case AF_INET:
228 {
272af6a5 229 struct sockaddr_in *s = (struct sockaddr_in *)&localaddr, *c = (struct sockaddr_in *)&auth->c_addr;
4e85459a
EM		 230
231 if(s->sin_addr.s_addr == c->sin_addr.s_addr)
232 {
233 /* Match... check if it's real */
234 rb_setselect(F, RB_SELECT_READ, read_opm_reply, auth);
235 return;
236 }
237 break;
238 }
239#ifdef RB_IPV6
240 case AF_INET6:
241 {
272af6a5 242 struct sockaddr_in6 *s = (struct sockaddr_in6 *)&localaddr, *c = (struct sockaddr_in6 *)&auth->c_addr;
4e85459a 243
d86692fa 244 if(IN6_ARE_ADDR_EQUAL(&s->sin6_addr, &c->sin6_addr))
4e85459a
EM		 245 {
246 rb_setselect(F, RB_SELECT_READ, read_opm_reply, auth);
247 return;
248 }
249 break;
250 }
251#endif
252 default:
253 warn_opers(L_CRIT, "OPM: unknown address type in listen function");
254 exit(EX_PROVIDER_ERROR);
255 }
256 }
257
258 /* We don't care about the socket if we get here */
259 rb_close(F);
260}
261
262/* Scanners */
263
264static void
34f65493 265opm_connected(rb_fde_t *F, int error, void *data)
4e85459a
EM		 266{
267 struct opm_scan *scan = data;
34f65493
EM		 268 struct opm_proxy *proxy = scan->proxy;
269 struct auth_client *auth = scan->auth;
270 struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
4e85459a 271
4e85459a 272 if(error || !opm_enable)
34f65493
EM		 273 {
274 //notice_client(scan->auth->cid, "*** Scan not connected: %s", proxy->note);
4e85459a 275 goto end;
34f65493 276 }
4e85459a
EM		 277
278 switch(GET_SS_FAMILY(&auth->c_addr))
279 {
280 case AF_INET:
281 if(listeners[LISTEN_IPV4].F == NULL)
282 /* They cannot respond to us */
283 goto end;
284
4e85459a
EM		 285 break;
286#ifdef RB_IPV6
287 case AF_INET6:
34f65493
EM		 288 if(!proxy->ipv6)
289 /* Welp, too bad */
290 goto end;
291
292 if(listeners[LISTEN_IPV6].F == NULL)
293 /* They cannot respond to us */
294 goto end;
295
296 break;
4e85459a
EM		 297#endif
298 default:
299 goto end;
300 }
301
34f65493
EM		 302 proxy->callback(scan);
303
304end:
305 rb_close(scan->F);
c767c58b 306 rb_dlinkDelete(&scan->node, &lookup->scans);
34f65493
EM		 307 rb_free(scan);
308}
309
310static void
311socks4_connected(struct opm_scan *scan)
312{
34f65493
EM		 313 uint8_t sendbuf[9]; /* Size we're building */
314 uint8_t *c = sendbuf;
315
316 memcpy(c, "\x04\x01", 2); c += 2; /* Socks version 4, connect command */
317 memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_port), 2); c += 2; /* Port */
318 memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_addr.s_addr), 4); c += 4; /* Address */
4e85459a
EM		 319 *c = '\x00'; /* No userid */
320
321 /* Send header */
322 if(rb_write(scan->F, sendbuf, sizeof(sendbuf)) < 0)
34f65493 323 return;
4e85459a
EM		 324
325 /* Send note */
326 if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) < 0)
34f65493 327 return;
4e85459a
EM		 328}
329
330static void
34f65493 331socks5_connected(struct opm_scan *scan)
4e85459a 332{
34f65493 333 struct auth_client *auth = scan->auth;
4e85459a
EM		 334 uint8_t sendbuf[25]; /* Size we're building */
335 uint8_t *c = sendbuf;
a8322b52 336
4e85459a 337 /* Build the version header and socks request
fabe8b94 338 * version header (3 bytes): version, number of auth methods, auth type (0 for none)
4e85459a
EM		 339 * connect req (3 bytes): version, command (1 = connect), reserved (0)
340 */
341 memcpy(c, "\x05\x01\x00\x05\x01\x00", 6); c += 6;
342
343 switch(GET_SS_FAMILY(&auth->c_addr))
344 {
345 case AF_INET:
4e85459a 346 *(c++) = '\x01'; /* Address type (1 = IPv4) */
34f65493
EM		 347 memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_addr.s_addr), 4); c += 4; /* Address */
348 memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_port), 2); c += 2; /* Port */
4e85459a
EM		 349 break;
350#ifdef RB_IPV6
351 case AF_INET6:
4e85459a 352 *(c++) = '\x04'; /* Address type (4 = IPv6) */
34f65493
EM		 353 memcpy(c, ((struct sockaddr_in6 *)&scan->listener->addr)->sin6_addr.s6_addr, 16); c += 16; /* Address */
354 memcpy(c, &(((struct sockaddr_in6 *)&scan->listener->addr)->sin6_port), 2); c += 2; /* Port */
4e85459a
EM		 355 break;
356#endif
357 default:
34f65493 358 return;
4e85459a
EM		 359 }
360
361 /* Send header */
362 if(rb_write(scan->F, sendbuf, (size_t)(sendbuf - c)) <= 0)
34f65493 363 return;
4e85459a
EM		 364
365 /* Now the note in a separate write */
366 if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) <= 0)
34f65493 367 return;
4e85459a
EM		 368}
369
fabe8b94 370static void
34f65493 371http_connect_connected(struct opm_scan *scan)
fabe8b94 372{
fabe8b94 373 char sendbuf[128]; /* A bit bigger than we need but better safe than sorry */
fabe8b94
EM		 374
375 /* Simple enough to build */
34f65493 376 snprintf(sendbuf, sizeof(sendbuf), "CONNECT %s:%hu HTTP/1.0\r\n\r\n", scan->listener->ip, scan->listener->port);
fabe8b94
EM		 377
378 /* Send request */
379 if(rb_write(scan->F, sendbuf, strlen(sendbuf)) <= 0)
34f65493 380 return;
fabe8b94
EM		 381
382 /* Now the note in a separate write */
383 if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) <= 0)
34f65493 384 return;
fabe8b94
EM		 385
386 /* MiroTik needs this, and as a separate write */
387 if(rb_write(scan->F, "\r\n", 2) <= 0)
34f65493 388 return;
fabe8b94
EM		 389}
390
4e85459a
EM		 391/* Establish connections */
392static inline void
393establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
394{
731d1289 395 struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
4e85459a 396 struct opm_scan *scan = rb_malloc(sizeof(struct opm_scan));
34f65493 397 struct opm_listener *listener;
766d4ffc 398 struct rb_sockaddr_storage c_a, l_a;
4e85459a 399 int opt = 1;
4e85459a 400
a8322b52
EM		 401 lrb_assert(lookup != NULL);
402
8aacefa3 403#ifdef RB_IPV6
34f65493
EM		 404 if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6)
405 {
406 if(proxy->proto == PROTO_SOCKS4)
8aacefa3 407 {
34f65493 408 /* SOCKS4 doesn't support IPv6 */
8aacefa3
EM		 409 rb_free(scan);
410 return;
411 }
4e85459a 412 listener = &listeners[LISTEN_IPV6];
34f65493 413 }
4e85459a
EM		 414 else
415#endif
416 listener = &listeners[LISTEN_IPV4];
417
34f65493
EM		 418 if(listener->F == NULL)
419 {
420 /* We can't respond */
421 rb_free(scan);
422 return;
423 }
424
4e85459a 425 c_a = auth->c_addr; /* Client */
34f65493 426 l_a = listener->addr; /* Listener (connect using its IP) */
4e85459a
EM		 427
428 scan->auth = auth;
429 scan->proxy = proxy;
34f65493 430 scan->listener = listener;
4e85459a
EM		 431 if((scan->F = rb_socket(GET_SS_FAMILY(&auth->c_addr), SOCK_STREAM, 0, proxy->note)) == NULL)
432 {
18f3b3c9 433 warn_opers(L_WARN, "OPM: could not create OPM socket (proto %s): %s", proxy->note, strerror(errno));
4e85459a
EM		 434 rb_free(scan);
435 return;
436 }
437
438 /* Disable Nagle's algorithim - buffering could affect scans */
439 (void)setsockopt(rb_get_fd(scan->F), IPPROTO_TCP, TCP_NODELAY, (char *)&opt, sizeof(opt));
440
d86692fa 441 SET_SS_PORT(&l_a, 0);
8aacefa3 442 SET_SS_PORT(&c_a, htons(proxy->port));
4e85459a
EM		 443
444 rb_dlinkAdd(scan, &scan->node, &lookup->scans);
eb0814b3
EM		 445
446 if(!proxy->ssl)
447 rb_connect_tcp(scan->F,
448 (struct sockaddr *)&c_a,
449 (struct sockaddr *)&l_a,
34f65493 450 opm_connected, scan, opm_timeout);
eb0814b3
EM		 451 else
452 rb_connect_tcp_ssl(scan->F,
453 (struct sockaddr *)&c_a,
454 (struct sockaddr *)&l_a,
34f65493 455 opm_connected, scan, opm_timeout);
4e85459a
EM		 456}
457
1de169a2
EM		 458static bool
459create_listener(const char *ip, uint16_t port)
460{
a71b65b1 461 struct auth_client *auth;
1de169a2
EM		 462 struct opm_listener *listener;
463 struct rb_sockaddr_storage addr;
a71b65b1 464 rb_dictionary_iter iter;
1de169a2
EM		 465 rb_fde_t *F;
466 int opt = 1;
467
468 if(!rb_inet_pton_sock(ip, (struct sockaddr *)&addr))
469 {
470 warn_opers(L_CRIT, "OPM: got a bad listener: %s:%hu", ip, port);
471 exit(EX_PROVIDER_ERROR);
472 }
473
7f2272d3
EM		 474 SET_SS_PORT(&addr, htons(port));
475
1de169a2
EM		 476#ifdef RB_IPV6
477 if(GET_SS_FAMILY(&addr) == AF_INET6)
478 {
479 struct sockaddr_in6 *a1, *a2;
480
481 listener = &listeners[LISTEN_IPV6];
482
483 a1 = (struct sockaddr_in6 *)&addr;
484 a2 = (struct sockaddr_in6 *)&listener->addr;
485
486 if(IN6_ARE_ADDR_EQUAL(&a1->sin6_addr, &a2->sin6_addr) &&
487 GET_SS_PORT(&addr) == GET_SS_PORT(&listener->addr) &&
488 listener->F != NULL)
489 {
490 /* Listener already exists */
491 return false;
492 }
493 }
494 else
495#endif
496 {
497 struct sockaddr_in *a1, *a2;
498
499 listener = &listeners[LISTEN_IPV4];
500
501 a1 = (struct sockaddr_in *)&addr;
502 a2 = (struct sockaddr_in *)&listener->addr;
503
504 if(a1->sin_addr.s_addr == a2->sin_addr.s_addr &&
505 GET_SS_PORT(&addr) == GET_SS_PORT(&listener->addr) &&
506 listener->F != NULL)
507 {
508 /* Listener already exists */
509 return false;
510 }
511 }
512
513 if((F = rb_socket(GET_SS_FAMILY(&addr), SOCK_STREAM, 0, "OPM listener socket")) == NULL)
514 {
515 /* This shouldn't fail, or we have big problems... */
516 warn_opers(L_CRIT, "OPM: cannot create socket: %s", strerror(errno));
517 exit(EX_PROVIDER_ERROR);
518 }
519
520 if(setsockopt(rb_get_fd(F), SOL_SOCKET, SO_REUSEADDR, (char *)&opt, sizeof(opt)))
521 {
522 /* This shouldn't fail either... */
523 warn_opers(L_CRIT, "OPM: cannot set options on socket: %s", strerror(errno));
524 exit(EX_PROVIDER_ERROR);
525 }
526
1de169a2
EM		 527 if(bind(rb_get_fd(F), (struct sockaddr *)&addr, GET_SS_LEN(&addr)))
528 {
529 /* Shit happens, let's not cripple authd over /this/ since it could be user error */
530 warn_opers(L_WARN, "OPM: cannot bind on socket: %s", strerror(errno));
531 rb_close(F);
532 return false;
533 }
534
535 if(rb_listen(F, SOMAXCONN, false)) /* deferred accept could interfere with detection */
536 {
537 /* Again, could be user error */
538 warn_opers(L_WARN, "OPM: cannot listen on socket: %s", strerror(errno));
539 rb_close(F);
540 return false;
541 }
542
543 /* From this point forward we assume we have a listener */
544
545 if(listener->F != NULL)
546 /* Close old listener */
547 rb_close(listener->F);
548
549 listener->F = F;
550
551 /* Cancel clients that may be on old listener
552 * XXX - should rescan clients that need it
553 */
a71b65b1 554 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
1de169a2
EM		 555 {
556 opm_cancel(auth);
a5f52774 557 /* auth is now invalid as we have no reference */
1de169a2
EM		 558 }
559
560 /* Copy data */
561 rb_strlcpy(listener->ip, ip, sizeof(listener->ip));
562 listener->port = port;
563 listener->addr = addr;
564
565 opm_enable = true; /* Implicitly set this to true for now if we have a listener */
566 rb_accept_tcp(listener->F, NULL, accept_opm, listener);
567 return true;
568}
569
4e85459a 570static void
85589ba3 571opm_scan(struct auth_client *auth)
4e85459a 572{
85589ba3
EM		 573 rb_dlink_node *ptr;
574 struct opm_lookup *lookup;
4e85459a 575
85589ba3 576 lrb_assert(auth != NULL);
85589ba3 577
731d1289
EM		 578 lookup = get_provider_data(auth, SELF_PID);
579 set_provider_timeout_relative(auth, SELF_PID, opm_timeout);
85589ba3
EM		 580
581 lookup->in_progress = true;
582
583 RB_DLINK_FOREACH(ptr, proxy_scanners.head)
4e85459a 584 {
85589ba3 585 struct opm_proxy *proxy = ptr->data;
34f65493 586 //notice_client(auth->cid, "*** Scanning for proxy type %s", proxy->note);
85589ba3 587 establish_connection(auth, proxy);
4e85459a 588 }
85589ba3
EM		 589
590 notice_client(auth->cid, "*** Scanning for open proxies...");
591}
592
593/* This is called every time a provider is completed as long as we are marked not done */
594static void
269646ed 595opm_initiate(struct auth_client *auth, uint32_t provider)
85589ba3 596{
731d1289
EM		 597 struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
598 uint32_t rdns_pid, ident_pid;
85589ba3 599
731d1289
EM		 600 lrb_assert(provider != SELF_PID);
601 lrb_assert(!is_provider_done(auth, SELF_PID));
85589ba3
EM		 602 lrb_assert(rb_dlink_list_length(&proxy_scanners) > 0);
603
604 if(lookup == NULL || lookup->in_progress)
605 /* Nothing to do */
606 return;
731d1289
EM		 607 else if((!get_provider_id("rdns", &rdns_pid) || is_provider_done(auth, rdns_pid)) &&
608 (!get_provider_id("ident", &ident_pid) || is_provider_done(auth, ident_pid)))
609 /* Don't start until ident and rdns are finished (or not loaded) */
85589ba3
EM		 610 return;
611 else
612 opm_scan(auth);
4e85459a
EM		 613}
614
615static bool
616opm_start(struct auth_client *auth)
617{
731d1289
EM		 618 uint32_t rdns_pid, ident_pid;
619
620 lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
4e85459a 621
f21ef0ce 622 if(!opm_enable || rb_dlink_list_length(&proxy_scanners) == 0) {
85589ba3 623 /* Nothing to do... */
f21ef0ce 624 provider_done(auth, SELF_PID);
4e85459a 625 return true;
f21ef0ce 626 }
4e85459a 627
a5f52774
SA		 628 auth_client_ref(auth);
629
731d1289 630 set_provider_data(auth, SELF_PID, rb_malloc(sizeof(struct opm_lookup)));
4e85459a 631
731d1289
EM		 632 if((!get_provider_id("rdns", &rdns_pid) || is_provider_done(auth, rdns_pid)) &&
633 (!get_provider_id("ident", &ident_pid) || is_provider_done(auth, ident_pid)))
634 {
635 /* Don't start until ident and rdns are finished (or not loaded) */
85589ba3 636 opm_scan(auth);
731d1289 637 }
4e85459a
EM		 638
639 return true;
640}
641
642static void
643opm_cancel(struct auth_client *auth)
644{
731d1289 645 struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
4e85459a
EM		 646
647 if(lookup != NULL)
648 {
649 rb_dlink_node *ptr, *nptr;
650
1661e365
EM		 651 notice_client(auth->cid, "*** Did not detect open proxies");
652
4e85459a
EM		 653 RB_DLINK_FOREACH_SAFE(ptr, nptr, lookup->scans.head)
654 {
655 struct opm_scan *scan = ptr->data;
656
657 rb_close(scan->F);
658 rb_free(scan);
659 }
660
661 rb_free(lookup);
a8322b52 662
731d1289
EM		 663 set_provider_data(auth, SELF_PID, NULL);
664 set_provider_timeout_absolute(auth, SELF_PID, 0);
665 provider_done(auth, SELF_PID);
a5f52774
SA		 666
667 auth_client_unref(auth);
4e85459a
EM		 668 }
669}
670
85589ba3
EM		 671static void
672opm_destroy(void)
673{
a71b65b1
AC		 674 struct auth_client *auth;
675 rb_dictionary_iter iter;
85589ba3
EM		 676
677 /* Nuke all opm lookups */
a71b65b1 678 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
85589ba3
EM		 679 {
680 opm_cancel(auth);
a5f52774 681 /* auth is now invalid as we have no reference */
85589ba3
EM		 682 }
683}
684
685
4e85459a
EM		 686static void
687add_conf_opm_timeout(const char *key __unused, int parc __unused, const char **parv)
688{
689 int timeout = atoi(parv[0]);
690
691 if(timeout < 0)
692 {
693 warn_opers(L_CRIT, "opm: opm timeout < 0 (value: %d)", timeout);
694 return;
695 }
696
697 opm_timeout = timeout;
698}
699
700static void
701set_opm_enabled(const char *key __unused, int parc __unused, const char **parv)
702{
4deb334f
EM		 703 bool enable = (*parv[0] == '1');
704
705 if(!enable)
1661e365 706 {
4deb334f 707 if(listeners[LISTEN_IPV4].F != NULL || listeners[LISTEN_IPV6].F != NULL)
1661e365 708 {
a71b65b1
AC		 709 struct auth_client *auth;
710 rb_dictionary_iter iter;
1661e365
EM		 711
712 /* Close the listening socket */
713 if(listeners[LISTEN_IPV4].F != NULL)
714 rb_close(listeners[LISTEN_IPV4].F);
715
716 if(listeners[LISTEN_IPV6].F != NULL)
717 rb_close(listeners[LISTEN_IPV6].F);
718
4deb334f
EM		 719 listeners[LISTEN_IPV4].F = listeners[LISTEN_IPV6].F = NULL;
720
a71b65b1 721 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
1661e365
EM		 722 {
723 opm_cancel(auth);
a5f52774 724 /* auth is now invalid as we have no reference */
1661e365
EM		 725 }
726 }
727 }
4e85459a 728 else
4deb334f
EM		 729 {
730 if(listeners[LISTEN_IPV4].ip[0] != '\0' && listeners[LISTEN_IPV4].port != 0)
731 {
8b886283
EM		 732 if(listeners[LISTEN_IPV4].F == NULL)
733 /* Pre-configured IP/port, just re-establish */
734 create_listener(listeners[LISTEN_IPV4].ip, listeners[LISTEN_IPV4].port);
4deb334f
EM		 735 }
736
737 if(listeners[LISTEN_IPV6].ip[0] != '\0' && listeners[LISTEN_IPV6].port != 0)
738 {
8b886283
EM		 739 if(listeners[LISTEN_IPV6].F == NULL)
740 /* Pre-configured IP/port, just re-establish */
741 create_listener(listeners[LISTEN_IPV6].ip, listeners[LISTEN_IPV6].port);
4deb334f
EM		 742 }
743 }
744
745 opm_enable = enable;
4e85459a
EM		 746}
747
1de169a2
EM		 748static void
749set_opm_listener(const char *key __unused, int parc __unused, const char **parv)
4e85459a 750{
1de169a2
EM		 751 const char *ip = parv[0];
752 int iport = atoi(parv[1]);
4e85459a 753
1de169a2 754 if(iport > 65535 || iport <= 0)
4e85459a 755 {
1de169a2 756 warn_opers(L_CRIT, "OPM: got a bad listener: %s:%s", parv[0], parv[1]);
4e85459a
EM		 757 exit(EX_PROVIDER_ERROR);
758 }
759
1de169a2
EM		 760 create_listener(ip, (uint16_t)iport);
761}
4deb334f 762
1de169a2
EM		 763static void
764create_opm_scanner(const char *key __unused, int parc __unused, const char **parv)
765{
766 int iport = atoi(parv[1]);
767 struct opm_proxy *proxy = rb_malloc(sizeof(struct opm_proxy));
4deb334f 768
1de169a2 769 if(iport <= 0 || iport > 65535)
4deb334f 770 {
1de169a2
EM		 771 warn_opers(L_CRIT, "OPM: got a bad scanner: %s (port %s)", parv[0], parv[1]);
772 exit(EX_PROVIDER_ERROR);
773 }
4deb334f 774
1de169a2 775 proxy->port = (uint16_t)iport;
4e85459a 776
1de169a2
EM		 777 switch((proxy->proto = get_protocol_from_string(parv[0])))
778 {
779 case PROTO_SOCKS4:
780 snprintf(proxy->note, sizeof(proxy->note), "socks4:%hu", proxy->port);
eb0814b3 781 proxy->ssl = false;
34f65493 782 proxy->callback = socks4_connected;
1de169a2
EM		 783 break;
784 case PROTO_SOCKS5:
785 snprintf(proxy->note, sizeof(proxy->note), "socks5:%hu", proxy->port);
eb0814b3 786 proxy->ssl = false;
34f65493 787 proxy->callback = socks5_connected;
1de169a2 788 break;
fabe8b94
EM		 789 case PROTO_HTTP_CONNECT:
790 snprintf(proxy->note, sizeof(proxy->note), "httpconnect:%hu", proxy->port);
eb0814b3 791 proxy->ssl = false;
34f65493 792 proxy->callback = http_connect_connected;
eb0814b3
EM		 793 break;
794 case PROTO_HTTPS_CONNECT:
795 snprintf(proxy->note, sizeof(proxy->note), "httpsconnect:%hu", proxy->port);
34f65493 796 proxy->callback = http_connect_connected;
eb0814b3 797 proxy->ssl = true;
fabe8b94 798 break;
1de169a2
EM		 799 default:
800 warn_opers(L_CRIT, "OPM: got an unknown proxy type: %s (port %hu)", parv[0], proxy->port);
801 exit(EX_PROVIDER_ERROR);
4deb334f 802 }
4e85459a 803
1de169a2 804 if(find_proxy_scanner(proxy->proto, proxy->port) != NULL)
4e85459a 805 {
1de169a2 806 warn_opers(L_CRIT, "OPM: got a duplicate scanner: %s (port %hu)", parv[0], proxy->port);
d1f8acb0
AJ		 807 rb_free(proxy);
808 return;
4e85459a
EM		 809 }
810
1de169a2
EM		 811 rb_dlinkAdd(proxy, &proxy->node, &proxy_scanners);
812}
813
814static void
815delete_opm_scanner(const char *key __unused, int parc __unused, const char **parv)
816{
a71b65b1 817 struct auth_client *auth;
1de169a2
EM		 818 struct opm_proxy *proxy;
819 protocol_t proto = get_protocol_from_string(parv[0]);
820 int iport = atoi(parv[1]);
a71b65b1 821 rb_dictionary_iter iter;
1de169a2
EM		 822
823 if(iport <= 0 || iport > 65535)
4e85459a 824 {
1de169a2 825 warn_opers(L_CRIT, "OPM: got a bad scanner to delete: %s (port %s)", parv[0], parv[1]);
4e85459a
EM		 826 exit(EX_PROVIDER_ERROR);
827 }
828
1de169a2 829 if(proto == PROTO_NONE)
4e85459a 830 {
1de169a2
EM		 831 warn_opers(L_CRIT, "OPM: got an unknown proxy type to delete: %s (port %d)", parv[0], iport);
832 exit(EX_PROVIDER_ERROR);
4e85459a
EM		 833 }
834
1de169a2 835 if((proxy = find_proxy_scanner(proto, (uint16_t)iport)) == NULL)
4e85459a 836 {
1de169a2
EM		 837 warn_opers(L_CRIT, "OPM: cannot find proxy to delete: %s (port %d)", parv[0], iport);
838 exit(EX_PROVIDER_ERROR);
4e85459a
EM		 839 }
840
1de169a2 841 /* Abort remaining clients on this scanner */
a71b65b1 842 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
1de169a2 843 {
a71b65b1 844 rb_dlink_node *ptr;
731d1289 845 struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
8c0b90de 846
1de169a2
EM		 847 if(lookup == NULL)
848 continue;
4e85459a 849
a5f52774
SA		 850 auth_client_ref(auth);
851
a71b65b1 852 RB_DLINK_FOREACH(ptr, lookup->scans.head)
1de169a2 853 {
a71b65b1 854 struct opm_scan *scan = ptr->data;
4e85459a 855
1de169a2
EM		 856 if(scan->proxy->port == proxy->port && scan->proxy->proto == proxy->proto)
857 {
858 /* Match */
c767c58b 859 rb_dlinkDelete(&scan->node, &lookup->scans);
1de169a2 860 rb_free(scan);
4e85459a 861
ffa79a95 862 if(rb_dlink_list_length(&lookup->scans) == 0)
1de169a2 863 opm_cancel(auth);
4e85459a 864
1de169a2
EM		 865 break;
866 }
867 }
a5f52774
SA		 868
869 auth_client_unref(auth);
1de169a2
EM		 870 }
871
c767c58b 872 rb_dlinkDelete(&proxy->node, &proxy_scanners);
1de169a2 873 rb_free(proxy);
55984834 874
ffa79a95 875 if(rb_dlink_list_length(&proxy_scanners) == 0)
55984834 876 opm_enable = false;
4deb334f
EM		 877}
878
879static void
1de169a2 880delete_opm_scanner_all(const char *key __unused, int parc __unused, const char **parv __unused)
4deb334f 881{
a71b65b1 882 struct auth_client *auth;
1de169a2 883 rb_dlink_node *ptr, *nptr;
a71b65b1 884 rb_dictionary_iter iter;
4deb334f 885
1de169a2 886 RB_DLINK_FOREACH_SAFE(ptr, nptr, proxy_scanners.head)
4deb334f 887 {
1de169a2
EM		 888 rb_free(ptr->data);
889 rb_dlinkDelete(ptr, &proxy_scanners);
4deb334f
EM		 890 }
891
a71b65b1 892 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
1de169a2
EM		 893 {
894 opm_cancel(auth);
a5f52774 895 /* auth is now invalid as we have no reference */
1de169a2 896 }
55984834
EM		 897
898 opm_enable = false;
4e85459a
EM		 899}
900
5e9a3f86
EM		 901static void
902delete_opm_listener_all(const char *key __unused, int parc __unused, const char **parv __unused)
903{
904 if(listeners[LISTEN_IPV4].F != NULL)
905 rb_close(listeners[LISTEN_IPV4].F);
906
907#ifdef RB_IPV6
908 if(listeners[LISTEN_IPV6].F != NULL)
909 rb_close(listeners[LISTEN_IPV6].F);
910#endif
911
912 memset(&listeners, 0, sizeof(listeners));
913}
914
1de169a2 915
4e85459a
EM		 916struct auth_opts_handler opm_options[] =
917{
918 { "opm_timeout", 1, add_conf_opm_timeout },
919 { "opm_enabled", 1, set_opm_enabled },
920 { "opm_listener", 2, set_opm_listener },
5e9a3f86 921 { "opm_listener_del_all", 0, delete_opm_listener_all },
1de169a2
EM		 922 { "opm_scanner", 2, create_opm_scanner },
923 { "opm_scanner_del", 2, delete_opm_scanner },
924 { "opm_scanner_del_all", 0, delete_opm_scanner_all },
4e85459a
EM		 925 { NULL, 0, NULL },
926};
927
928struct auth_provider opm_provider =
929{
731d1289
EM		 930 .name = "opm",
931 .letter = 'O',
4e85459a
EM		 932 .destroy = opm_destroy,
933 .start = opm_start,
934 .cancel = opm_cancel,
935 .timeout = opm_cancel,
269646ed 936 .completed = opm_initiate,
4e85459a
EM		 937 .opt_handlers = opm_options,
938};
Fork of solanum ircd, history is rebased regularly