| | 1 | /* |
| | 2 | * authd.c: An interface to authd. |
| | 3 | * (based somewhat on ircd-ratbox dns.c) |
| | 4 | * |
| | 5 | * Copyright (C) 2005 Aaron Sethman <androsyn@ratbox.org> |
| | 6 | * Copyright (C) 2005-2012 ircd-ratbox development team |
| | 7 | * Copyright (C) 2016 William Pitcock <nenolod@dereferenced.org> |
| | 8 | * |
| | 9 | * This program is free software; you can redistribute it and/or modify |
| | 10 | * it under the terms of the GNU General Public License as published by |
| | 11 | * the Free Software Foundation; either version 2 of the License, or |
| | 12 | * (at your option) any later version. |
| | 13 | * |
| | 14 | * This program is distributed in the hope that it will be useful, |
| | 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | 17 | * GNU General Public License for more details. |
| | 18 | * |
| | 19 | * You should have received a copy of the GNU General Public License |
| | 20 | * along with this program; if not, write to the Free Software |
| | 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 |
| | 22 | * USA |
| | 23 | */ |
| | 24 | |
| | 25 | #include "stdinc.h" |
| | 26 | #include "rb_lib.h" |
| | 27 | #include "client.h" |
| | 28 | #include "ircd_defs.h" |
| | 29 | #include "parse.h" |
| | 30 | #include "authproc.h" |
| | 31 | #include "match.h" |
| | 32 | #include "logger.h" |
| | 33 | #include "s_conf.h" |
| | 34 | #include "s_stats.h" |
| | 35 | #include "client.h" |
| | 36 | #include "packet.h" |
| | 37 | #include "hash.h" |
| | 38 | #include "send.h" |
| | 39 | #include "numeric.h" |
| | 40 | #include "msg.h" |
| | 41 | #include "dns.h" |
| | 42 | |
| | 43 | typedef void (*authd_cb_t)(int, char **); |
| | 44 | |
| | 45 | struct authd_cb |
| | 46 | { |
| | 47 | authd_cb_t fn; |
| | 48 | int min_parc; |
| | 49 | }; |
| | 50 | |
| | 51 | static int start_authd(void); |
| | 52 | static void parse_authd_reply(rb_helper * helper); |
| | 53 | static void restart_authd_cb(rb_helper * helper); |
| | 54 | static EVH timeout_dead_authd_clients; |
| | 55 | |
| | 56 | static void cmd_accept_client(int parc, char **parv); |
| | 57 | static void cmd_reject_client(int parc, char **parv); |
| | 58 | static void cmd_dns_result(int parc, char **parv); |
| | 59 | static void cmd_notice_client(int parc, char **parv); |
| | 60 | static void cmd_oper_warn(int parc, char **parv); |
| | 61 | static void cmd_stats_results(int parc, char **parv); |
| | 62 | |
| | 63 | rb_helper *authd_helper; |
| | 64 | static char *authd_path; |
| | 65 | |
| | 66 | uint32_t cid; |
| | 67 | static rb_dictionary *cid_clients; |
| | 68 | static struct ev_entry *timeout_ev; |
| | 69 | |
| | 70 | rb_dictionary *dnsbl_stats; |
| | 71 | |
| | 72 | rb_dlink_list opm_list; |
| | 73 | struct OPMListener opm_listeners[LISTEN_LAST]; |
| | 74 | |
| | 75 | static struct authd_cb authd_cmd_tab[256] = |
| | 76 | { |
| | 77 | ['A'] = { cmd_accept_client, 4 }, |
| | 78 | ['E'] = { cmd_dns_result, 5 }, |
| | 79 | ['N'] = { cmd_notice_client, 3 }, |
| | 80 | ['R'] = { cmd_reject_client, 7 }, |
| | 81 | ['W'] = { cmd_oper_warn, 3 }, |
| | 82 | ['X'] = { cmd_stats_results, 3 }, |
| | 83 | ['Y'] = { cmd_stats_results, 3 }, |
| | 84 | ['Z'] = { cmd_stats_results, 3 }, |
| | 85 | }; |
| | 86 | |
| | 87 | static int |
| | 88 | start_authd(void) |
| | 89 | { |
| | 90 | char fullpath[PATH_MAX + 1]; |
| | 91 | #ifdef _WIN32 |
| | 92 | const char *suffix = ".exe"; |
| | 93 | #else |
| | 94 | const char *suffix = ""; |
| | 95 | #endif |
| | 96 | if(authd_path == NULL) |
| | 97 | { |
| | 98 | snprintf(fullpath, sizeof(fullpath), "%s%cauthd%s", ircd_paths[IRCD_PATH_LIBEXEC], RB_PATH_SEPARATOR, suffix); |
| | 99 | |
| | 100 | if(access(fullpath, X_OK) == -1) |
| | 101 | { |
| | 102 | snprintf(fullpath, sizeof(fullpath), "%s%cbin%cauthd%s", |
| | 103 | ConfigFileEntry.dpath, RB_PATH_SEPARATOR, RB_PATH_SEPARATOR, suffix); |
| | 104 | if(access(fullpath, X_OK) == -1) |
| | 105 | { |
| | 106 | ierror("Unable to execute authd in %s or %s/bin", |
| | 107 | ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath); |
| | 108 | sendto_realops_snomask(SNO_GENERAL, L_ALL, |
| | 109 | "Unable to execute authd in %s or %s/bin", |
| | 110 | ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath); |
| | 111 | return 1; |
| | 112 | } |
| | 113 | |
| | 114 | } |
| | 115 | |
| | 116 | authd_path = rb_strdup(fullpath); |
| | 117 | } |
| | 118 | |
| | 119 | if(cid_clients == NULL) |
| | 120 | cid_clients = rb_dictionary_create("authd cid to uid mapping", rb_uint32cmp); |
| | 121 | |
| | 122 | if(timeout_ev == NULL) |
| | 123 | timeout_ev = rb_event_addish("timeout_dead_authd_clients", timeout_dead_authd_clients, NULL, 1); |
| | 124 | |
| | 125 | authd_helper = rb_helper_start("authd", authd_path, parse_authd_reply, restart_authd_cb); |
| | 126 | |
| | 127 | if(authd_helper == NULL) |
| | 128 | { |
| | 129 | ierror("Unable to start authd helper: %s", strerror(errno)); |
| | 130 | sendto_realops_snomask(SNO_GENERAL, L_ALL, "Unable to start authd helper: %s", strerror(errno)); |
| | 131 | return 1; |
| | 132 | } |
| | 133 | |
| | 134 | ilog(L_MAIN, "authd helper started"); |
| | 135 | sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd helper started"); |
| | 136 | rb_helper_run(authd_helper); |
| | 137 | return 0; |
| | 138 | } |
| | 139 | |
| | 140 | static inline uint32_t |
| | 141 | str_to_cid(const char *str) |
| | 142 | { |
| | 143 | long lcid = strtol(str, NULL, 16); |
| | 144 | |
| | 145 | if(lcid > UINT32_MAX || lcid <= 0) |
| | 146 | { |
| | 147 | iwarn("authd sent us back a bad client ID: %lx", lcid); |
| | 148 | restart_authd(); |
| | 149 | return 0; |
| | 150 | } |
| | 151 | |
| | 152 | return (uint32_t)lcid; |
| | 153 | } |
| | 154 | |
| | 155 | static inline struct Client * |
| | 156 | cid_to_client(uint32_t ncid, bool del) |
| | 157 | { |
| | 158 | struct Client *client_p; |
| | 159 | |
| | 160 | if(del) |
| | 161 | client_p = rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(ncid)); |
| | 162 | else |
| | 163 | client_p = rb_dictionary_retrieve(cid_clients, RB_UINT_TO_POINTER(ncid)); |
| | 164 | |
| | 165 | /* If the client's not found, that's okay, it may have already gone away. |
| | 166 | * --Elizafox */ |
| | 167 | |
| | 168 | return client_p; |
| | 169 | } |
| | 170 | |
| | 171 | static inline struct Client * |
| | 172 | str_cid_to_client(const char *str, bool del) |
| | 173 | { |
| | 174 | uint32_t ncid = str_to_cid(str); |
| | 175 | |
| | 176 | if(ncid == 0) |
| | 177 | return NULL; |
| | 178 | |
| | 179 | return cid_to_client(ncid, del); |
| | 180 | } |
| | 181 | |
| | 182 | static void |
| | 183 | cmd_accept_client(int parc, char **parv) |
| | 184 | { |
| | 185 | struct Client *client_p; |
| | 186 | |
| | 187 | /* cid to uid (retrieve and delete) */ |
| | 188 | if((client_p = str_cid_to_client(parv[1], true)) == NULL) |
| | 189 | return; |
| | 190 | |
| | 191 | authd_accept_client(client_p, parv[2], parv[3]); |
| | 192 | } |
| | 193 | |
| | 194 | static void |
| | 195 | cmd_dns_result(int parc, char **parv) |
| | 196 | { |
| | 197 | dns_results_callback(parv[1], parv[2], parv[3], parv[4]); |
| | 198 | } |
| | 199 | |
| | 200 | static void |
| | 201 | cmd_notice_client(int parc, char **parv) |
| | 202 | { |
| | 203 | struct Client *client_p; |
| | 204 | |
| | 205 | if ((client_p = str_cid_to_client(parv[1], false)) == NULL) |
| | 206 | return; |
| | 207 | |
| | 208 | if (IsAnyDead(client_p)) |
| | 209 | return; |
| | 210 | |
| | 211 | sendto_one_notice(client_p, ":%s", parv[2]); |
| | 212 | } |
| | 213 | |
| | 214 | static void |
| | 215 | cmd_reject_client(int parc, char **parv) |
| | 216 | { |
| | 217 | struct Client *client_p; |
| | 218 | |
| | 219 | /* cid to uid (retrieve and delete) */ |
| | 220 | if((client_p = str_cid_to_client(parv[1], true)) == NULL) |
| | 221 | return; |
| | 222 | |
| | 223 | authd_reject_client(client_p, parv[3], parv[4], toupper(*parv[2]), parv[5], parv[6]); |
| | 224 | } |
| | 225 | |
| | 226 | static void |
| | 227 | cmd_oper_warn(int parc, char **parv) |
| | 228 | { |
| | 229 | switch(*parv[1]) |
| | 230 | { |
| | 231 | case 'D': /* Debug */ |
| | 232 | sendto_realops_snomask(SNO_DEBUG, L_ALL, "authd debug: %s", parv[2]); |
| | 233 | idebug("authd: %s", parv[2]); |
| | 234 | break; |
| | 235 | case 'I': /* Info */ |
| | 236 | sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd info: %s", parv[2]); |
| | 237 | inotice("authd: %s", parv[2]); |
| | 238 | break; |
| | 239 | case 'W': /* Warning */ |
| | 240 | sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd WARNING: %s", parv[2]); |
| | 241 | iwarn("authd: %s", parv[2]); |
| | 242 | break; |
| | 243 | case 'C': /* Critical (error) */ |
| | 244 | sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd CRITICAL: %s", parv[2]); |
| | 245 | ierror("authd: %s", parv[2]); |
| | 246 | break; |
| | 247 | default: /* idk */ |
| | 248 | sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd sent us an unknown oper notice type (%s): %s", parv[1], parv[2]); |
| | 249 | ilog(L_MAIN, "authd unknown oper notice type (%s): %s", parv[1], parv[2]); |
| | 250 | break; |
| | 251 | } |
| | 252 | } |
| | 253 | |
| | 254 | static void |
| | 255 | cmd_stats_results(int parc, char **parv) |
| | 256 | { |
| | 257 | /* Select by type */ |
| | 258 | switch(*parv[2]) |
| | 259 | { |
| | 260 | case 'D': |
| | 261 | /* parv[0] conveys status */ |
| | 262 | if(parc < 4) |
| | 263 | { |
| | 264 | iwarn("authd sent a result with wrong number of arguments: got %d", parc); |
| | 265 | restart_authd(); |
| | 266 | return; |
| | 267 | } |
| | 268 | dns_stats_results_callback(parv[1], parv[0], parc - 3, (const char **)&parv[3]); |
| | 269 | break; |
| | 270 | default: |
| | 271 | break; |
| | 272 | } |
| | 273 | } |
| | 274 | |
| | 275 | static void |
| | 276 | parse_authd_reply(rb_helper * helper) |
| | 277 | { |
| | 278 | ssize_t len; |
| | 279 | int parc; |
| | 280 | char buf[READBUF_SIZE]; |
| | 281 | char *parv[MAXPARA]; |
| | 282 | |
| | 283 | while((len = rb_helper_read(helper, buf, sizeof(buf))) > 0) |
| | 284 | { |
| | 285 | struct authd_cb *cmd; |
| | 286 | |
| | 287 | parc = rb_string_to_array(buf, parv, sizeof(parv)); |
| | 288 | cmd = &authd_cmd_tab[(unsigned char)*parv[0]]; |
| | 289 | if(cmd->fn != NULL) |
| | 290 | { |
| | 291 | if(cmd->min_parc > parc) |
| | 292 | { |
| | 293 | iwarn("authd sent a result with wrong number of arguments: expected %d, got %d", |
| | 294 | cmd->min_parc, parc); |
| | 295 | restart_authd(); |
| | 296 | continue; |
| | 297 | } |
| | 298 | |
| | 299 | cmd->fn(parc, parv); |
| | 300 | } |
| | 301 | else |
| | 302 | { |
| | 303 | iwarn("authd sent us a bad command type: %c", *parv[0]); |
| | 304 | restart_authd(); |
| | 305 | continue; |
| | 306 | } |
| | 307 | } |
| | 308 | } |
| | 309 | |
| | 310 | void |
| | 311 | init_authd(void) |
| | 312 | { |
| | 313 | if(start_authd()) |
| | 314 | { |
| | 315 | ierror("Unable to start authd helper: %s", strerror(errno)); |
| | 316 | exit(0); |
| | 317 | } |
| | 318 | } |
| | 319 | |
| | 320 | void |
| | 321 | configure_authd(void) |
| | 322 | { |
| | 323 | /* Timeouts */ |
| | 324 | set_authd_timeout("ident_timeout", GlobalSetOptions.ident_timeout); |
| | 325 | set_authd_timeout("rdns_timeout", ConfigFileEntry.connect_timeout); |
| | 326 | set_authd_timeout("rbl_timeout", ConfigFileEntry.connect_timeout); |
| | 327 | |
| | 328 | ident_check_enable(!ConfigFileEntry.disable_auth); |
| | 329 | |
| | 330 | /* Configure OPM */ |
| | 331 | if(rb_dlink_list_length(&opm_list) > 0 && |
| | 332 | (opm_listeners[LISTEN_IPV4].ipaddr[0] != '\0' || |
| | 333 | opm_listeners[LISTEN_IPV6].ipaddr[0] != '\0')) |
| | 334 | { |
| | 335 | rb_dlink_node *ptr; |
| | 336 | |
| | 337 | if(opm_listeners[LISTEN_IPV4].ipaddr[0] != '\0') |
| | 338 | rb_helper_write(authd_helper, "O opm_listener %s %hu", |
| | 339 | opm_listeners[LISTEN_IPV4].ipaddr, opm_listeners[LISTEN_IPV4].port); |
| | 340 | |
| | 341 | if(opm_listeners[LISTEN_IPV6].ipaddr[0] != '\0') |
| | 342 | rb_helper_write(authd_helper, "O opm_listener %s %hu", |
| | 343 | opm_listeners[LISTEN_IPV6].ipaddr, opm_listeners[LISTEN_IPV6].port); |
| | 344 | |
| | 345 | RB_DLINK_FOREACH(ptr, opm_list.head) |
| | 346 | { |
| | 347 | struct OPMScanner *scanner = ptr->data; |
| | 348 | rb_helper_write(authd_helper, "O opm_scanner %s %hu", |
| | 349 | scanner->type, scanner->port); |
| | 350 | } |
| | 351 | |
| | 352 | opm_check_enable(true); |
| | 353 | } |
| | 354 | else |
| | 355 | opm_check_enable(false); |
| | 356 | } |
| | 357 | |
| | 358 | static void |
| | 359 | authd_free_client(struct Client *client_p) |
| | 360 | { |
| | 361 | if(client_p == NULL || client_p->preClient == NULL) |
| | 362 | return; |
| | 363 | |
| | 364 | if(client_p->preClient->auth.cid == 0) |
| | 365 | return; |
| | 366 | |
| | 367 | if(authd_helper != NULL) |
| | 368 | rb_helper_write(authd_helper, "E %x", client_p->preClient->auth.cid); |
| | 369 | |
| | 370 | client_p->preClient->auth.accepted = true; |
| | 371 | client_p->preClient->auth.cid = 0; |
| | 372 | } |
| | 373 | |
| | 374 | static void |
| | 375 | authd_free_client_cb(rb_dictionary_element *delem, void *unused) |
| | 376 | { |
| | 377 | struct Client *client_p = delem->data; |
| | 378 | authd_free_client(client_p); |
| | 379 | } |
| | 380 | |
| | 381 | void |
| | 382 | authd_abort_client(struct Client *client_p) |
| | 383 | { |
| | 384 | rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid)); |
| | 385 | authd_free_client(client_p); |
| | 386 | } |
| | 387 | |
| | 388 | static void |
| | 389 | restart_authd_cb(rb_helper * helper) |
| | 390 | { |
| | 391 | iwarn("authd: restart_authd_cb called, authd died?"); |
| | 392 | sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd: restart_authd_cb called, authd died?"); |
| | 393 | |
| | 394 | if(helper != NULL) |
| | 395 | { |
| | 396 | rb_helper_close(helper); |
| | 397 | authd_helper = NULL; |
| | 398 | } |
| | 399 | |
| | 400 | rb_dictionary_destroy(cid_clients, authd_free_client_cb, NULL); |
| | 401 | cid_clients = NULL; |
| | 402 | |
| | 403 | start_authd(); |
| | 404 | configure_authd(); |
| | 405 | } |
| | 406 | |
| | 407 | void |
| | 408 | restart_authd(void) |
| | 409 | { |
| | 410 | ierror("authd restarting..."); |
| | 411 | restart_authd_cb(authd_helper); |
| | 412 | } |
| | 413 | |
| | 414 | void |
| | 415 | rehash_authd(void) |
| | 416 | { |
| | 417 | rb_helper_write(authd_helper, "R"); |
| | 418 | } |
| | 419 | |
| | 420 | void |
| | 421 | check_authd(void) |
| | 422 | { |
| | 423 | if(authd_helper == NULL) |
| | 424 | restart_authd(); |
| | 425 | } |
| | 426 | |
| | 427 | static inline uint32_t |
| | 428 | generate_cid(void) |
| | 429 | { |
| | 430 | if(++cid == 0) |
| | 431 | cid = 1; |
| | 432 | |
| | 433 | return cid; |
| | 434 | } |
| | 435 | |
| | 436 | /* Basically when this is called we begin handing off the client to authd for |
| | 437 | * processing. authd "owns" the client until processing is finished, or we |
| | 438 | * timeout from authd. authd will make a decision whether or not to accept the |
| | 439 | * client, but it's up to other parts of the code (for now) to decide if we're |
| | 440 | * gonna accept the client and ignore authd's suggestion. |
| | 441 | * |
| | 442 | * --Elizafox |
| | 443 | * |
| | 444 | * If this is an SSL connection we must defer handing off the client for |
| | 445 | * reading until it is open and we have the certificate fingerprint, otherwise |
| | 446 | * it's possible for the client to immediately send data before authd completes |
| | 447 | * and before the status of the connection is communicated via ssld. This data |
| | 448 | * could then be processed too early by read_packet(). |
| | 449 | */ |
| | 450 | void |
| | 451 | authd_initiate_client(struct Client *client_p, bool defer) |
| | 452 | { |
| | 453 | char client_ipaddr[HOSTIPLEN+1]; |
| | 454 | char listen_ipaddr[HOSTIPLEN+1]; |
| | 455 | uint16_t client_port, listen_port; |
| | 456 | uint32_t authd_cid; |
| | 457 | |
| | 458 | if(client_p->preClient == NULL || client_p->preClient->auth.cid != 0) |
| | 459 | return; |
| | 460 | |
| | 461 | authd_cid = client_p->preClient->auth.cid = generate_cid(); |
| | 462 | |
| | 463 | /* Collisions are extremely unlikely, so disregard the possibility */ |
| | 464 | rb_dictionary_add(cid_clients, RB_UINT_TO_POINTER(authd_cid), client_p); |
| | 465 | |
| | 466 | /* Retrieve listener and client IP's */ |
| | 467 | rb_inet_ntop_sock((struct sockaddr *)&client_p->preClient->lip, listen_ipaddr, sizeof(listen_ipaddr)); |
| | 468 | rb_inet_ntop_sock((struct sockaddr *)&client_p->localClient->ip, client_ipaddr, sizeof(client_ipaddr)); |
| | 469 | |
| | 470 | /* Retrieve listener and client ports */ |
| | 471 | listen_port = ntohs(GET_SS_PORT(&client_p->preClient->lip)); |
| | 472 | client_port = ntohs(GET_SS_PORT(&client_p->localClient->ip)); |
| | 473 | |
| | 474 | if(defer) |
| | 475 | client_p->preClient->auth.flags |= AUTHC_F_DEFERRED; |
| | 476 | |
| | 477 | /* Add a bit of a fudge factor... */ |
| | 478 | client_p->preClient->auth.timeout = rb_current_time() + ConfigFileEntry.connect_timeout + 10; |
| | 479 | |
| | 480 | rb_helper_write(authd_helper, "C %x %s %hu %s %hu %x", authd_cid, listen_ipaddr, listen_port, client_ipaddr, client_port, |
| | 481 | #ifdef HAVE_LIBSCTP |
| | 482 | IsSCTP(client_p) ? IPPROTO_SCTP : IPPROTO_TCP); |
| | 483 | #else |
| | 484 | IPPROTO_TCP); |
| | 485 | #endif |
| | 486 | } |
| | 487 | |
| | 488 | static inline void |
| | 489 | authd_read_client(struct Client *client_p) |
| | 490 | { |
| | 491 | /* |
| | 492 | * When a client has auth'ed, we want to start reading what it sends |
| | 493 | * us. This is what read_packet() does. |
| | 494 | * -- adrian |
| | 495 | * |
| | 496 | * Above comment was originally in s_auth.c, but moved here with below code. |
| | 497 | * --Elizafox |
| | 498 | */ |
| | 499 | rb_dlinkAddTail(client_p, &client_p->node, &global_client_list); |
| | 500 | read_packet(client_p->localClient->F, client_p); |
| | 501 | } |
| | 502 | |
| | 503 | /* When this is called we have a decision on client acceptance. |
| | 504 | * |
| | 505 | * After this point authd no longer "owns" the client, but if |
| | 506 | * it's flagged as deferred then we're still waiting for a call |
| | 507 | * to authd_deferred_client(). |
| | 508 | */ |
| | 509 | static inline void |
| | 510 | authd_decide_client(struct Client *client_p, const char *ident, const char *host, bool accept, char cause, const char *data, const char *reason) |
| | 511 | { |
| | 512 | if(client_p->preClient == NULL || client_p->preClient->auth.cid == 0) |
| | 513 | return; |
| | 514 | |
| | 515 | if(*ident != '*') |
| | 516 | { |
| | 517 | rb_strlcpy(client_p->username, ident, sizeof(client_p->username)); |
| | 518 | SetGotId(client_p); |
| | 519 | ServerStats.is_asuc++; |
| | 520 | } |
| | 521 | else |
| | 522 | ServerStats.is_abad++; /* s_auth used to do this, stay compatible */ |
| | 523 | |
| | 524 | if(*host != '*') |
| | 525 | rb_strlcpy(client_p->host, host, sizeof(client_p->host)); |
| | 526 | |
| | 527 | rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid)); |
| | 528 | |
| | 529 | client_p->preClient->auth.accepted = accept; |
| | 530 | client_p->preClient->auth.cause = cause; |
| | 531 | client_p->preClient->auth.data = (data == NULL ? NULL : rb_strdup(data)); |
| | 532 | client_p->preClient->auth.reason = (reason == NULL ? NULL : rb_strdup(reason)); |
| | 533 | client_p->preClient->auth.cid = 0; |
| | 534 | |
| | 535 | client_p->preClient->auth.flags |= AUTHC_F_COMPLETE; |
| | 536 | if((client_p->preClient->auth.flags & AUTHC_F_DEFERRED) == 0) |
| | 537 | authd_read_client(client_p); |
| | 538 | } |
| | 539 | |
| | 540 | void |
| | 541 | authd_deferred_client(struct Client *client_p) |
| | 542 | { |
| | 543 | client_p->preClient->auth.flags &= ~AUTHC_F_DEFERRED; |
| | 544 | if(client_p->preClient->auth.flags & AUTHC_F_COMPLETE) |
| | 545 | authd_read_client(client_p); |
| | 546 | } |
| | 547 | |
| | 548 | /* Convenience function to accept client */ |
| | 549 | void |
| | 550 | authd_accept_client(struct Client *client_p, const char *ident, const char *host) |
| | 551 | { |
| | 552 | authd_decide_client(client_p, ident, host, true, '\0', NULL, NULL); |
| | 553 | } |
| | 554 | |
| | 555 | /* Convenience function to reject client */ |
| | 556 | void |
| | 557 | authd_reject_client(struct Client *client_p, const char *ident, const char *host, char cause, const char *data, const char *reason) |
| | 558 | { |
| | 559 | authd_decide_client(client_p, ident, host, false, cause, data, reason); |
| | 560 | } |
| | 561 | |
| | 562 | static void |
| | 563 | timeout_dead_authd_clients(void *notused __unused) |
| | 564 | { |
| | 565 | rb_dictionary_iter iter; |
| | 566 | struct Client *client_p; |
| | 567 | rb_dlink_list freelist = { NULL, NULL, 0 }; |
| | 568 | rb_dlink_node *ptr, *nptr; |
| | 569 | |
| | 570 | RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients) |
| | 571 | { |
| | 572 | if(client_p->preClient->auth.timeout < rb_current_time()) |
| | 573 | { |
| | 574 | authd_free_client(client_p); |
| | 575 | rb_dlinkAddAlloc(client_p, &freelist); |
| | 576 | } |
| | 577 | } |
| | 578 | |
| | 579 | /* RB_DICTIONARY_FOREACH is not safe for deletion, so we do this crap */ |
| | 580 | RB_DLINK_FOREACH_SAFE(ptr, nptr, freelist.head) |
| | 581 | { |
| | 582 | client_p = ptr->data; |
| | 583 | rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid)); |
| | 584 | } |
| | 585 | } |
| | 586 | |
| | 587 | /* Send a new DNSBL entry to authd */ |
| | 588 | void |
| | 589 | add_dnsbl_entry(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters) |
| | 590 | { |
| | 591 | rb_dlink_node *ptr; |
| | 592 | struct DNSBLEntryStats *stats = rb_malloc(sizeof(*stats)); |
| | 593 | char filterbuf[BUFSIZE] = "*"; |
| | 594 | size_t s = 0; |
| | 595 | |
| | 596 | if(dnsbl_stats == NULL) |
| | 597 | dnsbl_stats = rb_dictionary_create("dnsbl statistics", rb_strcasecmp); |
| | 598 | |
| | 599 | /* Build a list of comma-separated values for authd. |
| | 600 | * We don't check for validity - do it elsewhere. |
| | 601 | */ |
| | 602 | RB_DLINK_FOREACH(ptr, filters->head) |
| | 603 | { |
| | 604 | char *filter = ptr->data; |
| | 605 | size_t filterlen = strlen(filter) + 1; |
| | 606 | |
| | 607 | if(s + filterlen > sizeof(filterbuf)) |
| | 608 | break; |
| | 609 | |
| | 610 | snprintf(&filterbuf[s], sizeof(filterbuf) - s, "%s,", filter); |
| | 611 | |
| | 612 | s += filterlen; |
| | 613 | } |
| | 614 | |
| | 615 | if(s) |
| | 616 | filterbuf[s - 1] = '\0'; |
| | 617 | |
| | 618 | stats->host = rb_strdup(host); |
| | 619 | stats->iptype = iptype; |
| | 620 | stats->hits = 0; |
| | 621 | rb_dictionary_add(dnsbl_stats, stats->host, stats); |
| | 622 | |
| | 623 | rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", host, iptype, filterbuf, reason); |
| | 624 | } |
| | 625 | |
| | 626 | /* Delete a DNSBL entry. */ |
| | 627 | void |
| | 628 | del_dnsbl_entry(const char *host) |
| | 629 | { |
| | 630 | struct DNSBLEntryStats *stats = rb_dictionary_retrieve(dnsbl_stats, host); |
| | 631 | if(stats != NULL) |
| | 632 | { |
| | 633 | rb_dictionary_delete(dnsbl_stats, host); |
| | 634 | rb_free(stats->host); |
| | 635 | rb_free(stats); |
| | 636 | } |
| | 637 | |
| | 638 | rb_helper_write(authd_helper, "O rbl_del %s", host); |
| | 639 | } |
| | 640 | |
| | 641 | static void |
| | 642 | dnsbl_delete_elem(rb_dictionary_element *delem, void *unused) |
| | 643 | { |
| | 644 | struct DNSBLEntryStats *stats = delem->data; |
| | 645 | |
| | 646 | rb_free(stats->host); |
| | 647 | rb_free(stats); |
| | 648 | } |
| | 649 | |
| | 650 | /* Delete all the DNSBL entries. */ |
| | 651 | void |
| | 652 | del_dnsbl_entry_all(void) |
| | 653 | { |
| | 654 | if(dnsbl_stats != NULL) |
| | 655 | rb_dictionary_destroy(dnsbl_stats, dnsbl_delete_elem, NULL); |
| | 656 | dnsbl_stats = NULL; |
| | 657 | |
| | 658 | rb_helper_write(authd_helper, "O rbl_del_all"); |
| | 659 | } |
| | 660 | |
| | 661 | /* Adjust an authd timeout value */ |
| | 662 | bool |
| | 663 | set_authd_timeout(const char *key, int timeout) |
| | 664 | { |
| | 665 | if(timeout <= 0) |
| | 666 | return false; |
| | 667 | |
| | 668 | rb_helper_write(authd_helper, "O %s %d", key, timeout); |
| | 669 | return true; |
| | 670 | } |
| | 671 | |
| | 672 | /* Enable identd checks */ |
| | 673 | void |
| | 674 | ident_check_enable(bool enabled) |
| | 675 | { |
| | 676 | rb_helper_write(authd_helper, "O ident_enabled %d", enabled ? 1 : 0); |
| | 677 | } |
| | 678 | |
| | 679 | /* Create an OPM listener |
| | 680 | * XXX - This is a big nasty hack, but it avoids resending duplicate data when |
| | 681 | * configure_authd() is called. |
| | 682 | */ |
| | 683 | void |
| | 684 | conf_create_opm_listener(const char *ip, uint16_t port) |
| | 685 | { |
| | 686 | char ipbuf[HOSTIPLEN]; |
| | 687 | struct OPMListener *listener; |
| | 688 | |
| | 689 | rb_strlcpy(ipbuf, ip, sizeof(ipbuf)); |
| | 690 | if(ipbuf[0] == ':') |
| | 691 | { |
| | 692 | memmove(ipbuf + 1, ipbuf, sizeof(ipbuf) - 1); |
| | 693 | ipbuf[0] = '0'; |
| | 694 | } |
| | 695 | |
| | 696 | /* I am much too lazy to use rb_inet_pton and GET_SS_FAMILY for now --Elizafox */ |
| | 697 | listener = &opm_listeners[(strchr(ipbuf, ':') != NULL ? LISTEN_IPV6 : LISTEN_IPV4)]; |
| | 698 | rb_strlcpy(listener->ipaddr, ipbuf, sizeof(listener->ipaddr)); |
| | 699 | listener->port = port; |
| | 700 | } |
| | 701 | |
| | 702 | void |
| | 703 | create_opm_listener(const char *ip, uint16_t port) |
| | 704 | { |
| | 705 | char ipbuf[HOSTIPLEN]; |
| | 706 | |
| | 707 | /* XXX duplicated in conf_create_opm_listener */ |
| | 708 | rb_strlcpy(ipbuf, ip, sizeof(ipbuf)); |
| | 709 | if(ipbuf[0] == ':') |
| | 710 | { |
| | 711 | memmove(ipbuf + 1, ipbuf, sizeof(ipbuf) - 1); |
| | 712 | ipbuf[0] = '0'; |
| | 713 | } |
| | 714 | |
| | 715 | conf_create_opm_listener(ip, port); |
| | 716 | rb_helper_write(authd_helper, "O opm_listener %s %hu", ipbuf, port); |
| | 717 | } |
| | 718 | |
| | 719 | void |
| | 720 | delete_opm_listener_all(void) |
| | 721 | { |
| | 722 | memset(&opm_listeners, 0, sizeof(opm_listeners)); |
| | 723 | rb_helper_write(authd_helper, "O opm_listener_del_all"); |
| | 724 | } |
| | 725 | |
| | 726 | /* Disable all OPM scans */ |
| | 727 | void |
| | 728 | opm_check_enable(bool enabled) |
| | 729 | { |
| | 730 | rb_helper_write(authd_helper, "O opm_enabled %d", enabled ? 1 : 0); |
| | 731 | } |
| | 732 | |
| | 733 | /* Create an OPM proxy scanner |
| | 734 | * XXX - This is a big nasty hack, but it avoids resending duplicate data when |
| | 735 | * configure_authd() is called. |
| | 736 | */ |
| | 737 | void |
| | 738 | conf_create_opm_proxy_scanner(const char *type, uint16_t port) |
| | 739 | { |
| | 740 | struct OPMScanner *scanner = rb_malloc(sizeof(struct OPMScanner)); |
| | 741 | |
| | 742 | rb_strlcpy(scanner->type, type, sizeof(scanner->type)); |
| | 743 | scanner->port = port; |
| | 744 | rb_dlinkAdd(scanner, &scanner->node, &opm_list); |
| | 745 | } |
| | 746 | |
| | 747 | void |
| | 748 | create_opm_proxy_scanner(const char *type, uint16_t port) |
| | 749 | { |
| | 750 | conf_create_opm_proxy_scanner(type, port); |
| | 751 | rb_helper_write(authd_helper, "O opm_scanner %s %hu", type, port); |
| | 752 | } |
| | 753 | |
| | 754 | void |
| | 755 | delete_opm_proxy_scanner(const char *type, uint16_t port) |
| | 756 | { |
| | 757 | rb_dlink_node *ptr, *nptr; |
| | 758 | |
| | 759 | RB_DLINK_FOREACH_SAFE(ptr, nptr, opm_list.head) |
| | 760 | { |
| | 761 | struct OPMScanner *scanner = ptr->data; |
| | 762 | |
| | 763 | if(rb_strncasecmp(scanner->type, type, sizeof(scanner->type)) == 0 && |
| | 764 | scanner->port == port) |
| | 765 | { |
| | 766 | rb_dlinkDelete(ptr, &opm_list); |
| | 767 | rb_free(scanner); |
| | 768 | break; |
| | 769 | } |
| | 770 | } |
| | 771 | |
| | 772 | rb_helper_write(authd_helper, "O opm_scanner_del %s %hu", type, port); |
| | 773 | } |
| | 774 | |
| | 775 | void |
| | 776 | delete_opm_proxy_scanner_all(void) |
| | 777 | { |
| | 778 | rb_dlink_node *ptr, *nptr; |
| | 779 | |
| | 780 | RB_DLINK_FOREACH_SAFE(ptr, nptr, opm_list.head) |
| | 781 | { |
| | 782 | struct OPMScanner *scanner = ptr->data; |
| | 783 | |
| | 784 | rb_dlinkDelete(ptr, &opm_list); |
| | 785 | rb_free(scanner); |
| | 786 | } |
| | 787 | |
| | 788 | rb_helper_write(authd_helper, "O opm_scanner_del_all"); |
| | 789 | } |
projects / solanum.git / blame_incremental