1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
24 * --Elizafox 13 March 2016
34 #define IDENT_BUFSIZE 128
38 time_t timeout
; /* Timeout interval */
39 rb_fde_t
*F
; /* Our FD */
42 /* Goinked from old s_auth.c --Elizafox */
43 static const char *messages
[] =
46 "*** Got Ident response",
47 "*** No Ident response",
48 "*** Cannot verify ident validity, ignoring ident",
49 "*** Ident disabled, not checking ident",
61 static EVH timeout_ident_queries_event
;
62 static CNCB ident_connected
;
63 static PF read_ident_reply
;
65 static void client_fail(struct auth_client
*auth
, ident_message message
);
66 static void client_success(struct auth_client
*auth
);
67 static char * get_valid_ident(char *buf
);
69 static struct ev_entry
*timeout_ev
;
70 static int ident_timeout
= 5;
71 static bool ident_enable
= true;
74 /* Timeout outstanding queries */
76 timeout_ident_queries_event(void *notused __unused
)
78 struct auth_client
*auth
;
79 rb_dictionary_iter iter
;
81 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
83 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
85 if(query
!= NULL
&& query
->timeout
< rb_current_time())
86 client_fail(auth
, REPORT_FAIL
);
91 * ident_connected() - deal with the result of rb_connect_tcp()
93 * If the connection failed, we simply close the auth fd and report
94 * a failure. If the connection suceeded send the ident server a query
95 * giving "theirport , ourport". The write is only attempted *once* so
96 * it is deemed to be a fail if the entire write doesn't write all the
97 * data given. This shouldnt be a problem since the socket should have
98 * a write buffer far greater than this message to store it in should
99 * problems arise. -avalon
102 ident_connected(rb_fde_t
*F __unused
, int error
, void *data
)
104 struct auth_client
*auth
= data
;
105 struct ident_query
*query
;
112 query
= auth
->data
[PROVIDER_IDENT
];
117 /* Check the error */
120 /* We had an error during connection :( */
121 client_fail(auth
, REPORT_FAIL
);
125 snprintf(authbuf
, sizeof(authbuf
), "%u , %u\r\n",
126 auth
->c_port
, auth
->l_port
);
127 authlen
= strlen(authbuf
);
129 if(rb_write(query
->F
, authbuf
, authlen
) != authlen
)
131 client_fail(auth
, REPORT_FAIL
);
135 read_ident_reply(query
->F
, auth
);
139 read_ident_reply(rb_fde_t
*F
, void *data
)
141 struct auth_client
*auth
= data
;
142 struct ident_query
*query
;
143 char buf
[IDENT_BUFSIZE
+ 1]; /* buffer to read auth reply into */
144 ident_message message
= REPORT_FAIL
;
153 query
= auth
->data
[PROVIDER_IDENT
];
158 len
= rb_read(F
, buf
, IDENT_BUFSIZE
);
159 if(len
< 0 && rb_ignore_errno(errno
))
161 rb_setselect(F
, RB_SELECT_READ
, read_ident_reply
, auth
);
167 if((s
= get_valid_ident(buf
)) != NULL
)
171 while (*s
== '~' || *s
== '^')
174 for (count
= USERLEN
; *s
&& count
; s
++)
176 if(*s
== '@' || *s
== '\r' || *s
== '\n')
179 if(*s
!= ' ' && *s
!= ':' && *s
!= '[')
188 message
= REPORT_INVALID
;
192 client_fail(auth
, message
);
194 client_success(auth
);
198 client_fail(struct auth_client
*auth
, ident_message report
)
200 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
205 rb_strlcpy(auth
->username
, "*", sizeof(auth
->username
));
211 auth
->data
[PROVIDER_IDENT
] = NULL
;
213 notice_client(auth
->cid
, messages
[report
]);
214 provider_done(auth
, PROVIDER_IDENT
);
218 client_success(struct auth_client
*auth
)
220 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
229 auth
->data
[PROVIDER_IDENT
] = NULL
;
231 notice_client(auth
->cid
, messages
[REPORT_FOUND
]);
232 provider_done(auth
, PROVIDER_IDENT
);
236 * parse ident query reply from identd server
238 * Taken from old s_auth.c --Elizafox
240 * Inputs - pointer to ident buf
241 * Outputs - NULL if no valid ident found, otherwise pointer to name
242 * Side effects - None
245 get_valid_ident(char *buf
)
253 char *remotePortString
;
255 /* All this to get rid of a sscanf() fun. */
256 remotePortString
= buf
;
258 colon1Ptr
= strchr(remotePortString
, ':');
264 colon2Ptr
= strchr(colon1Ptr
, ':');
270 commaPtr
= strchr(remotePortString
, ',');
278 remp
= atoi(remotePortString
);
282 locp
= atoi(commaPtr
);
286 /* look for USERID bordered by first pair of colons */
287 if(!strstr(colon1Ptr
, "USERID"))
290 colon3Ptr
= strchr(colon2Ptr
, ':');
302 timeout_ev
= rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event
, NULL
, 1);
303 return (timeout_ev
!= NULL
);
309 struct auth_client
*auth
;
310 rb_dictionary_iter iter
;
312 /* Nuke all ident queries */
313 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
315 if(auth
->data
[PROVIDER_IDENT
] != NULL
)
316 client_fail(auth
, REPORT_FAIL
);
320 static bool ident_start(struct auth_client
*auth
)
322 struct ident_query
*query
= rb_malloc(sizeof(struct ident_query
));
323 struct rb_sockaddr_storage l_addr
, c_addr
;
324 int family
= GET_SS_FAMILY(&auth
->c_addr
);
326 if(auth
->data
[PROVIDER_IDENT
] != NULL
)
328 set_provider_done(auth
, PROVIDER_IDENT
); /* for blacklists */
331 else if(!ident_enable
)
333 notice_client(auth
->cid
, messages
[REPORT_DISABLED
]);
334 set_provider_done(auth
, PROVIDER_IDENT
);
338 notice_client(auth
->cid
, messages
[REPORT_LOOKUP
]);
340 auth
->data
[PROVIDER_IDENT
] = query
;
341 query
->timeout
= rb_current_time() + ident_timeout
;
343 if((query
->F
= rb_socket(family
, SOCK_STREAM
, 0, "ident")) == NULL
)
345 warn_opers(L_DEBUG
, "Could not create ident socket: %s", strerror(errno
));
346 client_fail(auth
, REPORT_FAIL
);
347 return true; /* Not a fatal error */
350 /* Build sockaddr_storages for rb_connect_tcp below */
351 memcpy(&l_addr
, &auth
->l_addr
, sizeof(l_addr
));
352 memcpy(&c_addr
, &auth
->c_addr
, sizeof(c_addr
));
354 /* Set the ports correctly */
356 if(GET_SS_FAMILY(&l_addr
) == AF_INET6
)
357 ((struct sockaddr_in6
*)&l_addr
)->sin6_port
= 0;
360 ((struct sockaddr_in
*)&l_addr
)->sin_port
= 0;
363 if(GET_SS_FAMILY(&c_addr
) == AF_INET6
)
364 ((struct sockaddr_in6
*)&c_addr
)->sin6_port
= htons(113);
367 ((struct sockaddr_in
*)&c_addr
)->sin_port
= htons(113);
369 rb_connect_tcp(query
->F
, (struct sockaddr
*)&c_addr
,
370 (struct sockaddr
*)&l_addr
,
371 GET_SS_LEN(&l_addr
), ident_connected
,
372 auth
, ident_timeout
);
374 set_provider_on(auth
, PROVIDER_IDENT
);
380 ident_cancel(struct auth_client
*auth
)
382 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
385 client_fail(auth
, REPORT_FAIL
);
389 add_conf_ident_timeout(const char *key __unused
, int parc __unused
, const char **parv
)
391 int timeout
= atoi(parv
[0]);
395 warn_opers(L_CRIT
, "BUG: ident timeout < 0 (value: %d)", timeout
);
399 ident_timeout
= timeout
;
403 set_ident_enabled(const char *key __unused
, int parc __unused
, const char **parv
)
405 ident_enable
= (*parv
[0] == '1');
408 struct auth_opts_handler ident_options
[] =
410 { "ident_timeout", 1, add_conf_ident_timeout
},
411 { "ident_enabled", 1, set_ident_enabled
},
416 struct auth_provider ident_provider
=
418 .id
= PROVIDER_IDENT
,
420 .destroy
= ident_destroy
,
421 .start
= ident_start
,
422 .cancel
= ident_cancel
,
424 .opt_handlers
= ident_options
,