1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
24 * --Elizafox 13 March 2016
35 #define SELF_PID (ident_provider.id)
37 #define IDENT_BUFSIZE 128
41 rb_fde_t
*F
; /* Our FD */
44 /* Goinked from old s_auth.c --Elizafox */
45 static const char *messages
[] =
48 "*** Got Ident response",
49 "*** No Ident response",
50 "*** Cannot verify ident validity, ignoring ident",
51 "*** Ident disabled, not checking ident",
63 static CNCB ident_connected
;
64 static PF read_ident_reply
;
66 static void client_fail(struct auth_client
*auth
, ident_message message
);
67 static void client_success(struct auth_client
*auth
);
68 static char * get_valid_ident(char *buf
);
70 static int ident_timeout
= IDENT_TIMEOUT_DEFAULT
;
71 static bool ident_enable
= true;
75 * ident_connected() - deal with the result of rb_connect_tcp()
77 * If the connection failed, we simply close the auth fd and report
78 * a failure. If the connection suceeded send the ident server a query
79 * giving "theirport , ourport". The write is only attempted *once* so
80 * it is deemed to be a fail if the entire write doesn't write all the
81 * data given. This shouldnt be a problem since the socket should have
82 * a write buffer far greater than this message to store it in should
83 * problems arise. -avalon
86 ident_connected(rb_fde_t
*F __unused
, int error
, void *data
)
88 struct auth_client
*auth
= data
;
89 struct ident_query
*query
;
93 lrb_assert(auth
!= NULL
);
94 query
= get_provider_data(auth
, SELF_PID
);
95 lrb_assert(query
!= NULL
);
100 /* We had an error during connection :( */
101 client_fail(auth
, REPORT_FAIL
);
105 snprintf(authbuf
, sizeof(authbuf
), "%u , %u\r\n",
106 auth
->c_port
, auth
->l_port
);
107 authlen
= strlen(authbuf
);
109 if(rb_write(query
->F
, authbuf
, authlen
) != authlen
)
111 client_fail(auth
, REPORT_FAIL
);
115 read_ident_reply(query
->F
, auth
);
119 read_ident_reply(rb_fde_t
*F
, void *data
)
121 struct auth_client
*auth
= data
;
122 struct ident_query
*query
;
123 char buf
[IDENT_BUFSIZE
+ 1]; /* buffer to read auth reply into */
124 ident_message message
= REPORT_FAIL
;
130 lrb_assert(auth
!= NULL
);
131 query
= get_provider_data(auth
, SELF_PID
);
132 lrb_assert(query
!= NULL
);
134 len
= rb_read(F
, buf
, IDENT_BUFSIZE
);
135 if(len
< 0 && rb_ignore_errno(errno
))
137 rb_setselect(F
, RB_SELECT_READ
, read_ident_reply
, auth
);
143 if((s
= get_valid_ident(buf
)) != NULL
)
147 while (*s
== '~' || *s
== '^')
150 for (count
= USERLEN
; *s
&& count
; s
++)
152 if(*s
== '@' || *s
== '\r' || *s
== '\n')
155 if(*s
!= ' ' && *s
!= ':' && *s
!= '[')
164 message
= REPORT_INVALID
;
168 client_fail(auth
, message
);
170 client_success(auth
);
174 client_fail(struct auth_client
*auth
, ident_message report
)
176 struct ident_query
*query
= get_provider_data(auth
, SELF_PID
);
178 lrb_assert(query
!= NULL
);
180 rb_strlcpy(auth
->username
, "*", sizeof(auth
->username
));
186 set_provider_data(auth
, SELF_PID
, NULL
);
187 set_provider_timeout_absolute(auth
, SELF_PID
, 0);
189 notice_client(auth
->cid
, messages
[report
]);
190 provider_done(auth
, SELF_PID
);
194 client_success(struct auth_client
*auth
)
196 struct ident_query
*query
= get_provider_data(auth
, SELF_PID
);
198 lrb_assert(query
!= NULL
);
204 set_provider_data(auth
, SELF_PID
, NULL
);
205 set_provider_timeout_absolute(auth
, SELF_PID
, 0);
207 notice_client(auth
->cid
, messages
[REPORT_FOUND
]);
208 provider_done(auth
, SELF_PID
);
212 * parse ident query reply from identd server
214 * Taken from old s_auth.c --Elizafox
216 * Inputs - pointer to ident buf
217 * Outputs - NULL if no valid ident found, otherwise pointer to name
218 * Side effects - None
221 get_valid_ident(char *buf
)
229 char *remotePortString
;
231 /* All this to get rid of a sscanf() fun. */
232 remotePortString
= buf
;
234 colon1Ptr
= strchr(remotePortString
, ':');
240 colon2Ptr
= strchr(colon1Ptr
, ':');
246 commaPtr
= strchr(remotePortString
, ',');
254 remp
= atoi(remotePortString
);
258 locp
= atoi(commaPtr
);
262 /* look for USERID bordered by first pair of colons */
263 if(!strstr(colon1Ptr
, "USERID"))
266 colon3Ptr
= strchr(colon2Ptr
, ':');
278 struct auth_client
*auth
;
279 rb_dictionary_iter iter
;
281 /* Nuke all ident queries */
282 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
284 if(get_provider_data(auth
, SELF_PID
) != NULL
)
285 client_fail(auth
, REPORT_FAIL
);
290 ident_start(struct auth_client
*auth
)
292 struct ident_query
*query
= rb_malloc(sizeof(struct ident_query
));
293 struct rb_sockaddr_storage l_addr
, c_addr
;
294 int family
= GET_SS_FAMILY(&auth
->c_addr
);
296 lrb_assert(get_provider_data(auth
, SELF_PID
) == NULL
);
301 notice_client(auth
->cid
, messages
[REPORT_DISABLED
]);
302 set_provider_done(auth
, SELF_PID
);
306 notice_client(auth
->cid
, messages
[REPORT_LOOKUP
]);
308 set_provider_data(auth
, SELF_PID
, query
);
309 set_provider_timeout_relative(auth
, SELF_PID
, ident_timeout
);
311 if((query
->F
= rb_socket(family
, SOCK_STREAM
, 0, "ident")) == NULL
)
313 warn_opers(L_DEBUG
, "Could not create ident socket: %s", strerror(errno
));
314 client_fail(auth
, REPORT_FAIL
);
315 return true; /* Not a fatal error */
318 /* Build sockaddr_storages for rb_connect_tcp below */
319 l_addr
= auth
->l_addr
;
320 c_addr
= auth
->c_addr
;
322 SET_SS_PORT(&l_addr
, 0);
323 SET_SS_PORT(&c_addr
, htons(113));
325 rb_connect_tcp(query
->F
, (struct sockaddr
*)&c_addr
,
326 (struct sockaddr
*)&l_addr
,
328 auth
, ident_timeout
);
330 set_provider_running(auth
, SELF_PID
);
336 ident_cancel(struct auth_client
*auth
)
338 struct ident_query
*query
= get_provider_data(auth
, SELF_PID
);
341 client_fail(auth
, REPORT_FAIL
);
345 add_conf_ident_timeout(const char *key __unused
, int parc __unused
, const char **parv
)
347 int timeout
= atoi(parv
[0]);
351 warn_opers(L_CRIT
, "Ident: ident timeout < 0 (value: %d)", timeout
);
352 exit(EX_PROVIDER_ERROR
);
355 ident_timeout
= timeout
;
359 set_ident_enabled(const char *key __unused
, int parc __unused
, const char **parv
)
361 ident_enable
= (*parv
[0] == '1');
364 struct auth_opts_handler ident_options
[] =
366 { "ident_timeout", 1, add_conf_ident_timeout
},
367 { "ident_enabled", 1, set_ident_enabled
},
372 struct auth_provider ident_provider
=
376 .start
= ident_start
,
377 .destroy
= ident_destroy
,
378 .cancel
= ident_cancel
,
379 .timeout
= ident_cancel
,
380 .opt_handlers
= ident_options
,