]> jfr.im git - solanum.git/blob - authd/providers/ident.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Clean up the provider status logic.
[solanum.git] / authd / providers / ident.c
1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
7 *
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
19 */
20
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
23 *
24 * --Elizafox 13 March 2016
25 */
26
27 #include "stdinc.h"
28 #include "match.h"
29 #include "authd.h"
30 #include "notice.h"
31 #include "provider.h"
32 #include "res.h"
33
34 #define IDENT_BUFSIZE 128
35
36 struct ident_query
37 {
38 rb_fde_t *F; /* Our FD */
39 };
40
41 /* Goinked from old s_auth.c --Elizafox */
42 static const char *messages[] =
43 {
44 "*** Checking Ident",
45 "*** Got Ident response",
46 "*** No Ident response",
47 "*** Cannot verify ident validity, ignoring ident",
48 "*** Ident disabled, not checking ident",
49 };
50
51 typedef enum
52 {
53 REPORT_LOOKUP,
54 REPORT_FOUND,
55 REPORT_FAIL,
56 REPORT_INVALID,
57 REPORT_DISABLED,
58 } ident_message;
59
60 static CNCB ident_connected;
61 static PF read_ident_reply;
62
63 static void client_fail(struct auth_client *auth, ident_message message);
64 static void client_success(struct auth_client *auth);
65 static char * get_valid_ident(char *buf);
66
67 static int ident_timeout = 5;
68 static bool ident_enable = true;
69
70
71 /*
72 * ident_connected() - deal with the result of rb_connect_tcp()
73 *
74 * If the connection failed, we simply close the auth fd and report
75 * a failure. If the connection suceeded send the ident server a query
76 * giving "theirport , ourport". The write is only attempted *once* so
77 * it is deemed to be a fail if the entire write doesn't write all the
78 * data given. This shouldnt be a problem since the socket should have
79 * a write buffer far greater than this message to store it in should
80 * problems arise. -avalon
81 */
82 static void
83 ident_connected(rb_fde_t *F __unused, int error, void *data)
84 {
85 struct auth_client *auth = data;
86 struct ident_query *query;
87 char authbuf[32];
88 int authlen;
89
90 lrb_assert(auth != NULL);
91 query = get_provider_data(auth, PROVIDER_IDENT);
92 lrb_assert(query != NULL);
93
94 /* Check the error */
95 if(error != RB_OK)
96 {
97 /* We had an error during connection :( */
98 client_fail(auth, REPORT_FAIL);
99 return;
100 }
101
102 snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
103 auth->c_port, auth->l_port);
104 authlen = strlen(authbuf);
105
106 if(rb_write(query->F, authbuf, authlen) != authlen)
107 {
108 client_fail(auth, REPORT_FAIL);
109 return;
110 }
111
112 read_ident_reply(query->F, auth);
113 }
114
115 static void
116 read_ident_reply(rb_fde_t *F, void *data)
117 {
118 struct auth_client *auth = data;
119 struct ident_query *query;
120 char buf[IDENT_BUFSIZE + 1]; /* buffer to read auth reply into */
121 ident_message message = REPORT_FAIL;
122 char *s = NULL;
123 char *t = NULL;
124 ssize_t len;
125 int count;
126
127 lrb_assert(auth != NULL);
128 query = get_provider_data(auth, PROVIDER_IDENT);
129 lrb_assert(query != NULL);
130
131 len = rb_read(F, buf, IDENT_BUFSIZE);
132 if(len < 0 && rb_ignore_errno(errno))
133 {
134 rb_setselect(F, RB_SELECT_READ, read_ident_reply, auth);
135 return;
136 }
137
138 if(len > 0)
139 {
140 if((s = get_valid_ident(buf)) != NULL)
141 {
142 t = auth->username;
143
144 while (*s == '~' || *s == '^')
145 s++;
146
147 for (count = USERLEN; *s && count; s++)
148 {
149 if(*s == '@' || *s == '\r' || *s == '\n')
150 break;
151
152 if(*s != ' ' && *s != ':' && *s != '[')
153 {
154 *t++ = *s;
155 count--;
156 }
157 }
158 *t = '\0';
159 }
160 else
161 message = REPORT_INVALID;
162 }
163
164 if(s == NULL)
165 client_fail(auth, message);
166 else
167 client_success(auth);
168 }
169
170 static void
171 client_fail(struct auth_client *auth, ident_message report)
172 {
173 struct ident_query *query = get_provider_data(auth, PROVIDER_IDENT);
174
175 lrb_assert(query != NULL);
176
177 rb_strlcpy(auth->username, "*", sizeof(auth->username));
178
179 if(query->F != NULL)
180 rb_close(query->F);
181
182 rb_free(query);
183 set_provider_data(auth, PROVIDER_IDENT, NULL);
184 set_provider_timeout_absolute(auth, PROVIDER_IDENT, 0);
185
186 notice_client(auth->cid, messages[report]);
187 provider_done(auth, PROVIDER_IDENT);
188 }
189
190 static void
191 client_success(struct auth_client *auth)
192 {
193 struct ident_query *query = get_provider_data(auth, PROVIDER_IDENT);
194
195 lrb_assert(query != NULL);
196
197 if(query->F != NULL)
198 rb_close(query->F);
199
200 rb_free(query);
201 set_provider_data(auth, PROVIDER_IDENT, NULL);
202 set_provider_timeout_absolute(auth, PROVIDER_IDENT, 0);
203
204 notice_client(auth->cid, messages[REPORT_FOUND]);
205 provider_done(auth, PROVIDER_IDENT);
206 }
207
208 /* get_valid_ident
209 * parse ident query reply from identd server
210 *
211 * Taken from old s_auth.c --Elizafox
212 *
213 * Inputs - pointer to ident buf
214 * Outputs - NULL if no valid ident found, otherwise pointer to name
215 * Side effects - None
216 */
217 static char *
218 get_valid_ident(char *buf)
219 {
220 int remp = 0;
221 int locp = 0;
222 char *colon1Ptr;
223 char *colon2Ptr;
224 char *colon3Ptr;
225 char *commaPtr;
226 char *remotePortString;
227
228 /* All this to get rid of a sscanf() fun. */
229 remotePortString = buf;
230
231 colon1Ptr = strchr(remotePortString, ':');
232 if(!colon1Ptr)
233 return NULL;
234
235 *colon1Ptr = '\0';
236 colon1Ptr++;
237 colon2Ptr = strchr(colon1Ptr, ':');
238 if(!colon2Ptr)
239 return NULL;
240
241 *colon2Ptr = '\0';
242 colon2Ptr++;
243 commaPtr = strchr(remotePortString, ',');
244
245 if(!commaPtr)
246 return NULL;
247
248 *commaPtr = '\0';
249 commaPtr++;
250
251 remp = atoi(remotePortString);
252 if(!remp)
253 return NULL;
254
255 locp = atoi(commaPtr);
256 if(!locp)
257 return NULL;
258
259 /* look for USERID bordered by first pair of colons */
260 if(!strstr(colon1Ptr, "USERID"))
261 return NULL;
262
263 colon3Ptr = strchr(colon2Ptr, ':');
264 if(!colon3Ptr)
265 return NULL;
266
267 *colon3Ptr = '\0';
268 colon3Ptr++;
269 return (colon3Ptr);
270 }
271
272 static void
273 ident_destroy(void)
274 {
275 struct auth_client *auth;
276 rb_dictionary_iter iter;
277
278 /* Nuke all ident queries */
279 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
280 {
281 if(get_provider_data(auth, PROVIDER_IDENT) != NULL)
282 client_fail(auth, REPORT_FAIL);
283 }
284 }
285
286 static bool
287 ident_start(struct auth_client *auth)
288 {
289 struct ident_query *query = rb_malloc(sizeof(struct ident_query));
290 struct rb_sockaddr_storage l_addr, c_addr;
291 int family = GET_SS_FAMILY(&auth->c_addr);
292
293 lrb_assert(get_provider_data(auth, PROVIDER_IDENT) == NULL);
294
295 if(!ident_enable)
296 {
297 rb_free(query);
298 notice_client(auth->cid, messages[REPORT_DISABLED]);
299 set_provider_done(auth, PROVIDER_IDENT);
300 return true;
301 }
302
303 notice_client(auth->cid, messages[REPORT_LOOKUP]);
304
305 set_provider_data(auth, PROVIDER_IDENT, query);
306 set_provider_timeout_relative(auth, PROVIDER_IDENT, ident_timeout);
307
308 if((query->F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
309 {
310 warn_opers(L_DEBUG, "Could not create ident socket: %s", strerror(errno));
311 client_fail(auth, REPORT_FAIL);
312 return true; /* Not a fatal error */
313 }
314
315 /* Build sockaddr_storages for rb_connect_tcp below */
316 l_addr = auth->l_addr;
317 c_addr = auth->c_addr;
318
319 SET_SS_PORT(&l_addr, 0);
320 SET_SS_PORT(&c_addr, htons(113));
321
322 rb_connect_tcp(query->F, (struct sockaddr *)&c_addr,
323 (struct sockaddr *)&l_addr,
324 GET_SS_LEN(&l_addr), ident_connected,
325 auth, ident_timeout);
326
327 set_provider_running(auth, PROVIDER_IDENT);
328
329 return true;
330 }
331
332 static void
333 ident_cancel(struct auth_client *auth)
334 {
335 struct ident_query *query = get_provider_data(auth, PROVIDER_IDENT);
336
337 if(query != NULL)
338 client_fail(auth, REPORT_FAIL);
339 }
340
341 static void
342 add_conf_ident_timeout(const char *key __unused, int parc __unused, const char **parv)
343 {
344 int timeout = atoi(parv[0]);
345
346 if(timeout < 0)
347 {
348 warn_opers(L_CRIT, "Ident: ident timeout < 0 (value: %d)", timeout);
349 exit(EX_PROVIDER_ERROR);
350 }
351
352 ident_timeout = timeout;
353 }
354
355 static void
356 set_ident_enabled(const char *key __unused, int parc __unused, const char **parv)
357 {
358 ident_enable = (*parv[0] == '1');
359 }
360
361 struct auth_opts_handler ident_options[] =
362 {
363 { "ident_timeout", 1, add_conf_ident_timeout },
364 { "ident_enabled", 1, set_ident_enabled },
365 { NULL, 0, NULL },
366 };
367
368
369 struct auth_provider ident_provider =
370 {
371 .id = PROVIDER_IDENT,
372 .start = ident_start,
373 .destroy = ident_destroy,
374 .cancel = ident_cancel,
375 .timeout = ident_cancel,
376 .opt_handlers = ident_options,
377 };
Fork of solanum ircd, history is rebased regularly