1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
24 * --Elizafox 13 March 2016
34 #define IDENT_BUFSIZE 128
38 rb_fde_t
*F
; /* Our FD */
41 /* Goinked from old s_auth.c --Elizafox */
42 static const char *messages
[] =
45 "*** Got Ident response",
46 "*** No Ident response",
47 "*** Cannot verify ident validity, ignoring ident",
48 "*** Ident disabled, not checking ident",
60 static CNCB ident_connected
;
61 static PF read_ident_reply
;
63 static void client_fail(struct auth_client
*auth
, ident_message message
);
64 static void client_success(struct auth_client
*auth
);
65 static char * get_valid_ident(char *buf
);
67 static int ident_timeout
= 5;
68 static bool ident_enable
= true;
72 * ident_connected() - deal with the result of rb_connect_tcp()
74 * If the connection failed, we simply close the auth fd and report
75 * a failure. If the connection suceeded send the ident server a query
76 * giving "theirport , ourport". The write is only attempted *once* so
77 * it is deemed to be a fail if the entire write doesn't write all the
78 * data given. This shouldnt be a problem since the socket should have
79 * a write buffer far greater than this message to store it in should
80 * problems arise. -avalon
83 ident_connected(rb_fde_t
*F __unused
, int error
, void *data
)
85 struct auth_client
*auth
= data
;
86 struct ident_query
*query
;
90 lrb_assert(auth
!= NULL
);
91 query
= get_provider_data(auth
, PROVIDER_IDENT
);
92 lrb_assert(query
!= NULL
);
97 /* We had an error during connection :( */
98 client_fail(auth
, REPORT_FAIL
);
102 snprintf(authbuf
, sizeof(authbuf
), "%u , %u\r\n",
103 auth
->c_port
, auth
->l_port
);
104 authlen
= strlen(authbuf
);
106 if(rb_write(query
->F
, authbuf
, authlen
) != authlen
)
108 client_fail(auth
, REPORT_FAIL
);
112 read_ident_reply(query
->F
, auth
);
116 read_ident_reply(rb_fde_t
*F
, void *data
)
118 struct auth_client
*auth
= data
;
119 struct ident_query
*query
;
120 char buf
[IDENT_BUFSIZE
+ 1]; /* buffer to read auth reply into */
121 ident_message message
= REPORT_FAIL
;
127 lrb_assert(auth
!= NULL
);
128 query
= get_provider_data(auth
, PROVIDER_IDENT
);
129 lrb_assert(query
!= NULL
);
131 len
= rb_read(F
, buf
, IDENT_BUFSIZE
);
132 if(len
< 0 && rb_ignore_errno(errno
))
134 rb_setselect(F
, RB_SELECT_READ
, read_ident_reply
, auth
);
140 if((s
= get_valid_ident(buf
)) != NULL
)
144 while (*s
== '~' || *s
== '^')
147 for (count
= USERLEN
; *s
&& count
; s
++)
149 if(*s
== '@' || *s
== '\r' || *s
== '\n')
152 if(*s
!= ' ' && *s
!= ':' && *s
!= '[')
161 message
= REPORT_INVALID
;
165 client_fail(auth
, message
);
167 client_success(auth
);
171 client_fail(struct auth_client
*auth
, ident_message report
)
173 struct ident_query
*query
= get_provider_data(auth
, PROVIDER_IDENT
);
175 lrb_assert(query
!= NULL
);
177 rb_strlcpy(auth
->username
, "*", sizeof(auth
->username
));
183 set_provider_data(auth
, PROVIDER_IDENT
, NULL
);
184 set_provider_timeout_absolute(auth
, PROVIDER_IDENT
, 0);
186 notice_client(auth
->cid
, messages
[report
]);
187 provider_done(auth
, PROVIDER_IDENT
);
191 client_success(struct auth_client
*auth
)
193 struct ident_query
*query
= get_provider_data(auth
, PROVIDER_IDENT
);
195 lrb_assert(query
!= NULL
);
201 set_provider_data(auth
, PROVIDER_IDENT
, NULL
);
202 set_provider_timeout_absolute(auth
, PROVIDER_IDENT
, 0);
204 notice_client(auth
->cid
, messages
[REPORT_FOUND
]);
205 provider_done(auth
, PROVIDER_IDENT
);
209 * parse ident query reply from identd server
211 * Taken from old s_auth.c --Elizafox
213 * Inputs - pointer to ident buf
214 * Outputs - NULL if no valid ident found, otherwise pointer to name
215 * Side effects - None
218 get_valid_ident(char *buf
)
226 char *remotePortString
;
228 /* All this to get rid of a sscanf() fun. */
229 remotePortString
= buf
;
231 colon1Ptr
= strchr(remotePortString
, ':');
237 colon2Ptr
= strchr(colon1Ptr
, ':');
243 commaPtr
= strchr(remotePortString
, ',');
251 remp
= atoi(remotePortString
);
255 locp
= atoi(commaPtr
);
259 /* look for USERID bordered by first pair of colons */
260 if(!strstr(colon1Ptr
, "USERID"))
263 colon3Ptr
= strchr(colon2Ptr
, ':');
275 struct auth_client
*auth
;
276 rb_dictionary_iter iter
;
278 /* Nuke all ident queries */
279 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
281 if(get_provider_data(auth
, PROVIDER_IDENT
) != NULL
)
282 client_fail(auth
, REPORT_FAIL
);
287 ident_start(struct auth_client
*auth
)
289 struct ident_query
*query
= rb_malloc(sizeof(struct ident_query
));
290 struct rb_sockaddr_storage l_addr
, c_addr
;
291 int family
= GET_SS_FAMILY(&auth
->c_addr
);
293 lrb_assert(get_provider_data(auth
, PROVIDER_IDENT
) == NULL
);
298 notice_client(auth
->cid
, messages
[REPORT_DISABLED
]);
299 set_provider_done(auth
, PROVIDER_IDENT
);
303 notice_client(auth
->cid
, messages
[REPORT_LOOKUP
]);
305 set_provider_data(auth
, PROVIDER_IDENT
, query
);
306 set_provider_timeout_relative(auth
, PROVIDER_IDENT
, ident_timeout
);
308 if((query
->F
= rb_socket(family
, SOCK_STREAM
, 0, "ident")) == NULL
)
310 warn_opers(L_DEBUG
, "Could not create ident socket: %s", strerror(errno
));
311 client_fail(auth
, REPORT_FAIL
);
312 return true; /* Not a fatal error */
315 /* Build sockaddr_storages for rb_connect_tcp below */
316 l_addr
= auth
->l_addr
;
317 c_addr
= auth
->c_addr
;
319 SET_SS_PORT(&l_addr
, 0);
320 SET_SS_PORT(&c_addr
, htons(113));
322 rb_connect_tcp(query
->F
, (struct sockaddr
*)&c_addr
,
323 (struct sockaddr
*)&l_addr
,
324 GET_SS_LEN(&l_addr
), ident_connected
,
325 auth
, ident_timeout
);
327 set_provider_running(auth
, PROVIDER_IDENT
);
333 ident_cancel(struct auth_client
*auth
)
335 struct ident_query
*query
= get_provider_data(auth
, PROVIDER_IDENT
);
338 client_fail(auth
, REPORT_FAIL
);
342 add_conf_ident_timeout(const char *key __unused
, int parc __unused
, const char **parv
)
344 int timeout
= atoi(parv
[0]);
348 warn_opers(L_CRIT
, "Ident: ident timeout < 0 (value: %d)", timeout
);
349 exit(EX_PROVIDER_ERROR
);
352 ident_timeout
= timeout
;
356 set_ident_enabled(const char *key __unused
, int parc __unused
, const char **parv
)
358 ident_enable
= (*parv
[0] == '1');
361 struct auth_opts_handler ident_options
[] =
363 { "ident_timeout", 1, add_conf_ident_timeout
},
364 { "ident_enabled", 1, set_ident_enabled
},
369 struct auth_provider ident_provider
=
371 .id
= PROVIDER_IDENT
,
372 .start
= ident_start
,
373 .destroy
= ident_destroy
,
374 .cancel
= ident_cancel
,
375 .timeout
= ident_cancel
,
376 .opt_handlers
= ident_options
,