authd/providers/ident.c

   1 /* authd/providers/ident.c - ident lookup provider for authd
   2  * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
   3  *
   4  * Permission to use, copy, modify, and/or distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice is present in all copies.
   7  *
   8  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   9  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  10  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  11  * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
  12  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  13  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  14  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  15  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  16  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
  17  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  18  * POSSIBILITY OF SUCH DAMAGE.
  19  */
  20
  21 #include "stdinc.h"
  22 #include "match.h"
  23 #include "authd.h"
  24 #include "provider.h"
  25 #include "res.h"
  26
  27 #define IDENT_BUFSIZE 128
  28
  29 struct ident_query
  30 {
  31         time_t timeout;                         /* Timeout interval */
  32         rb_fde_t *F;                            /* Our FD */
  33 };
  34
  35 /* Goinked from old s_auth.c --Elizafox */
  36 static const char *messages[] =
  37 {
  38         ":*** Checking Ident",
  39         ":*** Got Ident response",
  40         ":*** No Ident response",
  41 };
  42
  43 typedef enum
  44 {
  45         REPORT_LOOKUP,
  46         REPORT_FOUND,
  47         REPORT_FAIL,
  48 } ident_message;
  49
  50 static EVH timeout_ident_queries_event;
  51 static CNCB ident_connected;
  52 static PF read_ident_reply;
  53
  54 static void client_fail(struct auth_client *auth, ident_message message);
  55 static void client_success(struct auth_client *auth);
  56 static char * get_valid_ident(char *buf);
  57
  58 static struct ev_entry *timeout_ev;
  59 static int ident_timeout = 5;
  60
  61
  62 bool ident_init(void)
  63 {
  64         timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
  65         return (timeout_ev != NULL);
  66 }
  67
  68 void ident_destroy(void)
  69 {
  70         struct auth_client *auth;
  71         struct DictionaryIter iter;
  72
  73         /* Nuke all ident queries */
  74         DICTIONARY_FOREACH(auth, &iter, auth_clients)
  75         {
  76                 if(auth->data[PROVIDER_IDENT] != NULL)
  77                         client_fail(auth, REPORT_FAIL);
  78         }
  79 }
  80
  81 bool ident_start(struct auth_client *auth)
  82 {
  83         struct ident_query *query = rb_malloc(sizeof(struct ident_query));
  84         struct rb_sockaddr_storage l_addr, c_addr;
  85         int family;
  86         rb_fde_t *F;
  87
  88         auth->data[PROVIDER_IDENT] = query;
  89         query->timeout = rb_current_time() + ident_timeout;
  90
  91         if((F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
  92         {
  93                 client_fail(auth, REPORT_FAIL);
  94                 return true;    /* Not a fatal error */
  95         }
  96
  97         query->F = F;
  98
  99         /* Build sockaddr_storages for rb_connect_tcp below */
 100         if(!rb_inet_ntop_sock((struct sockaddr *)&l_addr, auth->l_ip, sizeof(l_addr)) ||
 101                 !rb_inet_ntop_sock((struct sockaddr *)&c_addr, auth->c_ip, sizeof(c_addr)))
 102         {
 103                 client_fail(auth, REPORT_FAIL);
 104                 return true;
 105         }
 106
 107         /* Set the ports correctly */
 108 #ifdef RB_IPV6
 109         if(GET_SS_FAMILY(&l_addr) == AF_INET6)
 110                 ((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
 111         else
 112 #endif
 113                 ((struct sockaddr_in *)&l_addr)->sin_port = 0;
 114
 115 #ifdef RB_IPV6
 116         if(GET_SS_FAMILY(&c_addr) == AF_INET6)
 117                 ((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
 118         else
 119 #endif
 120                 ((struct sockaddr_in *)&c_addr)->sin_port = htons(113);
 121
 122         rb_connect_tcp(F, (struct sockaddr *)&c_addr,
 123                         (struct sockaddr *)&l_addr,
 124                         GET_SS_LEN(&l_addr), ident_connected,
 125                         query, ident_timeout);
 126
 127         notice_client(auth, messages[REPORT_LOOKUP]);
 128         set_provider(auth, PROVIDER_IDENT);
 129
 130         return true;
 131 }
 132
 133 void ident_cancel(struct auth_client *auth)
 134 {
 135         struct ident_query *query = auth->data[PROVIDER_IDENT];
 136
 137         if(query != NULL)
 138                 client_fail(auth, REPORT_FAIL);
 139 }
 140
 141 /* Timeout outstanding queries */
 142 static void timeout_ident_queries_event(void *notused)
 143 {
 144         struct auth_client *auth;
 145         struct DictionaryIter iter;
 146
 147         DICTIONARY_FOREACH(auth, &iter, auth_clients)
 148         {
 149                 struct ident_query *query = auth->data[PROVIDER_IDENT];
 150
 151                 if(query != NULL && query->timeout < rb_current_time())
 152                         client_fail(auth, REPORT_FAIL);
 153         }
 154 }
 155
 156 /*
 157  * ident_connected() - deal with the result of rb_connect_tcp()
 158  *
 159  * If the connection failed, we simply close the auth fd and report
 160  * a failure. If the connection suceeded send the ident server a query
 161  * giving "theirport , ourport". The write is only attempted *once* so
 162  * it is deemed to be a fail if the entire write doesn't write all the
 163  * data given.  This shouldnt be a problem since the socket should have
 164  * a write buffer far greater than this message to store it in should
 165  * problems arise. -avalon
 166  */
 167 static void ident_connected(rb_fde_t *F, int error, void *data)
 168 {
 169         struct auth_client *auth = data;
 170         struct ident_query *query = auth->data[PROVIDER_IDENT];
 171         char authbuf[32];
 172         int authlen;
 173
 174         /* Check the error */
 175         if(error != RB_OK)
 176         {
 177                 /* We had an error during connection :( */
 178                 client_fail(auth, REPORT_FAIL);
 179                 return;
 180         }
 181
 182         snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
 183                         auth->c_port, auth->l_port);
 184         authlen = strlen(authbuf);
 185
 186         if(rb_write(query->F, authbuf, authlen) != authlen)
 187         {
 188                 client_fail(auth, REPORT_FAIL);
 189                 return;
 190         }
 191
 192         read_ident_reply(query->F, auth);
 193 }
 194
 195 static void
 196 read_ident_reply(rb_fde_t *F, void *data)
 197 {
 198         struct auth_client *auth = data;
 199         struct ident_query *query = auth->data[PROVIDER_IDENT];
 200         char *s = NULL;
 201         char *t = NULL;
 202         int len;
 203         int count;
 204         char buf[IDENT_BUFSIZE + 1];    /* buffer to read auth reply into */
 205
 206         len = rb_read(F, buf, IDENT_BUFSIZE);
 207         if(len < 0 && rb_ignore_errno(errno))
 208         {
 209                 rb_setselect(F, RB_SELECT_READ, read_ident_reply, query);
 210                 return;
 211         }
 212
 213         if(len > 0)
 214         {
 215                 buf[len] = '\0';
 216
 217                 if((s = get_valid_ident(buf)))
 218                 {
 219                         t = auth->username;
 220
 221                         while (*s == '~' || *s == '^')
 222                                 s++;
 223
 224                         for (count = USERLEN; *s && count; s++)
 225                         {
 226                                 if(*s == '@')
 227                                 {
 228                                         break;
 229                                 }
 230                                 if(*s != ' ' && *s != ':' && *s != '[')
 231                                 {
 232                                         *t++ = *s;
 233                                         count--;
 234                                 }
 235                         }
 236                         *t = '\0';
 237                 }
 238         }
 239
 240         if(s == NULL)
 241                 client_fail(auth, REPORT_FAIL);
 242         else
 243                 client_success(auth);
 244 }
 245
 246 static void client_fail(struct auth_client *auth, ident_message report)
 247 {
 248         struct ident_query *query = auth->data[PROVIDER_IDENT];
 249
 250         rb_strlcpy(auth->username, "*", sizeof(auth->username));
 251
 252         rb_close(query->F);
 253         rb_free(query);
 254         auth->data[PROVIDER_IDENT] = NULL;
 255
 256         notice_client(auth, messages[report]);
 257         provider_done(auth, PROVIDER_IDENT);
 258 }
 259
 260 static void client_success(struct auth_client *auth)
 261 {
 262         struct ident_query *query = auth->data[PROVIDER_IDENT];
 263
 264         rb_close(query->F);
 265         rb_free(query);
 266         auth->data[PROVIDER_IDENT] = NULL;
 267
 268         notice_client(auth, messages[REPORT_FOUND]);
 269         provider_done(auth, PROVIDER_IDENT);
 270 }
 271
 272 /* get_valid_ident
 273  * parse ident query reply from identd server
 274  *
 275  * Torn out of old s_auth.c because there was nothing wrong with it
 276  * --Elizafox
 277  *
 278  * Inputs       - pointer to ident buf
 279  * Outputs      - NULL if no valid ident found, otherwise pointer to name
 280  * Side effects - None
 281  */
 282 static char *
 283 get_valid_ident(char *buf)
 284 {
 285         int remp = 0;
 286         int locp = 0;
 287         char *colon1Ptr;
 288         char *colon2Ptr;
 289         char *colon3Ptr;
 290         char *commaPtr;
 291         char *remotePortString;
 292
 293         /* All this to get rid of a sscanf() fun. */
 294         remotePortString = buf;
 295
 296         colon1Ptr = strchr(remotePortString, ':');
 297         if(!colon1Ptr)
 298                 return 0;
 299
 300         *colon1Ptr = '\0';
 301         colon1Ptr++;
 302         colon2Ptr = strchr(colon1Ptr, ':');
 303         if(!colon2Ptr)
 304                 return 0;
 305
 306         *colon2Ptr = '\0';
 307         colon2Ptr++;
 308         commaPtr = strchr(remotePortString, ',');
 309
 310         if(!commaPtr)
 311                 return 0;
 312
 313         *commaPtr = '\0';
 314         commaPtr++;
 315
 316         remp = atoi(remotePortString);
 317         if(!remp)
 318                 return 0;
 319
 320         locp = atoi(commaPtr);
 321         if(!locp)
 322                 return 0;
 323
 324         /* look for USERID bordered by first pair of colons */
 325         if(!strstr(colon1Ptr, "USERID"))
 326                 return 0;
 327
 328         colon3Ptr = strchr(colon2Ptr, ':');
 329         if(!colon3Ptr)
 330                 return 0;
 331
 332         *colon3Ptr = '\0';
 333         colon3Ptr++;
 334         return (colon3Ptr);
 335 }
 336
 337
 338 struct auth_provider ident_provider =
 339 {
 340         .id = PROVIDER_IDENT,
 341         .init = ident_init,
 342         .destroy = ident_destroy,
 343         .start = ident_start,
 344         .cancel = ident_cancel,
 345         .completed = NULL,
 346 };