1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
24 * --Elizafox 13 March 2016
34 #define IDENT_BUFSIZE 128
38 time_t timeout
; /* Timeout interval */
39 rb_fde_t
*F
; /* Our FD */
42 /* Goinked from old s_auth.c --Elizafox */
43 static const char *messages
[] =
46 "*** Got Ident response",
47 "*** No Ident response",
48 "*** Cannot verify ident validity, ignoring ident",
59 static EVH timeout_ident_queries_event
;
60 static CNCB ident_connected
;
61 static PF read_ident_reply
;
63 static void client_fail(struct auth_client
*auth
, ident_message message
);
64 static void client_success(struct auth_client
*auth
);
65 static char * get_valid_ident(char *buf
);
67 static struct ev_entry
*timeout_ev
;
68 static int ident_timeout
= 5;
69 static bool ident_enable
= true;
72 /* Timeout outstanding queries */
74 timeout_ident_queries_event(void *notused __unused
)
76 struct auth_client
*auth
;
77 rb_dictionary_iter iter
;
79 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
81 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
83 if(query
!= NULL
&& query
->timeout
< rb_current_time())
84 client_fail(auth
, REPORT_FAIL
);
89 * ident_connected() - deal with the result of rb_connect_tcp()
91 * If the connection failed, we simply close the auth fd and report
92 * a failure. If the connection suceeded send the ident server a query
93 * giving "theirport , ourport". The write is only attempted *once* so
94 * it is deemed to be a fail if the entire write doesn't write all the
95 * data given. This shouldnt be a problem since the socket should have
96 * a write buffer far greater than this message to store it in should
97 * problems arise. -avalon
100 ident_connected(rb_fde_t
*F __unused
, int error
, void *data
)
102 struct auth_client
*auth
= data
;
103 struct ident_query
*query
;
110 query
= auth
->data
[PROVIDER_IDENT
];
115 /* Check the error */
118 /* We had an error during connection :( */
119 client_fail(auth
, REPORT_FAIL
);
123 snprintf(authbuf
, sizeof(authbuf
), "%u , %u\r\n",
124 auth
->c_port
, auth
->l_port
);
125 authlen
= strlen(authbuf
);
127 if(rb_write(query
->F
, authbuf
, authlen
) != authlen
)
129 client_fail(auth
, REPORT_FAIL
);
133 read_ident_reply(query
->F
, auth
);
137 read_ident_reply(rb_fde_t
*F
, void *data
)
139 struct auth_client
*auth
= data
;
140 struct ident_query
*query
;
141 char buf
[IDENT_BUFSIZE
+ 1]; /* buffer to read auth reply into */
142 ident_message message
= REPORT_FAIL
;
151 query
= auth
->data
[PROVIDER_IDENT
];
156 len
= rb_read(F
, buf
, IDENT_BUFSIZE
);
157 if(len
< 0 && rb_ignore_errno(errno
))
159 rb_setselect(F
, RB_SELECT_READ
, read_ident_reply
, auth
);
165 if((s
= get_valid_ident(buf
)) != NULL
)
169 while (*s
== '~' || *s
== '^')
172 for (count
= USERLEN
; *s
&& count
; s
++)
174 if(*s
== '@' || *s
== '\r' || *s
== '\n')
177 if(*s
!= ' ' && *s
!= ':' && *s
!= '[')
186 message
= REPORT_INVALID
;
190 client_fail(auth
, message
);
192 client_success(auth
);
196 client_fail(struct auth_client
*auth
, ident_message report
)
198 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
203 rb_strlcpy(auth
->username
, "*", sizeof(auth
->username
));
209 auth
->data
[PROVIDER_IDENT
] = NULL
;
211 notice_client(auth
->cid
, messages
[report
]);
212 provider_done(auth
, PROVIDER_IDENT
);
216 client_success(struct auth_client
*auth
)
218 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
227 auth
->data
[PROVIDER_IDENT
] = NULL
;
229 notice_client(auth
->cid
, messages
[REPORT_FOUND
]);
230 provider_done(auth
, PROVIDER_IDENT
);
234 * parse ident query reply from identd server
236 * Taken from old s_auth.c --Elizafox
238 * Inputs - pointer to ident buf
239 * Outputs - NULL if no valid ident found, otherwise pointer to name
240 * Side effects - None
243 get_valid_ident(char *buf
)
251 char *remotePortString
;
253 /* All this to get rid of a sscanf() fun. */
254 remotePortString
= buf
;
256 colon1Ptr
= strchr(remotePortString
, ':');
262 colon2Ptr
= strchr(colon1Ptr
, ':');
268 commaPtr
= strchr(remotePortString
, ',');
276 remp
= atoi(remotePortString
);
280 locp
= atoi(commaPtr
);
284 /* look for USERID bordered by first pair of colons */
285 if(!strstr(colon1Ptr
, "USERID"))
288 colon3Ptr
= strchr(colon2Ptr
, ':');
300 timeout_ev
= rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event
, NULL
, 1);
301 return (timeout_ev
!= NULL
);
307 struct auth_client
*auth
;
308 rb_dictionary_iter iter
;
310 /* Nuke all ident queries */
311 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
313 if(auth
->data
[PROVIDER_IDENT
] != NULL
)
314 client_fail(auth
, REPORT_FAIL
);
318 static bool ident_start(struct auth_client
*auth
)
320 struct ident_query
*query
= rb_malloc(sizeof(struct ident_query
));
321 struct rb_sockaddr_storage l_addr
, c_addr
;
322 int family
= GET_SS_FAMILY(&auth
->c_addr
);
324 if(!ident_enable
|| auth
->data
[PROVIDER_IDENT
] != NULL
)
326 set_provider_done(auth
, PROVIDER_IDENT
); /* for blacklists */
330 notice_client(auth
->cid
, messages
[REPORT_LOOKUP
]);
332 auth
->data
[PROVIDER_IDENT
] = query
;
333 query
->timeout
= rb_current_time() + ident_timeout
;
335 if((query
->F
= rb_socket(family
, SOCK_STREAM
, 0, "ident")) == NULL
)
337 warn_opers(L_DEBUG
, "Could not create ident socket: %s", strerror(errno
));
338 client_fail(auth
, REPORT_FAIL
);
339 return true; /* Not a fatal error */
342 /* Build sockaddr_storages for rb_connect_tcp below */
343 memcpy(&l_addr
, &auth
->l_addr
, sizeof(l_addr
));
344 memcpy(&c_addr
, &auth
->c_addr
, sizeof(c_addr
));
346 /* Set the ports correctly */
348 if(GET_SS_FAMILY(&l_addr
) == AF_INET6
)
349 ((struct sockaddr_in6
*)&l_addr
)->sin6_port
= 0;
352 ((struct sockaddr_in
*)&l_addr
)->sin_port
= 0;
355 if(GET_SS_FAMILY(&c_addr
) == AF_INET6
)
356 ((struct sockaddr_in6
*)&c_addr
)->sin6_port
= htons(113);
359 ((struct sockaddr_in
*)&c_addr
)->sin_port
= htons(113);
361 rb_connect_tcp(query
->F
, (struct sockaddr
*)&c_addr
,
362 (struct sockaddr
*)&l_addr
,
363 GET_SS_LEN(&l_addr
), ident_connected
,
364 auth
, ident_timeout
);
366 set_provider_on(auth
, PROVIDER_IDENT
);
372 ident_cancel(struct auth_client
*auth
)
374 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
377 client_fail(auth
, REPORT_FAIL
);
381 add_conf_ident_timeout(const char *key __unused
, int parc __unused
, const char **parv
)
383 int timeout
= atoi(parv
[0]);
387 warn_opers(L_CRIT
, "BUG: ident timeout < 0 (value: %d)", timeout
);
391 ident_timeout
= timeout
;
395 set_ident_enabled(const char *key __unused
, int parc __unused
, const char **parv
)
397 enable_ident
= (strcasecmp(parv
[0], "true") == 0 ||
398 strcasecmp(parv
[0], "1") == 0 ||
399 strcasecmp(parv
[0], "enable") == 0);
402 struct auth_opts_handler ident_options
[] =
404 { "ident_timeout", 1, add_conf_ident_timeout
},
405 { "ident_enabled", 1, set_ident_enabled
},
410 struct auth_provider ident_provider
=
412 .id
= PROVIDER_IDENT
,
414 .destroy
= ident_destroy
,
415 .start
= ident_start
,
416 .cancel
= ident_cancel
,
418 .opt_handlers
= ident_options
,