1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
28 #define IDENT_BUFSIZE 128
32 time_t timeout
; /* Timeout interval */
33 rb_fde_t
*F
; /* Our FD */
36 /* Goinked from old s_auth.c --Elizafox */
37 static const char *messages
[] =
39 ":*** Checking Ident",
40 ":*** Got Ident response",
41 ":*** No Ident response",
51 static EVH timeout_ident_queries_event
;
52 static CNCB ident_connected
;
53 static PF read_ident_reply
;
55 static void client_fail(struct auth_client
*auth
, ident_message message
);
56 static void client_success(struct auth_client
*auth
);
57 static char * get_valid_ident(char *buf
);
59 static struct ev_entry
*timeout_ev
;
60 static int ident_timeout
= 5;
65 timeout_ev
= rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event
, NULL
, 1);
66 return (timeout_ev
!= NULL
);
69 void ident_destroy(void)
71 struct auth_client
*auth
;
72 rb_dictionary_iter iter
;
74 /* Nuke all ident queries */
75 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
77 if(auth
->data
[PROVIDER_IDENT
] != NULL
)
78 client_fail(auth
, REPORT_FAIL
);
82 bool ident_start(struct auth_client
*auth
)
84 struct ident_query
*query
= rb_malloc(sizeof(struct ident_query
));
85 struct rb_sockaddr_storage l_addr
, c_addr
;
89 auth
->data
[PROVIDER_IDENT
] = query
;
90 query
->timeout
= rb_current_time() + ident_timeout
;
92 if((F
= rb_socket(family
, SOCK_STREAM
, 0, "ident")) == NULL
)
94 client_fail(auth
, REPORT_FAIL
);
95 return true; /* Not a fatal error */
100 /* Build sockaddr_storages for rb_connect_tcp below */
101 memcpy(&l_addr
, &auth
->l_addr
, sizeof(l_addr
));
102 memcpy(&c_addr
, &auth
->c_addr
, sizeof(c_addr
));
104 /* Set the ports correctly */
106 if(GET_SS_FAMILY(&l_addr
) == AF_INET6
)
107 ((struct sockaddr_in6
*)&l_addr
)->sin6_port
= 0;
110 ((struct sockaddr_in
*)&l_addr
)->sin_port
= 0;
113 if(GET_SS_FAMILY(&c_addr
) == AF_INET6
)
114 ((struct sockaddr_in6
*)&c_addr
)->sin6_port
= htons(113);
117 ((struct sockaddr_in
*)&c_addr
)->sin_port
= htons(113);
119 rb_connect_tcp(F
, (struct sockaddr
*)&c_addr
,
120 (struct sockaddr
*)&l_addr
,
121 GET_SS_LEN(&l_addr
), ident_connected
,
122 query
, ident_timeout
);
124 notice_client(auth
->cid
, messages
[REPORT_LOOKUP
]);
125 set_provider_on(auth
, PROVIDER_IDENT
);
130 void ident_cancel(struct auth_client
*auth
)
132 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
135 client_fail(auth
, REPORT_FAIL
);
138 /* Timeout outstanding queries */
139 static void timeout_ident_queries_event(void *notused
)
141 struct auth_client
*auth
;
142 rb_dictionary_iter iter
;
144 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
146 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
148 if(query
!= NULL
&& query
->timeout
< rb_current_time())
149 client_fail(auth
, REPORT_FAIL
);
154 * ident_connected() - deal with the result of rb_connect_tcp()
156 * If the connection failed, we simply close the auth fd and report
157 * a failure. If the connection suceeded send the ident server a query
158 * giving "theirport , ourport". The write is only attempted *once* so
159 * it is deemed to be a fail if the entire write doesn't write all the
160 * data given. This shouldnt be a problem since the socket should have
161 * a write buffer far greater than this message to store it in should
162 * problems arise. -avalon
164 static void ident_connected(rb_fde_t
*F
, int error
, void *data
)
166 struct auth_client
*auth
= data
;
167 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
171 /* Check the error */
174 /* We had an error during connection :( */
175 client_fail(auth
, REPORT_FAIL
);
179 snprintf(authbuf
, sizeof(authbuf
), "%u , %u\r\n",
180 auth
->c_port
, auth
->l_port
);
181 authlen
= strlen(authbuf
);
183 if(rb_write(query
->F
, authbuf
, authlen
) != authlen
)
185 client_fail(auth
, REPORT_FAIL
);
189 read_ident_reply(query
->F
, auth
);
193 read_ident_reply(rb_fde_t
*F
, void *data
)
195 struct auth_client
*auth
= data
;
196 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
201 char buf
[IDENT_BUFSIZE
+ 1]; /* buffer to read auth reply into */
203 len
= rb_read(F
, buf
, IDENT_BUFSIZE
);
204 if(len
< 0 && rb_ignore_errno(errno
))
206 rb_setselect(F
, RB_SELECT_READ
, read_ident_reply
, query
);
214 if((s
= get_valid_ident(buf
)))
218 while (*s
== '~' || *s
== '^')
221 for (count
= USERLEN
; *s
&& count
; s
++)
227 if(*s
!= ' ' && *s
!= ':' && *s
!= '[')
238 client_fail(auth
, REPORT_FAIL
);
240 client_success(auth
);
243 static void client_fail(struct auth_client
*auth
, ident_message report
)
245 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
247 rb_strlcpy(auth
->username
, "*", sizeof(auth
->username
));
251 auth
->data
[PROVIDER_IDENT
] = NULL
;
253 notice_client(auth
->cid
, messages
[report
]);
254 provider_done(auth
, PROVIDER_IDENT
);
257 static void client_success(struct auth_client
*auth
)
259 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
263 auth
->data
[PROVIDER_IDENT
] = NULL
;
265 notice_client(auth
->cid
, messages
[REPORT_FOUND
]);
266 provider_done(auth
, PROVIDER_IDENT
);
270 * parse ident query reply from identd server
272 * Torn out of old s_auth.c because there was nothing wrong with it
275 * Inputs - pointer to ident buf
276 * Outputs - NULL if no valid ident found, otherwise pointer to name
277 * Side effects - None
280 get_valid_ident(char *buf
)
288 char *remotePortString
;
290 /* All this to get rid of a sscanf() fun. */
291 remotePortString
= buf
;
293 colon1Ptr
= strchr(remotePortString
, ':');
299 colon2Ptr
= strchr(colon1Ptr
, ':');
305 commaPtr
= strchr(remotePortString
, ',');
313 remp
= atoi(remotePortString
);
317 locp
= atoi(commaPtr
);
321 /* look for USERID bordered by first pair of colons */
322 if(!strstr(colon1Ptr
, "USERID"))
325 colon3Ptr
= strchr(colon2Ptr
, ':');
335 struct auth_provider ident_provider
=
337 .id
= PROVIDER_IDENT
,
339 .destroy
= ident_destroy
,
340 .start
= ident_start
,
341 .cancel
= ident_cancel
,