1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
24 * --Elizafox 13 March 2016
35 #define SELF_PID (ident_provider.id)
37 #define IDENT_BUFSIZE 128
41 rb_fde_t
*F
; /* Our FD */
44 /* Goinked from old s_auth.c --Elizafox */
45 static const char *messages
[] =
48 "*** Got Ident response",
49 "*** No Ident response",
50 "*** Cannot verify ident validity, ignoring ident",
51 "*** Ident disabled, not checking ident",
63 static CNCB ident_connected
;
64 static PF read_ident_reply
;
66 static void client_fail(struct auth_client
*auth
, ident_message message
);
67 static void client_success(struct auth_client
*auth
);
68 static char * get_valid_ident(char *buf
);
70 static int ident_timeout
= IDENT_TIMEOUT_DEFAULT
;
71 static bool ident_enable
= true;
75 * ident_connected() - deal with the result of rb_connect_tcp()
77 * If the connection failed, we simply close the auth fd and report
78 * a failure. If the connection suceeded send the ident server a query
79 * giving "theirport , ourport". The write is only attempted *once* so
80 * it is deemed to be a fail if the entire write doesn't write all the
81 * data given. This shouldnt be a problem since the socket should have
82 * a write buffer far greater than this message to store it in should
83 * problems arise. -avalon
86 ident_connected(rb_fde_t
*F __unused
, int error
, void *data
)
88 struct auth_client
*auth
= data
;
89 struct ident_query
*query
;
93 lrb_assert(auth
!= NULL
);
94 query
= get_provider_data(auth
, SELF_PID
);
95 lrb_assert(query
!= NULL
);
100 /* We had an error during connection :( */
101 client_fail(auth
, REPORT_FAIL
);
105 snprintf(authbuf
, sizeof(authbuf
), "%u , %u\r\n",
106 auth
->c_port
, auth
->l_port
);
107 authlen
= strlen(authbuf
);
109 if(rb_write(query
->F
, authbuf
, authlen
) != authlen
)
111 client_fail(auth
, REPORT_FAIL
);
115 read_ident_reply(query
->F
, auth
);
119 read_ident_reply(rb_fde_t
*F
, void *data
)
121 struct auth_client
*auth
= data
;
122 struct ident_query
*query
;
123 char buf
[IDENT_BUFSIZE
+ 1]; /* buffer to read auth reply into */
124 ident_message message
= REPORT_FAIL
;
130 lrb_assert(auth
!= NULL
);
131 query
= get_provider_data(auth
, SELF_PID
);
132 lrb_assert(query
!= NULL
);
134 len
= rb_read(F
, buf
, IDENT_BUFSIZE
);
135 if(len
< 0 && rb_ignore_errno(errno
))
137 rb_setselect(F
, RB_SELECT_READ
, read_ident_reply
, auth
);
143 if((s
= get_valid_ident(buf
)) != NULL
)
147 while (*s
== '~' || *s
== '^')
150 for (count
= USERLEN
; *s
&& count
; s
++)
152 if(*s
== '@' || *s
== '\r' || *s
== '\n')
155 if(*s
!= ' ' && *s
!= ':' && *s
!= '[')
164 message
= REPORT_INVALID
;
168 client_fail(auth
, message
);
170 client_success(auth
);
174 client_fail(struct auth_client
*auth
, ident_message report
)
176 struct ident_query
*query
= get_provider_data(auth
, SELF_PID
);
178 lrb_assert(query
!= NULL
);
180 rb_strlcpy(auth
->username
, "*", sizeof(auth
->username
));
186 set_provider_data(auth
, SELF_PID
, NULL
);
187 set_provider_timeout_absolute(auth
, SELF_PID
, 0);
189 notice_client(auth
->cid
, messages
[report
]);
190 provider_done(auth
, SELF_PID
);
192 auth_client_unref(auth
);
196 client_success(struct auth_client
*auth
)
198 struct ident_query
*query
= get_provider_data(auth
, SELF_PID
);
200 lrb_assert(query
!= NULL
);
206 set_provider_data(auth
, SELF_PID
, NULL
);
207 set_provider_timeout_absolute(auth
, SELF_PID
, 0);
209 notice_client(auth
->cid
, messages
[REPORT_FOUND
]);
210 provider_done(auth
, SELF_PID
);
212 auth_client_unref(auth
);
216 * parse ident query reply from identd server
218 * Taken from old s_auth.c --Elizafox
220 * Inputs - pointer to ident buf
221 * Outputs - NULL if no valid ident found, otherwise pointer to name
222 * Side effects - None
225 get_valid_ident(char *buf
)
233 char *remotePortString
;
235 /* All this to get rid of a sscanf() fun. */
236 remotePortString
= buf
;
238 colon1Ptr
= strchr(remotePortString
, ':');
244 colon2Ptr
= strchr(colon1Ptr
, ':');
250 commaPtr
= strchr(remotePortString
, ',');
258 remp
= atoi(remotePortString
);
262 locp
= atoi(commaPtr
);
266 /* look for USERID bordered by first pair of colons */
267 if(!strstr(colon1Ptr
, "USERID"))
270 colon3Ptr
= strchr(colon2Ptr
, ':');
282 struct auth_client
*auth
;
283 rb_dictionary_iter iter
;
285 /* Nuke all ident queries */
286 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
288 if(get_provider_data(auth
, SELF_PID
) != NULL
)
289 client_fail(auth
, REPORT_FAIL
);
290 /* auth is now invalid as we have no reference */
295 ident_start(struct auth_client
*auth
)
297 struct ident_query
*query
= rb_malloc(sizeof(struct ident_query
));
298 struct rb_sockaddr_storage l_addr
, c_addr
;
299 int family
= GET_SS_FAMILY(&auth
->c_addr
);
301 lrb_assert(get_provider_data(auth
, SELF_PID
) == NULL
);
306 notice_client(auth
->cid
, messages
[REPORT_DISABLED
]);
307 set_provider_done(auth
, SELF_PID
);
311 auth_client_ref(auth
);
313 notice_client(auth
->cid
, messages
[REPORT_LOOKUP
]);
315 set_provider_data(auth
, SELF_PID
, query
);
316 set_provider_timeout_relative(auth
, SELF_PID
, ident_timeout
);
318 if((query
->F
= rb_socket(family
, SOCK_STREAM
, 0, "ident")) == NULL
)
320 warn_opers(L_DEBUG
, "Could not create ident socket: %s", strerror(errno
));
321 client_fail(auth
, REPORT_FAIL
);
322 return true; /* Not a fatal error */
325 /* Build sockaddr_storages for rb_connect_tcp below */
326 l_addr
= auth
->l_addr
;
327 c_addr
= auth
->c_addr
;
329 SET_SS_PORT(&l_addr
, 0);
330 SET_SS_PORT(&c_addr
, htons(113));
332 rb_connect_tcp(query
->F
, (struct sockaddr
*)&c_addr
,
333 (struct sockaddr
*)&l_addr
,
335 auth
, ident_timeout
);
337 set_provider_running(auth
, SELF_PID
);
343 ident_cancel(struct auth_client
*auth
)
345 struct ident_query
*query
= get_provider_data(auth
, SELF_PID
);
348 client_fail(auth
, REPORT_FAIL
);
352 add_conf_ident_timeout(const char *key __unused
, int parc __unused
, const char **parv
)
354 int timeout
= atoi(parv
[0]);
358 warn_opers(L_CRIT
, "Ident: ident timeout < 0 (value: %d)", timeout
);
359 exit(EX_PROVIDER_ERROR
);
362 ident_timeout
= timeout
;
366 set_ident_enabled(const char *key __unused
, int parc __unused
, const char **parv
)
368 ident_enable
= (*parv
[0] == '1');
371 struct auth_opts_handler ident_options
[] =
373 { "ident_timeout", 1, add_conf_ident_timeout
},
374 { "ident_enabled", 1, set_ident_enabled
},
379 struct auth_provider ident_provider
=
383 .start
= ident_start
,
384 .destroy
= ident_destroy
,
385 .cancel
= ident_cancel
,
386 .timeout
= ident_cancel
,
387 .opt_handlers
= ident_options
,