]> jfr.im git - solanum.git/blob - authd/providers/ident.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
authd: Only use refcount for reference counting
[solanum.git] / authd / providers / ident.c
1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
7 *
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
19 */
20
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
23 *
24 * --Elizafox 13 March 2016
25 */
26
27 #include "stdinc.h"
28 #include "defaults.h"
29 #include "match.h"
30 #include "authd.h"
31 #include "notice.h"
32 #include "provider.h"
33 #include "res.h"
34
35 #define SELF_PID (ident_provider.id)
36
37 #define IDENT_BUFSIZE 128
38
39 struct ident_query
40 {
41 rb_fde_t *F; /* Our FD */
42 };
43
44 /* Goinked from old s_auth.c --Elizafox */
45 static const char *messages[] =
46 {
47 "*** Checking Ident",
48 "*** Got Ident response",
49 "*** No Ident response",
50 "*** Cannot verify ident validity, ignoring ident",
51 "*** Ident disabled, not checking ident",
52 };
53
54 typedef enum
55 {
56 REPORT_LOOKUP,
57 REPORT_FOUND,
58 REPORT_FAIL,
59 REPORT_INVALID,
60 REPORT_DISABLED,
61 } ident_message;
62
63 static CNCB ident_connected;
64 static PF read_ident_reply;
65
66 static void client_fail(struct auth_client *auth, ident_message message);
67 static void client_success(struct auth_client *auth);
68 static char * get_valid_ident(char *buf);
69
70 static int ident_timeout = IDENT_TIMEOUT_DEFAULT;
71 static bool ident_enable = true;
72
73
74 /*
75 * ident_connected() - deal with the result of rb_connect_tcp()
76 *
77 * If the connection failed, we simply close the auth fd and report
78 * a failure. If the connection suceeded send the ident server a query
79 * giving "theirport , ourport". The write is only attempted *once* so
80 * it is deemed to be a fail if the entire write doesn't write all the
81 * data given. This shouldnt be a problem since the socket should have
82 * a write buffer far greater than this message to store it in should
83 * problems arise. -avalon
84 */
85 static void
86 ident_connected(rb_fde_t *F __unused, int error, void *data)
87 {
88 struct auth_client *auth = data;
89 struct ident_query *query;
90 char authbuf[32];
91 int authlen;
92
93 lrb_assert(auth != NULL);
94 query = get_provider_data(auth, SELF_PID);
95 lrb_assert(query != NULL);
96
97 /* Check the error */
98 if(error != RB_OK)
99 {
100 /* We had an error during connection :( */
101 client_fail(auth, REPORT_FAIL);
102 return;
103 }
104
105 snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
106 auth->c_port, auth->l_port);
107 authlen = strlen(authbuf);
108
109 if(rb_write(query->F, authbuf, authlen) != authlen)
110 {
111 client_fail(auth, REPORT_FAIL);
112 return;
113 }
114
115 read_ident_reply(query->F, auth);
116 }
117
118 static void
119 read_ident_reply(rb_fde_t *F, void *data)
120 {
121 struct auth_client *auth = data;
122 struct ident_query *query;
123 char buf[IDENT_BUFSIZE + 1]; /* buffer to read auth reply into */
124 ident_message message = REPORT_FAIL;
125 char *s = NULL;
126 char *t = NULL;
127 ssize_t len;
128 int count;
129
130 lrb_assert(auth != NULL);
131 query = get_provider_data(auth, SELF_PID);
132 lrb_assert(query != NULL);
133
134 len = rb_read(F, buf, IDENT_BUFSIZE);
135 if(len < 0 && rb_ignore_errno(errno))
136 {
137 rb_setselect(F, RB_SELECT_READ, read_ident_reply, auth);
138 return;
139 }
140
141 if(len > 0)
142 {
143 if((s = get_valid_ident(buf)) != NULL)
144 {
145 t = auth->username;
146
147 while (*s == '~' || *s == '^')
148 s++;
149
150 for (count = USERLEN; *s && count; s++)
151 {
152 if(*s == '@' || *s == '\r' || *s == '\n')
153 break;
154
155 if(*s != ' ' && *s != ':' && *s != '[')
156 {
157 *t++ = *s;
158 count--;
159 }
160 }
161 *t = '\0';
162 }
163 else
164 message = REPORT_INVALID;
165 }
166
167 if(s == NULL)
168 client_fail(auth, message);
169 else
170 client_success(auth);
171 }
172
173 static void
174 client_fail(struct auth_client *auth, ident_message report)
175 {
176 struct ident_query *query = get_provider_data(auth, SELF_PID);
177
178 lrb_assert(query != NULL);
179
180 rb_strlcpy(auth->username, "*", sizeof(auth->username));
181
182 if(query->F != NULL)
183 rb_close(query->F);
184
185 rb_free(query);
186 set_provider_data(auth, SELF_PID, NULL);
187 set_provider_timeout_absolute(auth, SELF_PID, 0);
188
189 notice_client(auth->cid, messages[report]);
190 provider_done(auth, SELF_PID);
191
192 auth_client_unref(auth);
193 }
194
195 static void
196 client_success(struct auth_client *auth)
197 {
198 struct ident_query *query = get_provider_data(auth, SELF_PID);
199
200 lrb_assert(query != NULL);
201
202 if(query->F != NULL)
203 rb_close(query->F);
204
205 rb_free(query);
206 set_provider_data(auth, SELF_PID, NULL);
207 set_provider_timeout_absolute(auth, SELF_PID, 0);
208
209 notice_client(auth->cid, messages[REPORT_FOUND]);
210 provider_done(auth, SELF_PID);
211
212 auth_client_unref(auth);
213 }
214
215 /* get_valid_ident
216 * parse ident query reply from identd server
217 *
218 * Taken from old s_auth.c --Elizafox
219 *
220 * Inputs - pointer to ident buf
221 * Outputs - NULL if no valid ident found, otherwise pointer to name
222 * Side effects - None
223 */
224 static char *
225 get_valid_ident(char *buf)
226 {
227 int remp = 0;
228 int locp = 0;
229 char *colon1Ptr;
230 char *colon2Ptr;
231 char *colon3Ptr;
232 char *commaPtr;
233 char *remotePortString;
234
235 /* All this to get rid of a sscanf() fun. */
236 remotePortString = buf;
237
238 colon1Ptr = strchr(remotePortString, ':');
239 if(!colon1Ptr)
240 return NULL;
241
242 *colon1Ptr = '\0';
243 colon1Ptr++;
244 colon2Ptr = strchr(colon1Ptr, ':');
245 if(!colon2Ptr)
246 return NULL;
247
248 *colon2Ptr = '\0';
249 colon2Ptr++;
250 commaPtr = strchr(remotePortString, ',');
251
252 if(!commaPtr)
253 return NULL;
254
255 *commaPtr = '\0';
256 commaPtr++;
257
258 remp = atoi(remotePortString);
259 if(!remp)
260 return NULL;
261
262 locp = atoi(commaPtr);
263 if(!locp)
264 return NULL;
265
266 /* look for USERID bordered by first pair of colons */
267 if(!strstr(colon1Ptr, "USERID"))
268 return NULL;
269
270 colon3Ptr = strchr(colon2Ptr, ':');
271 if(!colon3Ptr)
272 return NULL;
273
274 *colon3Ptr = '\0';
275 colon3Ptr++;
276 return (colon3Ptr);
277 }
278
279 static void
280 ident_destroy(void)
281 {
282 struct auth_client *auth;
283 rb_dictionary_iter iter;
284
285 /* Nuke all ident queries */
286 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
287 {
288 if(get_provider_data(auth, SELF_PID) != NULL)
289 client_fail(auth, REPORT_FAIL);
290 /* auth is now invalid as we have no reference */
291 }
292 }
293
294 static bool
295 ident_start(struct auth_client *auth)
296 {
297 struct ident_query *query = rb_malloc(sizeof(struct ident_query));
298 struct rb_sockaddr_storage l_addr, c_addr;
299 int family = GET_SS_FAMILY(&auth->c_addr);
300
301 lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
302
303 if(!ident_enable)
304 {
305 rb_free(query);
306 notice_client(auth->cid, messages[REPORT_DISABLED]);
307 set_provider_done(auth, SELF_PID);
308 return true;
309 }
310
311 auth_client_ref(auth);
312
313 notice_client(auth->cid, messages[REPORT_LOOKUP]);
314
315 set_provider_data(auth, SELF_PID, query);
316 set_provider_timeout_relative(auth, SELF_PID, ident_timeout);
317
318 if((query->F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
319 {
320 warn_opers(L_DEBUG, "Could not create ident socket: %s", strerror(errno));
321 client_fail(auth, REPORT_FAIL);
322 return true; /* Not a fatal error */
323 }
324
325 /* Build sockaddr_storages for rb_connect_tcp below */
326 l_addr = auth->l_addr;
327 c_addr = auth->c_addr;
328
329 SET_SS_PORT(&l_addr, 0);
330 SET_SS_PORT(&c_addr, htons(113));
331
332 rb_connect_tcp(query->F, (struct sockaddr *)&c_addr,
333 (struct sockaddr *)&l_addr,
334 ident_connected,
335 auth, ident_timeout);
336
337 set_provider_running(auth, SELF_PID);
338
339 return true;
340 }
341
342 static void
343 ident_cancel(struct auth_client *auth)
344 {
345 struct ident_query *query = get_provider_data(auth, SELF_PID);
346
347 if(query != NULL)
348 client_fail(auth, REPORT_FAIL);
349 }
350
351 static void
352 add_conf_ident_timeout(const char *key __unused, int parc __unused, const char **parv)
353 {
354 int timeout = atoi(parv[0]);
355
356 if(timeout < 0)
357 {
358 warn_opers(L_CRIT, "Ident: ident timeout < 0 (value: %d)", timeout);
359 exit(EX_PROVIDER_ERROR);
360 }
361
362 ident_timeout = timeout;
363 }
364
365 static void
366 set_ident_enabled(const char *key __unused, int parc __unused, const char **parv)
367 {
368 ident_enable = (*parv[0] == '1');
369 }
370
371 struct auth_opts_handler ident_options[] =
372 {
373 { "ident_timeout", 1, add_conf_ident_timeout },
374 { "ident_enabled", 1, set_ident_enabled },
375 { NULL, 0, NULL },
376 };
377
378
379 struct auth_provider ident_provider =
380 {
381 .name = "ident",
382 .letter = 'I',
383 .start = ident_start,
384 .destroy = ident_destroy,
385 .cancel = ident_cancel,
386 .timeout = ident_cancel,
387 .opt_handlers = ident_options,
388 };
Fork of solanum ircd, history is rebased regularly