authd/providers/ident.c

   1 /* authd/providers/ident.c - ident lookup provider for authd
   2  * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
   3  *
   4  * Permission to use, copy, modify, and/or distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice is present in all copies.
   7  *
   8  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   9  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  10  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  11  * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
  12  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  13  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  14  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  15  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  16  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
  17  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  18  * POSSIBILITY OF SUCH DAMAGE.
  19  */
  20
  21 #include "stdinc.h"
  22 #include "match.h"
  23 #include "authd.h"
  24 #include "provider.h"
  25 #include "res.h"
  26
  27 #define IDENT_BUFSIZE 128
  28
  29 struct ident_query
  30 {
  31         time_t timeout;                         /* Timeout interval */
  32         rb_fde_t *F;                            /* Our FD */
  33 };
  34
  35 /* Goinked from old s_auth.c --Elizafox */
  36 static const char *messages[] =
  37 {
  38         ":*** Checking Ident",
  39         ":*** Got Ident response",
  40         ":*** No Ident response",
  41 };
  42
  43 typedef enum
  44 {
  45         REPORT_LOOKUP,
  46         REPORT_FOUND,
  47         REPORT_FAIL,
  48 } ident_message;
  49
  50 static EVH timeout_ident_queries_event;
  51 static CNCB ident_connected;
  52 static PF read_ident_reply;
  53
  54 static void client_fail(struct auth_client *auth, ident_message message);
  55 static void client_success(struct auth_client *auth);
  56 static char * get_valid_ident(char *buf);
  57
  58 static struct ev_entry *timeout_ev;
  59 static int ident_timeout = 5;
  60
  61
  62 bool ident_init(void)
  63 {
  64         timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
  65         return (timeout_ev != NULL);
  66 }
  67
  68 void ident_destroy(void)
  69 {
  70         struct auth_client *auth;
  71         rb_dictionary_iter iter;
  72
  73         /* Nuke all ident queries */
  74         RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
  75         {
  76                 if(auth->data[PROVIDER_IDENT] != NULL)
  77                         client_fail(auth, REPORT_FAIL);
  78         }
  79 }
  80
  81 bool ident_start(struct auth_client *auth)
  82 {
  83         struct ident_query *query = rb_malloc(sizeof(struct ident_query));
  84         struct rb_sockaddr_storage l_addr, c_addr;
  85         int family;
  86         rb_fde_t *F;
  87
  88         auth->data[PROVIDER_IDENT] = query;
  89         query->timeout = rb_current_time() + ident_timeout;
  90
  91         if((F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
  92         {
  93                 client_fail(auth, REPORT_FAIL);
  94                 return true;    /* Not a fatal error */
  95         }
  96
  97         query->F = F;
  98
  99         /* Build sockaddr_storages for rb_connect_tcp below */
 100         memcpy(&l_addr, &auth->l_addr, sizeof(l_addr));
 101         memcpy(&c_addr, &auth->c_addr, sizeof(c_addr));
 102
 103         /* Set the ports correctly */
 104 #ifdef RB_IPV6
 105         if(GET_SS_FAMILY(&l_addr) == AF_INET6)
 106                 ((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
 107         else
 108 #endif
 109                 ((struct sockaddr_in *)&l_addr)->sin_port = 0;
 110
 111 #ifdef RB_IPV6
 112         if(GET_SS_FAMILY(&c_addr) == AF_INET6)
 113                 ((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
 114         else
 115 #endif
 116                 ((struct sockaddr_in *)&c_addr)->sin_port = htons(113);
 117
 118         rb_connect_tcp(F, (struct sockaddr *)&c_addr,
 119                         (struct sockaddr *)&l_addr,
 120                         GET_SS_LEN(&l_addr), ident_connected,
 121                         query, ident_timeout);
 122
 123         notice_client(auth, messages[REPORT_LOOKUP]);
 124         set_provider_on(auth, PROVIDER_IDENT);
 125
 126         return true;
 127 }
 128
 129 void ident_cancel(struct auth_client *auth)
 130 {
 131         struct ident_query *query = auth->data[PROVIDER_IDENT];
 132
 133         if(query != NULL)
 134                 client_fail(auth, REPORT_FAIL);
 135 }
 136
 137 /* Timeout outstanding queries */
 138 static void timeout_ident_queries_event(void *notused)
 139 {
 140         struct auth_client *auth;
 141         rb_dictionary_iter iter;
 142
 143         RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 144         {
 145                 struct ident_query *query = auth->data[PROVIDER_IDENT];
 146
 147                 if(query != NULL && query->timeout < rb_current_time())
 148                         client_fail(auth, REPORT_FAIL);
 149         }
 150 }
 151
 152 /*
 153  * ident_connected() - deal with the result of rb_connect_tcp()
 154  *
 155  * If the connection failed, we simply close the auth fd and report
 156  * a failure. If the connection suceeded send the ident server a query
 157  * giving "theirport , ourport". The write is only attempted *once* so
 158  * it is deemed to be a fail if the entire write doesn't write all the
 159  * data given.  This shouldnt be a problem since the socket should have
 160  * a write buffer far greater than this message to store it in should
 161  * problems arise. -avalon
 162  */
 163 static void ident_connected(rb_fde_t *F, int error, void *data)
 164 {
 165         struct auth_client *auth = data;
 166         struct ident_query *query = auth->data[PROVIDER_IDENT];
 167         char authbuf[32];
 168         int authlen;
 169
 170         /* Check the error */
 171         if(error != RB_OK)
 172         {
 173                 /* We had an error during connection :( */
 174                 client_fail(auth, REPORT_FAIL);
 175                 return;
 176         }
 177
 178         snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
 179                         auth->c_port, auth->l_port);
 180         authlen = strlen(authbuf);
 181
 182         if(rb_write(query->F, authbuf, authlen) != authlen)
 183         {
 184                 client_fail(auth, REPORT_FAIL);
 185                 return;
 186         }
 187
 188         read_ident_reply(query->F, auth);
 189 }
 190
 191 static void
 192 read_ident_reply(rb_fde_t *F, void *data)
 193 {
 194         struct auth_client *auth = data;
 195         struct ident_query *query = auth->data[PROVIDER_IDENT];
 196         char *s = NULL;
 197         char *t = NULL;
 198         int len;
 199         int count;
 200         char buf[IDENT_BUFSIZE + 1];    /* buffer to read auth reply into */
 201
 202         len = rb_read(F, buf, IDENT_BUFSIZE);
 203         if(len < 0 && rb_ignore_errno(errno))
 204         {
 205                 rb_setselect(F, RB_SELECT_READ, read_ident_reply, query);
 206                 return;
 207         }
 208
 209         if(len > 0)
 210         {
 211                 buf[len] = '\0';
 212
 213                 if((s = get_valid_ident(buf)))
 214                 {
 215                         t = auth->username;
 216
 217                         while (*s == '~' || *s == '^')
 218                                 s++;
 219
 220                         for (count = USERLEN; *s && count; s++)
 221                         {
 222                                 if(*s == '@')
 223                                 {
 224                                         break;
 225                                 }
 226                                 if(*s != ' ' && *s != ':' && *s != '[')
 227                                 {
 228                                         *t++ = *s;
 229                                         count--;
 230                                 }
 231                         }
 232                         *t = '\0';
 233                 }
 234         }
 235
 236         if(s == NULL)
 237                 client_fail(auth, REPORT_FAIL);
 238         else
 239                 client_success(auth);
 240 }
 241
 242 static void client_fail(struct auth_client *auth, ident_message report)
 243 {
 244         struct ident_query *query = auth->data[PROVIDER_IDENT];
 245
 246         rb_strlcpy(auth->username, "*", sizeof(auth->username));
 247
 248         rb_close(query->F);
 249         rb_free(query);
 250         auth->data[PROVIDER_IDENT] = NULL;
 251
 252         notice_client(auth, messages[report]);
 253         provider_done(auth, PROVIDER_IDENT);
 254 }
 255
 256 static void client_success(struct auth_client *auth)
 257 {
 258         struct ident_query *query = auth->data[PROVIDER_IDENT];
 259
 260         rb_close(query->F);
 261         rb_free(query);
 262         auth->data[PROVIDER_IDENT] = NULL;
 263
 264         notice_client(auth, messages[REPORT_FOUND]);
 265         provider_done(auth, PROVIDER_IDENT);
 266 }
 267
 268 /* get_valid_ident
 269  * parse ident query reply from identd server
 270  *
 271  * Torn out of old s_auth.c because there was nothing wrong with it
 272  * --Elizafox
 273  *
 274  * Inputs       - pointer to ident buf
 275  * Outputs      - NULL if no valid ident found, otherwise pointer to name
 276  * Side effects - None
 277  */
 278 static char *
 279 get_valid_ident(char *buf)
 280 {
 281         int remp = 0;
 282         int locp = 0;
 283         char *colon1Ptr;
 284         char *colon2Ptr;
 285         char *colon3Ptr;
 286         char *commaPtr;
 287         char *remotePortString;
 288
 289         /* All this to get rid of a sscanf() fun. */
 290         remotePortString = buf;
 291
 292         colon1Ptr = strchr(remotePortString, ':');
 293         if(!colon1Ptr)
 294                 return 0;
 295
 296         *colon1Ptr = '\0';
 297         colon1Ptr++;
 298         colon2Ptr = strchr(colon1Ptr, ':');
 299         if(!colon2Ptr)
 300                 return 0;
 301
 302         *colon2Ptr = '\0';
 303         colon2Ptr++;
 304         commaPtr = strchr(remotePortString, ',');
 305
 306         if(!commaPtr)
 307                 return 0;
 308
 309         *commaPtr = '\0';
 310         commaPtr++;
 311
 312         remp = atoi(remotePortString);
 313         if(!remp)
 314                 return 0;
 315
 316         locp = atoi(commaPtr);
 317         if(!locp)
 318                 return 0;
 319
 320         /* look for USERID bordered by first pair of colons */
 321         if(!strstr(colon1Ptr, "USERID"))
 322                 return 0;
 323
 324         colon3Ptr = strchr(colon2Ptr, ':');
 325         if(!colon3Ptr)
 326                 return 0;
 327
 328         *colon3Ptr = '\0';
 329         colon3Ptr++;
 330         return (colon3Ptr);
 331 }
 332
 333
 334 struct auth_provider ident_provider =
 335 {
 336         .id = PROVIDER_IDENT,
 337         .init = ident_init,
 338         .destroy = ident_destroy,
 339         .start = ident_start,
 340         .cancel = ident_cancel,
 341         .completed = NULL,
 342 };