1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
27 #define IDENT_BUFSIZE 128
31 time_t timeout
; /* Timeout interval */
32 rb_fde_t
*F
; /* Our FD */
35 /* Goinked from old s_auth.c --Elizafox */
36 static const char *messages
[] =
38 ":*** Checking Ident",
39 ":*** Got Ident response",
40 ":*** No Ident response",
50 static EVH timeout_ident_queries_event
;
51 static CNCB ident_connected
;
52 static PF read_ident_reply
;
54 static void client_fail(struct auth_client
*auth
, ident_message message
);
55 static void client_success(struct auth_client
*auth
);
56 static char * get_valid_ident(char *buf
);
58 static struct ev_entry
*timeout_ev
;
59 static int ident_timeout
= 5;
64 timeout_ev
= rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event
, NULL
, 1);
65 return (timeout_ev
!= NULL
);
68 void ident_destroy(void)
70 struct auth_client
*auth
;
71 rb_dictionary_iter iter
;
73 /* Nuke all ident queries */
74 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
76 if(auth
->data
[PROVIDER_IDENT
] != NULL
)
77 client_fail(auth
, REPORT_FAIL
);
81 bool ident_start(struct auth_client
*auth
)
83 struct ident_query
*query
= rb_malloc(sizeof(struct ident_query
));
84 struct rb_sockaddr_storage l_addr
, c_addr
;
88 auth
->data
[PROVIDER_IDENT
] = query
;
89 query
->timeout
= rb_current_time() + ident_timeout
;
91 if((F
= rb_socket(family
, SOCK_STREAM
, 0, "ident")) == NULL
)
93 client_fail(auth
, REPORT_FAIL
);
94 return true; /* Not a fatal error */
99 /* Build sockaddr_storages for rb_connect_tcp below */
100 memcpy(&l_addr
, &auth
->l_addr
, sizeof(l_addr
));
101 memcpy(&c_addr
, &auth
->c_addr
, sizeof(c_addr
));
103 /* Set the ports correctly */
105 if(GET_SS_FAMILY(&l_addr
) == AF_INET6
)
106 ((struct sockaddr_in6
*)&l_addr
)->sin6_port
= 0;
109 ((struct sockaddr_in
*)&l_addr
)->sin_port
= 0;
112 if(GET_SS_FAMILY(&c_addr
) == AF_INET6
)
113 ((struct sockaddr_in6
*)&c_addr
)->sin6_port
= htons(113);
116 ((struct sockaddr_in
*)&c_addr
)->sin_port
= htons(113);
118 rb_connect_tcp(F
, (struct sockaddr
*)&c_addr
,
119 (struct sockaddr
*)&l_addr
,
120 GET_SS_LEN(&l_addr
), ident_connected
,
121 query
, ident_timeout
);
123 notice_client(auth
, messages
[REPORT_LOOKUP
]);
124 set_provider_on(auth
, PROVIDER_IDENT
);
129 void ident_cancel(struct auth_client
*auth
)
131 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
134 client_fail(auth
, REPORT_FAIL
);
137 /* Timeout outstanding queries */
138 static void timeout_ident_queries_event(void *notused
)
140 struct auth_client
*auth
;
141 rb_dictionary_iter iter
;
143 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
145 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
147 if(query
!= NULL
&& query
->timeout
< rb_current_time())
148 client_fail(auth
, REPORT_FAIL
);
153 * ident_connected() - deal with the result of rb_connect_tcp()
155 * If the connection failed, we simply close the auth fd and report
156 * a failure. If the connection suceeded send the ident server a query
157 * giving "theirport , ourport". The write is only attempted *once* so
158 * it is deemed to be a fail if the entire write doesn't write all the
159 * data given. This shouldnt be a problem since the socket should have
160 * a write buffer far greater than this message to store it in should
161 * problems arise. -avalon
163 static void ident_connected(rb_fde_t
*F
, int error
, void *data
)
165 struct auth_client
*auth
= data
;
166 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
170 /* Check the error */
173 /* We had an error during connection :( */
174 client_fail(auth
, REPORT_FAIL
);
178 snprintf(authbuf
, sizeof(authbuf
), "%u , %u\r\n",
179 auth
->c_port
, auth
->l_port
);
180 authlen
= strlen(authbuf
);
182 if(rb_write(query
->F
, authbuf
, authlen
) != authlen
)
184 client_fail(auth
, REPORT_FAIL
);
188 read_ident_reply(query
->F
, auth
);
192 read_ident_reply(rb_fde_t
*F
, void *data
)
194 struct auth_client
*auth
= data
;
195 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
200 char buf
[IDENT_BUFSIZE
+ 1]; /* buffer to read auth reply into */
202 len
= rb_read(F
, buf
, IDENT_BUFSIZE
);
203 if(len
< 0 && rb_ignore_errno(errno
))
205 rb_setselect(F
, RB_SELECT_READ
, read_ident_reply
, query
);
213 if((s
= get_valid_ident(buf
)))
217 while (*s
== '~' || *s
== '^')
220 for (count
= USERLEN
; *s
&& count
; s
++)
226 if(*s
!= ' ' && *s
!= ':' && *s
!= '[')
237 client_fail(auth
, REPORT_FAIL
);
239 client_success(auth
);
242 static void client_fail(struct auth_client
*auth
, ident_message report
)
244 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
246 rb_strlcpy(auth
->username
, "*", sizeof(auth
->username
));
250 auth
->data
[PROVIDER_IDENT
] = NULL
;
252 notice_client(auth
, messages
[report
]);
253 provider_done(auth
, PROVIDER_IDENT
);
256 static void client_success(struct auth_client
*auth
)
258 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
262 auth
->data
[PROVIDER_IDENT
] = NULL
;
264 notice_client(auth
, messages
[REPORT_FOUND
]);
265 provider_done(auth
, PROVIDER_IDENT
);
269 * parse ident query reply from identd server
271 * Torn out of old s_auth.c because there was nothing wrong with it
274 * Inputs - pointer to ident buf
275 * Outputs - NULL if no valid ident found, otherwise pointer to name
276 * Side effects - None
279 get_valid_ident(char *buf
)
287 char *remotePortString
;
289 /* All this to get rid of a sscanf() fun. */
290 remotePortString
= buf
;
292 colon1Ptr
= strchr(remotePortString
, ':');
298 colon2Ptr
= strchr(colon1Ptr
, ':');
304 commaPtr
= strchr(remotePortString
, ',');
312 remp
= atoi(remotePortString
);
316 locp
= atoi(commaPtr
);
320 /* look for USERID bordered by first pair of colons */
321 if(!strstr(colon1Ptr
, "USERID"))
324 colon3Ptr
= strchr(colon2Ptr
, ':');
334 struct auth_provider ident_provider
=
336 .id
= PROVIDER_IDENT
,
338 .destroy
= ident_destroy
,
339 .start
= ident_start
,
340 .cancel
= ident_cancel
,