]> jfr.im git - solanum.git/blob - ircd/authd.c
projects / solanum.git / blob
? search:


cfbbb52ff568cf43742fc73528409a43045a2b09
[solanum.git] / ircd / authd.c
1 /*
2 * authd.c: An interface to authd.
3 * (based somewhat on ircd-ratbox dns.c)
4 *
5 * Copyright (C) 2005 Aaron Sethman <androsyn@ratbox.org>
6 * Copyright (C) 2005-2012 ircd-ratbox development team
7 * Copyright (C) 2016 William Pitcock <nenolod@dereferenced.org>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
22 * USA
23 */
24
25 #include "stdinc.h"
26 #include "rb_lib.h"
27 #include "client.h"
28 #include "ircd_defs.h"
29 #include "parse.h"
30 #include "authd.h"
31 #include "match.h"
32 #include "logger.h"
33 #include "s_conf.h"
34 #include "s_stats.h"
35 #include "client.h"
36 #include "packet.h"
37 #include "hash.h"
38 #include "send.h"
39 #include "numeric.h"
40 #include "msg.h"
41 #include "dns.h"
42
43 static int start_authd(void);
44 static void parse_authd_reply(rb_helper * helper);
45 static void restart_authd_cb(rb_helper * helper);
46
47 rb_helper *authd_helper;
48 static char *authd_path;
49
50 uint32_t cid = 1;
51 static rb_dictionary *cid_clients;
52
53 rb_dictionary *bl_stats;
54
55 static int
56 start_authd(void)
57 {
58 char fullpath[PATH_MAX + 1];
59 #ifdef _WIN32
60 const char *suffix = ".exe";
61 #else
62 const char *suffix = "";
63 #endif
64 if(authd_path == NULL)
65 {
66 snprintf(fullpath, sizeof(fullpath), "%s%cauthd%s", ircd_paths[IRCD_PATH_LIBEXEC], RB_PATH_SEPARATOR, suffix);
67
68 if(access(fullpath, X_OK) == -1)
69 {
70 snprintf(fullpath, sizeof(fullpath), "%s%cbin%cauthd%s",
71 ConfigFileEntry.dpath, RB_PATH_SEPARATOR, RB_PATH_SEPARATOR, suffix);
72 if(access(fullpath, X_OK) == -1)
73 {
74 ilog(L_MAIN,
75 "Unable to execute authd in %s or %s/bin",
76 ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
77 sendto_realops_snomask(SNO_GENERAL, L_ALL,
78 "Unable to execute authd in %s or %s/bin",
79 ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
80 return 1;
81 }
82
83 }
84
85 authd_path = rb_strdup(fullpath);
86 }
87
88 if(cid_clients == NULL)
89 cid_clients = rb_dictionary_create("authd cid to uid mapping", rb_uint32cmp);
90
91 if(bl_stats == NULL)
92 bl_stats = rb_dictionary_create("blacklist statistics", strcasecmp);
93
94 authd_helper = rb_helper_start("authd", authd_path, parse_authd_reply, restart_authd_cb);
95
96 if(authd_helper == NULL)
97 {
98 ilog(L_MAIN, "Unable to start authd helper: %s", strerror(errno));
99 sendto_realops_snomask(SNO_GENERAL, L_ALL, "Unable to start authd helper: %s", strerror(errno));
100 return 1;
101 }
102 ilog(L_MAIN, "authd helper started");
103 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd helper started");
104 rb_helper_run(authd_helper);
105 return 0;
106 }
107
108 static void
109 parse_authd_reply(rb_helper * helper)
110 {
111 ssize_t len;
112 int parc;
113 char dnsBuf[READBUF_SIZE];
114 char *parv[MAXPARA + 1];
115 long lcid;
116 char *id;
117 struct Client *client_p;
118
119 while((len = rb_helper_read(helper, dnsBuf, sizeof(dnsBuf))) > 0)
120 {
121 parc = rb_string_to_array(dnsBuf, parv, MAXPARA+1);
122
123 switch (*parv[0])
124 {
125 case 'A': /* Accepted a client */
126 if(parc != 4)
127 {
128 iwarn("authd sent a result with wrong number of arguments: got %d", parc);
129 restart_authd();
130 return;
131 }
132
133 if((lcid = strtol(parv[1], NULL, 16)) > UINT32_MAX)
134 {
135 iwarn("authd sent us back a bad client ID");
136 restart_authd();
137 return;
138 }
139
140 /* cid to uid (retrieve and delete) */
141 if((id = rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER((uint32_t)lcid))) == NULL)
142 {
143 iwarn("authd sent us back an unknown client ID");
144 restart_authd();
145 return;
146 }
147
148 if((client_p = find_id(id)) == NULL)
149 {
150 /* Client vanished... */
151 rb_free(id);
152 return;
153 }
154
155 rb_free(id);
156
157 authd_decide_client(client_p, parv[2], parv[3], true, '\0', NULL, NULL);
158 break;
159 case 'R': /* Reject client */
160 if(parc != 7)
161 {
162 iwarn("authd sent us a result with wrong number of arguments: got %d", parc);
163 restart_authd();
164 return;
165 }
166
167 if((lcid = strtol(parv[1], NULL, 16)) > UINT32_MAX)
168 {
169 iwarn("authd sent us back a bad client ID");
170 restart_authd();
171 return;
172 }
173
174 /* cid to uid (retrieve and delete) */
175 if((id = rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER((uint32_t)lcid))) == NULL)
176 {
177 iwarn("authd sent us back an unknown client ID");
178 restart_authd();
179 return;
180 }
181
182 if((client_p = find_id(id)) == NULL)
183 {
184 /* Client vanished... */
185 rb_free(id);
186 return;
187 }
188
189 rb_free(id);
190
191 authd_decide_client(client_p, parv[3], parv[4], false, toupper(*parv[2]), parv[5], parv[6]);
192 return;
193 case 'E': /* DNS Result */
194 if(parc != 5)
195 {
196 ilog(L_MAIN, "authd sent a result with wrong number of arguments: got %d", parc);
197 restart_authd();
198 return;
199 }
200 dns_results_callback(parv[1], parv[2], parv[3], parv[4]);
201 break;
202 case 'W': /* Oper warning */
203 if(parc != 3)
204 {
205 ilog(L_MAIN, "authd sent a result with wrong number of arguments: got %d", parc);
206 restart_authd();
207 return;
208 }
209
210 switch(*parv[2])
211 {
212 case 'D': /* Debug */
213 sendto_realops_snomask(SNO_DEBUG, L_ALL, "authd debug: %s", parv[3]);
214 break;
215 case 'I': /* Info */
216 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd info: %s", parv[3]);
217 inotice("authd info: %s", parv[3]);
218 break;
219 case 'W': /* Warning */
220 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd WARNING: %s", parv[3]);
221 iwarn("authd warning: %s", parv[3]);
222 break;
223 case 'C': /* Critical (error) */
224 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd CRITICAL: %s", parv[3]);
225 ierror("authd critical: %s", parv[3]);
226 break;
227 default: /* idk */
228 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd sent us an unknown oper notice type (%s): %s", parv[2], parv[3]);
229 ilog(L_MAIN, "authd unknown oper notice type (%s): %s", parv[2], parv[3]);
230 break;
231 }
232
233 /* NOTREACHED */
234 break;
235 case 'X': /* Stats error */
236 case 'Y': /* Stats reply */
237 case 'Z': /* End of stats reply */
238 if(parc < 3)
239 {
240 ilog(L_MAIN, "authd sent a result with wrong number of arguments: got %d", parc);
241 restart_authd();
242 return;
243 }
244
245 /* Select by type */
246 switch(*parv[2])
247 {
248 case 'D':
249 /* parv[0] conveys status */
250 if(parc < 4)
251 {
252 ilog(L_MAIN, "authd sent a result with wrong number of arguments: got %d", parc);
253 restart_authd();
254 return;
255 }
256 dns_stats_results_callback(parv[1], parv[0], parc - 3, (const char **)&parv[3]);
257 break;
258 default:
259 break;
260 }
261 break;
262 default:
263 break;
264 }
265 }
266 }
267
268 void
269 init_authd(void)
270 {
271 if(start_authd())
272 {
273 ilog(L_MAIN, "Unable to start authd helper: %s", strerror(errno));
274 exit(0);
275 }
276 }
277
278 void
279 configure_authd(void)
280 {
281 /* These will do for now */
282 set_authd_timeout("ident_timeout", GlobalSetOptions.ident_timeout);
283 set_authd_timeout("rdns_timeout", ConfigFileEntry.connect_timeout);
284 set_authd_timeout("blacklist_timeout", ConfigFileEntry.connect_timeout);
285 }
286
287 static void
288 restart_authd_cb(rb_helper * helper)
289 {
290 ilog(L_MAIN, "authd: restart_authd_cb called, authd died?");
291 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd: restart_authd_cb called, authd died?");
292 if(helper != NULL)
293 {
294 rb_helper_close(helper);
295 authd_helper = NULL;
296 }
297 start_authd();
298 }
299
300 void
301 restart_authd(void)
302 {
303 restart_authd_cb(authd_helper);
304 }
305
306 void
307 rehash_authd(void)
308 {
309 rb_helper_write(authd_helper, "R");
310 configure_authd();
311 }
312
313 void
314 check_authd(void)
315 {
316 if(authd_helper == NULL)
317 restart_authd();
318 }
319
320 static inline uint32_t
321 generate_cid(void)
322 {
323 if(++cid == 0)
324 cid = 1;
325
326 return cid;
327 }
328
329 /* Basically when this is called we begin handing off the client to authd for
330 * processing. authd "owns" the client until processing is finished, or we
331 * timeout from authd. authd will make a decision whether or not to accept the
332 * client, but it's up to other parts of the code (for now) to decide if we're
333 * gonna accept the client and ignore authd's suggestion.
334 *
335 * --Elizafox
336 */
337 void
338 authd_initiate_client(struct Client *client_p)
339 {
340 char client_ipaddr[HOSTIPLEN+1];
341 char listen_ipaddr[HOSTIPLEN+1];
342 uint16_t client_port, listen_port;
343 uint32_t authd_cid;
344
345 if(client_p->preClient == NULL || client_p->preClient->authd_cid == 0)
346 return;
347
348 authd_cid = client_p->preClient->authd_cid = generate_cid();
349
350 /* Collisions are extremely unlikely, so disregard the possibility */
351 rb_dictionary_add(cid_clients, RB_UINT_TO_POINTER(authd_cid), rb_strdup(client_p->id));
352
353 /* Retrieve listener and client IP's */
354 rb_inet_ntop_sock((struct sockaddr *)&client_p->preClient->lip, listen_ipaddr, sizeof(listen_ipaddr));
355 rb_inet_ntop_sock((struct sockaddr *)&client_p->localClient->ip, client_ipaddr, sizeof(client_ipaddr));
356
357 /* Retrieve listener and client ports */
358 #ifdef RB_IPV6
359 if(GET_SS_FAMILY(&client_p->preClient->lip) == AF_INET6)
360 listen_port = ntohs(((struct sockaddr_in6 *)&client_p->preClient->lip)->sin6_port);
361 else
362 #endif
363 listen_port = ntohs(((struct sockaddr_in *)&client_p->preClient->lip)->sin_port);
364
365 #ifdef RB_IPV6
366 if(GET_SS_FAMILY(&client_p->localClient->ip) == AF_INET6)
367 client_port = ntohs(((struct sockaddr_in6 *)&client_p->localClient->ip)->sin6_port);
368 else
369 #endif
370 client_port = ntohs(((struct sockaddr_in *)&client_p->localClient->ip)->sin_port);
371
372 /* FIXME timeout should be configurable */
373 client_p->preClient->authd_timeout = rb_current_time() + 45;
374
375 rb_helper_write(authd_helper, "C %x %s %hu %s %hu", authd_cid, listen_ipaddr, listen_port, client_ipaddr, client_port);
376 }
377
378 /* When this is called we have a decision on client acceptance.
379 *
380 * After this point authd no longer "owns" the client.
381 */
382 void
383 authd_decide_client(struct Client *client_p, const char *ident, const char *host, bool accept, char cause, const char *data, const char *reason)
384 {
385 if(client_p->preClient == NULL || client_p->preClient->authd_cid == 0)
386 return;
387
388 if(*ident != '*')
389 {
390 rb_strlcpy(client_p->username, ident, sizeof(client_p->username));
391 ServerStats.is_abad++; /* s_auth used to do this, stay compatible */
392 }
393 else
394 ServerStats.is_asuc++;
395
396 if(*host != '*')
397 rb_strlcpy(client_p->host, host, sizeof(client_p->host));
398
399 client_p->preClient->authd_accepted = accept;
400 client_p->preClient->authd_cause = cause;
401 client_p->preClient->authd_data = (data == NULL ? NULL : rb_strdup(data));
402 client_p->preClient->authd_reason = (reason == NULL ? NULL : rb_strdup(reason));
403
404 rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->authd_cid));
405
406 client_p->preClient->authd_cid = 0;
407
408 /*
409 * When a client has auth'ed, we want to start reading what it sends
410 * us. This is what read_packet() does.
411 * -- adrian
412 *
413 * Above comment was originally in s_auth.c, but moved here with below code.
414 * --Elizafox
415 */
416 rb_dlinkAddTail(client_p, &client_p->node, &global_client_list);
417 read_packet(client_p->localClient->F, client_p);
418 }
419
420 void
421 authd_abort_client(struct Client *client_p)
422 {
423 if(client_p->preClient == NULL)
424 return;
425
426 if(client_p->preClient->authd_cid == 0)
427 return;
428
429 rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->authd_cid));
430
431 rb_helper_write(authd_helper, "E %x", client_p->preClient->authd_cid);
432 client_p->preClient->authd_cid = 0;
433 }
434
435 /* Turn a cause char (who rejected us) into the name of the provider */
436 const char *
437 get_provider_string(char cause)
438 {
439 switch(cause)
440 {
441 case 'B':
442 return "Blacklist";
443 case 'D':
444 return "rDNS";
445 case 'I':
446 return "Ident";
447 default:
448 return "Unknown";
449 }
450 }
451
452 /* Send a new blacklist to authd */
453 void
454 add_blacklist(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters)
455 {
456 rb_dlink_node *ptr;
457 struct blacklist_stats *stats = rb_malloc(sizeof(struct blacklist_stats));
458 char filterbuf[BUFSIZE];
459 size_t s = 0;
460
461 /* Build a list of comma-separated values for authd.
462 * We don't check for validity - do it elsewhere.
463 */
464 RB_DLINK_FOREACH(ptr, filters->head)
465 {
466 char *filter = ptr->data;
467 size_t filterlen = strlen(filter) + 1;
468
469 if(s + filterlen > sizeof(filterbuf))
470 break;
471
472 snprintf(&filterbuf[s], sizeof(filterbuf) - s, "%s,", filter);
473
474 s += filterlen;
475 }
476
477 if(s)
478 filterbuf[s - 1] = '\0';
479
480 stats->iptype = iptype;
481 stats->hits = 0;
482 rb_dictionary_add(bl_stats, host, stats);
483
484 rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", host, iptype, filterbuf, reason);
485 }
486
487 /* Delete a blacklist */
488 void
489 del_blacklist(const char *host)
490 {
491 rb_dictionary_delete(bl_stats, host);
492
493 rb_helper_write(authd_helper, "O rbl_del %s", host);
494 }
495
496 /* Delete all the blacklists */
497 void
498 del_blacklist_all(void)
499 {
500 struct blacklist_stats *stats;
501 rb_dictionary_iter iter;
502
503 RB_DICTIONARY_FOREACH(stats, &iter, bl_stats)
504 {
505 rb_free(stats);
506 rb_dictionary_delete(bl_stats, iter.cur->key);
507 }
508
509 rb_helper_write(authd_helper, "O rbl_del_all");
510 }
511
512 /* Adjust an authd timeout value */
513 void
514 set_authd_timeout(const char *key, int timeout)
515 {
516 rb_helper_write(authd_helper, "O %s %d", key, timeout);
517 }
Fork of solanum ircd, history is rebased regularly