]> jfr.im git - solanum.git/blob - authd/providers/ident.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
providers/ident: fix some nasty crashes
[solanum.git] / authd / providers / ident.c
1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
7 *
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
19 */
20
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
23 *
24 * --Elizafox 13 March 2016
25 */
26
27 #include "stdinc.h"
28 #include "match.h"
29 #include "authd.h"
30 #include "notice.h"
31 #include "provider.h"
32 #include "res.h"
33
34 #define IDENT_BUFSIZE 128
35
36 struct ident_query
37 {
38 time_t timeout; /* Timeout interval */
39 rb_fde_t *F; /* Our FD */
40 };
41
42 /* Goinked from old s_auth.c --Elizafox */
43 static const char *messages[] =
44 {
45 "*** Checking Ident",
46 "*** Got Ident response",
47 "*** No Ident response",
48 };
49
50 typedef enum
51 {
52 REPORT_LOOKUP,
53 REPORT_FOUND,
54 REPORT_FAIL,
55 } ident_message;
56
57 static EVH timeout_ident_queries_event;
58 static CNCB ident_connected;
59 static PF read_ident_reply;
60
61 static void client_fail(struct auth_client *auth, ident_message message);
62 static void client_success(struct auth_client *auth);
63 static char * get_valid_ident(char *buf);
64
65 static struct ev_entry *timeout_ev;
66 static int ident_timeout = 5;
67
68
69 /* Timeout outstanding queries */
70 static void
71 timeout_ident_queries_event(void *notused __unused)
72 {
73 struct auth_client *auth;
74 rb_dictionary_iter iter;
75
76 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
77 {
78 struct ident_query *query = auth->data[PROVIDER_IDENT];
79
80 if(query != NULL && query->timeout < rb_current_time())
81 client_fail(auth, REPORT_FAIL);
82 }
83 }
84
85 /*
86 * ident_connected() - deal with the result of rb_connect_tcp()
87 *
88 * If the connection failed, we simply close the auth fd and report
89 * a failure. If the connection suceeded send the ident server a query
90 * giving "theirport , ourport". The write is only attempted *once* so
91 * it is deemed to be a fail if the entire write doesn't write all the
92 * data given. This shouldnt be a problem since the socket should have
93 * a write buffer far greater than this message to store it in should
94 * problems arise. -avalon
95 */
96 static void
97 ident_connected(rb_fde_t *F __unused, int error, void *data)
98 {
99 struct auth_client *auth = data;
100 struct ident_query *query;
101 char authbuf[32];
102 int authlen;
103
104 if(auth == NULL)
105 return;
106
107 query = auth->data[PROVIDER_IDENT];
108
109 if(query == NULL)
110 return;
111
112 /* Check the error */
113 if(error != RB_OK)
114 {
115 /* We had an error during connection :( */
116 client_fail(auth, REPORT_FAIL);
117 return;
118 }
119
120 snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
121 auth->c_port, auth->l_port);
122 authlen = strlen(authbuf);
123
124 if(rb_write(query->F, authbuf, authlen) != authlen)
125 {
126 client_fail(auth, REPORT_FAIL);
127 return;
128 }
129
130 read_ident_reply(query->F, auth);
131 }
132
133 static void
134 read_ident_reply(rb_fde_t *F, void *data)
135 {
136 struct auth_client *auth = data;
137 struct ident_query *query;
138 char *s = NULL;
139 char *t = NULL;
140 int len;
141 int count;
142 char buf[IDENT_BUFSIZE + 1]; /* buffer to read auth reply into */
143
144 if(auth == NULL)
145 return;
146
147 query = auth->data[PROVIDER_IDENT];
148
149 if(query == NULL)
150 return;
151
152 len = rb_read(F, buf, IDENT_BUFSIZE);
153 if(len < 0 && rb_ignore_errno(errno))
154 {
155 rb_setselect(F, RB_SELECT_READ, read_ident_reply, auth);
156 return;
157 }
158
159 if(len > 0)
160 {
161 buf[len] = '\0';
162
163 if((s = get_valid_ident(buf)))
164 {
165 t = auth->username;
166
167 while (*s == '~' || *s == '^')
168 s++;
169
170 for (count = USERLEN; *s && count; s++)
171 {
172 if(*s == '@')
173 {
174 break;
175 }
176 if(*s != ' ' && *s != ':' && *s != '[')
177 {
178 *t++ = *s;
179 count--;
180 }
181 }
182 *t = '\0';
183 }
184 }
185
186 if(s == NULL)
187 client_fail(auth, REPORT_FAIL);
188 else
189 client_success(auth);
190 }
191
192 static void
193 client_fail(struct auth_client *auth, ident_message report)
194 {
195 struct ident_query *query = auth->data[PROVIDER_IDENT];
196
197 if(query == NULL)
198 return;
199
200 rb_strlcpy(auth->username, "*", sizeof(auth->username));
201
202 if(query->F != NULL)
203 rb_close(query->F);
204
205 rb_free(query);
206 auth->data[PROVIDER_IDENT] = NULL;
207
208 notice_client(auth->cid, messages[report]);
209 provider_done(auth, PROVIDER_IDENT);
210 }
211
212 static void
213 client_success(struct auth_client *auth)
214 {
215 struct ident_query *query = auth->data[PROVIDER_IDENT];
216
217 if(query == NULL)
218 return;
219
220 if(query->F != NULL)
221 rb_close(query->F);
222
223 rb_free(query);
224 auth->data[PROVIDER_IDENT] = NULL;
225
226 notice_client(auth->cid, messages[REPORT_FOUND]);
227 provider_done(auth, PROVIDER_IDENT);
228 }
229
230 /* get_valid_ident
231 * parse ident query reply from identd server
232 *
233 * Taken from old s_auth.c --Elizafox
234 *
235 * Inputs - pointer to ident buf
236 * Outputs - NULL if no valid ident found, otherwise pointer to name
237 * Side effects - None
238 */
239 static char *
240 get_valid_ident(char *buf)
241 {
242 int remp = 0;
243 int locp = 0;
244 char *colon1Ptr;
245 char *colon2Ptr;
246 char *colon3Ptr;
247 char *commaPtr;
248 char *remotePortString;
249
250 /* All this to get rid of a sscanf() fun. */
251 remotePortString = buf;
252
253 colon1Ptr = strchr(remotePortString, ':');
254 if(!colon1Ptr)
255 return 0;
256
257 *colon1Ptr = '\0';
258 colon1Ptr++;
259 colon2Ptr = strchr(colon1Ptr, ':');
260 if(!colon2Ptr)
261 return 0;
262
263 *colon2Ptr = '\0';
264 colon2Ptr++;
265 commaPtr = strchr(remotePortString, ',');
266
267 if(!commaPtr)
268 return 0;
269
270 *commaPtr = '\0';
271 commaPtr++;
272
273 remp = atoi(remotePortString);
274 if(!remp)
275 return 0;
276
277 locp = atoi(commaPtr);
278 if(!locp)
279 return 0;
280
281 /* look for USERID bordered by first pair of colons */
282 if(!strstr(colon1Ptr, "USERID"))
283 return 0;
284
285 colon3Ptr = strchr(colon2Ptr, ':');
286 if(!colon3Ptr)
287 return 0;
288
289 *colon3Ptr = '\0';
290 colon3Ptr++;
291 return (colon3Ptr);
292 }
293
294 static bool
295 ident_init(void)
296 {
297 timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
298 return (timeout_ev != NULL);
299 }
300
301 static void
302 ident_destroy(void)
303 {
304 struct auth_client *auth;
305 rb_dictionary_iter iter;
306
307 /* Nuke all ident queries */
308 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
309 {
310 if(auth->data[PROVIDER_IDENT] != NULL)
311 client_fail(auth, REPORT_FAIL);
312 }
313 }
314
315 static bool ident_start(struct auth_client *auth)
316 {
317 struct ident_query *query = rb_malloc(sizeof(struct ident_query));
318 struct rb_sockaddr_storage l_addr, c_addr;
319 int family = GET_SS_FAMILY(&auth->c_addr);
320
321 notice_client(auth->cid, messages[REPORT_LOOKUP]);
322
323 auth->data[PROVIDER_IDENT] = query;
324 query->timeout = rb_current_time() + ident_timeout;
325
326 if((query->F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
327 {
328 warn_opers(L_DEBUG, "Could not create ident socket: %s", strerror(errno));
329 client_fail(auth, REPORT_FAIL);
330 return true; /* Not a fatal error */
331 }
332
333 /* Build sockaddr_storages for rb_connect_tcp below */
334 memcpy(&l_addr, &auth->l_addr, sizeof(l_addr));
335 memcpy(&c_addr, &auth->c_addr, sizeof(c_addr));
336
337 /* Set the ports correctly */
338 #ifdef RB_IPV6
339 if(GET_SS_FAMILY(&l_addr) == AF_INET6)
340 ((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
341 else
342 #endif
343 ((struct sockaddr_in *)&l_addr)->sin_port = 0;
344
345 #ifdef RB_IPV6
346 if(GET_SS_FAMILY(&c_addr) == AF_INET6)
347 ((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
348 else
349 #endif
350 ((struct sockaddr_in *)&c_addr)->sin_port = htons(113);
351
352 rb_connect_tcp(query->F, (struct sockaddr *)&c_addr,
353 (struct sockaddr *)&l_addr,
354 GET_SS_LEN(&l_addr), ident_connected,
355 auth, ident_timeout);
356
357 set_provider_on(auth, PROVIDER_IDENT);
358
359 return true;
360 }
361
362 static void
363 ident_cancel(struct auth_client *auth)
364 {
365 struct ident_query *query = auth->data[PROVIDER_IDENT];
366
367 if(query != NULL)
368 client_fail(auth, REPORT_FAIL);
369 }
370
371 static void
372 add_conf_ident_timeout(const char *key __unused, int parc __unused, const char **parv)
373 {
374 int timeout = atoi(parv[0]);
375
376 if(timeout < 0)
377 {
378 warn_opers(L_CRIT, "BUG: ident timeout < 0 (value: %d)", timeout);
379 return;
380 }
381
382 ident_timeout = timeout;
383 }
384
385 struct auth_opts_handler ident_options[] =
386 {
387 { "ident_timeout", 1, add_conf_ident_timeout },
388 { NULL, 0, NULL },
389 };
390
391
392 struct auth_provider ident_provider =
393 {
394 .id = PROVIDER_IDENT,
395 .init = ident_init,
396 .destroy = ident_destroy,
397 .start = ident_start,
398 .cancel = ident_cancel,
399 .completed = NULL,
400 .opt_handlers = ident_options,
401 };
Fork of solanum ircd, history is rebased regularly