]>
jfr.im git - solanum.git/blob - ircd/authd.c
2 * authd.c: An interface to authd.
3 * (based somewhat on ircd-ratbox dns.c)
5 * Copyright (C) 2005 Aaron Sethman <androsyn@ratbox.org>
6 * Copyright (C) 2005-2012 ircd-ratbox development team
7 * Copyright (C) 2016 William Pitcock <nenolod@dereferenced.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
28 #include "ircd_defs.h"
43 static int start_authd(void);
44 static void parse_authd_reply(rb_helper
* helper
);
45 static void restart_authd_cb(rb_helper
* helper
);
47 rb_helper
*authd_helper
;
48 static char *authd_path
;
51 static rb_dictionary
*cid_clients
;
53 rb_dictionary
*bl_stats
;
58 char fullpath
[PATH_MAX
+ 1];
60 const char *suffix
= ".exe";
62 const char *suffix
= "";
64 if(authd_path
== NULL
)
66 snprintf(fullpath
, sizeof(fullpath
), "%s%cauthd%s", ircd_paths
[IRCD_PATH_LIBEXEC
], RB_PATH_SEPARATOR
, suffix
);
68 if(access(fullpath
, X_OK
) == -1)
70 snprintf(fullpath
, sizeof(fullpath
), "%s%cbin%cauthd%s",
71 ConfigFileEntry
.dpath
, RB_PATH_SEPARATOR
, RB_PATH_SEPARATOR
, suffix
);
72 if(access(fullpath
, X_OK
) == -1)
75 "Unable to execute authd in %s or %s/bin",
76 ircd_paths
[IRCD_PATH_LIBEXEC
], ConfigFileEntry
.dpath
);
77 sendto_realops_snomask(SNO_GENERAL
, L_ALL
,
78 "Unable to execute authd in %s or %s/bin",
79 ircd_paths
[IRCD_PATH_LIBEXEC
], ConfigFileEntry
.dpath
);
85 authd_path
= rb_strdup(fullpath
);
88 if(cid_clients
== NULL
)
89 cid_clients
= rb_dictionary_create("authd cid to uid mapping", rb_uint32cmp
);
92 bl_stats
= rb_dictionary_create("blacklist statistics", strcasecmp
);
94 authd_helper
= rb_helper_start("authd", authd_path
, parse_authd_reply
, restart_authd_cb
);
96 if(authd_helper
== NULL
)
98 ilog(L_MAIN
, "Unable to start authd helper: %s", strerror(errno
));
99 sendto_realops_snomask(SNO_GENERAL
, L_ALL
, "Unable to start authd helper: %s", strerror(errno
));
102 ilog(L_MAIN
, "authd helper started");
103 sendto_realops_snomask(SNO_GENERAL
, L_ALL
, "authd helper started");
104 rb_helper_run(authd_helper
);
109 parse_authd_reply(rb_helper
* helper
)
113 char dnsBuf
[READBUF_SIZE
];
114 char *parv
[MAXPARA
+ 1];
117 struct Client
*client_p
;
119 while((len
= rb_helper_read(helper
, dnsBuf
, sizeof(dnsBuf
))) > 0)
121 parc
= rb_string_to_array(dnsBuf
, parv
, MAXPARA
+1);
125 case 'A': /* Accepted a client */
128 iwarn("authd sent a result with wrong number of arguments: got %d", parc
);
133 if((lcid
= strtol(parv
[1], NULL
, 16)) > UINT32_MAX
)
135 iwarn("authd sent us back a bad client ID");
140 /* cid to uid (retrieve and delete) */
141 if((id
= rb_dictionary_delete(cid_clients
, RB_UINT_TO_POINTER((uint32_t)lcid
))) == NULL
)
143 iwarn("authd sent us back an unknown client ID");
148 if((client_p
= find_id(id
)) == NULL
)
150 /* Client vanished... */
157 authd_decide_client(client_p
, parv
[2], parv
[3], true, '\0', NULL
, NULL
);
159 case 'R': /* Reject client */
162 iwarn("authd sent us a result with wrong number of arguments: got %d", parc
);
167 if((lcid
= strtol(parv
[1], NULL
, 16)) > UINT32_MAX
)
169 iwarn("authd sent us back a bad client ID");
174 /* cid to uid (retrieve and delete) */
175 if((id
= rb_dictionary_delete(cid_clients
, RB_UINT_TO_POINTER((uint32_t)lcid
))) == NULL
)
177 iwarn("authd sent us back an unknown client ID");
182 if((client_p
= find_id(id
)) == NULL
)
184 /* Client vanished... */
191 authd_decide_client(client_p
, parv
[3], parv
[4], false, toupper(*parv
[2]), parv
[5], parv
[6]);
193 case 'E': /* DNS Result */
196 ilog(L_MAIN
, "authd sent a result with wrong number of arguments: got %d", parc
);
200 dns_results_callback(parv
[1], parv
[2], parv
[3], parv
[4]);
202 case 'W': /* Oper warning */
205 ilog(L_MAIN
, "authd sent a result with wrong number of arguments: got %d", parc
);
212 case 'D': /* Debug */
213 sendto_realops_snomask(SNO_DEBUG
, L_ALL
, "authd debug: %s", parv
[3]);
216 sendto_realops_snomask(SNO_GENERAL
, L_ALL
, "authd info: %s", parv
[3]);
217 inotice("authd info: %s", parv
[3]);
219 case 'W': /* Warning */
220 sendto_realops_snomask(SNO_GENERAL
, L_ALL
, "authd WARNING: %s", parv
[3]);
221 iwarn("authd warning: %s", parv
[3]);
223 case 'C': /* Critical (error) */
224 sendto_realops_snomask(SNO_GENERAL
, L_ALL
, "authd CRITICAL: %s", parv
[3]);
225 ierror("authd critical: %s", parv
[3]);
228 sendto_realops_snomask(SNO_GENERAL
, L_ALL
, "authd sent us an unknown oper notice type (%s): %s", parv
[2], parv
[3]);
229 ilog(L_MAIN
, "authd unknown oper notice type (%s): %s", parv
[2], parv
[3]);
235 case 'X': /* Stats error */
236 case 'Y': /* Stats reply */
237 case 'Z': /* End of stats reply */
240 ilog(L_MAIN
, "authd sent a result with wrong number of arguments: got %d", parc
);
249 /* parv[0] conveys status */
252 ilog(L_MAIN
, "authd sent a result with wrong number of arguments: got %d", parc
);
256 dns_stats_results_callback(parv
[1], parv
[0], parc
- 3, (const char **)&parv
[3]);
273 ilog(L_MAIN
, "Unable to start authd helper: %s", strerror(errno
));
279 configure_authd(void)
281 /* These will do for now */
282 set_authd_timeout("ident_timeout", GlobalSetOptions
.ident_timeout
);
283 set_authd_timeout("rdns_timeout", ConfigFileEntry
.connect_timeout
);
284 set_authd_timeout("blacklist_timeout", ConfigFileEntry
.connect_timeout
);
288 restart_authd_cb(rb_helper
* helper
)
290 ilog(L_MAIN
, "authd: restart_authd_cb called, authd died?");
291 sendto_realops_snomask(SNO_GENERAL
, L_ALL
, "authd: restart_authd_cb called, authd died?");
294 rb_helper_close(helper
);
303 restart_authd_cb(authd_helper
);
309 rb_helper_write(authd_helper
, "R");
316 if(authd_helper
== NULL
)
320 static inline uint32_t
329 /* Basically when this is called we begin handing off the client to authd for
330 * processing. authd "owns" the client until processing is finished, or we
331 * timeout from authd. authd will make a decision whether or not to accept the
332 * client, but it's up to other parts of the code (for now) to decide if we're
333 * gonna accept the client and ignore authd's suggestion.
338 authd_initiate_client(struct Client
*client_p
)
340 char client_ipaddr
[HOSTIPLEN
+1];
341 char listen_ipaddr
[HOSTIPLEN
+1];
342 uint16_t client_port
, listen_port
;
345 if(client_p
->preClient
== NULL
|| client_p
->preClient
->authd_cid
== 0)
348 authd_cid
= client_p
->preClient
->authd_cid
= generate_cid();
350 /* Collisions are extremely unlikely, so disregard the possibility */
351 rb_dictionary_add(cid_clients
, RB_UINT_TO_POINTER(authd_cid
), rb_strdup(client_p
->id
));
353 /* Retrieve listener and client IP's */
354 rb_inet_ntop_sock((struct sockaddr
*)&client_p
->preClient
->lip
, listen_ipaddr
, sizeof(listen_ipaddr
));
355 rb_inet_ntop_sock((struct sockaddr
*)&client_p
->localClient
->ip
, client_ipaddr
, sizeof(client_ipaddr
));
357 /* Retrieve listener and client ports */
359 if(GET_SS_FAMILY(&client_p
->preClient
->lip
) == AF_INET6
)
360 listen_port
= ntohs(((struct sockaddr_in6
*)&client_p
->preClient
->lip
)->sin6_port
);
363 listen_port
= ntohs(((struct sockaddr_in
*)&client_p
->preClient
->lip
)->sin_port
);
366 if(GET_SS_FAMILY(&client_p
->localClient
->ip
) == AF_INET6
)
367 client_port
= ntohs(((struct sockaddr_in6
*)&client_p
->localClient
->ip
)->sin6_port
);
370 client_port
= ntohs(((struct sockaddr_in
*)&client_p
->localClient
->ip
)->sin_port
);
372 /* FIXME timeout should be configurable */
373 client_p
->preClient
->authd_timeout
= rb_current_time() + 45;
375 rb_helper_write(authd_helper
, "C %x %s %hu %s %hu", authd_cid
, listen_ipaddr
, listen_port
, client_ipaddr
, client_port
);
378 /* When this is called we have a decision on client acceptance.
380 * After this point authd no longer "owns" the client.
383 authd_decide_client(struct Client
*client_p
, const char *ident
, const char *host
, bool accept
, char cause
, const char *data
, const char *reason
)
385 if(client_p
->preClient
== NULL
|| client_p
->preClient
->authd_cid
== 0)
390 rb_strlcpy(client_p
->username
, ident
, sizeof(client_p
->username
));
391 ServerStats
.is_abad
++; /* s_auth used to do this, stay compatible */
394 ServerStats
.is_asuc
++;
397 rb_strlcpy(client_p
->host
, host
, sizeof(client_p
->host
));
399 client_p
->preClient
->authd_accepted
= accept
;
400 client_p
->preClient
->authd_cause
= cause
;
401 client_p
->preClient
->authd_data
= (data
== NULL
? NULL
: rb_strdup(data
));
402 client_p
->preClient
->authd_reason
= (reason
== NULL
? NULL
: rb_strdup(reason
));
404 rb_dictionary_delete(cid_clients
, RB_UINT_TO_POINTER(client_p
->preClient
->authd_cid
));
406 client_p
->preClient
->authd_cid
= 0;
409 * When a client has auth'ed, we want to start reading what it sends
410 * us. This is what read_packet() does.
413 * Above comment was originally in s_auth.c, but moved here with below code.
416 rb_dlinkAddTail(client_p
, &client_p
->node
, &global_client_list
);
417 read_packet(client_p
->localClient
->F
, client_p
);
421 authd_abort_client(struct Client
*client_p
)
423 if(client_p
->preClient
== NULL
)
426 if(client_p
->preClient
->authd_cid
== 0)
429 rb_dictionary_delete(cid_clients
, RB_UINT_TO_POINTER(client_p
->preClient
->authd_cid
));
431 rb_helper_write(authd_helper
, "E %x", client_p
->preClient
->authd_cid
);
432 client_p
->preClient
->authd_cid
= 0;
435 /* Turn a cause char (who rejected us) into the name of the provider */
437 get_provider_string(char cause
)
452 /* Send a new blacklist to authd */
454 add_blacklist(const char *host
, const char *reason
, uint8_t iptype
, rb_dlink_list
*filters
)
457 struct blacklist_stats
*stats
= rb_malloc(sizeof(struct blacklist_stats
));
458 char filterbuf
[BUFSIZE
];
461 /* Build a list of comma-separated values for authd.
462 * We don't check for validity - do it elsewhere.
464 RB_DLINK_FOREACH(ptr
, filters
->head
)
466 char *filter
= ptr
->data
;
467 size_t filterlen
= strlen(filter
) + 1;
469 if(s
+ filterlen
> sizeof(filterbuf
))
472 snprintf(&filterbuf
[s
], sizeof(filterbuf
) - s
, "%s,", filter
);
478 filterbuf
[s
- 1] = '\0';
480 stats
->iptype
= iptype
;
482 rb_dictionary_add(bl_stats
, host
, stats
);
484 rb_helper_write(authd_helper
, "O rbl %s %hhu %s :%s", host
, iptype
, filterbuf
, reason
);
487 /* Delete a blacklist */
489 del_blacklist(const char *host
)
491 rb_dictionary_delete(bl_stats
, host
);
493 rb_helper_write(authd_helper
, "O rbl_del %s", host
);
496 /* Delete all the blacklists */
498 del_blacklist_all(void)
500 struct blacklist_stats
*stats
;
501 rb_dictionary_iter iter
;
503 RB_DICTIONARY_FOREACH(stats
, &iter
, bl_stats
)
506 rb_dictionary_delete(bl_stats
, iter
.cur
->key
);
509 rb_helper_write(authd_helper
, "O rbl_del_all");
512 /* Adjust an authd timeout value */
514 set_authd_timeout(const char *key
, int timeout
)
516 rb_helper_write(authd_helper
, "O %s %d", key
, timeout
);