]> jfr.im git - solanum.git/blob - authd/providers/ident.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add new sockaddr_storage port retrieval/setting macros
[solanum.git] / authd / providers / ident.c
1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
7 *
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
19 */
20
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
23 *
24 * --Elizafox 13 March 2016
25 */
26
27 #include "stdinc.h"
28 #include "match.h"
29 #include "authd.h"
30 #include "notice.h"
31 #include "provider.h"
32 #include "res.h"
33
34 #define IDENT_BUFSIZE 128
35
36 struct ident_query
37 {
38 rb_fde_t *F; /* Our FD */
39 };
40
41 /* Goinked from old s_auth.c --Elizafox */
42 static const char *messages[] =
43 {
44 "*** Checking Ident",
45 "*** Got Ident response",
46 "*** No Ident response",
47 "*** Cannot verify ident validity, ignoring ident",
48 "*** Ident disabled, not checking ident",
49 };
50
51 typedef enum
52 {
53 REPORT_LOOKUP,
54 REPORT_FOUND,
55 REPORT_FAIL,
56 REPORT_INVALID,
57 REPORT_DISABLED,
58 } ident_message;
59
60 static CNCB ident_connected;
61 static PF read_ident_reply;
62
63 static void client_fail(struct auth_client *auth, ident_message message);
64 static void client_success(struct auth_client *auth);
65 static char * get_valid_ident(char *buf);
66
67 static int ident_timeout = 5;
68 static bool ident_enable = true;
69
70
71 /*
72 * ident_connected() - deal with the result of rb_connect_tcp()
73 *
74 * If the connection failed, we simply close the auth fd and report
75 * a failure. If the connection suceeded send the ident server a query
76 * giving "theirport , ourport". The write is only attempted *once* so
77 * it is deemed to be a fail if the entire write doesn't write all the
78 * data given. This shouldnt be a problem since the socket should have
79 * a write buffer far greater than this message to store it in should
80 * problems arise. -avalon
81 */
82 static void
83 ident_connected(rb_fde_t *F __unused, int error, void *data)
84 {
85 struct auth_client *auth = data;
86 struct ident_query *query;
87 char authbuf[32];
88 int authlen;
89
90 if(auth == NULL)
91 return;
92
93 query = auth->data[PROVIDER_IDENT];
94
95 if(query == NULL)
96 return;
97
98 /* Check the error */
99 if(error != RB_OK)
100 {
101 /* We had an error during connection :( */
102 client_fail(auth, REPORT_FAIL);
103 return;
104 }
105
106 snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
107 auth->c_port, auth->l_port);
108 authlen = strlen(authbuf);
109
110 if(rb_write(query->F, authbuf, authlen) != authlen)
111 {
112 client_fail(auth, REPORT_FAIL);
113 return;
114 }
115
116 read_ident_reply(query->F, auth);
117 }
118
119 static void
120 read_ident_reply(rb_fde_t *F, void *data)
121 {
122 struct auth_client *auth = data;
123 struct ident_query *query;
124 char buf[IDENT_BUFSIZE + 1]; /* buffer to read auth reply into */
125 ident_message message = REPORT_FAIL;
126 char *s = NULL;
127 char *t = NULL;
128 ssize_t len;
129 int count;
130
131 if(auth == NULL)
132 return;
133
134 query = auth->data[PROVIDER_IDENT];
135
136 if(query == NULL)
137 return;
138
139 len = rb_read(F, buf, IDENT_BUFSIZE);
140 if(len < 0 && rb_ignore_errno(errno))
141 {
142 rb_setselect(F, RB_SELECT_READ, read_ident_reply, auth);
143 return;
144 }
145
146 if(len > 0)
147 {
148 if((s = get_valid_ident(buf)) != NULL)
149 {
150 t = auth->username;
151
152 while (*s == '~' || *s == '^')
153 s++;
154
155 for (count = USERLEN; *s && count; s++)
156 {
157 if(*s == '@' || *s == '\r' || *s == '\n')
158 break;
159
160 if(*s != ' ' && *s != ':' && *s != '[')
161 {
162 *t++ = *s;
163 count--;
164 }
165 }
166 *t = '\0';
167 }
168 else
169 message = REPORT_INVALID;
170 }
171
172 if(s == NULL)
173 client_fail(auth, message);
174 else
175 client_success(auth);
176 }
177
178 static void
179 client_fail(struct auth_client *auth, ident_message report)
180 {
181 struct ident_query *query = auth->data[PROVIDER_IDENT];
182
183 if(query == NULL)
184 return;
185
186 rb_strlcpy(auth->username, "*", sizeof(auth->username));
187
188 if(query->F != NULL)
189 rb_close(query->F);
190
191 rb_free(query);
192 auth->data[PROVIDER_IDENT] = NULL;
193 auth->timeout[PROVIDER_IDENT] = 0;
194
195 notice_client(auth->cid, messages[report]);
196 provider_done(auth, PROVIDER_IDENT);
197 }
198
199 static void
200 client_success(struct auth_client *auth)
201 {
202 struct ident_query *query = auth->data[PROVIDER_IDENT];
203
204 if(query == NULL)
205 return;
206
207 if(query->F != NULL)
208 rb_close(query->F);
209
210 rb_free(query);
211 auth->data[PROVIDER_IDENT] = NULL;
212 auth->timeout[PROVIDER_IDENT] = 0;
213
214 notice_client(auth->cid, messages[REPORT_FOUND]);
215 provider_done(auth, PROVIDER_IDENT);
216 }
217
218 /* get_valid_ident
219 * parse ident query reply from identd server
220 *
221 * Taken from old s_auth.c --Elizafox
222 *
223 * Inputs - pointer to ident buf
224 * Outputs - NULL if no valid ident found, otherwise pointer to name
225 * Side effects - None
226 */
227 static char *
228 get_valid_ident(char *buf)
229 {
230 int remp = 0;
231 int locp = 0;
232 char *colon1Ptr;
233 char *colon2Ptr;
234 char *colon3Ptr;
235 char *commaPtr;
236 char *remotePortString;
237
238 /* All this to get rid of a sscanf() fun. */
239 remotePortString = buf;
240
241 colon1Ptr = strchr(remotePortString, ':');
242 if(!colon1Ptr)
243 return NULL;
244
245 *colon1Ptr = '\0';
246 colon1Ptr++;
247 colon2Ptr = strchr(colon1Ptr, ':');
248 if(!colon2Ptr)
249 return NULL;
250
251 *colon2Ptr = '\0';
252 colon2Ptr++;
253 commaPtr = strchr(remotePortString, ',');
254
255 if(!commaPtr)
256 return NULL;
257
258 *commaPtr = '\0';
259 commaPtr++;
260
261 remp = atoi(remotePortString);
262 if(!remp)
263 return NULL;
264
265 locp = atoi(commaPtr);
266 if(!locp)
267 return NULL;
268
269 /* look for USERID bordered by first pair of colons */
270 if(!strstr(colon1Ptr, "USERID"))
271 return NULL;
272
273 colon3Ptr = strchr(colon2Ptr, ':');
274 if(!colon3Ptr)
275 return NULL;
276
277 *colon3Ptr = '\0';
278 colon3Ptr++;
279 return (colon3Ptr);
280 }
281
282 static void
283 ident_destroy(void)
284 {
285 struct auth_client *auth;
286 rb_dictionary_iter iter;
287
288 /* Nuke all ident queries */
289 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
290 {
291 if(auth->data[PROVIDER_IDENT] != NULL)
292 client_fail(auth, REPORT_FAIL);
293 }
294 }
295
296 static bool
297 ident_start(struct auth_client *auth)
298 {
299 struct ident_query *query = rb_malloc(sizeof(struct ident_query));
300 struct rb_sockaddr_storage l_addr, c_addr;
301 int family = GET_SS_FAMILY(&auth->c_addr);
302
303 if(auth->data[PROVIDER_IDENT] != NULL)
304 {
305 set_provider_done(auth, PROVIDER_IDENT); /* for blacklists */
306 return true;
307 }
308 else if(!ident_enable)
309 {
310 notice_client(auth->cid, messages[REPORT_DISABLED]);
311 set_provider_done(auth, PROVIDER_IDENT);
312 return true;
313 }
314
315 notice_client(auth->cid, messages[REPORT_LOOKUP]);
316
317 auth->data[PROVIDER_IDENT] = query;
318 auth->timeout[PROVIDER_IDENT] = rb_current_time() + ident_timeout;
319
320 if((query->F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
321 {
322 warn_opers(L_DEBUG, "Could not create ident socket: %s", strerror(errno));
323 client_fail(auth, REPORT_FAIL);
324 return true; /* Not a fatal error */
325 }
326
327 /* Build sockaddr_storages for rb_connect_tcp below */
328 l_addr = auth->l_addr;
329 c_addr = auth->c_addr;
330
331 SET_SS_PORT(&l_addr, 0);
332 SET_SS_PORT(&c_addr, htons(113));
333
334 rb_connect_tcp(query->F, (struct sockaddr *)&c_addr,
335 (struct sockaddr *)&l_addr,
336 GET_SS_LEN(&l_addr), ident_connected,
337 auth, ident_timeout);
338
339 set_provider_on(auth, PROVIDER_IDENT);
340
341 return true;
342 }
343
344 static void
345 ident_cancel(struct auth_client *auth)
346 {
347 struct ident_query *query = auth->data[PROVIDER_IDENT];
348
349 if(query != NULL)
350 client_fail(auth, REPORT_FAIL);
351 }
352
353 static void
354 add_conf_ident_timeout(const char *key __unused, int parc __unused, const char **parv)
355 {
356 int timeout = atoi(parv[0]);
357
358 if(timeout < 0)
359 {
360 warn_opers(L_CRIT, "Ident: ident timeout < 0 (value: %d)", timeout);
361 exit(EX_PROVIDER_ERROR);
362 }
363
364 ident_timeout = timeout;
365 }
366
367 static void
368 set_ident_enabled(const char *key __unused, int parc __unused, const char **parv)
369 {
370 ident_enable = (*parv[0] == '1');
371 }
372
373 struct auth_opts_handler ident_options[] =
374 {
375 { "ident_timeout", 1, add_conf_ident_timeout },
376 { "ident_enabled", 1, set_ident_enabled },
377 { NULL, 0, NULL },
378 };
379
380
381 struct auth_provider ident_provider =
382 {
383 .id = PROVIDER_IDENT,
384 .start = ident_start,
385 .destroy = ident_destroy,
386 .cancel = ident_cancel,
387 .timeout = ident_cancel,
388 .opt_handlers = ident_options,
389 };
Fork of solanum ircd, history is rebased regularly