authd/providers/ident.c

   1 /* authd/providers/ident.c - ident lookup provider for authd
   2  * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
   3  *
   4  * Permission to use, copy, modify, and/or distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice is present in all copies.
   7  *
   8  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   9  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  10  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  11  * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
  12  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  13  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  14  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  15  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  16  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
  17  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  18  * POSSIBILITY OF SUCH DAMAGE.
  19  */
  20
  21 #include "stdinc.h"
  22 #include "match.h"
  23 #include "authd.h"
  24 #include "notice.h"
  25 #include "provider.h"
  26 #include "res.h"
  27
  28 #define IDENT_BUFSIZE 128
  29
  30 struct ident_query
  31 {
  32         time_t timeout;                         /* Timeout interval */
  33         rb_fde_t *F;                            /* Our FD */
  34 };
  35
  36 /* Goinked from old s_auth.c --Elizafox */
  37 static const char *messages[] =
  38 {
  39         ":*** Checking Ident",
  40         ":*** Got Ident response",
  41         ":*** No Ident response",
  42 };
  43
  44 typedef enum
  45 {
  46         REPORT_LOOKUP,
  47         REPORT_FOUND,
  48         REPORT_FAIL,
  49 } ident_message;
  50
  51 static EVH timeout_ident_queries_event;
  52 static CNCB ident_connected;
  53 static PF read_ident_reply;
  54
  55 static void client_fail(struct auth_client *auth, ident_message message);
  56 static void client_success(struct auth_client *auth);
  57 static char * get_valid_ident(char *buf);
  58
  59 static struct ev_entry *timeout_ev;
  60 static int ident_timeout = 5;
  61
  62
  63 bool ident_init(void)
  64 {
  65         timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
  66         return (timeout_ev != NULL);
  67 }
  68
  69 void ident_destroy(void)
  70 {
  71         struct auth_client *auth;
  72         rb_dictionary_iter iter;
  73
  74         /* Nuke all ident queries */
  75         RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
  76         {
  77                 if(auth->data[PROVIDER_IDENT] != NULL)
  78                         client_fail(auth, REPORT_FAIL);
  79         }
  80 }
  81
  82 bool ident_start(struct auth_client *auth)
  83 {
  84         struct ident_query *query = rb_malloc(sizeof(struct ident_query));
  85         struct rb_sockaddr_storage l_addr, c_addr;
  86         int family;
  87         rb_fde_t *F;
  88
  89         auth->data[PROVIDER_IDENT] = query;
  90         query->timeout = rb_current_time() + ident_timeout;
  91
  92         if((F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
  93         {
  94                 client_fail(auth, REPORT_FAIL);
  95                 return true;    /* Not a fatal error */
  96         }
  97
  98         query->F = F;
  99
 100         /* Build sockaddr_storages for rb_connect_tcp below */
 101         memcpy(&l_addr, &auth->l_addr, sizeof(l_addr));
 102         memcpy(&c_addr, &auth->c_addr, sizeof(c_addr));
 103
 104         /* Set the ports correctly */
 105 #ifdef RB_IPV6
 106         if(GET_SS_FAMILY(&l_addr) == AF_INET6)
 107                 ((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
 108         else
 109 #endif
 110                 ((struct sockaddr_in *)&l_addr)->sin_port = 0;
 111
 112 #ifdef RB_IPV6
 113         if(GET_SS_FAMILY(&c_addr) == AF_INET6)
 114                 ((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
 115         else
 116 #endif
 117                 ((struct sockaddr_in *)&c_addr)->sin_port = htons(113);
 118
 119         rb_connect_tcp(F, (struct sockaddr *)&c_addr,
 120                         (struct sockaddr *)&l_addr,
 121                         GET_SS_LEN(&l_addr), ident_connected,
 122                         query, ident_timeout);
 123
 124         notice_client(auth->cid, messages[REPORT_LOOKUP]);
 125         set_provider_on(auth, PROVIDER_IDENT);
 126
 127         return true;
 128 }
 129
 130 void ident_cancel(struct auth_client *auth)
 131 {
 132         struct ident_query *query = auth->data[PROVIDER_IDENT];
 133
 134         if(query != NULL)
 135                 client_fail(auth, REPORT_FAIL);
 136 }
 137
 138 /* Timeout outstanding queries */
 139 static void timeout_ident_queries_event(void *notused)
 140 {
 141         struct auth_client *auth;
 142         rb_dictionary_iter iter;
 143
 144         RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 145         {
 146                 struct ident_query *query = auth->data[PROVIDER_IDENT];
 147
 148                 if(query != NULL && query->timeout < rb_current_time())
 149                         client_fail(auth, REPORT_FAIL);
 150         }
 151 }
 152
 153 /*
 154  * ident_connected() - deal with the result of rb_connect_tcp()
 155  *
 156  * If the connection failed, we simply close the auth fd and report
 157  * a failure. If the connection suceeded send the ident server a query
 158  * giving "theirport , ourport". The write is only attempted *once* so
 159  * it is deemed to be a fail if the entire write doesn't write all the
 160  * data given.  This shouldnt be a problem since the socket should have
 161  * a write buffer far greater than this message to store it in should
 162  * problems arise. -avalon
 163  */
 164 static void ident_connected(rb_fde_t *F, int error, void *data)
 165 {
 166         struct auth_client *auth = data;
 167         struct ident_query *query = auth->data[PROVIDER_IDENT];
 168         char authbuf[32];
 169         int authlen;
 170
 171         /* Check the error */
 172         if(error != RB_OK)
 173         {
 174                 /* We had an error during connection :( */
 175                 client_fail(auth, REPORT_FAIL);
 176                 return;
 177         }
 178
 179         snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
 180                         auth->c_port, auth->l_port);
 181         authlen = strlen(authbuf);
 182
 183         if(rb_write(query->F, authbuf, authlen) != authlen)
 184         {
 185                 client_fail(auth, REPORT_FAIL);
 186                 return;
 187         }
 188
 189         read_ident_reply(query->F, auth);
 190 }
 191
 192 static void
 193 read_ident_reply(rb_fde_t *F, void *data)
 194 {
 195         struct auth_client *auth = data;
 196         struct ident_query *query = auth->data[PROVIDER_IDENT];
 197         char *s = NULL;
 198         char *t = NULL;
 199         int len;
 200         int count;
 201         char buf[IDENT_BUFSIZE + 1];    /* buffer to read auth reply into */
 202
 203         len = rb_read(F, buf, IDENT_BUFSIZE);
 204         if(len < 0 && rb_ignore_errno(errno))
 205         {
 206                 rb_setselect(F, RB_SELECT_READ, read_ident_reply, query);
 207                 return;
 208         }
 209
 210         if(len > 0)
 211         {
 212                 buf[len] = '\0';
 213
 214                 if((s = get_valid_ident(buf)))
 215                 {
 216                         t = auth->username;
 217
 218                         while (*s == '~' || *s == '^')
 219                                 s++;
 220
 221                         for (count = USERLEN; *s && count; s++)
 222                         {
 223                                 if(*s == '@')
 224                                 {
 225                                         break;
 226                                 }
 227                                 if(*s != ' ' && *s != ':' && *s != '[')
 228                                 {
 229                                         *t++ = *s;
 230                                         count--;
 231                                 }
 232                         }
 233                         *t = '\0';
 234                 }
 235         }
 236
 237         if(s == NULL)
 238                 client_fail(auth, REPORT_FAIL);
 239         else
 240                 client_success(auth);
 241 }
 242
 243 static void client_fail(struct auth_client *auth, ident_message report)
 244 {
 245         struct ident_query *query = auth->data[PROVIDER_IDENT];
 246
 247         rb_strlcpy(auth->username, "*", sizeof(auth->username));
 248
 249         rb_close(query->F);
 250         rb_free(query);
 251         auth->data[PROVIDER_IDENT] = NULL;
 252
 253         notice_client(auth->cid, messages[report]);
 254         provider_done(auth, PROVIDER_IDENT);
 255 }
 256
 257 static void client_success(struct auth_client *auth)
 258 {
 259         struct ident_query *query = auth->data[PROVIDER_IDENT];
 260
 261         rb_close(query->F);
 262         rb_free(query);
 263         auth->data[PROVIDER_IDENT] = NULL;
 264
 265         notice_client(auth->cid, messages[REPORT_FOUND]);
 266         provider_done(auth, PROVIDER_IDENT);
 267 }
 268
 269 /* get_valid_ident
 270  * parse ident query reply from identd server
 271  *
 272  * Torn out of old s_auth.c because there was nothing wrong with it
 273  * --Elizafox
 274  *
 275  * Inputs       - pointer to ident buf
 276  * Outputs      - NULL if no valid ident found, otherwise pointer to name
 277  * Side effects - None
 278  */
 279 static char *
 280 get_valid_ident(char *buf)
 281 {
 282         int remp = 0;
 283         int locp = 0;
 284         char *colon1Ptr;
 285         char *colon2Ptr;
 286         char *colon3Ptr;
 287         char *commaPtr;
 288         char *remotePortString;
 289
 290         /* All this to get rid of a sscanf() fun. */
 291         remotePortString = buf;
 292
 293         colon1Ptr = strchr(remotePortString, ':');
 294         if(!colon1Ptr)
 295                 return 0;
 296
 297         *colon1Ptr = '\0';
 298         colon1Ptr++;
 299         colon2Ptr = strchr(colon1Ptr, ':');
 300         if(!colon2Ptr)
 301                 return 0;
 302
 303         *colon2Ptr = '\0';
 304         colon2Ptr++;
 305         commaPtr = strchr(remotePortString, ',');
 306
 307         if(!commaPtr)
 308                 return 0;
 309
 310         *commaPtr = '\0';
 311         commaPtr++;
 312
 313         remp = atoi(remotePortString);
 314         if(!remp)
 315                 return 0;
 316
 317         locp = atoi(commaPtr);
 318         if(!locp)
 319                 return 0;
 320
 321         /* look for USERID bordered by first pair of colons */
 322         if(!strstr(colon1Ptr, "USERID"))
 323                 return 0;
 324
 325         colon3Ptr = strchr(colon2Ptr, ':');
 326         if(!colon3Ptr)
 327                 return 0;
 328
 329         *colon3Ptr = '\0';
 330         colon3Ptr++;
 331         return (colon3Ptr);
 332 }
 333
 334
 335 struct auth_provider ident_provider =
 336 {
 337         .id = PROVIDER_IDENT,
 338         .init = ident_init,
 339         .destroy = ident_destroy,
 340         .start = ident_start,
 341         .cancel = ident_cancel,
 342         .completed = NULL,
 343 };