1 /* authd/provider.c - authentication provider framework
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
21 /* So the basic design here is to have "authentication providers" that do
22 * things like query ident and blacklists and even open proxies.
24 * Providers are registered statically in the struct auth_providers array. You will
25 * probably want to add an item to the provider_t enum also.
27 * Providers can either return failure immediately, immediate acceptance, or
28 * do work in the background (calling set_provider to signal this).
30 * It is up to providers to keep their own state on clients if they need to.
32 * All providers must implement at a minimum a perform_provider function. You
33 * don't have to implement the others if you don't need them.
35 * Providers may kick clients off by rejecting them. Upon rejection, all
36 * providers are cancelled. They can also unconditionally accept them.
38 * When a provider is done and is neutral on accepting/rejecting a client, it
39 * should call provider_done. Do NOT call this if you have accepted or rejected
42 * --Elizafox, 9 March 2016
48 rb_dlink_list auth_providers
;
51 struct auth_client auth_clients
[MAX_CLIENTS
];
54 void load_provider(struct auth_provider
*provider
)
57 rb_dlinkAdd(provider
, &provider
->node
, &auth_providers
);
60 void unload_provider(struct auth_provider
*provider
)
63 rb_dlinkDelete(&provider
->node
, &auth_providers
);
66 /* Initalise all providers */
67 void init_providers(void)
69 load_provider(&rdns_provider
);
70 load_provider(&ident_provider
);
73 /* Terminate all providers */
74 void destroy_providers(void)
77 struct auth_provider
*provider
;
79 /* Cancel outstanding connections */
80 for (size_t i
= 0; i
< MAX_CLIENTS
; i
++)
82 if(auth_clients
[i
].cid
)
84 /* TBD - is this the right thing?
85 * (NOTE - this error message is designed for morons) */
86 reject_client(&auth_clients
[i
], 0,
87 "IRC server reloading... try reconnecting in a few seconds");
91 RB_DLINK_FOREACH(ptr
, auth_providers
.head
)
100 /* Cancel outstanding providers for a client */
101 void cancel_providers(struct auth_client
*auth
)
104 struct auth_provider
*provider
;
106 RB_DLINK_FOREACH(ptr
, auth_providers
.head
)
108 provider
= ptr
->data
;
110 if(provider
->cancel
&& is_provider(auth
, provider
->id
))
111 /* Cancel if required */
112 provider
->cancel(auth
);
116 /* Provider is done */
117 void provider_done(struct auth_client
*auth
, provider_t id
)
120 struct auth_provider
*provider
;
122 unset_provider(auth
, id
);
126 /* No more providers, done */
127 accept_client(auth
, 0);
131 RB_DLINK_FOREACH(ptr
, auth_providers
.head
)
133 provider
= ptr
->data
;
135 if(provider
->completed
&& is_provider(auth
, provider
->id
))
136 /* Notify pending clients who asked for it */
137 provider
->completed(auth
, id
);
141 /* Reject a client, cancel outstanding providers if any */
142 void reject_client(struct auth_client
*auth
, provider_t id
, const char *reason
)
144 uint16_t cid
= auth
->cid
;
155 case PROVIDER_BLACKLIST
:
164 rb_helper_write(authd_helper
, "R %x %c :%s", auth
->cid
, reject
, reason
);
166 unset_provider(auth
, id
);
169 cancel_providers(auth
);
171 memset(&auth_clients
[cid
], 0, sizeof(struct auth_client
));
174 /* Accept a client, cancel outstanding providers if any */
175 void accept_client(struct auth_client
*auth
, provider_t id
)
177 uint16_t cid
= auth
->cid
;
179 rb_helper_write(authd_helper
, "A %x %s %s", auth
->cid
, auth
->username
, auth
->hostname
);
181 unset_provider(auth
, id
);
184 cancel_providers(auth
);
186 memset(&auth_clients
[cid
], 0, sizeof(struct auth_client
));
189 /* Send a notice to a client */
190 void notice_client(struct auth_client
*auth
, const char *notice
)
192 rb_helper_write(authd_helper
, "N %x :%s", auth
->cid
, notice
);
195 /* Begin authenticating user */
196 static void start_auth(const char *cid
, const char *l_ip
, const char *l_port
, const char *c_ip
, const char *c_port
)
199 struct auth_provider
*provider
;
200 struct auth_client
*auth
;
201 long lcid
= strtol(cid
, NULL
, 16);
203 if(lcid
>= MAX_CLIENTS
)
206 auth
= &auth_clients
[lcid
];
208 /* Shouldn't get here */
211 auth
->cid
= (uint16_t)lcid
;
213 (void)rb_inet_pton_sock(l_ip
, (struct sockaddr
*)&auth
->l_addr
);
215 if(GET_SS_FAMILY(&auth
->l_addr
) == AF_INET6
)
216 ((struct sockaddr_in6
*)&auth
->l_addr
)->sin6_port
= htons(atoi(l_ip
));
219 ((struct sockaddr_in
*)&auth
->l_addr
)->sin_port
= htons(atoi(l_ip
));
221 (void)rb_inet_pton_sock(c_ip
, (struct sockaddr
*)&auth
->c_addr
);
223 if(GET_SS_FAMILY(&auth
->c_addr
) == AF_INET6
)
224 ((struct sockaddr_in6
*)&auth
->c_addr
)->sin6_port
= htons(atoi(c_ip
));
227 ((struct sockaddr_in
*)&auth
->c_addr
)->sin_port
= htons(atoi(c_ip
));
230 RB_DLINK_FOREACH(ptr
, auth_providers
.head
)
232 provider
= ptr
->data
;
234 /* Execute providers */
235 if(!provider
->start(auth
))
237 /* Rejected immediately */
238 cancel_providers(auth
);
243 /* If no providers are running, accept the client */
245 accept_client(auth
, 0);
248 /* Callback for the initiation */
249 void handle_new_connection(int parc
, char *parv
[])
254 start_auth(parv
[1], parv
[2], parv
[3], parv
[4], parv
[5]);