]> jfr.im git - solanum.git/blob - authd/providers/ident.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
providers/ident: more aggressive NULL checks
[solanum.git] / authd / providers / ident.c
1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
7 *
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
19 */
20
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
23 *
24 * --Elizafox 13 March 2016
25 */
26
27 #include "stdinc.h"
28 #include "match.h"
29 #include "authd.h"
30 #include "notice.h"
31 #include "provider.h"
32 #include "res.h"
33
34 #define IDENT_BUFSIZE 128
35
36 struct ident_query
37 {
38 time_t timeout; /* Timeout interval */
39 rb_fde_t *F; /* Our FD */
40 };
41
42 /* Goinked from old s_auth.c --Elizafox */
43 static const char *messages[] =
44 {
45 "*** Checking Ident",
46 "*** Got Ident response",
47 "*** No Ident response",
48 };
49
50 typedef enum
51 {
52 REPORT_LOOKUP,
53 REPORT_FOUND,
54 REPORT_FAIL,
55 } ident_message;
56
57 static EVH timeout_ident_queries_event;
58 static CNCB ident_connected;
59 static PF read_ident_reply;
60
61 static void client_fail(struct auth_client *auth, ident_message message);
62 static void client_success(struct auth_client *auth);
63 static char * get_valid_ident(char *buf);
64
65 static struct ev_entry *timeout_ev;
66 static int ident_timeout = 5;
67
68
69 /* Timeout outstanding queries */
70 static void
71 timeout_ident_queries_event(void *notused)
72 {
73 struct auth_client *auth;
74 rb_dictionary_iter iter;
75
76 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
77 {
78 struct ident_query *query = auth->data[PROVIDER_IDENT];
79
80 if(query != NULL && query->timeout < rb_current_time())
81 client_fail(auth, REPORT_FAIL);
82 }
83 }
84
85 /*
86 * ident_connected() - deal with the result of rb_connect_tcp()
87 *
88 * If the connection failed, we simply close the auth fd and report
89 * a failure. If the connection suceeded send the ident server a query
90 * giving "theirport , ourport". The write is only attempted *once* so
91 * it is deemed to be a fail if the entire write doesn't write all the
92 * data given. This shouldnt be a problem since the socket should have
93 * a write buffer far greater than this message to store it in should
94 * problems arise. -avalon
95 */
96 static void
97 ident_connected(rb_fde_t *F, int error, void *data)
98 {
99 struct auth_client *auth = data;
100 struct ident_query *query = auth->data[PROVIDER_IDENT];
101 char authbuf[32];
102 int authlen;
103
104 if(query == NULL)
105 return;
106
107 /* Check the error */
108 if(error != RB_OK)
109 {
110 /* We had an error during connection :( */
111 client_fail(auth, REPORT_FAIL);
112 return;
113 }
114
115 snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
116 auth->c_port, auth->l_port);
117 authlen = strlen(authbuf);
118
119 if(rb_write(query->F, authbuf, authlen) != authlen)
120 {
121 client_fail(auth, REPORT_FAIL);
122 return;
123 }
124
125 read_ident_reply(query->F, auth);
126 }
127
128 static void
129 read_ident_reply(rb_fde_t *F, void *data)
130 {
131 struct auth_client *auth = data;
132 struct ident_query *query = auth->data[PROVIDER_IDENT];
133 char *s = NULL;
134 char *t = NULL;
135 int len;
136 int count;
137 char buf[IDENT_BUFSIZE + 1]; /* buffer to read auth reply into */
138
139 if(query == NULL)
140 return;
141
142 len = rb_read(F, buf, IDENT_BUFSIZE);
143 if(len < 0 && rb_ignore_errno(errno))
144 {
145 rb_setselect(F, RB_SELECT_READ, read_ident_reply, query);
146 return;
147 }
148
149 if(len > 0)
150 {
151 buf[len] = '\0';
152
153 if((s = get_valid_ident(buf)))
154 {
155 t = auth->username;
156
157 while (*s == '~' || *s == '^')
158 s++;
159
160 for (count = USERLEN; *s && count; s++)
161 {
162 if(*s == '@')
163 {
164 break;
165 }
166 if(*s != ' ' && *s != ':' && *s != '[')
167 {
168 *t++ = *s;
169 count--;
170 }
171 }
172 *t = '\0';
173 }
174 }
175
176 if(s == NULL)
177 client_fail(auth, REPORT_FAIL);
178 else
179 client_success(auth);
180 }
181
182 static void
183 client_fail(struct auth_client *auth, ident_message report)
184 {
185 struct ident_query *query = auth->data[PROVIDER_IDENT];
186
187 if(query == NULL)
188 return;
189
190 rb_strlcpy(auth->username, "*", sizeof(auth->username));
191
192 if(query->F != NULL)
193 rb_close(query->F);
194
195 rb_free(query);
196 auth->data[PROVIDER_IDENT] = NULL;
197
198 notice_client(auth->cid, messages[report]);
199 provider_done(auth, PROVIDER_IDENT);
200 }
201
202 static void
203 client_success(struct auth_client *auth)
204 {
205 struct ident_query *query = auth->data[PROVIDER_IDENT];
206
207 if(query == NULL)
208 return;
209
210 if(query->F != NULL)
211 rb_close(query->F);
212
213 rb_free(query);
214 auth->data[PROVIDER_IDENT] = NULL;
215
216 notice_client(auth->cid, messages[REPORT_FOUND]);
217 provider_done(auth, PROVIDER_IDENT);
218 }
219
220 /* get_valid_ident
221 * parse ident query reply from identd server
222 *
223 * Taken from old s_auth.c --Elizafox
224 *
225 * Inputs - pointer to ident buf
226 * Outputs - NULL if no valid ident found, otherwise pointer to name
227 * Side effects - None
228 */
229 static char *
230 get_valid_ident(char *buf)
231 {
232 int remp = 0;
233 int locp = 0;
234 char *colon1Ptr;
235 char *colon2Ptr;
236 char *colon3Ptr;
237 char *commaPtr;
238 char *remotePortString;
239
240 /* All this to get rid of a sscanf() fun. */
241 remotePortString = buf;
242
243 colon1Ptr = strchr(remotePortString, ':');
244 if(!colon1Ptr)
245 return 0;
246
247 *colon1Ptr = '\0';
248 colon1Ptr++;
249 colon2Ptr = strchr(colon1Ptr, ':');
250 if(!colon2Ptr)
251 return 0;
252
253 *colon2Ptr = '\0';
254 colon2Ptr++;
255 commaPtr = strchr(remotePortString, ',');
256
257 if(!commaPtr)
258 return 0;
259
260 *commaPtr = '\0';
261 commaPtr++;
262
263 remp = atoi(remotePortString);
264 if(!remp)
265 return 0;
266
267 locp = atoi(commaPtr);
268 if(!locp)
269 return 0;
270
271 /* look for USERID bordered by first pair of colons */
272 if(!strstr(colon1Ptr, "USERID"))
273 return 0;
274
275 colon3Ptr = strchr(colon2Ptr, ':');
276 if(!colon3Ptr)
277 return 0;
278
279 *colon3Ptr = '\0';
280 colon3Ptr++;
281 return (colon3Ptr);
282 }
283
284 static bool
285 ident_init(void)
286 {
287 timeout_ev = rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event, NULL, 1);
288 return (timeout_ev != NULL);
289 }
290
291 static void
292 ident_destroy(void)
293 {
294 struct auth_client *auth;
295 rb_dictionary_iter iter;
296
297 /* Nuke all ident queries */
298 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
299 {
300 if(auth->data[PROVIDER_IDENT] != NULL)
301 client_fail(auth, REPORT_FAIL);
302 }
303 }
304
305 static bool ident_start(struct auth_client *auth)
306 {
307 struct ident_query *query = rb_malloc(sizeof(struct ident_query));
308 struct rb_sockaddr_storage l_addr, c_addr;
309 int family = GET_SS_FAMILY(&auth->c_addr);
310
311 notice_client(auth->cid, messages[REPORT_LOOKUP]);
312
313 auth->data[PROVIDER_IDENT] = query;
314 query->timeout = rb_current_time() + ident_timeout;
315
316 if((query->F = rb_socket(family, SOCK_STREAM, 0, "ident")) == NULL)
317 {
318 warn_opers(L_DEBUG, "Could not create ident socket: %s", strerror(errno));
319 client_fail(auth, REPORT_FAIL);
320 return true; /* Not a fatal error */
321 }
322
323 /* Build sockaddr_storages for rb_connect_tcp below */
324 memcpy(&l_addr, &auth->l_addr, sizeof(l_addr));
325 memcpy(&c_addr, &auth->c_addr, sizeof(c_addr));
326
327 /* Set the ports correctly */
328 #ifdef RB_IPV6
329 if(GET_SS_FAMILY(&l_addr) == AF_INET6)
330 ((struct sockaddr_in6 *)&l_addr)->sin6_port = 0;
331 else
332 #endif
333 ((struct sockaddr_in *)&l_addr)->sin_port = 0;
334
335 #ifdef RB_IPV6
336 if(GET_SS_FAMILY(&c_addr) == AF_INET6)
337 ((struct sockaddr_in6 *)&c_addr)->sin6_port = htons(113);
338 else
339 #endif
340 ((struct sockaddr_in *)&c_addr)->sin_port = htons(113);
341
342 rb_connect_tcp(query->F, (struct sockaddr *)&c_addr,
343 (struct sockaddr *)&l_addr,
344 GET_SS_LEN(&l_addr), ident_connected,
345 query, ident_timeout);
346
347 set_provider_on(auth, PROVIDER_IDENT);
348
349 return true;
350 }
351
352 static void
353 ident_cancel(struct auth_client *auth)
354 {
355 struct ident_query *query = auth->data[PROVIDER_IDENT];
356
357 if(query != NULL)
358 client_fail(auth, REPORT_FAIL);
359 }
360
361 static void
362 add_conf_ident_timeout(const char *key, int parc, const char **parv)
363 {
364 int timeout = atoi(parv[0]);
365
366 if(timeout < 0)
367 {
368 warn_opers(L_CRIT, "BUG: ident timeout < 0 (value: %d)", timeout);
369 return;
370 }
371
372 ident_timeout = timeout;
373 }
374
375 struct auth_opts_handler ident_options[] =
376 {
377 { "ident_timeout", 1, add_conf_ident_timeout },
378 { NULL, 0, NULL },
379 };
380
381
382 struct auth_provider ident_provider =
383 {
384 .id = PROVIDER_IDENT,
385 .init = ident_init,
386 .destroy = ident_destroy,
387 .start = ident_start,
388 .cancel = ident_cancel,
389 .completed = NULL,
390 .opt_handlers = ident_options,
391 };
Fork of solanum ircd, history is rebased regularly