1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
24 * --Elizafox 13 March 2016
34 #define IDENT_BUFSIZE 128
38 time_t timeout
; /* Timeout interval */
39 rb_fde_t
*F
; /* Our FD */
42 /* Goinked from old s_auth.c --Elizafox */
43 static const char *messages
[] =
46 "*** Got Ident response",
47 "*** No Ident response",
57 static EVH timeout_ident_queries_event
;
58 static CNCB ident_connected
;
59 static PF read_ident_reply
;
61 static void client_fail(struct auth_client
*auth
, ident_message message
);
62 static void client_success(struct auth_client
*auth
);
63 static char * get_valid_ident(char *buf
);
65 static struct ev_entry
*timeout_ev
;
66 static int ident_timeout
= 5;
69 /* Timeout outstanding queries */
71 timeout_ident_queries_event(void *notused
)
73 struct auth_client
*auth
;
74 rb_dictionary_iter iter
;
76 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
78 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
80 if(query
!= NULL
&& query
->timeout
< rb_current_time())
81 client_fail(auth
, REPORT_FAIL
);
86 * ident_connected() - deal with the result of rb_connect_tcp()
88 * If the connection failed, we simply close the auth fd and report
89 * a failure. If the connection suceeded send the ident server a query
90 * giving "theirport , ourport". The write is only attempted *once* so
91 * it is deemed to be a fail if the entire write doesn't write all the
92 * data given. This shouldnt be a problem since the socket should have
93 * a write buffer far greater than this message to store it in should
94 * problems arise. -avalon
97 ident_connected(rb_fde_t
*F
, int error
, void *data
)
99 struct auth_client
*auth
= data
;
100 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
107 /* Check the error */
110 /* We had an error during connection :( */
111 client_fail(auth
, REPORT_FAIL
);
115 snprintf(authbuf
, sizeof(authbuf
), "%u , %u\r\n",
116 auth
->c_port
, auth
->l_port
);
117 authlen
= strlen(authbuf
);
119 if(rb_write(query
->F
, authbuf
, authlen
) != authlen
)
121 client_fail(auth
, REPORT_FAIL
);
125 read_ident_reply(query
->F
, auth
);
129 read_ident_reply(rb_fde_t
*F
, void *data
)
131 struct auth_client
*auth
= data
;
132 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
137 char buf
[IDENT_BUFSIZE
+ 1]; /* buffer to read auth reply into */
142 len
= rb_read(F
, buf
, IDENT_BUFSIZE
);
143 if(len
< 0 && rb_ignore_errno(errno
))
145 rb_setselect(F
, RB_SELECT_READ
, read_ident_reply
, query
);
153 if((s
= get_valid_ident(buf
)))
157 while (*s
== '~' || *s
== '^')
160 for (count
= USERLEN
; *s
&& count
; s
++)
166 if(*s
!= ' ' && *s
!= ':' && *s
!= '[')
177 client_fail(auth
, REPORT_FAIL
);
179 client_success(auth
);
183 client_fail(struct auth_client
*auth
, ident_message report
)
185 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
190 rb_strlcpy(auth
->username
, "*", sizeof(auth
->username
));
196 auth
->data
[PROVIDER_IDENT
] = NULL
;
198 notice_client(auth
->cid
, messages
[report
]);
199 provider_done(auth
, PROVIDER_IDENT
);
203 client_success(struct auth_client
*auth
)
205 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
214 auth
->data
[PROVIDER_IDENT
] = NULL
;
216 notice_client(auth
->cid
, messages
[REPORT_FOUND
]);
217 provider_done(auth
, PROVIDER_IDENT
);
221 * parse ident query reply from identd server
223 * Taken from old s_auth.c --Elizafox
225 * Inputs - pointer to ident buf
226 * Outputs - NULL if no valid ident found, otherwise pointer to name
227 * Side effects - None
230 get_valid_ident(char *buf
)
238 char *remotePortString
;
240 /* All this to get rid of a sscanf() fun. */
241 remotePortString
= buf
;
243 colon1Ptr
= strchr(remotePortString
, ':');
249 colon2Ptr
= strchr(colon1Ptr
, ':');
255 commaPtr
= strchr(remotePortString
, ',');
263 remp
= atoi(remotePortString
);
267 locp
= atoi(commaPtr
);
271 /* look for USERID bordered by first pair of colons */
272 if(!strstr(colon1Ptr
, "USERID"))
275 colon3Ptr
= strchr(colon2Ptr
, ':');
287 timeout_ev
= rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event
, NULL
, 1);
288 return (timeout_ev
!= NULL
);
294 struct auth_client
*auth
;
295 rb_dictionary_iter iter
;
297 /* Nuke all ident queries */
298 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
300 if(auth
->data
[PROVIDER_IDENT
] != NULL
)
301 client_fail(auth
, REPORT_FAIL
);
305 static bool ident_start(struct auth_client
*auth
)
307 struct ident_query
*query
= rb_malloc(sizeof(struct ident_query
));
308 struct rb_sockaddr_storage l_addr
, c_addr
;
309 int family
= GET_SS_FAMILY(&auth
->c_addr
);
311 notice_client(auth
->cid
, messages
[REPORT_LOOKUP
]);
313 auth
->data
[PROVIDER_IDENT
] = query
;
314 query
->timeout
= rb_current_time() + ident_timeout
;
316 if((query
->F
= rb_socket(family
, SOCK_STREAM
, 0, "ident")) == NULL
)
318 warn_opers(L_DEBUG
, "Could not create ident socket: %s", strerror(errno
));
319 client_fail(auth
, REPORT_FAIL
);
320 return true; /* Not a fatal error */
323 /* Build sockaddr_storages for rb_connect_tcp below */
324 memcpy(&l_addr
, &auth
->l_addr
, sizeof(l_addr
));
325 memcpy(&c_addr
, &auth
->c_addr
, sizeof(c_addr
));
327 /* Set the ports correctly */
329 if(GET_SS_FAMILY(&l_addr
) == AF_INET6
)
330 ((struct sockaddr_in6
*)&l_addr
)->sin6_port
= 0;
333 ((struct sockaddr_in
*)&l_addr
)->sin_port
= 0;
336 if(GET_SS_FAMILY(&c_addr
) == AF_INET6
)
337 ((struct sockaddr_in6
*)&c_addr
)->sin6_port
= htons(113);
340 ((struct sockaddr_in
*)&c_addr
)->sin_port
= htons(113);
342 rb_connect_tcp(query
->F
, (struct sockaddr
*)&c_addr
,
343 (struct sockaddr
*)&l_addr
,
344 GET_SS_LEN(&l_addr
), ident_connected
,
345 query
, ident_timeout
);
347 set_provider_on(auth
, PROVIDER_IDENT
);
353 ident_cancel(struct auth_client
*auth
)
355 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
358 client_fail(auth
, REPORT_FAIL
);
362 add_conf_ident_timeout(const char *key
, int parc
, const char **parv
)
364 int timeout
= atoi(parv
[0]);
368 warn_opers(L_CRIT
, "BUG: ident timeout < 0 (value: %d)", timeout
);
372 ident_timeout
= timeout
;
375 struct auth_opts_handler ident_options
[] =
377 { "ident_timeout", 1, add_conf_ident_timeout
},
382 struct auth_provider ident_provider
=
384 .id
= PROVIDER_IDENT
,
386 .destroy
= ident_destroy
,
387 .start
= ident_start
,
388 .cancel
= ident_cancel
,
390 .opt_handlers
= ident_options
,