* --Elizafox, 9 March 2016
*/
+#include "stdinc.h"
#include "rb_dictionary.h"
#include "authd.h"
#include "provider.h"
#include "notice.h"
+static EVH provider_timeout_event;
+
rb_dlink_list auth_providers;
/* Clients waiting */
rb_dictionary *auth_clients;
+static struct ev_entry *timeout_ev;
+
/* Load a provider */
void
load_provider(struct auth_provider *provider)
{
if(rb_dlink_list_length(&auth_providers) >= MAX_PROVIDERS)
{
- warn_opers(L_CRIT, "Exceeded maximum level of authd providers (%d max)", MAX_PROVIDERS);
+ warn_opers(L_WARN, "provider: cannot load provider with id %d: maximum reached (%d)",
+ provider->id, MAX_PROVIDERS);
return;
}
if(provider->stats_handler.letter != '\0')
authd_stat_handlers[provider->stats_handler.letter] = provider->stats_handler.handler;
- provider->init();
- rb_dlinkAdd(provider, &provider->node, &auth_providers);
+ if(provider->init != NULL)
+ provider->init();
+
+ rb_dlinkAddTail(provider, &provider->node, &auth_providers);
}
void
if(provider->stats_handler.letter != '\0')
authd_stat_handlers[provider->stats_handler.letter] = NULL;
- provider->destroy();
+ if(provider->destroy != NULL)
+ provider->destroy();
+
rb_dlinkDelete(&provider->node, &auth_providers);
}
init_providers(void)
{
auth_clients = rb_dictionary_create("pending auth clients", rb_uint32cmp);
+ timeout_ev = rb_event_addish("provider_timeout_event", provider_timeout_event, NULL, 1);
load_provider(&rdns_provider);
load_provider(&ident_provider);
load_provider(&blacklist_provider);
+ load_provider(&opm_provider);
}
/* Terminate all providers */
if(provider->destroy)
provider->destroy();
}
+
+ rb_event_delete(timeout_ev);
}
/* Cancel outstanding providers for a client */
{
provider = ptr->data;
- if(provider->completed && is_provider_on(auth, provider->id))
+ if(provider->completed != NULL && is_provider_on(auth, provider->id))
/* Notify pending clients who asked for it */
provider->completed(auth, id);
}
/* Reject a client - WARNING: do not use auth instance after calling! */
void
-reject_client(struct auth_client *auth, provider_t id, const char *data, const char *reason)
+reject_client(struct auth_client *auth, provider_t id, const char *data, const char *fmt, ...)
{
char reject;
+ char buf[BUFSIZE];
+ va_list args;
switch(id)
{
case PROVIDER_BLACKLIST:
reject = 'B';
break;
+ case PROVIDER_OPM:
+ reject = 'O';
+ break;
default:
reject = 'N';
break;
if(data == NULL)
data = "*";
+ va_start(args, fmt);
+ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+
/* We send back username and hostname in case ircd wants to overrule our decision.
* In the future this may not be the case.
* --Elizafox
*/
- rb_helper_write(authd_helper, "R %x %c %s %s %s :%s", auth->cid, reject, auth->username, auth->hostname, data, reason);
+ rb_helper_write(authd_helper, "R %x %c %s %s %s :%s", auth->cid, reject, auth->username, auth->hostname, data, buf);
set_provider_off(auth, id);
cancel_providers(auth);
void
accept_client(struct auth_client *auth, provider_t id)
{
- uint32_t cid = auth->cid;
-
rb_helper_write(authd_helper, "A %x %s %s", auth->cid, auth->username, auth->hostname);
set_provider_off(auth, id);
rb_dictionary_add(auth_clients, RB_UINT_TO_POINTER(auth->cid), auth);
else
{
- warn_opers(L_CRIT, "BUG: duplicate client added via start_auth: %x", auth->cid);
- rb_free(auth);
- return;
+ warn_opers(L_CRIT, "provider: duplicate client added via start_auth: %x", auth->cid);
+ exit(EX_PROVIDER_ERROR);
}
rb_strlcpy(auth->l_ip, l_ip, sizeof(auth->l_ip));
auth->l_port = (uint16_t)atoi(l_port); /* should be safe */
(void) rb_inet_pton_sock(l_ip, (struct sockaddr *)&auth->l_addr);
+ SET_SS_PORT(&auth->l_addr, htons(auth->l_port));
rb_strlcpy(auth->c_ip, c_ip, sizeof(auth->c_ip));
auth->c_port = (uint16_t)atoi(c_port);
(void) rb_inet_pton_sock(c_ip, (struct sockaddr *)&auth->c_addr);
+ SET_SS_PORT(&auth->c_addr, htons(auth->c_port));
-#ifdef RB_IPV6
- if(GET_SS_FAMILY(&auth->l_addr) == AF_INET6)
- ((struct sockaddr_in6 *)&auth->l_addr)->sin6_port = htons(auth->l_port);
- else
-#endif
- ((struct sockaddr_in *)&auth->l_addr)->sin_port = htons(auth->l_port);
-
-#ifdef RB_IPV6
- if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6)
- ((struct sockaddr_in6 *)&auth->c_addr)->sin6_port = htons(auth->c_port);
- else
-#endif
- ((struct sockaddr_in *)&auth->c_addr)->sin_port = htons(auth->c_port);
+ rb_strlcpy(auth->hostname, "*", sizeof(auth->hostname));
+ rb_strlcpy(auth->username, "*", sizeof(auth->username));
memset(auth->data, 0, sizeof(auth->data));
{
if(parc < 6)
{
- warn_opers(L_CRIT, "BUG: received too few params for new connection (6 expected, got %d)", parc);
- return;
+ warn_opers(L_CRIT, "provider: received too few params for new connection (6 expected, got %d)", parc);
+ exit(EX_PROVIDER_ERROR);
}
start_auth(parv[1], parv[2], parv[3], parv[4], parv[5]);
if(parc < 2)
{
- warn_opers(L_CRIT, "BUG: received too few params for new connection (2 expected, got %d)", parc);
- return;
+ warn_opers(L_CRIT, "provider: received too few params for new connection (2 expected, got %d)", parc);
+ exit(EX_PROVIDER_ERROR);
}
if((lcid = strtol(parv[1], NULL, 16)) > UINT32_MAX)
{
- warn_opers(L_CRIT, "BUG: got a request to cancel a connection that can't exist: %lx", lcid);
- return;
+ warn_opers(L_CRIT, "provider: got a request to cancel a connection that can't exist: %lx", lcid);
+ exit(EX_PROVIDER_ERROR);
}
if((auth = rb_dictionary_retrieve(auth_clients, RB_UINT_TO_POINTER((uint32_t)lcid))) == NULL)
{
- warn_opers(L_CRIT, "BUG: tried to cancel nonexistent connection %lx", lcid);
+ /* This could happen as a race if we've accepted/rejected but they cancel, so don't die here.
+ * --Elizafox */
return;
}
cancel_providers(auth);
}
+
+static void
+provider_timeout_event(void *notused __unused)
+{
+ struct auth_client *auth;
+ rb_dictionary_iter iter;
+ const time_t curtime = rb_current_time();
+
+ RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
+ {
+ rb_dlink_node *ptr;
+
+ RB_DLINK_FOREACH(ptr, auth_providers.head)
+ {
+ struct auth_provider *provider = ptr->data;
+ const time_t timeout = auth->timeout[provider->id];
+
+ if(is_provider_on(auth, provider->id) && provider->timeout != NULL &&
+ timeout > 0 && timeout < curtime)
+ {
+ provider->timeout(auth);
+ }
+ }
+ }
+}