X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/a68d9a2b613acfdc255bee7fae62e285c6fe0885..a4da4fe57467231c4e29ffb01c3c3d1692024e51:/authd/provider.c diff --git a/authd/provider.c b/authd/provider.c index 58294488..11991877 100644 --- a/authd/provider.c +++ b/authd/provider.c @@ -48,28 +48,86 @@ #include "stdinc.h" #include "rb_dictionary.h" +#include "rb_lib.h" #include "authd.h" #include "provider.h" #include "notice.h" static EVH provider_timeout_event; -rb_dlink_list auth_providers; - -/* Clients waiting */ rb_dictionary *auth_clients; +rb_dlink_list auth_providers; +static rb_dlink_list free_pids; +static uint32_t pid; static struct ev_entry *timeout_ev; +/* Initalise all providers */ +void +init_providers(void) +{ + auth_clients = rb_dictionary_create("pending auth clients", rb_uint32cmp); + timeout_ev = rb_event_addish("provider_timeout_event", provider_timeout_event, NULL, 1); + + load_provider(&rdns_provider); + load_provider(&ident_provider); + load_provider(&blacklist_provider); + load_provider(&opm_provider); +} + +/* Terminate all providers */ +void +destroy_providers(void) +{ + rb_dlink_node *ptr, *nptr; + rb_dictionary_iter iter; + struct auth_client *auth; + struct auth_provider *provider; + + /* Cancel outstanding connections */ + RB_DICTIONARY_FOREACH(auth, &iter, auth_clients) + { + /* TBD - is this the right thing? */ + reject_client(auth, UINT32_MAX, "destroy", + "Authentication system is down... try reconnecting in a few seconds"); + } + + RB_DLINK_FOREACH_SAFE(ptr, nptr, auth_providers.head) + { + struct auth_provider *provider = ptr->data; + + if(provider->destroy) + provider->destroy(); + + rb_dlinkDelete(ptr, &auth_providers); + } + + rb_dictionary_destroy(auth_clients, NULL, NULL); + rb_event_delete(timeout_ev); +} + /* Load a provider */ void load_provider(struct auth_provider *provider) { - if(rb_dlink_list_length(&auth_providers) >= MAX_PROVIDERS) + /* Assign a PID */ + if(rb_dlink_list_length(&free_pids) > 0) { - warn_opers(L_WARN, "provider: cannot load provider with id %d: maximum reached (%d)", - provider->id, MAX_PROVIDERS); - return; + /* use the free list */ + provider->id = RB_POINTER_TO_UINT(free_pids.head->data); + rb_dlinkDestroy(free_pids.head, &free_pids); + } + else + { + if(pid == UINT32_MAX) + { + /* If this happens, well, I don't know what to say. Probably a bug. + * In any case, UINT32_MAX is a special sentinel. */ + warn_opers(L_WARN, "Cannot load additional provider, max reached!"); + return; + } + + provider->id = pid++; } if(provider->opt_handlers != NULL) @@ -81,12 +139,12 @@ load_provider(struct auth_provider *provider) } if(provider->stats_handler.letter != '\0') - authd_stat_handlers[provider->stats_handler.letter] = provider->stats_handler.handler; + authd_stat_handlers[(unsigned char)provider->stats_handler.letter] = provider->stats_handler.handler; if(provider->init != NULL) provider->init(); - rb_dlinkAddTail(provider, &provider->node, &auth_providers); + rb_dlinkAdd(provider, &provider->node, &auth_providers); } void @@ -101,132 +159,88 @@ unload_provider(struct auth_provider *provider) } if(provider->stats_handler.letter != '\0') - authd_stat_handlers[provider->stats_handler.letter] = NULL; + authd_stat_handlers[(unsigned char)provider->stats_handler.letter] = NULL; if(provider->destroy != NULL) provider->destroy(); rb_dlinkDelete(&provider->node, &auth_providers); -} -/* Initalise all providers */ -void -init_providers(void) -{ - auth_clients = rb_dictionary_create("pending auth clients", rb_uint32cmp); - timeout_ev = rb_event_addish("provider_timeout_event", provider_timeout_event, NULL, 1); - load_provider(&rdns_provider); - load_provider(&ident_provider); - load_provider(&blacklist_provider); - load_provider(&opm_provider); + /* Reclaim ID */ + rb_dlinkAddAlloc(RB_UINT_TO_POINTER(provider->id), &free_pids); } -/* Terminate all providers */ void -destroy_providers(void) +auth_client_free(struct auth_client *auth) { - rb_dlink_node *ptr; - rb_dictionary_iter iter; - struct auth_client *auth; - struct auth_provider *provider; - - /* Cancel outstanding connections */ - RB_DICTIONARY_FOREACH(auth, &iter, auth_clients) - { - /* TBD - is this the right thing? */ - reject_client(auth, -1, "destroy", "Authentication system is down... try reconnecting in a few seconds"); - } - - RB_DLINK_FOREACH(ptr, auth_providers.head) - { - provider = ptr->data; - - if(provider->destroy) - provider->destroy(); - } - - rb_event_delete(timeout_ev); + rb_dictionary_delete(auth_clients, RB_UINT_TO_POINTER(auth->cid)); + rb_free(auth->data); + rb_free(auth); } -/* Cancel outstanding providers for a client */ +/* Cancel outstanding providers for a client (if any). */ void cancel_providers(struct auth_client *auth) { - rb_dlink_node *ptr; - struct auth_provider *provider; + if(auth->providers_cancelled) + return; - RB_DLINK_FOREACH(ptr, auth_providers.head) + auth->providers_cancelled = true; + + if(auth->refcount > 0) { - provider = ptr->data; + rb_dlink_node *ptr; - if(provider->cancel && is_provider_on(auth, provider->id)) - /* Cancel if required */ - provider->cancel(auth); - } + RB_DLINK_FOREACH(ptr, auth_providers.head) + { + struct auth_provider *provider = ptr->data; - rb_dictionary_delete(auth_clients, RB_UINT_TO_POINTER(auth->cid)); - rb_free(auth->data); - rb_free(auth); + if(provider->cancel != NULL && is_provider_running(auth, provider->id)) + /* Cancel if required */ + provider->cancel(auth); + } + } } -/* Provider is done - WARNING: do not use auth instance after calling! */ +/* Provider is done + * WARNING: do not use auth instance after calling! */ void -provider_done(struct auth_client *auth, provider_t id) +provider_done(struct auth_client *auth, uint32_t id) { rb_dlink_node *ptr; - struct auth_provider *provider; - set_provider_off(auth, id); + lrb_assert(is_provider_running(auth, id)); + lrb_assert(id != UINT32_MAX); + lrb_assert(id <= pid); + set_provider_done(auth, id); - if(!auth->providers) + if(auth->refcount == 0 && !auth->providers_starting) { - if(!auth->providers_starting) - /* Only do this when there are no providers left */ - accept_client(auth, -1); + /* All done */ + accept_client(auth, UINT32_MAX); return; } RB_DLINK_FOREACH(ptr, auth_providers.head) { - provider = ptr->data; + struct auth_provider *provider = ptr->data; - if(provider->completed != NULL && is_provider_on(auth, provider->id)) + if(provider->completed != NULL && is_provider_running(auth, provider->id)) /* Notify pending clients who asked for it */ provider->completed(auth, id); } } -/* Reject a client - WARNING: do not use auth instance after calling! */ +/* Reject a client and cancel any outstanding providers + * WARNING: do not use auth instance after calling! */ void -reject_client(struct auth_client *auth, provider_t id, const char *data, const char *fmt, ...) +reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...) { - char reject; + unsigned int refcount = auth->refcount; char buf[BUFSIZE]; va_list args; - switch(id) - { - case PROVIDER_RDNS: - reject = 'D'; - break; - case PROVIDER_IDENT: - reject = 'I'; - break; - case PROVIDER_BLACKLIST: - reject = 'B'; - break; - case PROVIDER_OPM: - reject = 'O'; - break; - default: - reject = 'N'; - break; - } - - if(data == NULL) - data = "*"; - va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); @@ -235,19 +249,29 @@ reject_client(struct auth_client *auth, provider_t id, const char *data, const c * In the future this may not be the case. * --Elizafox */ - rb_helper_write(authd_helper, "R %x %c %s %s %s :%s", auth->cid, reject, auth->username, auth->hostname, data, buf); + rb_helper_write(authd_helper, "R %x %c %s %s %s :%s", + auth->cid, auth->data[id].provider->letter, + auth->username, auth->hostname, + data == NULL ? "*" : data, buf); + + if(id != UINT32_MAX) + set_provider_done(auth, id); - set_provider_off(auth, id); cancel_providers(auth); } -/* Accept a client, cancel outstanding providers if any - WARNING: do nto use auth instance after calling! */ +/* Accept a client and cancel outstanding providers if any + * WARNING: do not use auth instance after calling! */ void -accept_client(struct auth_client *auth, provider_t id) +accept_client(struct auth_client *auth, uint32_t id) { + unsigned int refcount = auth->refcount; + rb_helper_write(authd_helper, "A %x %s %s", auth->cid, auth->username, auth->hostname); - set_provider_off(auth, id); + if(id != UINT32_MAX) + set_provider_done(auth, id); + cancel_providers(auth); } @@ -255,14 +279,14 @@ accept_client(struct auth_client *auth, provider_t id) static void start_auth(const char *cid, const char *l_ip, const char *l_port, const char *c_ip, const char *c_port) { - struct auth_provider *provider; - struct auth_client *auth = rb_malloc(sizeof(struct auth_client)); + struct auth_client *auth; long lcid = strtol(cid, NULL, 16); rb_dlink_node *ptr; if(lcid >= UINT32_MAX) return; + auth = rb_malloc(sizeof(struct auth_client)); auth->cid = (uint32_t)lcid; if(rb_dictionary_find(auth_clients, RB_UINT_TO_POINTER(auth->cid)) == NULL) @@ -286,29 +310,34 @@ start_auth(const char *cid, const char *l_ip, const char *l_port, const char *c_ rb_strlcpy(auth->hostname, "*", sizeof(auth->hostname)); rb_strlcpy(auth->username, "*", sizeof(auth->username)); + /* FIXME this is unsafe, the list being allocated needs to + * support the maximum PID allocated, not just the current + * length of auth_providers */ auth->data = rb_malloc(rb_dlink_list_length(&auth_providers) * sizeof(struct auth_client_data)); auth->providers_starting = true; RB_DLINK_FOREACH(ptr, auth_providers.head) { - provider = ptr->data; + struct auth_provider *provider = ptr->data; + + auth->data[provider->id].provider = provider; lrb_assert(provider->start != NULL); /* Execute providers */ if(!provider->start(auth)) - { /* Rejected immediately */ - cancel_providers(auth); return; - } + + if(auth->providers_cancelled) + break; } auth->providers_starting = false; /* If no providers are running, accept the client */ - if(!auth->providers) - accept_client(auth, -1); + if(auth->refcount == 0) + accept_client(auth, UINT32_MAX); } /* Callback for the initiation */ @@ -368,7 +397,7 @@ provider_timeout_event(void *notused __unused) struct auth_provider *provider = ptr->data; const time_t timeout = get_provider_timeout(auth, provider->id); - if(is_provider_on(auth, provider->id) && provider->timeout != NULL && + if(is_provider_running(auth, provider->id) && provider->timeout != NULL && timeout > 0 && timeout < curtime) { provider->timeout(auth); @@ -376,38 +405,3 @@ provider_timeout_event(void *notused __unused) } } } - -void * -get_provider_data(struct auth_client *auth, uint32_t id) -{ - lrb_assert(id < rb_dlink_list_length(&auth_providers)); - return auth->data[id].data; -} - -void -set_provider_data(struct auth_client *auth, uint32_t id, void *data) -{ - lrb_assert(id < rb_dlink_list_length(&auth_providers)); - auth->data[id].data = data; -} - -void -set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout) -{ - lrb_assert(id < rb_dlink_list_length(&auth_providers)); - auth->data[id].timeout = timeout + rb_current_time(); -} - -void -set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout) -{ - lrb_assert(id < rb_dlink_list_length(&auth_providers)); - auth->data[id].timeout = timeout; -} - -time_t -get_provider_timeout(struct auth_client *auth, uint32_t id) -{ - lrb_assert(id < rb_dlink_list_length(&auth_providers)); - return auth->data[id].timeout; -}