X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/b2ede1aa71ccb604cde0ba38b2951ea72a99db11..d3f01ce7bfbe5cfc2069f1d326d3b583e68029bc:/authd/provider.c diff --git a/authd/provider.c b/authd/provider.c index f0000b1b..8288f295 100644 --- a/authd/provider.c +++ b/authd/provider.c @@ -46,44 +46,84 @@ * --Elizafox, 9 March 2016 */ +#include "stdinc.h" #include "rb_dictionary.h" #include "authd.h" #include "provider.h" +#include "notice.h" + +static EVH provider_timeout_event; rb_dlink_list auth_providers; /* Clients waiting */ rb_dictionary *auth_clients; +static struct ev_entry *timeout_ev; + /* Load a provider */ -void load_provider(struct auth_provider *provider) +void +load_provider(struct auth_provider *provider) { if(rb_dlink_list_length(&auth_providers) >= MAX_PROVIDERS) { - warn_opers(L_CRIT, "Exceeded maximum level of authd providers (%d max)", MAX_PROVIDERS); + warn_opers(L_WARN, "provider: cannot load provider with id %d: maximum reached (%d)", + provider->id, MAX_PROVIDERS); return; } - provider->init(); - rb_dlinkAdd(provider, &provider->node, &auth_providers); + if(provider->opt_handlers != NULL) + { + struct auth_opts_handler *handler; + + for(handler = provider->opt_handlers; handler->option != NULL; handler++) + rb_dictionary_add(authd_option_handlers, handler->option, handler); + } + + if(provider->stats_handler.letter != '\0') + authd_stat_handlers[provider->stats_handler.letter] = provider->stats_handler.handler; + + if(provider->init != NULL) + provider->init(); + + rb_dlinkAddTail(provider, &provider->node, &auth_providers); } -void unload_provider(struct auth_provider *provider) +void +unload_provider(struct auth_provider *provider) { - provider->destroy(); + if(provider->opt_handlers != NULL) + { + struct auth_opts_handler *handler; + + for(handler = provider->opt_handlers; handler->option != NULL; handler++) + rb_dictionary_delete(authd_option_handlers, handler->option); + } + + if(provider->stats_handler.letter != '\0') + authd_stat_handlers[provider->stats_handler.letter] = NULL; + + if(provider->destroy != NULL) + provider->destroy(); + rb_dlinkDelete(&provider->node, &auth_providers); } /* Initalise all providers */ -void init_providers(void) +void +init_providers(void) { auth_clients = rb_dictionary_create("pending auth clients", rb_uint32cmp); + timeout_ev = rb_event_addish("provider_timeout_event", provider_timeout_event, NULL, 1); load_provider(&rdns_provider); load_provider(&ident_provider); + load_provider(&blacklist_provider); + load_provider(&opm_provider); } /* Terminate all providers */ -void destroy_providers(void) +void +destroy_providers(void) { rb_dlink_node *ptr; rb_dictionary_iter iter; @@ -94,7 +134,7 @@ void destroy_providers(void) RB_DICTIONARY_FOREACH(auth, &iter, auth_clients) { /* TBD - is this the right thing? */ - reject_client(auth, 0, "Authentication system is down... try reconnecting in a few seconds"); + reject_client(auth, -1, "destroy", "Authentication system is down... try reconnecting in a few seconds"); } RB_DLINK_FOREACH(ptr, auth_providers.head) @@ -104,10 +144,13 @@ void destroy_providers(void) if(provider->destroy) provider->destroy(); } + + rb_event_delete(timeout_ev); } /* Cancel outstanding providers for a client */ -void cancel_providers(struct auth_client *auth) +void +cancel_providers(struct auth_client *auth) { rb_dlink_node *ptr; struct auth_provider *provider; @@ -116,7 +159,7 @@ void cancel_providers(struct auth_client *auth) { provider = ptr->data; - if(provider->cancel && is_provider(auth, provider->id)) + if(provider->cancel && is_provider_on(auth, provider->id)) /* Cancel if required */ provider->cancel(auth); } @@ -125,18 +168,21 @@ void cancel_providers(struct auth_client *auth) rb_free(auth); } -/* Provider is done */ -void provider_done(struct auth_client *auth, provider_t id) +/* Provider is done - WARNING: do not use auth instance after calling! */ +void +provider_done(struct auth_client *auth, provider_t id) { rb_dlink_node *ptr; struct auth_provider *provider; - unset_provider(auth, id); + set_provider_off(auth, id); + set_provider_done(auth, id); if(!auth->providers) { - /* No more providers, done */ - accept_client(auth, 0); + if(!auth->providers_starting) + /* Only do this when there are no providers left */ + accept_client(auth, -1); return; } @@ -144,16 +190,19 @@ void provider_done(struct auth_client *auth, provider_t id) { provider = ptr->data; - if(provider->completed && is_provider(auth, provider->id)) + if(provider->completed != NULL && is_provider_on(auth, provider->id)) /* Notify pending clients who asked for it */ provider->completed(auth, id); } } -/* Reject a client */ -void reject_client(struct auth_client *auth, provider_t id, const char *reason) +/* Reject a client - WARNING: do not use auth instance after calling! */ +void +reject_client(struct auth_client *auth, provider_t id, const char *data, const char *fmt, ...) { char reject; + char buf[BUFSIZE]; + va_list args; switch(id) { @@ -166,57 +215,44 @@ void reject_client(struct auth_client *auth, provider_t id, const char *reason) case PROVIDER_BLACKLIST: reject = 'B'; break; + case PROVIDER_OPM: + reject = 'O'; + break; default: reject = 'N'; break; } - /* TODO send back ident */ - rb_helper_write(authd_helper, "R %x %c :%s", auth->cid, reject, reason); - - unset_provider(auth, id); - cancel_providers(auth); -} - -/* Accept a client, cancel outstanding providers if any */ -void accept_client(struct auth_client *auth, provider_t id) -{ - uint32_t cid = auth->cid; - - rb_helper_write(authd_helper, "A %x %s %s", auth->cid, auth->username, auth->hostname); - - unset_provider(auth, id); - cancel_providers(auth); -} - -/* Send a notice to a client */ -void notice_client(struct auth_client *auth, const char *fmt, ...) -{ - char buf[BUFSIZE]; - va_list args; + if(data == NULL) + data = "*"; va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); - rb_helper_write(authd_helper, "N %x :%s", auth->cid, buf); + /* We send back username and hostname in case ircd wants to overrule our decision. + * In the future this may not be the case. + * --Elizafox + */ + rb_helper_write(authd_helper, "R %x %c %s %s %s :%s", auth->cid, reject, auth->username, auth->hostname, data, buf); + + set_provider_off(auth, id); + cancel_providers(auth); } -/* Send a warning to the IRC daemon for logging, etc. */ -void warn_opers(notice_level_t level, const char *fmt, ...) +/* Accept a client, cancel outstanding providers if any - WARNING: do nto use auth instance after calling! */ +void +accept_client(struct auth_client *auth, provider_t id) { - char buf[BUFSIZE]; - va_list args; - - va_start(args, fmt); - vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); + rb_helper_write(authd_helper, "A %x %s %s", auth->cid, auth->username, auth->hostname); - rb_helper_write(authd_helper, "W %c :%s", level, buf); + set_provider_off(auth, id); + cancel_providers(auth); } /* Begin authenticating user */ -static void start_auth(const char *cid, const char *l_ip, const char *l_port, const char *c_ip, const char *c_port) +static void +start_auth(const char *cid, const char *l_ip, const char *l_port, const char *c_ip, const char *c_port) { struct auth_provider *provider; struct auth_client *auth = rb_malloc(sizeof(struct auth_client)); @@ -228,34 +264,36 @@ static void start_auth(const char *cid, const char *l_ip, const char *l_port, co auth->cid = (uint32_t)lcid; + if(rb_dictionary_find(auth_clients, RB_UINT_TO_POINTER(auth->cid)) == NULL) + rb_dictionary_add(auth_clients, RB_UINT_TO_POINTER(auth->cid), auth); + else + { + warn_opers(L_CRIT, "provider: duplicate client added via start_auth: %x", auth->cid); + exit(EX_PROVIDER_ERROR); + } + rb_strlcpy(auth->l_ip, l_ip, sizeof(auth->l_ip)); auth->l_port = (uint16_t)atoi(l_port); /* should be safe */ (void) rb_inet_pton_sock(l_ip, (struct sockaddr *)&auth->l_addr); + SET_SS_PORT(&auth->l_addr, htons(auth->l_port)); rb_strlcpy(auth->c_ip, c_ip, sizeof(auth->c_ip)); auth->c_port = (uint16_t)atoi(c_port); (void) rb_inet_pton_sock(c_ip, (struct sockaddr *)&auth->c_addr); + SET_SS_PORT(&auth->c_addr, htons(auth->c_port)); -#ifdef RB_IPV6 - if(GET_SS_FAMILY(&auth->l_addr) == AF_INET6) - ((struct sockaddr_in6 *)&auth->l_addr)->sin6_port = htons(auth->l_port); - else -#endif - ((struct sockaddr_in *)&auth->l_addr)->sin_port = htons(auth->l_port); + rb_strlcpy(auth->hostname, "*", sizeof(auth->hostname)); + rb_strlcpy(auth->username, "*", sizeof(auth->username)); -#ifdef RB_IPV6 - if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6) - ((struct sockaddr_in6 *)&auth->c_addr)->sin6_port = htons(auth->c_port); - else -#endif - ((struct sockaddr_in *)&auth->c_addr)->sin_port = htons(auth->c_port); - - rb_dictionary_add(auth_clients, RB_UINT_TO_POINTER(auth->cid), auth); + memset(auth->data, 0, sizeof(auth->data)); + auth->providers_starting = true; RB_DLINK_FOREACH(ptr, auth_providers.head) { provider = ptr->data; + lrb_assert(provider->start != NULL); + /* Execute providers */ if(!provider->start(auth)) { @@ -264,20 +302,75 @@ static void start_auth(const char *cid, const char *l_ip, const char *l_port, co return; } } + auth->providers_starting = false; /* If no providers are running, accept the client */ if(!auth->providers) - accept_client(auth, 0); + accept_client(auth, -1); } /* Callback for the initiation */ -void handle_new_connection(int parc, char *parv[]) +void +handle_new_connection(int parc, char *parv[]) { - if(parc < 7) + if(parc < 6) { - warn_opers(L_CRIT, "BUG: received too few params for new connection (7 expected, got %d)", parc); - return; + warn_opers(L_CRIT, "provider: received too few params for new connection (6 expected, got %d)", parc); + exit(EX_PROVIDER_ERROR); } start_auth(parv[1], parv[2], parv[3], parv[4], parv[5]); } + +void +handle_cancel_connection(int parc, char *parv[]) +{ + struct auth_client *auth; + long lcid; + + if(parc < 2) + { + warn_opers(L_CRIT, "provider: received too few params for new connection (2 expected, got %d)", parc); + exit(EX_PROVIDER_ERROR); + } + + if((lcid = strtol(parv[1], NULL, 16)) > UINT32_MAX) + { + warn_opers(L_CRIT, "provider: got a request to cancel a connection that can't exist: %lx", lcid); + exit(EX_PROVIDER_ERROR); + } + + if((auth = rb_dictionary_retrieve(auth_clients, RB_UINT_TO_POINTER((uint32_t)lcid))) == NULL) + { + /* This could happen as a race if we've accepted/rejected but they cancel, so don't die here. + * --Elizafox */ + return; + } + + cancel_providers(auth); +} + +static void +provider_timeout_event(void *notused __unused) +{ + struct auth_client *auth; + rb_dictionary_iter iter; + const time_t curtime = rb_current_time(); + + RB_DICTIONARY_FOREACH(auth, &iter, auth_clients) + { + rb_dlink_node *ptr; + + RB_DLINK_FOREACH(ptr, auth_providers.head) + { + struct auth_provider *provider = ptr->data; + const time_t timeout = auth->timeout[provider->id]; + + if(is_provider_on(auth, provider->id) && provider->timeout != NULL && + timeout > 0 && timeout < curtime) + { + provider->timeout(auth); + } + } + } +}