[ViewVC] Diff of: svn/ircd-hybrid/trunk/src/auth.c

Comparing:
ircd-hybrid-7.2/src/s_auth.c (file contents), Revision 650 by michael, Thu Jun 8 07:00:17 2006 UTC vs.
ircd-hybrid/trunk/src/s_auth.c (file contents), Revision 2916 by michael, Sat Jan 25 21:09:18 2014 UTC

+/*
-<
+ *  ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
-<
+ *  s_auth.c: Functions for querying a users ident.
->
+ *  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
-<
+ *  Copyright (C) 2002 by the past and present ircd coders, and others.
->
+ *  Copyright (c) 1997-2014 ircd-hybrid development team
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
+ *  USA
-<
+ *
-<
+ *  $Id$
->
+ */
->
->
+/*! \file s_auth.c
->
+ * \brief Functions for querying a users ident.
->
+ * \version $Id$
+ */
+/*
+ *     any messages from it.
+ *     --Bleep  Thomas Helvey <tomh@inxpress.net>
+ */
-+
+#include "stdinc.h"
-–
+#include "tools.h"
+#include "list.h"
-+
+#include "ircd_defs.h"
-+
+#include "fdlist.h"
+#include "s_auth.h"
-<
+#include "s_conf.h"
->
+#include "conf.h"
+#include "client.h"
-–
+#include "common.h"
+#include "event.h"
-–
+#include "fdlist.h"              /* fdlist_add */
+#include "hook.h"
+#include "irc_string.h"
-–
+#include "sprintf_irc.h"
+#include "ircd.h"
-–
+#include "numeric.h"
+#include "packet.h"
+#include "irc_res.h"
+#include "s_bsd.h"
-<
+#include "s_log.h"
-<
+#include "s_stats.h"
->
+#include "log.h"
+#include "send.h"
-<
+#include "memory.h"
->
+#include "mempool.h"
->
-<
+static const char *HeaderMessages[] = {
->
+static const char *HeaderMessages[] =
->
+{
+  ":%s NOTICE AUTH :*** Looking up your hostname...",
+  ":%s NOTICE AUTH :*** Found your hostname",
+  ":%s NOTICE AUTH :*** Couldn't look up your hostname",
+  ":%s NOTICE AUTH :*** Your hostname is too long, ignoring hostname"
+};
-<
+enum {
->
+enum
->
+{
+  REPORT_DO_DNS,
+  REPORT_FIN_DNS,
+  REPORT_FAIL_DNS,
+#define sendheader(c, i) sendto_one((c), HeaderMessages[(i)], me.name)
-<
+/*
-<
+ * Ok, the original was confusing.
-<
+ * Now there are two lists, an auth request can be on both at the same time
-<
+ * or only on one or the other.
-<
+ * - Dianora
-<
+ */
-<
+static dlink_list auth_doing_dns_list   = { NULL, NULL, 0 };
-<
+static dlink_list auth_doing_ident_list = { NULL, NULL, 0 };
->
+static dlink_list auth_doing_list = { NULL, NULL, 0 };
+static EVH timeout_auth_queries_event;
+static PF read_auth_reply;
+static CNCB auth_connect_callback;
-–
+static CBFUNC start_auth;
-<
+struct Callback *auth_cb = NULL;
-<
-<
+/* init_auth()
->
+/* auth_init
+ * Initialise the auth code
+ */
+void
-<
+init_auth(void)
->
+auth_init(void)
-–
+  auth_cb = register_callback("start_auth", start_auth);
+  eventAddIsh("timeout_auth_queries_event", timeout_auth_queries_event, NULL, 1);
+static struct AuthRequest *
+make_auth_request(struct Client *client)
-<
+  struct AuthRequest *request = MyMalloc(sizeof(struct AuthRequest));
->
+  struct AuthRequest *request = &client->localClient->auth;
->
->
+  memset(request, 0, sizeof(*request));
+  request->client  = client;
+  request->timeout = CurrentTime + CONNECTTIMEOUT;
+ * the main io processing loop
+ */
+void
-<
+release_auth_client(struct Client *client)
->
+release_auth_client(struct AuthRequest *auth)
-+
+  struct Client *client = auth->client;
-+
-+
+  if (IsDoingAuth(auth) || IsDNSPending(auth))
-+
+    return;
-+
-+
+  if (dlinkFind(&auth_doing_list, auth))
-+
+    dlinkDelete(&auth->node, &auth_doing_list);
-+
+  /*
+   * When a client has auth'ed, we want to start reading what it sends
+   * us. This is what read_packet() does.
+  client->localClient->allow_read = MAX_FLOOD;
+  comm_setflush(&client->localClient->fd, 1000, flood_recalc, client);
-<
+  if ((client->node.prev != NULL) || (client->node.next != NULL))
-<
+  {
-<
+    sendto_realops_flags(UMODE_ALL, L_OPER,
-<
+                         "already linked %s at %s:%d", client->name,
-<
+                         __FILE__, __LINE__);
-<
+    ilog(L_ERROR, "already linked %s at %s:%d", client->name,
-<
+         __FILE__, __LINE__);
-<
+    assert(0==5);
-<
+  }
-<
+  else
-<
+    dlinkAdd(client, &client->node, &global_client_list);
->
+  dlinkAdd(client, &client->node, &global_client_list);
-<
+  client_p->since  = client_p->lasttime = client_p->firsttime = CurrentTime;
-<
+  client_p->flags |= FLAGS_FINISHED_AUTH;
->
+  client->localClient->since     = CurrentTime;
->
+  client->localClient->lasttime  = CurrentTime;
->
+  client->localClient->firsttime = CurrentTime;
->
+  client->flags |= FLAGS_FINISHED_AUTH;
+  read_packet(&client->localClient->fd, client);
-<
->
+/*
+ * auth_dns_callback - called when resolver query finishes
-<
+ * if the query resulted in a successful search, hp will contain
-<
+ * a non-null pointer, otherwise hp will be null.
->
+ * if the query resulted in a successful search, name will contain
->
+ * a non-NULL pointer, otherwise name will be NULL.
+ * set the client on it's way to a connection completion, regardless
+ * of success of failure
+ */
+static void
-<
+auth_dns_callback(void *vptr, struct DNSReply *reply)
->
+auth_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name)
-<
+  struct AuthRequest *auth = (struct AuthRequest *)vptr;
->
+  struct AuthRequest *auth = vptr;
-–
+  dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
+  ClearDNSPending(auth);
-<
+  if (reply != NULL)
->
+  if (name != NULL)
-<
+    struct sockaddr_in *v4, *v4dns;
->
+    const struct sockaddr_in *v4, *v4dns;
+#ifdef IPV6
-<
+    struct sockaddr_in6 *v6, *v6dns;
->
+    const struct sockaddr_in6 *v6, *v6dns;
+#endif
+    int good = 1;
+#ifdef IPV6
+    if (auth->client->localClient->ip.ss.ss_family == AF_INET6)
-<
+      v6 = (struct sockaddr_in6 *)&auth->client->localClient->ip;
-<
+      v6dns = (struct sockaddr_in6 *)&reply->addr;
->
+      v6 = (const struct sockaddr_in6 *)&auth->client->localClient->ip;
->
+      v6dns = (const struct sockaddr_in6 *)addr;
+      if (memcmp(&v6->sin6_addr, &v6dns->sin6_addr, sizeof(struct in6_addr)) != 0)
+        sendheader(auth->client, REPORT_IP_MISMATCH);
+    else
+#endif
-<
+      v4 = (struct sockaddr_in *)&auth->client->localClient->ip;
-<
+      v4dns = (struct sockaddr_in *)&reply->addr;
->
+      v4 = (const struct sockaddr_in *)&auth->client->localClient->ip;
->
+      v4dns = (const struct sockaddr_in *)addr;
+      if(v4->sin_addr.s_addr != v4dns->sin_addr.s_addr)
+        sendheader(auth->client, REPORT_IP_MISMATCH);
+        good = 0;
-<
+    if (good && strlen(reply->h_name) <= HOSTLEN)
->
+    if (good && strlen(name) <= HOSTLEN)
-<
+      strlcpy(auth->client->host, reply->h_name,
-<
+              sizeof(auth->client->host));
->
+      strlcpy(auth->client->host, name,
->
+              sizeof(auth->client->host));
+      sendheader(auth->client, REPORT_FIN_DNS);
-<
+    else if (strlen(reply->h_name) > HOSTLEN)
->
+    else if (strlen(name) > HOSTLEN)
+      sendheader(auth->client, REPORT_HOST_TOOLONG);
+  else
-<
+      sendheader(auth->client, REPORT_FAIL_DNS);
-<
-<
+  MyFree(auth->client->localClient->dns_query);
-<
+  auth->client->localClient->dns_query = NULL;
->
+    sendheader(auth->client, REPORT_FAIL_DNS);
-<
+  if (!IsDoingAuth(auth))
-<
+  {
-<
+    struct Client *client_p = auth->client;
-<
+    MyFree(auth);
-<
+    release_auth_client(client_p);
-<
+  }
->
+  release_auth_client(auth);
+/*
+static void
+auth_error(struct AuthRequest *auth)
-<
+  ++ServerStats->is_abad;
->
+  ++ServerStats.is_abad;
+  fd_close(&auth->fd);
-–
+  dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
+  ClearAuth(auth);
+  sendheader(auth->client, REPORT_FAIL_ID);
-<
+  if (!IsDNSPending(auth) && !IsCrit(auth))
-<
+  {
-<
+    release_auth_client(auth->client);
-<
+    MyFree(auth);
-<
+  }
->
+  release_auth_client(auth);
+/*
-<
+ * start_auth_query - Flag the client to show that an attempt to
->
+ * start_auth_query - Flag the client to show that an attempt to
+ * contact the ident server on
+ * the client's host.  The connect and subsequently the socket are all put
+ * into 'non-blocking' mode.  Should the connect or any later phase of the
+  if (comm_open(&auth->fd, auth->client->localClient->ip.ss.ss_family,
+                SOCK_STREAM, 0, "ident") == -1)
-<
+    report_error(L_ALL, "creating auth stream socket %s:%s",
-<
+        get_client_name(auth->client, SHOW_IP), errno);
-<
+    ilog(L_ERROR, "Unable to create auth socket for %s",
->
+    report_error(L_ALL, "creating auth stream socket %s:%s",
->
+                 get_client_name(auth->client, SHOW_IP), errno);
->
+    ilog(LOG_TYPE_IRCD, "Unable to create auth socket for %s",
+        get_client_name(auth->client, SHOW_IP));
-<
+    ++ServerStats->is_abad;
->
+    ++ServerStats.is_abad;
+    return 0;
+  sendheader(auth->client, REPORT_DO_ID);
-<
+  /*
->
+  /*
+   * get the local address of the client and bind to that to
+   * make the auth request.  This used to be done only for
+   * ifdef VIRTUAL_HOST, but needs to be done for all clients
+#endif
+  localaddr.ss_port = htons(0);
-<
+  SetDoingAuth(auth);
-<
+  dlinkAdd(auth, &auth->ident_node, &auth_doing_ident_list);
-<
-<
+  comm_connect_tcp(&auth->fd, auth->client->sockhost, 113,
-<
+      (struct sockaddr *)&localaddr, localaddr.ss_len, auth_connect_callback,
-<
+      auth, auth->client->localClient->ip.ss.ss_family,
->
+  comm_connect_tcp(&auth->fd, auth->client->sockhost, 113,
->
+      (struct sockaddr *)&localaddr, localaddr.ss_len, auth_connect_callback,
->
+      auth, auth->client->localClient->ip.ss.ss_family,
+      GlobalSetOptions.ident_timeout);
+  return 1; /* We suceed here for now */
+/*
+ * GetValidIdent - parse ident query reply from identd server
-<
+ *
->
+ *
+ * Inputs        - pointer to ident buf
+ * Output        - NULL if no valid ident found, otherwise pointer to name
+ * Side effects  -
+  /* All this to get rid of a sscanf() fun. */
+  remotePortString = buf;
-<
->
+  if ((colon1Ptr = strchr(remotePortString,':')) == NULL)
+    return 0;
+  *colon1Ptr = '\0';
+    return 0;
+  *colon2Ptr = '\0';
+  colon2Ptr++;
-<
->
+  if ((commaPtr = strchr(remotePortString, ',')) == NULL)
+    return 0;
+  *commaPtr = '\0';
+  if ((remp = atoi(remotePortString)) == 0)
+    return 0;
-<
->
+  if ((locp = atoi(commaPtr)) == 0)
+    return 0;
+/*
-<
+ * start_auth
->
+ * start_auth
+ * inputs       - pointer to client to auth
+ * output       - NONE
+ * side effects - starts auth (identd) and dns queries for a client
+ */
-<
+static void *
-<
+start_auth(va_list args)
->
+void
->
+start_auth(struct Client *client)
-–
+  struct Client *client = va_arg(args, struct Client *);
+  struct AuthRequest *auth = NULL;
+  assert(client != NULL);
+  auth = make_auth_request(client);
-<
+  SetCrit(auth);
-<
-<
+  client->localClient->dns_query = MyMalloc(sizeof(struct DNSQuery));
-<
+  client->localClient->dns_query->ptr = auth;
-<
+  client->localClient->dns_query->callback = auth_dns_callback;
->
+  dlinkAdd(auth, &auth->node, &auth_doing_list);
+  sendheader(client, REPORT_DO_DNS);
-+
+  SetDNSPending(auth);
-+
+  if (ConfigFileEntry.disable_auth == 0)
-+
+  {
-+
+    SetDoingAuth(auth);
+    start_auth_query(auth);
-+
+  }
-<
+  /* auth order changed, before gethost_byaddr can immediately call
-<
+   * dns callback under win32 when the lookup cannot be started.
-<
+   * And that would do MyFree(auth) etc -adx */
-<
+  SetDNSPending(auth);
-<
+  dlinkAdd(auth, &auth->dns_node, &auth_doing_dns_list);
-<
+  ClearCrit(auth);
-<
+  gethost_byaddr(&client->localClient->ip, client->localClient->dns_query);
-<
-<
+  return NULL;
->
+  gethost_byaddr(auth_dns_callback, auth, &client->localClient->ip);
+/*
+static void
+timeout_auth_queries_event(void *notused)
-<
+  dlink_node *ptr;
-<
+  dlink_node *next_ptr;
-<
+  struct AuthRequest* auth;
->
+  dlink_node *ptr = NULL, *next_ptr = NULL;
-<
+  DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_ident_list.head)
->
+  DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_list.head)
-<
+    auth = ptr->data;
->
+    struct AuthRequest *auth = ptr->data;
-<
+    if (auth->timeout <= CurrentTime)
->
+    if (auth->timeout > CurrentTime)
->
+      continue;
->
->
+    if (IsDoingAuth(auth))
-+
+      ++ServerStats.is_abad;
+      fd_close(&auth->fd);
-<
-<
+      ++ServerStats->is_abad;
->
+      ClearAuth(auth);
+      sendheader(auth->client, REPORT_FAIL_ID);
-+
+    }
-<
+      if (IsDNSPending(auth))
-<
+      {
-<
+        struct Client *client_p = auth->client;
-<
-<
+        dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
-<
+        if (client_p->localClient->dns_query != NULL)
-<
+        {
-<
+          delete_resolver_queries(client_p->localClient->dns_query);
-<
+          MyFree(client_p->localClient->dns_query);
-<
+        }
-<
+        auth->client->localClient->dns_query = NULL;
-<
+        sendheader(client_p, REPORT_FAIL_DNS);
-<
+      }
-<
-<
+      ilog(L_INFO, "DNS/AUTH timeout %s",
-<
+           get_client_name(auth->client, SHOW_IP));
-<
-<
+      dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
-<
+      release_auth_client(auth->client);
-<
+      MyFree(auth);
->
+    if (IsDNSPending(auth))
->
+    {
->
+      delete_resolver_queries(auth);
->
+      ClearDNSPending(auth);
->
+      sendheader(auth->client, REPORT_FAIL_DNS);
-+
-+
+    ilog(LOG_TYPE_IRCD, "DNS/AUTH timeout %s",
-+
+         get_client_name(auth->client, SHOW_IP));
-+
+    release_auth_client(auth);
+  char authbuf[32];
+  socklen_t ulen = sizeof(struct irc_ssaddr);
+  socklen_t tlen = sizeof(struct irc_ssaddr);
-<
+  u_int16_t uport, tport;
->
+  uint16_t uport, tport;
+#ifdef IPV6
+  struct sockaddr_in6 *v6;
+#else
+    return;
-<
+  if (getsockname(auth->client->localClient->fd.fd, (struct sockaddr *) &us,
-<
+      (socklen_t *) &ulen) ||
-<
+      getpeername(auth->client->localClient->fd.fd, (struct sockaddr *) &them,
-<
+      (socklen_t *) &tlen))
->
+  if (getsockname(auth->client->localClient->fd.fd, (struct sockaddr *)&us,
->
+      &ulen) ||
->
+      getpeername(auth->client->localClient->fd.fd, (struct sockaddr *)&them,
->
+      &tlen))
-<
+    ilog(L_INFO, "auth get{sock,peer}name error for %s",
->
+    ilog(LOG_TYPE_IRCD, "auth get{sock,peer}name error for %s",
+        get_client_name(auth->client, SHOW_IP));
+    auth_error(auth);
+    return;
+  us.ss_len = ulen;
+  them.ss_len = tlen;
+#endif
-<
-<
+  ircsprintf(authbuf, "%u , %u\r\n", tport, uport);
->
->
+  snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n", tport, uport);
+  if (send(fd->fd, authbuf, strlen(authbuf), 0) == -1)
+    auth_error(auth);
+    return;
-+
+  read_auth_reply(&auth->fd, auth);
+/*
-<
+ * read_auth_reply - read the reply (if any) from the ident server
->
+ * read_auth_reply - read the reply (if any) from the ident server
+ * we connected to.
+ * We only give it one shot, if the reply isn't good the first time
+ * fail the authentication entirely. --Bleep
+   *    --nenolod
+   */
-–
+#ifndef _WIN32
+  len = read(fd->fd, buf, AUTH_BUFSIZ);
-<
+#else
-<
+  len = recv(fd->fd, buf, AUTH_BUFSIZ, 0);
-<
+#endif
-<
->
+  if (len < 0)
-–
+#ifdef _WIN32
-–
+    errno = WSAGetLastError();
-–
+#endif
+    if (ignoreErrno(errno))
+      comm_setselect(fd, COMM_SELECT_READ, read_auth_reply, auth, 0);
+    else
+  fd_close(fd);
-–
+  dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
+  ClearAuth(auth);
+  if (s == NULL)
+    sendheader(auth->client, REPORT_FAIL_ID);
-<
+    ++ServerStats->is_abad;
->
+    ++ServerStats.is_abad;
+  else
+    sendheader(auth->client, REPORT_FIN_ID);
-<
+    ++ServerStats->is_asuc;
->
+    ++ServerStats.is_asuc;
+    SetGotId(auth->client);
-<
+  if (!IsDNSPending(auth) && !IsCrit(auth))
-<
+  {
-<
+    release_auth_client(auth->client);
-<
+    MyFree(auth);
-<
+  }
->
+  release_auth_client(auth);
+/*
+ * delete_auth()
+ */
-<
+void
-<
+delete_auth(struct Client *target_p)
->
+void
->
+delete_auth(struct AuthRequest *auth)
-<
+  dlink_node *ptr;
-<
+  dlink_node *next_ptr;
-<
+  struct AuthRequest *auth;
-<
-<
+  if (!IsUnknown(target_p))
-<
+    return;
-<
-<
+  if (target_p->localClient->dns_query != NULL)
-<
+    DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_dns_list.head)
-<
+    {
-<
+      auth = ptr->data;
->
+  if (IsDNSPending(auth))
->
+    delete_resolver_queries(auth);
-<
+      if (auth->client == target_p)
-<
+      {
-<
+        delete_resolver_queries(target_p->localClient->dns_query);
->
+  if (IsDoingAuth(auth))
->
+    fd_close(&auth->fd);
-<
+        dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
-<
+        if (!IsDoingAuth(auth))
-<
+        {
-<
+          MyFree(auth);
-<
+          return;
-<
+        }
-<
+      }
-<
+    }
-<
-<
+  DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_ident_list.head)
-<
+  {
-<
+    auth = ptr->data;
-<
-<
+    if (auth->client == target_p)
-<
+    {
-<
+      fd_close(&auth->fd);
-<
-<
+      dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
-<
+      MyFree(auth);
-<
+    }
-<
+  }
->
+  if (dlinkFind(&auth_doing_list, auth))
->
+    dlinkDelete(&auth->node, &auth_doing_list);

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines (old)
->
+Changed lines (new)

Comparing: ircd-hybrid-7.2/src/s_auth.c (file contents), Revision 650 by michael, Thu Jun 8 07:00:17 2006 UTC vs. ircd-hybrid/trunk/src/s_auth.c (file contents), Revision 2916 by michael, Sat Jan 25 21:09:18 2014 UTC

Diff Legend

Comparing:
ircd-hybrid-7.2/src/s_auth.c (file contents), Revision 650 by michael, Thu Jun 8 07:00:17 2006 UTC vs.
ircd-hybrid/trunk/src/s_auth.c (file contents), Revision 2916 by michael, Sat Jan 25 21:09:18 2014 UTC