mdw@git.distorted.org.uk Git - fwd/blob - identify.c

   1 /* -*-c-*-
   2  *
   3  * $Id: identify.c,v 1.9 2003/11/29 22:13:43 mdw Exp $
   4  *
   5  * Identifies and logs the client of a connection
   6  *
   7  * (c) 1999 Straylight/Edgeware
   8  */
   9
  10 /*----- Licensing notice --------------------------------------------------*
  11  *
  12  * This file is part of the `fw' port forwarder.
  13  *
  14  * `fw' is free software; you can redistribute it and/or modify
  15  * it under the terms of the GNU General Public License as published by
  16  * the Free Software Foundation; either version 2 of the License, or
  17  * (at your option) any later version.
  18  *
  19  * `fw' is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  * GNU General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU General Public License
  25  * along with `fw'; if not, write to the Free Software Foundation,
  26  * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  27  */
  28
  29 /*----- Revision history --------------------------------------------------*
  30  *
  31  * $Log: identify.c,v $
  32  * Revision 1.9  2003/11/29 22:13:43  mdw
  33  * Fix bug in identification timout handling.
  34  *
  35  * Revision 1.8  2003/11/29 20:36:07  mdw
  36  * Privileged outgoing connections.
  37  *
  38  * Revision 1.7  2002/02/22 23:43:32  mdw
  39  * Call @xfree@ rather than @free@.
  40  *
  41  * Revision 1.6  2001/06/22 19:36:49  mdw
  42  * Enlarge the identity buffer.
  43  *
  44  * Revision 1.5  1999/10/10 16:45:34  mdw
  45  * Modified to use new mLib resolver and ident client.
  46  *
  47  * Revision 1.4  1999/07/27 18:30:53  mdw
  48  * Various minor portability fixes.
  49  *
  50  * Revision 1.3  1999/07/26 23:26:21  mdw
  51  * Minor modifications for new design.
  52  *
  53  * Revision 1.2  1999/07/03 13:56:59  mdw
  54  * Log connections to syslog or stderr as appropriate.
  55  *
  56  * Revision 1.1.1.1  1999/07/01 08:56:23  mdw
  57  * Initial revision.
  58  *
  59  */
  60
  61 /*----- Header files ------------------------------------------------------*/
  62
  63 #include "config.h"
  64
  65 #include <errno.h>
  66 #include <stdio.h>
  67 #include <stdlib.h>
  68 #include <string.h>
  69 #include <time.h>
  70
  71 #include <sys/types.h>
  72 #include <sys/time.h>
  73 #include <unistd.h>
  74 #include <syslog.h>
  75
  76 #include <sys/socket.h>
  77 #include <netinet/in.h>
  78 #include <arpa/inet.h>
  79 #include <netdb.h>
  80
  81 #include <mLib/alloc.h>
  82 #include <mLib/bres.h>
  83 #include <mLib/conn.h>
  84 #include <mLib/dstr.h>
  85 #include <mLib/ident.h>
  86 #include <mLib/report.h>
  87 #include <mLib/sel.h>
  88 #include <mLib/selbuf.h>
  89 #include <mLib/str.h>
  90
  91 #include "fw.h"
  92 #include "identify.h"
  93
  94 /*----- Magic numbers -----------------------------------------------------*/
  95
  96 #define TIMEOUT 15                      /* Seconds to wait for answers */
  97
  98 /*----- Data structures ---------------------------------------------------*/
  99
 100 /* --- Structure to track the progress of an identification --- */
 101
 102 typedef struct id {
 103   id_req q;                             /* Copy of client's request block */
 104   time_t when;                          /* When the connection occurred */
 105   conn c;                               /* Connection selector */
 106   unsigned state;                       /* Current state of the world */
 107   sel_timer t;                          /* Timeout selector */
 108   bres_client r;                        /* Backgd resolver client block */
 109   ident_request i;                      /* Ident client block */
 110   char host[128];                       /* Resolved hostname */
 111   char user[64];                        /* Authenticated client user */
 112 } id;
 113
 114 #define S_HOST 1u                       /* Read the hostname from resolver */
 115 #define S_USER 2u                       /* Read the username from RFC931 */
 116 #define S_TIMER 4u                      /* Timeout has completed */
 117
 118 /*----- Main code ---------------------------------------------------------*/
 119
 120 /* --- @id_done@ --- *
 121  *
 122  * Arguments:   @id *i@ = pointer to identification block
 123  *
 124  * Returns:     ---
 125  *
 126  * Use:         Finishes with an identification block.
 127  */
 128
 129 static void id_done(id *i)
 130 {
 131   /* --- Close down the various dependent bits --- */
 132
 133   if (!(i->state & S_HOST))
 134     bres_abort(&i->r);
 135   if (!(i->state & S_USER))
 136     ident_abort(&i->i);
 137   if (!(i->state & S_TIMER))
 138     sel_rmtimer(&i->t);
 139
 140   /* --- Report the final result --- */
 141
 142   fw_log(i->when, "[%s] %s from %s@%s [%s:%u]",
 143          i->q.desc, i->q.act,
 144          i->user, i->host,
 145          inet_ntoa(i->q.rsin.sin_addr), (unsigned)ntohs(i->q.rsin.sin_port));
 146
 147   /* --- Dispose of the block --- */
 148
 149   REFFD_DEC(i->q.r);
 150   xfree(i);
 151 }
 152
 153 /* --- @id_res@ --- *
 154  *
 155  * Arguments:   @struct hostent *h@ = name of the resolved host
 156  *              @void *vp@ = pointer to identification block
 157  *
 158  * Returns:     ---
 159  *
 160  * Use:         Responds to a completed reverse name resolution.
 161  */
 162
 163 static void id_res(struct hostent *h, void *vp)
 164 {
 165   id *i = vp;
 166   if (h)
 167     str_sanitize(i->host, h->h_name, sizeof(i->host));
 168   i->state |= S_HOST;
 169   if (i->state & S_USER)
 170     id_done(i);
 171 }
 172
 173 /* --- @id_ident@ --- *
 174  *
 175  * Arguments:   @ident_reply *i@ = pointer to string read from server
 176  *              @void *vp@ = pointer to identification block
 177  *
 178  * Returns:     ---
 179  *
 180  * Use:         Responds to a line read from the remote RFC931 server.
 181  */
 182
 183 static void id_ident(ident_reply *ir, void *vp)
 184 {
 185   id *i = vp;
 186
 187   /* --- Read the information from the client --- */
 188
 189   if (ir && ir->type == IDENT_USERID)
 190     str_sanitize(i->user, ir->u.userid.user, sizeof(i->user));
 191
 192   /* --- Maybe finish off this identification --- */
 193
 194   i->state |= S_USER;
 195   if (i->state & S_HOST)
 196     id_done(i);
 197 }
 198
 199 /* --- @id_timer@ --- *
 200  *
 201  * Arguments:   @struct timeval *tv@ = pointer to the current time
 202  *              @void *vp@ = pointer to identification block
 203  *
 204  * Returns:     ---
 205  *
 206  * Use:         Times an identification job out.
 207  */
 208
 209 static void id_timer(struct timeval *tv, void *vp)
 210 {
 211   id *i = vp;
 212   i->state |= S_TIMER:
 213   id_done(i);
 214 }
 215
 216 /* --- @identify@ --- *
 217  *
 218  * Arguments:   @const id_req *q@ = pointer to request block
 219  *
 220  * Returns:     ---
 221  *
 222  * Use:         Starts a background ident lookup and reverse-resolve job
 223  *              which will, eventually, report a message to the system log.
 224  */
 225
 226 void identify(const id_req *q)
 227 {
 228   id *i;
 229
 230   /* --- Initialize the block with stuff --- */
 231
 232   i = xmalloc(sizeof(*i));
 233   i->q = *q;
 234   REFFD_INC(i->q.r);
 235
 236   str_sanitize(i->host, inet_ntoa(q->rsin.sin_addr), sizeof(i->host));
 237   strcpy(i->user, "<ANONYMOUS>");
 238   i->state = 0;
 239   i->when = time(0);
 240
 241   /* --- Set up the connection to the identity server --- */
 242
 243   ident(&i->i, sel, &q->lsin, &q->rsin, id_ident, i);
 244
 245   /* --- Set up the name resolver --- */
 246
 247   bres_byaddr(&i->r, q->rsin.sin_addr, id_res, i);
 248
 249   /* --- Set up the time limiter --- */
 250
 251   {
 252     struct timeval tv;
 253     gettimeofday(&tv, 0);
 254     tv.tv_sec += TIMEOUT;
 255     sel_addtimer(sel, &i->t, &tv, id_timer, i);
 256   }
 257 }
 258
 259 /*----- That's all, folks -------------------------------------------------*/