diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1997-08-01 19:32:25 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1997-08-01 19:32:25 +0000 |
| commit | 5bd63ce69bfac81cab2135f65a6e941e010e8189 (patch) | |
| tree | f0c369c1bf3eb6987b4c3315cec5a0193237e88e | |
| parent | 48a707bf8920e6090d5861821a88707dc57621bd (diff) | |
cleanup; everyone please test
| -rw-r--r-- | libexec/identd/parse.c | 495 |
1 files changed, 120 insertions, 375 deletions
diff --git a/libexec/identd/parse.c b/libexec/identd/parse.c index 663bcfe1ba4..78207b55ed2 100644 --- a/libexec/identd/parse.c +++ b/libexec/identd/parse.c @@ -1,403 +1,148 @@ /* -** $Id: parse.c,v 1.3 1997/07/23 20:36:28 kstailey Exp $ -** -** parse.c This file contains the protocol parser -** -** This program is in the public domain and may be used freely by anyone -** who wants to. -** -** Last update: 6 Dec 1992 -** -** Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se> -*/ + * This program is in the public domain and may be used freely by anyone + * who wants to. + * Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se> + */ + +#include <sys/param.h> +#include <sys/types.h> +#include <sys/file.h> +#include <sys/stat.h> +#include <netinet/in.h> #include <stdio.h> #include <string.h> #include <errno.h> #include <ctype.h> #include <pwd.h> - -#include <sys/types.h> -#include <netinet/in.h> - -#ifndef HPUX7 -# include <arpa/inet.h> -#endif - #include <nlist.h> #include <kvm.h> -#include <sys/types.h> -#include <sys/stat.h> - -#if defined(MIPS) || defined(BSD43) -extern int errno; -#endif - #include "identd.h" #include "error.h" -extern void *malloc(); - /* -** This function will eat whitespace characters until -** either a non-whitespace character is read, or EOF -** occurs. This function is only used if the "-m" option -** is enabled. -*/ -static int eat_whitespace() + * A small routine to check for the existance of the ".noident" + * file in a users home directory. + */ +static int +check_noident(homedir) + char *homedir; { - int c; - - - while ((c = getchar()) != EOF && - !(c == '\r' || c == '\n')) - ; - - if (c != EOF) - while ((c = getchar()) != EOF && - (c == ' ' || c == '\t' || c == '\n' || c == '\r')) - ; - - if (c != EOF) - ungetc(c, stdin); - - return (c != EOF); -} - - -#ifdef INCLUDE_EXTENSIONS -/* -** Validate an indirect request -*/ -static int valid_fhost(faddr, password) - struct in_addr *faddr; - char *password; -{ - if (indirect_host == NULL) - return 0; - - if (strcmp(indirect_host, "*") != 0) - { - if (isdigit(indirect_host[0])) - { - if (strcmp(inet_ntoa(*faddr), indirect_host)) - { - syslog(LOG_NOTICE, "valid_fhost: access denied for: %s", - gethost(faddr)); + char path[MAXPATHLEN]; + struct stat st; + + if (!homedir) + return 0; + if (snprintf(path, sizeof path, "%s/.noindent", homedir) >= sizeof path) + return 0; + if (stat(path, &st) == 0) + return 1; return 0; - } - } - else - { - if (strcmp(gethost(faddr), indirect_host)) - { - syslog(LOG_NOTICE, "valid_fhost: access denied for: %s", - gethost(faddr)); - return 0; - } - } - } - - if (indirect_password == NULL) - return 1; - - if (strcmp(password, indirect_password)) - { - syslog(LOG_NOTICE, "valid_fhost: invalid password from: %s", - gethost(faddr)); - return 0; - } - - return 1; -} -#endif - -/* -** A small routine to check for the existance of the ".noident" -** file in a users home directory. -*/ -static int check_noident(homedir) - char *homedir; -{ - char *tmp_path; - struct stat sbuf; - int rcode; - - - if (!homedir) - return 0; - - tmp_path = (char *) malloc(strlen(homedir) + sizeof("/.noident") + 1); - if (!tmp_path) - return 0; - - strcpy(tmp_path, homedir); - strcat(tmp_path, "/.noident"); - - rcode = stat(tmp_path, &sbuf); - free(tmp_path); - - return (rcode == 0); } - -int parse(fp, laddr, faddr) - FILE *fp; - struct in_addr *laddr, *faddr; +int +parse(fp, laddr, faddr) + FILE *fp; + struct in_addr *laddr, *faddr; { - int uid, try, rcode; - struct passwd *pwp; - char lhostaddr[16]; - char fhostaddr[16]; - char password[33]; -#ifdef INCLUDE_EXTENSIONS - char arg[33]; - int c; -#endif - struct in_addr laddr2; - struct in_addr faddr2; - - - if (debug_flag && syslog_flag) - syslog(LOG_DEBUG, "In function parse()"); - - /* - ** Get the local/foreign port pair from the luser - */ - do - { - if (debug_flag && syslog_flag) - syslog(LOG_DEBUG, " Before fscanf()"); - - faddr2 = *faddr; - laddr2 = *laddr; - lport = fport = 0; - lhostaddr[0] = fhostaddr[0] = password[0] = '\0'; - - /* Read query from client */ - rcode = fscanf(fp, " %d , %d", &lport, &fport); - -#ifdef INCLUDE_EXTENSIONS - /* - ** Do additional parsing in case of extended request - */ - if (rcode == 0) - { - rcode = fscanf(fp, "%32[^ \t\n\r:]", arg); - - /* Skip leading space up to EOF, EOL or non-space char */ - while ((c = getc(fp)) == ' ' || c == '\t') - ; - - if (rcode <= 0) - { - printf("%d , %d : ERROR : %s\r\n", - lport, fport, - unknown_flag ? "UNKNOWN-ERROR" : "X-INVALID-REQUEST"); - continue; - } - - /* - ** Non-standard extended request, returns with Pidentd - ** version information - */ - if (strcmp(arg, "VERSION") == 0) - { - printf("%d , %d : ERROR : X-VERSION : %s\r\n", lport, fport, - version); - continue; - } - - /* - ** Non-standard extended proxy request - */ - else if (strcmp(arg, "PROXY") == 0 && c == ':') - { - /* We have a colon char, check for port numbers */ - rcode = fscanf(fp, " %d , %d : %15[0-9.] , %15[0-9.]", - &lport, &fport, fhostaddr, lhostaddr); + char lhostaddr[16], fhostaddr[16], password[33]; + struct in_addr laddr2, faddr2; + struct passwd *pw; + int try, rcode; + uid_t uid; + + if (debug_flag && syslog_flag) + syslog(LOG_DEBUG, "In function parse()"); + + if (debug_flag && syslog_flag) + syslog(LOG_DEBUG, " Before fscanf()"); + faddr2 = *faddr; + laddr2 = *laddr; + lport = fport = 0; + lhostaddr[0] = fhostaddr[0] = password[0] = '\0'; + + /* Read query from client */ + rcode = fscanf(fp, " %d , %d", &lport, &fport); - if (!(rcode == 3 || rcode == 4)) - { - printf("%d , %d : ERROR : %s\r\n", - lport, fport, - unknown_flag ? "UNKNOWN-ERROR" : "X-INVALID-REQUEST"); - continue; + if (rcode < 2 || lport < 1 || lport > 65535 || + fport < 1 || fport > 65535) { + if (syslog_flag && rcode > 0) + syslog(LOG_NOTICE, + "scanf: invalid-port(s): %d , %d from %s", + lport, fport, gethost(faddr)); + printf("%d , %d : ERROR : %s\r\n", lport, fport, + unknown_flag ? "UNKNOWN-ERROR" : "INVALID-PORT"); + return 0; } + if (syslog_flag && verbose_flag) + syslog(LOG_NOTICE, "request for (%d,%d) from %s", + lport, fport, gethost(faddr)); - if (rcode == 4) - (void) inet_aton(lhostaddr, &laddr2); - - (void) inet_aton(fhostaddr, &faddr2); - - proxy(&laddr2, &faddr2, lport, fport, NULL); - continue; - } - - /* - ** Non-standard extended remote indirect request - */ - else if (strcmp(arg, "REMOTE") == 0 && c == ':') - { - /* We have a colon char, check for port numbers */ - rcode = fscanf(fp, " %d , %d", &lport, &fport); - - /* Skip leading space up to EOF, EOL or non-space char */ - while ((c = getc(fp)) == ' ' || c == '\t') - ; + if (debug_flag && syslog_flag) + syslog(LOG_DEBUG, " After fscanf(), before k_getuid()"); - if (rcode != 2 || c != ':') - { - printf("%d , %d : ERROR : %s\r\n", - lport, fport, - unknown_flag ? "UNKNOWN-ERROR" : "X-INVALID-REQUEST"); - continue; - } - - /* We have a colon char, check for addr and password */ - rcode = fscanf(fp, " %15[0-9.] , %32[^ \t\r\n]", - fhostaddr, password); - if (rcode > 0) - rcode += 2; - else - { - printf("%d , %d : ERROR : %s\r\n", - lport, fport, - unknown_flag ? "UNKNOWN-ERROR" : "X-INVALID-REQUEST"); - continue; - } - /* - ** Verify that the host originating the indirect request - ** is allowed to do that - */ - if (!valid_fhost(faddr, password)) - { - printf("%d , %d : ERROR : %s\r\n", - lport, fport, - unknown_flag ? "UNKNOWN-ERROR" : "X-ACCESS-DENIED"); - continue; + * Next - get the specific TCP connection and return the + * uid - user number. + * + * Try to fetch the information 5 times incase the + * kernel changed beneath us and we missed or took + * a fault. + */ + for (try = 0; try < 5; try++) + if (k_getuid(&faddr2, htons(fport), laddr, + htons(lport), &uid) != -1) + break; + + if (try >= 5) { + if (syslog_flag) + syslog(LOG_DEBUG, "Returned: %d , %d : NO-USER", + lport, fport); + printf("%d , %d : ERROR : %s\r\n", lport, fport, + unknown_flag ? "UNKNOWN-ERROR" : "NO-USER"); + return 0; + } + if (try > 0 && syslog_flag) + syslog(LOG_NOTICE, "k_getuid retries: %d", try); + + if (debug_flag && syslog_flag) + syslog(LOG_DEBUG, " After k_getuid(), before getpwuid()"); + + pw = getpwuid(uid); + if (!pw) { + if (syslog_flag) + syslog(LOG_WARNING, + "getpwuid() could not map uid (%d) to name", + uid); + printf("%d , %d : USERID : OTHER%s%s :%d\r\n", + lport, fport, charset_name ? " , " : "", + charset_name ? charset_name : "", uid); + return 0; } - - (void) inet_aton(fhostaddr, &faddr2); - } - - else - { - printf("%d , %d : ERROR : %s\r\n", - lport, fport, - unknown_flag ? "UNKNOWN-ERROR" : "X-INVALID-REQUEST"); - continue; - } - } -#endif /* EXTENSIONS */ - - if (rcode < 2 || lport < 1 || lport > 65535 || fport < 1 || fport > 65535) - { - if (syslog_flag && rcode > 0) - syslog(LOG_NOTICE, "scanf: invalid-port(s): %d , %d from %s", - lport, fport, gethost(faddr)); - - printf("%d , %d : ERROR : %s\r\n", - lport, fport, - unknown_flag ? "UNKNOWN-ERROR" : "INVALID-PORT"); - continue; - } - - if (syslog_flag && verbose_flag) - syslog(LOG_NOTICE, "request for (%d,%d) from %s", - lport, fport, gethost(faddr)); - - if (debug_flag && syslog_flag) - syslog(LOG_DEBUG, " After fscanf(), before k_getuid()"); - - /* - ** Next - get the specific TCP connection and return the - ** uid - user number. - ** - ** Try to fetch the information 5 times incase the - ** kernel changed beneath us and we missed or took - ** a fault. - */ - for (try = 0; - (try < 5 && - k_getuid(&faddr2, htons(fport), laddr, htons(lport), &uid) == -1); - try++) - ; - - if (try >= 5) - { - if (syslog_flag) - syslog(LOG_DEBUG, "Returned: %d , %d : NO-USER", lport, fport); - - printf("%d , %d : ERROR : %s\r\n", - lport, fport, - unknown_flag ? "UNKNOWN-ERROR" : "NO-USER"); - continue; - } - - if (try > 0 && syslog_flag) - syslog(LOG_NOTICE, "k_getuid retries: %d", try); - - if (debug_flag && syslog_flag) - syslog(LOG_DEBUG, " After k_getuid(), before getpwuid()"); - - /* - ** Then we should try to get the username. If that fails we - ** return it as an OTHER identifier - */ - pwp = getpwuid(uid); - - if (!pwp) - { - if (syslog_flag) - syslog(LOG_WARNING, "getpwuid() could not map uid (%d) to name", - uid); - - printf("%d , %d : USERID : OTHER%s%s :%d\r\n", - lport, fport, - charset_name ? " , " : "", - charset_name ? charset_name : "", - uid); - continue; - } - - /* - ** Hey! We finally made it!!! - */ - if (syslog_flag) - syslog(LOG_DEBUG, "Successful lookup: %d , %d : %s\n", - lport, fport, pwp->pw_name); - - if (noident_flag && check_noident(pwp->pw_dir)) - { - if (syslog_flag && verbose_flag) - syslog(LOG_NOTICE, "user %s requested HIDDEN-USER for host %s: %d, %d", - pwp->pw_name, - gethost(faddr), - lport, fport); - - printf("%d , %d : ERROR : HIDDEN-USER\r\n", - lport, fport); - continue; - } - if (number_flag) - printf("%d , %d : USERID : OTHER%s%s :%d\r\n", - lport, fport, - charset_name ? " , " : "", - charset_name ? charset_name : "", - uid); - else - printf("%d , %d : USERID : %s%s%s :%s\r\n", - lport, fport, - other_flag ? "OTHER" : "UNIX", - charset_name ? " , " : "", - charset_name ? charset_name : "", - pwp->pw_name); - - } while(fflush(stdout), fflush(stderr), multi_flag && eat_whitespace()); + if (syslog_flag) + syslog(LOG_DEBUG, "Successful lookup: %d , %d : %s\n", + lport, fport, pw->pw_name); + + if (noident_flag && check_noident(pw->pw_dir)) { + if (syslog_flag && verbose_flag) + syslog(LOG_NOTICE, + "user %s requested HIDDEN-USER for host %s: %d, %d", + pw->pw_name, gethost(faddr), lport, fport); + printf("%d , %d : ERROR : HIDDEN-USER\r\n", lport, fport); + return 0; + } - return 0; + if (number_flag) { + printf("%d , %d : USERID : OTHER%s%s :%d\r\n", + lport, fport, charset_name ? " , " : "", + charset_name ? charset_name : "", uid); + return 0; + } + printf("%d , %d : USERID : %s%s%s :%s\r\n", + lport, fport, other_flag ? "OTHER" : "UNIX", + charset_name ? " , " : "", + charset_name ? charset_name : "", pw->pw_name); + return 0; } |