1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 /* TODO - put timeouts back in */
19 * rfc1413() speaks a common subset of the RFC 1413, AUTH, TAP and IDENT
20 * protocols. The code queries an RFC 1413 etc. compatible daemon on a remote
21 * host to look up the owner of a connection. The information should not be
22 * used for authentication purposes. This routine intercepts alarm signals.
24 * Diagnostics are reported through syslog(3).
26 * Author: Wietse Venema, Eindhoven University of Technology,
30 /* Some small additions for Apache --- ditch the "sccsid" var if
31 * compiling with gcc (it *has* changed), include ap_config.h for the
32 * prototypes it defines on at least one system (SunlOSs) which has
33 * them missing from the standard header files, and one minor change
34 * below (extra parens around assign "if (foo = bar) ..." to shut up
38 /* Rewritten by David Robinson */
41 #include "apr_network_io.h"
42 #include "apr_strings.h"
44 #include "apr_inherit.h"
46 #define APR_WANT_STDIO
47 #define APR_WANT_STRFUNC
50 #include "ap_config.h"
51 #include "httpd.h" /* for server_rec, conn_rec, etc. */
52 #include "http_log.h" /* for aplog_error */
54 #include "http_main.h" /* set_callback_and_alarm */
55 #include "util_ebcdic.h"
58 /* Semi-well-known port */
59 #define RFC1413_PORT 113
60 /* maximum allowed length of userid */
61 #define RFC1413_USERLEN 512
62 /* rough limit on the amount of data we accept. */
63 #define RFC1413_MAXDATA 1000
65 #ifndef RFC1413_TIMEOUT
66 #define RFC1413_TIMEOUT 30
68 #define FROM_UNKNOWN "unknown"
70 int ap_rfc1413_timeout = RFC1413_TIMEOUT; /* Global so it can be changed */
72 static apr_status_t rfc1413_connect(apr_socket_t **newsock, conn_rec *conn,
76 apr_sockaddr_t *localsa, *destsa;
78 if ((rv = apr_sockaddr_info_get(&localsa, conn->local_ip, APR_UNSPEC,
79 0, /* ephemeral port */
80 0, conn->pool)) != APR_SUCCESS) {
81 /* This should not fail since we have a numeric address string
83 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
84 "rfc1413: apr_sockaddr_info_get(%s) failed",
89 if ((rv = apr_sockaddr_info_get(&destsa, conn->remote_ip,
90 localsa->family, /* has to match */
91 RFC1413_PORT, 0, conn->pool)) != APR_SUCCESS) {
92 /* This should not fail since we have a numeric address string
94 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
95 "rfc1413: apr_sockaddr_info_get(%s) failed",
100 if ((rv = apr_socket_create(newsock,
101 localsa->family, /* has to match */
102 SOCK_STREAM, conn->pool)) != APR_SUCCESS) {
103 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
104 "rfc1413: error creating query socket");
108 if ((rv = apr_socket_timeout_set(*newsock, apr_time_from_sec(ap_rfc1413_timeout)))
110 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
111 "rfc1413: error setting query socket timeout");
112 apr_socket_close(*newsock);
117 * Bind the local and remote ends of the query socket to the same
118 * IP addresses as the connection under investigation. We go
119 * through all this trouble because the local or remote system
120 * might have more than one network address. The RFC1413 etc.
121 * client sends only port numbers; the server takes the IP
122 * addresses from the query socket.
125 if ((rv = apr_bind(*newsock, localsa)) != APR_SUCCESS) {
126 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
127 "rfc1413: Error binding query socket to local port");
128 apr_socket_close(*newsock);
133 * errors from connect usually imply the remote machine doesn't support
134 * the service; don't log such an error
136 if ((rv = apr_connect(*newsock, destsa)) != APR_SUCCESS) {
137 apr_socket_close(*newsock);
144 static apr_status_t rfc1413_query(apr_socket_t *sock, conn_rec *conn,
147 apr_port_t rmt_port, our_port;
148 apr_port_t sav_rmt_port, sav_our_port;
151 char buffer[RFC1413_MAXDATA + 1];
152 char user[RFC1413_USERLEN + 1]; /* XXX */
155 apr_sockaddr_port_get(&sav_our_port, conn->local_addr);
156 apr_sockaddr_port_get(&sav_rmt_port, conn->remote_addr);
159 buflen = apr_snprintf(buffer, sizeof(buffer), "%hu,%hu\r\n", sav_rmt_port,
161 ap_xlate_proto_to_ascii(buffer, buflen);
163 /* send query to server. Handle short write. */
166 apr_size_t j = strlen(buffer + i);
168 status = apr_send(sock, buffer+i, &j);
169 if (status != APR_SUCCESS) {
170 ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
171 "write: rfc1413: error sending request");
180 * Read response from server. - the response should be newline
181 * terminated according to rfc - make sure it doesn't stomp its
182 * way out of the buffer.
186 memset(buffer, '\0', sizeof(buffer));
188 * Note that the strchr function below checks for \012 instead of '\n'
189 * this allows it to work on both ASCII and EBCDIC machines.
191 while((cp = strchr(buffer, '\012')) == NULL && i < sizeof(buffer) - 1) {
192 apr_size_t j = sizeof(buffer) - 1 - i;
194 status = apr_recv(sock, buffer+i, &j);
195 if (status != APR_SUCCESS) {
196 ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
197 "read: rfc1413: error reading response");
203 else if (status == APR_SUCCESS && j == 0) {
204 /* Oops... we ran out of data before finding newline */
209 /* RFC1413_USERLEN = 512 */
210 ap_xlate_proto_from_ascii(buffer, i);
211 if (sscanf(buffer, "%hu , %hu : USERID :%*[^:]:%512s", &rmt_port, &our_port,
212 user) != 3 || sav_rmt_port != rmt_port
213 || sav_our_port != our_port)
217 * Strip trailing carriage return. It is part of the
218 * protocol, not part of the data.
221 if ((cp = strchr(user, '\r')))
224 conn->remote_logname = apr_pstrdup(conn->pool, user);
229 char *ap_rfc1413(conn_rec *conn, server_rec *srv)
234 rv = rfc1413_connect(&sock, conn, srv);
235 if (rv == APR_SUCCESS) {
236 rv = rfc1413_query(sock, conn, srv);
237 apr_socket_close(sock);
239 if (rv != APR_SUCCESS) {
240 conn->remote_logname = FROM_UNKNOWN;
242 return conn->remote_logname;