rfc1413.c revision 2d71630471d1c23f0137309e3c3957c633ecbfd6
208651a016b098f4fa1f6279559f104d70f1632dtakashi/* ====================================================================
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * Copyright (c) 1995-1999 The Apache Group. All rights reserved.
b3dff74af4d269de76653c5e88c9be64e24568f4takashi *
4a47ffe35ce63fff3a755f750e6dcce8c4bfe52ctakashi * Redistribution and use in source and binary forms, with or without
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * modification, are permitted provided that the following conditions
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * are met:
b3dff74af4d269de76653c5e88c9be64e24568f4takashi *
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * 1. Redistributions of source code must retain the above copyright
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * notice, this list of conditions and the following disclaimer.
b3dff74af4d269de76653c5e88c9be64e24568f4takashi *
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * 2. Redistributions in binary form must reproduce the above copyright
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * notice, this list of conditions and the following disclaimer in
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * the documentation and/or other materials provided with the
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * distribution.
b3dff74af4d269de76653c5e88c9be64e24568f4takashi *
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * 3. All advertising materials mentioning features or use of this
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * software must display the following acknowledgment:
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * "This product includes software developed by the Apache Group
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * for use in the Apache HTTP server project (http://www.apache.org/)."
b3dff74af4d269de76653c5e88c9be64e24568f4takashi *
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * 4. The names "Apache Server" and "Apache Group" must not be used to
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * endorse or promote products derived from this software without
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * prior written permission. For written permission, please contact
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * apache@apache.org.
b3dff74af4d269de76653c5e88c9be64e24568f4takashi *
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * 5. Products derived from this software may not be called "Apache"
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * nor may "Apache" appear in their names without prior written
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * permission of the Apache Group.
b3dff74af4d269de76653c5e88c9be64e24568f4takashi *
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * 6. Redistributions of any form whatsoever must retain the following
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * acknowledgment:
208651a016b098f4fa1f6279559f104d70f1632dtakashi * "This product includes software developed by the Apache Group
208651a016b098f4fa1f6279559f104d70f1632dtakashi * for use in the Apache HTTP server project (http://www.apache.org/)."
208651a016b098f4fa1f6279559f104d70f1632dtakashi *
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
208651a016b098f4fa1f6279559f104d70f1632dtakashi * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
208651a016b098f4fa1f6279559f104d70f1632dtakashi * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * OF THE POSSIBILITY OF SUCH DAMAGE.
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * ====================================================================
208651a016b098f4fa1f6279559f104d70f1632dtakashi *
208651a016b098f4fa1f6279559f104d70f1632dtakashi * This software consists of voluntary contributions made by many
208651a016b098f4fa1f6279559f104d70f1632dtakashi * individuals on behalf of the Apache Group and was originally based
208651a016b098f4fa1f6279559f104d70f1632dtakashi * on public domain software written at the National Center for
208651a016b098f4fa1f6279559f104d70f1632dtakashi * Supercomputing Applications, University of Illinois, Urbana-Champaign.
208651a016b098f4fa1f6279559f104d70f1632dtakashi * For more information on the Apache Group and the Apache HTTP server
208651a016b098f4fa1f6279559f104d70f1632dtakashi * project, please see <http://www.apache.org/>.
b3dff74af4d269de76653c5e88c9be64e24568f4takashi *
b3dff74af4d269de76653c5e88c9be64e24568f4takashi */
208651a016b098f4fa1f6279559f104d70f1632dtakashi
208651a016b098f4fa1f6279559f104d70f1632dtakashi/* TODO - put timeouts back in */
b3dff74af4d269de76653c5e88c9be64e24568f4takashi/*
208651a016b098f4fa1f6279559f104d70f1632dtakashi * rfc1413() speaks a common subset of the RFC 1413, AUTH, TAP and IDENT
208651a016b098f4fa1f6279559f104d70f1632dtakashi * protocols. The code queries an RFC 1413 etc. compatible daemon on a remote
208651a016b098f4fa1f6279559f104d70f1632dtakashi * host to look up the owner of a connection. The information should not be
208651a016b098f4fa1f6279559f104d70f1632dtakashi * used for authentication purposes. This routine intercepts alarm signals.
208651a016b098f4fa1f6279559f104d70f1632dtakashi *
208651a016b098f4fa1f6279559f104d70f1632dtakashi * Diagnostics are reported through syslog(3).
208651a016b098f4fa1f6279559f104d70f1632dtakashi *
208651a016b098f4fa1f6279559f104d70f1632dtakashi * Author: Wietse Venema, Eindhoven University of Technology,
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * The Netherlands.
b3dff74af4d269de76653c5e88c9be64e24568f4takashi */
b3dff74af4d269de76653c5e88c9be64e24568f4takashi
b3dff74af4d269de76653c5e88c9be64e24568f4takashi/* Some small additions for Apache --- ditch the "sccsid" var if
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * compiling with gcc (it *has* changed), include ap_config.h for the
208651a016b098f4fa1f6279559f104d70f1632dtakashi * prototypes it defines on at least one system (SunlOSs) which has
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * them missing from the standard header files, and one minor change
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * below (extra parens around assign "if (foo = bar) ..." to shut up
b3dff74af4d269de76653c5e88c9be64e24568f4takashi * gcc -Wall).
b3dff74af4d269de76653c5e88c9be64e24568f4takashi */
b3dff74af4d269de76653c5e88c9be64e24568f4takashi
208651a016b098f4fa1f6279559f104d70f1632dtakashi/* Rewritten by David Robinson */
208651a016b098f4fa1f6279559f104d70f1632dtakashi
208651a016b098f4fa1f6279559f104d70f1632dtakashi#include "ap_config.h"
208651a016b098f4fa1f6279559f104d70f1632dtakashi#include "httpd.h" /* for server_rec, conn_rec, etc. */
208651a016b098f4fa1f6279559f104d70f1632dtakashi#include "http_log.h" /* for aplog_error */
b3dff74af4d269de76653c5e88c9be64e24568f4takashi#include "rfc1413.h"
b3dff74af4d269de76653c5e88c9be64e24568f4takashi#include "http_main.h" /* set_callback_and_alarm */
b3dff74af4d269de76653c5e88c9be64e24568f4takashi#include "apr_network_io.h"
b3dff74af4d269de76653c5e88c9be64e24568f4takashi#include <string.h>
b3dff74af4d269de76653c5e88c9be64e24568f4takashi
/* Local stuff. */
/* Semi-well-known port */
#define RFC1413_PORT 113
/* maximum allowed length of userid */
#define RFC1413_USERLEN 512
/* rough limit on the amount of data we accept. */
#define RFC1413_MAXDATA 1000
#ifndef RFC1413_TIMEOUT
#define RFC1413_TIMEOUT 30
#endif
#define ANY_PORT 0 /* Any old port will do */
#define FROM_UNKNOWN "unknown"
int ap_rfc1413_timeout = RFC1413_TIMEOUT; /* Global so it can be changed */
/* bind_connect - bind both ends of a socket */
/* Ambarish fix this. Very broken */
static int get_rfc1413(ap_socket_t *sock, const char *local_ip,
const char *rmt_ip,
char user[RFC1413_USERLEN+1], server_rec *srv)
{
unsigned int rmt_port, our_port;
unsigned int sav_rmt_port, sav_our_port;
ap_status_t status;
int i;
char *cp;
char buffer[RFC1413_MAXDATA + 1];
int buflen;
/*
* Bind the local and remote ends of the query socket to the same
* IP addresses as the connection under investigation. We go
* through all this trouble because the local or remote system
* might have more than one network address. The RFC1413 etc.
* client sends only port numbers; the server takes the IP
* addresses from the query socket.
*/
ap_set_local_port(sock, ANY_PORT);
ap_set_local_ipaddr(sock, local_ip);
if ((status = ap_bind(sock)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
"bind: rfc1413: Error binding to local port");
return -1;
}
ap_get_local_port(&sav_our_port, sock);
/*
* errors from connect usually imply the remote machine doesn't support
* the service
*/
ap_set_remote_port(sock, RFC1413_PORT);
ap_set_remote_ipaddr(sock, rmt_ip);
if (ap_connect(sock, NULL) != APR_SUCCESS)
return -1;
ap_get_remote_port(&sav_rmt_port, sock);
/* send the data */
buflen = ap_snprintf(buffer, sizeof(buffer), "%u,%u\r\n", sav_rmt_port,
sav_our_port);
/* send query to server. Handle short write. */
#ifdef CHARSET_EBCDIC
ebcdic2ascii(&buffer, &buffer, buflen);
#endif
i = 0;
while(i < strlen(buffer)) {
ap_ssize_t j = strlen(buffer + i);
ap_status_t status;
status = ap_send(sock, buffer+i, &j);
if (status != APR_SUCCESS && status != APR_EINTR) {
ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
"write: rfc1413: error sending request");
return -1;
}
else if (j > 0) {
i+=j;
}
}
/*
* Read response from server. - the response should be newline
* terminated according to rfc - make sure it doesn't stomp it's
* way out of the buffer.
*/
i = 0;
memset(buffer, '\0', sizeof(buffer));
/*
* Note that the strchr function below checks for 10 instead of '\n'
* this allows it to work on both ASCII and EBCDIC machines.
*/
while((cp = strchr(buffer, '\012')) == NULL && i < sizeof(buffer) - 1) {
ap_ssize_t j = sizeof(buffer) - 1 - i;
ap_status_t status;
status = ap_recv(sock, buffer+i, &j);
if (status != APR_SUCCESS && status != APR_EINTR) {
ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
"read: rfc1413: error reading response");
return -1;
}
else if (j > 0) {
i+=j;
}
}
/* RFC1413_USERLEN = 512 */
#ifdef CHARSET_EBCDIC
ascii2ebcdic(&buffer, &buffer, (size_t)i);
#endif
if (sscanf(buffer, "%u , %u : USERID :%*[^:]:%512s", &rmt_port, &our_port,
user) != 3 || sav_rmt_port != rmt_port
|| sav_our_port != our_port)
return -1;
/*
* Strip trailing carriage return. It is part of the
* protocol, not part of the data.
*/
if ((cp = strchr(user, '\r')))
*cp = '\0';
return 0;
}
/* rfc1413 - return remote user name, given socket structures */
char *ap_rfc1413(conn_rec *conn, server_rec *srv)
{
ap_status_t status;
static char user[RFC1413_USERLEN + 1]; /* XXX */
static char *result;
static ap_socket_t *sock;
result = FROM_UNKNOWN;
if ((status = ap_create_tcp_socket(&sock, conn->pool)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
"socket: rfc1413: error creating socket");
conn->remote_logname = result;
}
if (get_rfc1413(sock, conn->local_ip, conn->remote_ip, user, srv) >= 0)
result = user;
ap_close_socket(sock);
conn->remote_logname = result;
return conn->remote_logname;
}