1
/* Licensed to the Apache Software Foundation (ASF) under one or more
2
* contributor license agreements. See the NOTICE file distributed with
3
* this work for additional information regarding copyright ownership.
4
* The ASF licenses this file to You under the Apache License, Version 2.0
5
* (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
18
* mod_ident: Handle RFC 1413 ident request
19
* obtained from rfc1413.c
21
* rfc1413() speaks a common subset of the RFC 1413, AUTH, TAP and IDENT
22
* protocols. The code queries an RFC 1413 etc. compatible daemon on a remote
23
* host to look up the owner of a connection. The information should not be
24
* used for authentication purposes. This routine intercepts alarm signals.
26
* Author: Wietse Venema, Eindhoven University of Technology,
30
/* Some small additions for Apache --- ditch the "sccsid" var if
31
* compiling with gcc (it *has* changed), include ap_config.h for the
32
* prototypes it defines on at least one system (SunlOSs) which has
33
* them missing from the standard header files, and one minor change
34
* below (extra parens around assign "if (foo = bar) ..." to shut up
38
/* Rewritten by David Robinson */
41
#include "apr_network_io.h"
42
#include "apr_strings.h"
43
#include "apr_optional.h"
45
#define APR_WANT_STDIO
46
#define APR_WANT_STRFUNC
49
#include "httpd.h" /* for server_rec, conn_rec, etc. */
50
#include "http_config.h"
51
#include "http_core.h"
52
#include "http_log.h" /* for aplog_error */
53
#include "util_ebcdic.h"
55
/* Whether we should enable rfc1413 identity checking */
56
#ifndef DEFAULT_RFC1413
57
#define DEFAULT_RFC1413 0
60
#define RFC1413_UNSET 2
62
/* request timeout (sec) */
63
#ifndef RFC1413_TIMEOUT
64
#define RFC1413_TIMEOUT 30
69
/* Semi-well-known port */
70
#define RFC1413_PORT 113
72
/* maximum allowed length of userid */
73
#define RFC1413_USERLEN 512
75
/* rough limit on the amount of data we accept. */
76
#define RFC1413_MAXDATA 1000
78
/* default username, if it could not determined */
79
#define FROM_UNKNOWN "unknown"
87
static apr_status_t rfc1413_connect(apr_socket_t **newsock, conn_rec *conn,
88
server_rec *srv, apr_time_t timeout)
91
apr_sockaddr_t *localsa, *destsa;
93
if ((rv = apr_sockaddr_info_get(&localsa, conn->local_ip, APR_UNSPEC,
94
0, /* ephemeral port */
95
0, conn->pool)) != APR_SUCCESS) {
96
/* This should not fail since we have a numeric address string
98
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
99
"rfc1413: apr_sockaddr_info_get(%s) failed",
104
if ((rv = apr_sockaddr_info_get(&destsa, conn->remote_ip,
105
localsa->family, /* has to match */
106
RFC1413_PORT, 0, conn->pool)) != APR_SUCCESS) {
107
/* This should not fail since we have a numeric address string
109
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
110
"rfc1413: apr_sockaddr_info_get(%s) failed",
115
if ((rv = apr_socket_create(newsock,
116
localsa->family, /* has to match */
117
SOCK_STREAM, 0, conn->pool)) != APR_SUCCESS) {
118
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
119
"rfc1413: error creating query socket");
123
if ((rv = apr_socket_timeout_set(*newsock, timeout)) != APR_SUCCESS) {
124
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
125
"rfc1413: error setting query socket timeout");
126
apr_socket_close(*newsock);
131
* Bind the local and remote ends of the query socket to the same
132
* IP addresses as the connection under investigation. We go
133
* through all this trouble because the local or remote system
134
* might have more than one network address. The RFC1413 etc.
135
* client sends only port numbers; the server takes the IP
136
* addresses from the query socket.
139
if ((rv = apr_socket_bind(*newsock, localsa)) != APR_SUCCESS) {
140
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
141
"rfc1413: Error binding query socket to local port");
142
apr_socket_close(*newsock);
147
* errors from connect usually imply the remote machine doesn't support
148
* the service; don't log such an error
150
if ((rv = apr_socket_connect(*newsock, destsa)) != APR_SUCCESS) {
151
apr_socket_close(*newsock);
158
static apr_status_t rfc1413_query(apr_socket_t *sock, conn_rec *conn,
161
apr_port_t rmt_port, our_port;
162
apr_port_t sav_rmt_port, sav_our_port;
165
char buffer[RFC1413_MAXDATA + 1];
166
char user[RFC1413_USERLEN + 1]; /* XXX */
169
sav_our_port = conn->local_addr->port;
170
sav_rmt_port = conn->remote_addr->port;
173
buflen = apr_snprintf(buffer, sizeof(buffer), "%hu,%hu\r\n", sav_rmt_port,
175
ap_xlate_proto_to_ascii(buffer, buflen);
177
/* send query to server. Handle short write. */
180
apr_size_t j = strlen(buffer + i);
182
status = apr_socket_send(sock, buffer+i, &j);
183
if (status != APR_SUCCESS) {
184
ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
185
"write: rfc1413: error sending request");
194
* Read response from server. - the response should be newline
195
* terminated according to rfc - make sure it doesn't stomp its
196
* way out of the buffer.
200
memset(buffer, '\0', sizeof(buffer));
202
* Note that the strchr function below checks for \012 instead of '\n'
203
* this allows it to work on both ASCII and EBCDIC machines.
205
while((cp = strchr(buffer, '\012')) == NULL && i < sizeof(buffer) - 1) {
206
apr_size_t j = sizeof(buffer) - 1 - i;
208
status = apr_socket_recv(sock, buffer+i, &j);
209
if (status != APR_SUCCESS) {
210
ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
211
"read: rfc1413: error reading response");
217
else if (status == APR_SUCCESS && j == 0) {
218
/* Oops... we ran out of data before finding newline */
223
/* RFC1413_USERLEN = 512 */
224
ap_xlate_proto_from_ascii(buffer, i);
225
if (sscanf(buffer, "%hu , %hu : USERID :%*[^:]:%512s", &rmt_port, &our_port,
226
user) != 3 || sav_rmt_port != rmt_port
227
|| sav_our_port != our_port)
231
* Strip trailing carriage return. It is part of the
232
* protocol, not part of the data.
235
if ((cp = strchr(user, '\r')))
238
conn->remote_logname = apr_pstrdup(conn->pool, user);
243
static const char *set_idcheck(cmd_parms *cmd, void *d_, int arg)
245
ident_config_rec *d = d_;
246
const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
249
d->do_rfc1413 = arg ? 1 : 0;
255
static const char *set_timeout(cmd_parms *cmd, void *d_, const char *arg)
257
ident_config_rec *d = d_;
258
const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
261
d->timeout = apr_time_from_sec(atoi(arg));
262
d->timeout_unset = 0;
268
static void *create_ident_dir_config(apr_pool_t *p, char *d)
270
ident_config_rec *conf = apr_palloc(p, sizeof(*conf));
272
conf->do_rfc1413 = DEFAULT_RFC1413 | RFC1413_UNSET;
273
conf->timeout = apr_time_from_sec(RFC1413_TIMEOUT);
274
conf->timeout_unset = 1;
279
static void *merge_ident_dir_config(apr_pool_t *p, void *old_, void *new_)
281
ident_config_rec *conf = (ident_config_rec *)apr_pcalloc(p, sizeof(*conf));
282
ident_config_rec *old = (ident_config_rec *) old_;
283
ident_config_rec *new = (ident_config_rec *) new_;
285
conf->timeout = new->timeout_unset
289
conf->do_rfc1413 = new->do_rfc1413 & RFC1413_UNSET
296
static const command_rec ident_cmds[] =
298
AP_INIT_FLAG("IdentityCheck", set_idcheck, NULL, RSRC_CONF|ACCESS_CONF,
299
"Enable identd (RFC 1413) user lookups - SLOW"),
300
AP_INIT_TAKE1("IdentityCheckTimeout", set_timeout, NULL,
301
RSRC_CONF|ACCESS_CONF,
302
"Identity check (RFC 1413) timeout duration (sec)"),
306
module AP_MODULE_DECLARE_DATA ident_module;
309
* Optional function for the core to to the actual ident request
311
static const char *ap_ident_lookup(request_rec *r)
313
ident_config_rec *conf;
316
conn_rec *conn = r->connection;
317
server_rec *srv = r->server;
319
conf = ap_get_module_config(r->per_dir_config, &ident_module);
321
/* return immediately if ident requests are disabled */
322
if (!(conf->do_rfc1413 & ~RFC1413_UNSET)) {
326
rv = rfc1413_connect(&sock, conn, srv, conf->timeout);
327
if (rv == APR_SUCCESS) {
328
rv = rfc1413_query(sock, conn, srv);
329
apr_socket_close(sock);
331
if (rv != APR_SUCCESS) {
332
conn->remote_logname = FROM_UNKNOWN;
335
return (const char *)conn->remote_logname;
338
static void register_hooks(apr_pool_t *p)
340
APR_REGISTER_OPTIONAL_FN(ap_ident_lookup);
343
module AP_MODULE_DECLARE_DATA ident_module =
345
STANDARD20_MODULE_STUFF,
346
create_ident_dir_config, /* dir config creater */
347
merge_ident_dir_config, /* dir merger --- default is to override */
348
NULL, /* server config */
349
NULL, /* merge server config */
350
ident_cmds, /* command apr_table_t */
351
register_hooks /* register hooks */