lib/libwrap/rfc931.c

/*	$NetBSD: rfc931.c,v 1.12 2016/03/16 22:32:32 christos Exp $	*/

 /*
  * rfc931() speaks a common subset of the RFC 931, AUTH, TAP, IDENT and RFC
  * 1413 protocols. It queries an RFC 931 etc. compatible daemon on a remote
  * host to look up the owner of a connection. The information should not be
  * used for authentication purposes. This routine intercepts alarm signals.
  *
  * Diagnostics are reported through syslog(3).
  *
  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
  */

#include <sys/cdefs.h>
#ifndef lint
#if 0
static char sccsid[] = "@(#) rfc931.c 1.10 95/01/02 16:11:34";
#else
__RCSID("$NetBSD: rfc931.c,v 1.12 2016/03/16 22:32:32 christos Exp $");
#endif
#endif

/* System libraries. */

#include <stdio.h>
#include <syslog.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <stdlib.h>
#include <unistd.h>
#include <setjmp.h>
#include <signal.h>
#include <string.h>

/* Local stuff. */

#include "tcpd.h"

#define	RFC931_PORT	113		/* Semi-well-known port */
#define	ANY_PORT	0		/* Any old port will do */

int     rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */

static jmp_buf timebuf;

static FILE *fsocket(int, int, int);
static void timeout(int) __dead;

/* fsocket - open stdio stream on top of socket */

static FILE *
fsocket(int domain, int type, int protocol)
{
    int     s;
    FILE   *fp;

    if ((s = socket(domain, type, protocol)) < 0) {
	tcpd_warn("socket: %m");
	return (0);
    } else {
	if ((fp = fdopen(s, "r+")) == 0) {
	    tcpd_warn("fdopen: %m");
	    close(s);
	}
	return (fp);
    }
}

/* timeout - handle timeouts */

static void
timeout(int sig)
{
    longjmp(timebuf, sig);
}

/* rfc931 - return remote user name, given socket structures */

void
rfc931(struct sockaddr *rmt_sin, struct sockaddr *our_sin, char *dest)
{
    unsigned rmt_port;
    unsigned our_port;
    struct sockaddr_storage rmt_query_sin;
    struct sockaddr_storage our_query_sin;
    char    user[256];			/* XXX */
    char    buffer[512];		/* XXX */
    char   *cp;
    char   * volatile result = unknown;
    FILE   *fp;
    volatile int salen;
    u_short * volatile rmt_portp;
    u_short * volatile our_portp;

    /* address family must be the same */
    if (rmt_sin->sa_family != our_sin->sa_family) {
	strlcpy(dest, unknown, STRING_LENGTH);
	return;
    }
    switch (rmt_sin->sa_family) {
    case AF_INET:
	salen = sizeof(struct sockaddr_in);
	rmt_portp = &(((struct sockaddr_in *)rmt_sin)->sin_port);
	break;
#ifdef INET6
    case AF_INET6:
	salen = sizeof(struct sockaddr_in6);
	rmt_portp = &(((struct sockaddr_in6 *)rmt_sin)->sin6_port);
	break;
#endif
    default:
	strlcpy(dest, unknown, STRING_LENGTH);
	return;
    }
    switch (our_sin->sa_family) {
    case AF_INET:
	our_portp = &(((struct sockaddr_in *)our_sin)->sin_port);
	break;
#ifdef INET6
    case AF_INET6:
	our_portp = &(((struct sockaddr_in6 *)our_sin)->sin6_port);
	break;
#endif
    default:
	strlcpy(dest, unknown, STRING_LENGTH);
	return;
    }

    /*
     * Use one unbuffered stdio stream for writing to and for reading from
     * the RFC931 etc. server. This is done because of a bug in the SunOS
     * 4.1.x stdio library. The bug may live in other stdio implementations,
     * too. When we use a single, buffered, bidirectional stdio stream ("r+"
     * or "w+" mode) we read our own output. Such behaviour would make sense
     * with resources that support random-access operations, but not with
     * sockets.
     */

    if ((fp = fsocket(rmt_sin->sa_family, SOCK_STREAM, 0)) != 0) {
	setbuf(fp, (char *) 0);

	/*
	 * Set up a timer so we won't get stuck while waiting for the server.
	 */

	if (setjmp(timebuf) == 0) {
	    signal(SIGALRM, timeout);
	    alarm(rfc931_timeout);

	    /*
	     * Bind the local and remote ends of the query socket to the same
	     * IP addresses as the connection under investigation. We go
	     * through all this trouble because the local or remote system
	     * might have more than one network address. The RFC931 etc.
	     * client sends only port numbers; the server takes the IP
	     * addresses from the query socket.
	     */

	    memcpy(&our_query_sin, our_sin, salen);
	    switch (our_query_sin.ss_family) {
	    case AF_INET:
		((struct sockaddr_in *)&our_query_sin)->sin_port =
			htons(ANY_PORT);
		break;
#ifdef INET6
	    case AF_INET6:
		((struct sockaddr_in6 *)&our_query_sin)->sin6_port =
			htons(ANY_PORT);
		break;
#endif
	    }
	    memcpy(&rmt_query_sin, rmt_sin, salen);
	    switch (rmt_query_sin.ss_family) {
	    case AF_INET:
		((struct sockaddr_in *)&rmt_query_sin)->sin_port =
			htons(RFC931_PORT);
		break;
#ifdef INET6
	    case AF_INET6:
		((struct sockaddr_in6 *)&rmt_query_sin)->sin6_port =
			htons(RFC931_PORT);
		break;
#endif
	    }

	    if (bind(fileno(fp), (struct sockaddr *) & our_query_sin,
		     salen) >= 0 &&
		connect(fileno(fp), (struct sockaddr *) & rmt_query_sin,
			salen) >= 0) {

		/*
		 * Send query to server. Neglect the risk that a 13-byte
		 * write would have to be fragmented by the local system and
		 * cause trouble with buggy System V stdio libraries.
		 */

		fprintf(fp, "%u,%u\r\n",
			ntohs(*rmt_portp),
			ntohs(*our_portp));
		fflush(fp);

		/*
		 * Read response from server. Use fgets()/sscanf() so we can
		 * work around System V stdio libraries that incorrectly
		 * assume EOF when a read from a socket returns less than
		 * requested.
		 */

		if (fgets(buffer, sizeof(buffer), fp) != 0
		    && ferror(fp) == 0 && feof(fp) == 0
		    && sscanf(buffer, "%u , %u : USERID :%*[^:]:%255s",
			      &rmt_port, &our_port, user) == 3
		    && ntohs(*rmt_portp) == rmt_port
		    && ntohs(*our_portp) == our_port) {

		    /*
		     * Strip trailing carriage return. It is part of the
		     * protocol, not part of the data.
		     */

		    if ((cp = strchr(user, '\r')) != NULL)
			*cp = '\0';
		    result = user;
		}
	    }
	    alarm(0);
	}
	fclose(fp);
    }
    strlcpy(dest, result, STRING_LENGTH);
}