1 /* $NetBSD: identd.c,v 1.38 2021/12/05 05:03:05 msaitoh Exp $ */
2
3 /*
4 * identd.c - TCP/IP Ident protocol server.
5 *
6 * This software is in the public domain.
7 * Written by Peter Postma <peter@NetBSD.org>
8 */
9
10 #include <sys/cdefs.h>
11 __RCSID("$NetBSD: identd.c,v 1.38 2021/12/05 05:03:05 msaitoh Exp $");
12
13 #include <sys/param.h>
14 #include <sys/socket.h>
15 #include <sys/stat.h>
16 #include <sys/sysctl.h>
17
18 #include <netinet/in.h>
19 #include <netinet/ip_var.h>
20 #include <netinet/tcp.h>
21 #include <netinet/tcp_timer.h>
22 #include <netinet/tcp_var.h>
23
24 #include <arpa/inet.h>
25
26 #include <ctype.h>
27 #include <err.h>
28 #include <errno.h>
29 #include <fcntl.h>
30 #include <grp.h>
31 #include <netdb.h>
32 #include <poll.h>
33 #include <pwd.h>
34 #include <signal.h>
35 #include <stdarg.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <syslog.h>
40 #include <unistd.h>
41
42 #include "identd.h"
43
44 #define OPSYS_NAME "UNIX"
45 #define IDENT_SERVICE "auth"
46 #define TIMEOUT 30 /* seconds */
47
48 static int idhandle(int, const char *, const char *, const char *,
49 const char *, struct sockaddr *, int);
50 static void idparse(int, int, int, const char *, const char *, const char *);
51 static void iderror(int, int, int, const char *);
52 static const char *gethost(struct sockaddr *);
53 static int *socketsetup(const char *, const char *, int);
54 static int ident_getuid(struct sockaddr_storage *, socklen_t,
55 struct sockaddr *, uid_t *);
56 static int sysctl_getuid(struct sockaddr_storage *, socklen_t, uid_t *);
57 static int sysctl_proxy_getuid(struct sockaddr_storage *,
58 struct sockaddr *, uid_t *);
59 static int forward(int, struct sockaddr *, int, int, int);
60 static int check_noident(const char *);
61 static int check_userident(const char *, char *, size_t);
62 static void random_string(char *, size_t);
63 static int change_format(const char *, struct passwd *, char *, size_t);
64 __dead static void timeout_handler(int);
65 __dead static void fatal(const char *);
66 __dead static void die(const char *, ...) __printflike(1, 2);
67
68 static int bflag, dflag, eflag, fflag, iflag, Iflag;
69 static int lflag, Lflag, nflag, Nflag, rflag;
70
71 /* NAT lookup function pointer. */
72 typedef int (*nat_lookup_t)(const struct sockaddr_storage *,
73 struct sockaddr_storage *, in_port_t *);
74
75 static nat_lookup_t nat_lookup;
76
77 /* Packet filters. */
78 static const struct {
79 const char *name;
80 nat_lookup_t fn;
81 } filters[] = {
82 #ifdef WITH_PF
83 { "pf", pf_natlookup },
84 #endif
85 #ifdef WITH_IPF
86 { "ipfilter", ipf_natlookup },
87 #endif
88 #ifdef WITH_NPF
89 { "npf", npf_natlookup },
90 #endif
91 { NULL, NULL }
92 };
93
94 int
main(int argc,char * argv[])95 main(int argc, char *argv[])
96 {
97 int IPv4or6, ch, error, i, *socks, timeout;
98 const char *filter, *osname, *portno, *proxy;
99 char *address, *charset, *fmt, *p;
100 char user[LOGIN_NAME_MAX];
101 struct addrinfo *ai, hints;
102 struct sockaddr *proxy_addr;
103 struct group *grp;
104 struct passwd *pw;
105 gid_t gid;
106 uid_t uid;
107
108 socks = NULL;
109 IPv4or6 = AF_UNSPEC;
110 osname = OPSYS_NAME;
111 portno = IDENT_SERVICE;
112 timeout = TIMEOUT;
113 nat_lookup = NULL;
114 proxy_addr = NULL;
115 filter = proxy = NULL;
116 address = charset = fmt = NULL;
117 uid = gid = 0;
118 bflag = dflag = eflag = fflag = iflag = Iflag = 0;
119 lflag = Lflag = nflag = Nflag = rflag = 0;
120
121 /* Started from a tty? then run as daemon. */
122 if (isatty(STDIN_FILENO))
123 bflag = 1;
124
125 /* Parse command line arguments. */
126 while ((ch = getopt(argc, argv,
127 "46a:bcdeF:f:g:IiL:lm:Nno:P:p:rt:u:")) != -1) {
128 switch (ch) {
129 case '4':
130 IPv4or6 = AF_INET;
131 break;
132 case '6':
133 IPv4or6 = AF_INET6;
134 break;
135 case 'a':
136 address = optarg;
137 break;
138 case 'b':
139 bflag = 1;
140 break;
141 case 'c':
142 charset = optarg;
143 break;
144 case 'd':
145 dflag++;
146 break;
147 case 'e':
148 eflag = 1;
149 break;
150 case 'F':
151 fmt = optarg;
152 break;
153 case 'f':
154 fflag = 1;
155 (void)strlcpy(user, optarg, sizeof(user));
156 break;
157 case 'g':
158 gid = (gid_t)strtol(optarg, &p, 0);
159 if (*p != '\0') {
160 if ((grp = getgrnam(optarg)) != NULL)
161 gid = grp->gr_gid;
162 else
163 die("No such group `%s'", optarg);
164 }
165 break;
166 case 'I':
167 Iflag = 1;
168 /* FALLTHROUGH */
169 case 'i':
170 iflag = 1;
171 break;
172 case 'L':
173 Lflag = 1;
174 (void)strlcpy(user, optarg, sizeof(user));
175 break;
176 case 'l':
177 if (!lflag)
178 openlog("identd", LOG_PID, LOG_DAEMON);
179 lflag = 1;
180 break;
181 case 'm':
182 filter = optarg;
183 break;
184 case 'N':
185 Nflag = 1;
186 break;
187 case 'n':
188 nflag = 1;
189 break;
190 case 'o':
191 osname = optarg;
192 break;
193 case 'P':
194 proxy = optarg;
195 break;
196 case 'p':
197 portno = optarg;
198 break;
199 case 'r':
200 rflag = 1;
201 break;
202 case 't':
203 timeout = (int)strtol(optarg, &p, 0);
204 if (*p != '\0' || timeout < 1)
205 die("Invalid timeout value `%s'", optarg);
206 break;
207 case 'u':
208 uid = (uid_t)strtol(optarg, &p, 0);
209 if (*p != '\0') {
210 if ((pw = getpwnam(optarg)) != NULL) {
211 uid = pw->pw_uid;
212 gid = pw->pw_gid;
213 } else
214 die("No such user `%s'", optarg);
215 }
216 break;
217 default:
218 exit(EXIT_FAILURE);
219 }
220 }
221
222 /* Verify proxy address, if enabled. */
223 if (proxy != NULL) {
224 (void)memset(&hints, 0, sizeof(hints));
225 hints.ai_family = IPv4or6;
226 hints.ai_socktype = SOCK_STREAM;
227 error = getaddrinfo(proxy, NULL, &hints, &ai);
228 if (error != 0)
229 die("Bad proxy `%s': %s", proxy, gai_strerror(error));
230 if (ai->ai_next != NULL)
231 die("Bad proxy `%s': resolves to multiple addresses",
232 proxy);
233 proxy_addr = ai->ai_addr;
234 }
235
236 /* Verify filter, if enabled. */
237 if (filter != NULL) {
238 for (i = 0; filters[i].name != NULL; i++) {
239 if (strcasecmp(filter, filters[i].name) == 0) {
240 nat_lookup = filters[i].fn;
241 break;
242 }
243 }
244 if (nat_lookup == NULL)
245 die("Packet filter `%s' is not supported", filter);
246 }
247
248 /* Setup sockets when running in the background. */
249 if (bflag)
250 socks = socketsetup(address, portno, IPv4or6);
251
252 /* Switch to another uid/gid? */
253 if (gid && setgid(gid) == -1)
254 die("Failed to set GID to `%d': %s", gid, strerror(errno));
255 if (uid && setuid(uid) == -1)
256 die("Failed to set UID to `%d': %s", uid, strerror(errno));
257
258 /*
259 * When running as daemon: daemonize, setup pollfds and go into
260 * the mainloop. Otherwise, just read the input from stdin and
261 * let inetd handle the sockets.
262 */
263 if (bflag) {
264 int fd, nfds, rv;
265 struct pollfd *rfds;
266
267 if (!dflag && daemon(0, 0) < 0)
268 die("daemon: %s", strerror(errno));
269
270 rfds = malloc(*socks * sizeof(struct pollfd));
271 if (rfds == NULL)
272 fatal("malloc");
273 nfds = *socks;
274 for (i = 0; i < nfds; i++) {
275 rfds[i].fd = socks[i+1];
276 rfds[i].events = POLLIN;
277 rfds[i].revents = 0;
278 }
279 /* Mainloop for daemon. */
280 for (;;) {
281 rv = poll(rfds, nfds, INFTIM);
282 if (rv < 0) {
283 if (errno == EINTR)
284 continue;
285 fatal("poll");
286 }
287 for (i = 0; i < nfds; i++) {
288 if (rfds[i].revents & POLLIN) {
289 fd = accept(rfds[i].fd, NULL, NULL);
290 if (fd < 0) {
291 maybe_syslog(LOG_ERR,
292 "accept: %m");
293 continue;
294 }
295 switch (fork()) {
296 case -1: /* error */
297 maybe_syslog(LOG_ERR,
298 "fork: %m");
299 (void)sleep(1);
300 break;
301 case 0: /* child */
302 (void)idhandle(fd, charset,
303 fmt, osname, user,
304 proxy_addr, timeout);
305 _exit(EXIT_SUCCESS);
306 default: /* parent */
307 (void)signal(SIGCHLD, SIG_IGN);
308 (void)close(fd);
309 }
310 }
311 }
312 }
313 } else
314 (void)idhandle(STDIN_FILENO, charset, fmt, osname, user,
315 proxy_addr, timeout);
316
317 return 0;
318 }
319
320 /*
321 * Handle a request on the ident port. Returns 0 on success or 1 on
322 * failure. The return values are currently ignored.
323 */
324 static int
idhandle(int fd,const char * charset,const char * fmt,const char * osname,const char * user,struct sockaddr * proxy,int timeout)325 idhandle(int fd, const char *charset, const char *fmt, const char *osname,
326 const char *user, struct sockaddr *proxy, int timeout)
327 {
328 struct sockaddr_storage ss[2];
329 char userbuf[LOGIN_NAME_MAX]; /* actual user name (or numeric uid) */
330 char idbuf[LOGIN_NAME_MAX]; /* name to be used in response */
331 char buf[BUFSIZ], *p;
332 struct passwd *pw;
333 int lport, fport;
334 socklen_t len;
335 uid_t uid;
336 ssize_t n;
337 size_t qlen;
338
339 lport = fport = 0;
340
341 (void)strlcpy(idbuf, user, sizeof(idbuf));
342 (void)signal(SIGALRM, timeout_handler);
343 (void)alarm(timeout);
344
345 /* Get foreign internet address. */
346 len = sizeof(ss[0]);
347 if (getpeername(fd, (struct sockaddr *)&ss[0], &len) < 0)
348 fatal("getpeername");
349
350 maybe_syslog(LOG_INFO, "Connection from %s",
351 gethost((struct sockaddr *)&ss[0]));
352
353 /* Get local internet address. */
354 len = sizeof(ss[1]);
355 if (getsockname(fd, (struct sockaddr *)&ss[1], &len) < 0)
356 fatal("getsockname");
357
358 /* Be sure to have the same address families. */
359 if (ss[0].ss_family != ss[1].ss_family) {
360 maybe_syslog(LOG_ERR, "Different foreign/local address family");
361 return 1;
362 }
363
364 /* Receive data from the client. */
365 qlen = 0;
366 for (;;) {
367 if ((n = recv(fd, &buf[qlen], sizeof(buf) - qlen, 0)) < 0) {
368 fatal("recv");
369 } else if (n == 0) {
370 maybe_syslog(LOG_NOTICE, "recv: EOF");
371 iderror(fd, 0, 0, "UNKNOWN-ERROR");
372 return 1;
373 }
374 /*
375 * 1413 is not clear on what to do if data follows the first
376 * CRLF before we respond. We do not consider the query
377 * complete until we get a CRLF _at the end of the buffer_.
378 */
379 qlen += n;
380 if (qlen >= sizeof(buf)) {
381 maybe_syslog(LOG_NOTICE, "recv: message too long");
382 exit(0);
383 }
384 if ((qlen >= 2) && (buf[qlen - 2] == '\r') &&
385 (buf[qlen - 1] == '\n'))
386 break;
387 }
388 buf[qlen - 2] = '\0';
389
390 /* Get local and remote ports from the received data. */
391 p = buf;
392 while (*p != '\0' && isspace((unsigned char)*p))
393 p++;
394 if ((p = strtok(p, " \t,")) != NULL) {
395 lport = atoi(p);
396 if ((p = strtok(NULL, " \t,")) != NULL)
397 fport = atoi(p);
398 }
399
400 /* Are the ports valid? */
401 if (lport < 1 || lport > 65535 || fport < 1 || fport > 65535) {
402 maybe_syslog(LOG_NOTICE, "Invalid port(s): %d, %d from %s",
403 lport, fport, gethost((struct sockaddr *)&ss[0]));
404 iderror(fd, 0, 0, eflag ? "UNKNOWN-ERROR" : "INVALID-PORT");
405 return 1;
406 }
407
408 /* If there is a 'lie' user enabled, then handle it now and stop. */
409 if (Lflag) {
410 maybe_syslog(LOG_NOTICE, "Lying with name %s to %s",
411 idbuf, gethost((struct sockaddr *)&ss[0]));
412 idparse(fd, lport, fport, charset, osname, idbuf);
413 return 0;
414 }
415
416 /* Protocol dependent stuff. */
417 switch (ss[0].ss_family) {
418 case AF_INET:
419 satosin(&ss[0])->sin_port = htons(fport);
420 satosin(&ss[1])->sin_port = htons(lport);
421 break;
422 case AF_INET6:
423 satosin6(&ss[0])->sin6_port = htons(fport);
424 satosin6(&ss[1])->sin6_port = htons(lport);
425 break;
426 default:
427 maybe_syslog(LOG_ERR, "Unsupported protocol (no. %d)",
428 ss[0].ss_family);
429 return 1;
430 }
431
432 /* Try to get the UID of the connection owner using sysctl. */
433 if (ident_getuid(ss, sizeof(ss), proxy, &uid) == -1) {
434 /* Lookup failed, try to forward if enabled. */
435 if (nat_lookup != NULL) {
436 struct sockaddr_storage nat_addr;
437 in_port_t nat_lport;
438
439 (void)memset(&nat_addr, 0, sizeof(nat_addr));
440 if ((*nat_lookup)(ss, &nat_addr, &nat_lport) &&
441 forward(fd, (struct sockaddr *)&nat_addr,
442 nat_lport, fport, lport)) {
443 maybe_syslog(LOG_INFO,
444 "Successfully forwarded the request to %s",
445 gethost((struct sockaddr *)&nat_addr));
446 return 0;
447 }
448 }
449 /* Fall back to a default name? */
450 if (fflag) {
451 maybe_syslog(LOG_NOTICE, "Using fallback name %s to %s",
452 idbuf, gethost((struct sockaddr *)&ss[0]));
453 idparse(fd, lport, fport, charset, osname, idbuf);
454 return 0;
455 }
456 maybe_syslog(LOG_ERR, "Lookup failed, returning error to %s",
457 gethost((struct sockaddr *)&ss[0]));
458 iderror(fd, lport, fport, eflag ? "UNKNOWN-ERROR" : "NO-USER");
459 return 1;
460 }
461
462 /* Fill in userbuf with user name if possible, else numeric UID. */
463 if ((pw = getpwuid(uid)) == NULL) {
464 maybe_syslog(LOG_ERR, "Couldn't map uid (%u) to name", uid);
465 (void)snprintf(userbuf, sizeof(userbuf), "%u", uid);
466 } else {
467 maybe_syslog(LOG_INFO, "Successful lookup: %d, %d: %s for %s",
468 lport, fport, pw->pw_name,
469 gethost((struct sockaddr *)&ss[0]));
470 (void)strlcpy(userbuf, pw->pw_name, sizeof(userbuf));
471 }
472
473 /* No ident enabled? */
474 if (Nflag && pw && check_noident(pw->pw_dir)) {
475 maybe_syslog(LOG_NOTICE, "Returning HIDDEN-USER for user %s"
476 " to %s", pw->pw_name, gethost((struct sockaddr *)&ss[0]));
477 iderror(fd, lport, fport, "HIDDEN-USER");
478 return 1;
479 }
480
481 /* User ident enabled? */
482 if (iflag && pw && check_userident(pw->pw_dir, idbuf, sizeof(idbuf))) {
483 if (!Iflag) {
484 if ((strspn(idbuf, "0123456789") &&
485 getpwuid(atoi(idbuf)) != NULL) ||
486 (getpwnam(idbuf) != NULL)) {
487 maybe_syslog(LOG_NOTICE,
488 "Ignoring user-specified '%s' for user %s",
489 idbuf, userbuf);
490 (void)strlcpy(idbuf, userbuf, sizeof(idbuf));
491 }
492 }
493 maybe_syslog(LOG_NOTICE,
494 "Returning user-specified '%s' for user %s to %s",
495 idbuf, userbuf, gethost((struct sockaddr *)&ss[0]));
496 idparse(fd, lport, fport, charset, osname, idbuf);
497 return 0;
498 }
499
500 /* Send a random message? */
501 if (rflag) {
502 /* Random number or string? */
503 if (nflag)
504 (void)snprintf(idbuf, sizeof(idbuf), "%u",
505 (unsigned int)(arc4random() % 65535));
506 else
507 random_string(idbuf, sizeof(idbuf));
508
509 maybe_syslog(LOG_NOTICE,
510 "Returning random '%s' for user %s to %s",
511 idbuf, userbuf, gethost((struct sockaddr *)&ss[0]));
512 idparse(fd, lport, fport, charset, osname, idbuf);
513 return 0;
514 }
515
516 /* Return numeric user ID? */
517 if (nflag)
518 (void)snprintf(idbuf, sizeof(idbuf), "%u", uid);
519 else
520 (void)strlcpy(idbuf, userbuf, sizeof(idbuf));
521
522 /*
523 * Change the output format? Note that 512 is the maximum
524 * size of the result according to RFC 1413.
525 */
526 if (fmt && change_format(fmt, pw, buf, 512 + 1))
527 idparse(fd, lport, fport, charset, osname, buf);
528 else
529 idparse(fd, lport, fport, charset, osname, idbuf);
530
531 return 0;
532 }
533
534 /* Send/parse the ident result. */
535 static void
idparse(int fd,int lport,int fport,const char * charset,const char * osname,const char * user)536 idparse(int fd, int lport, int fport, const char *charset, const char *osname,
537 const char *user)
538 {
539 char *p;
540
541 if (asprintf(&p, "%d,%d:USERID:%s%s%s:%s\r\n", lport, fport,
542 osname, charset ? "," : "", charset ? charset : "", user) < 0)
543 fatal("asprintf");
544 if (send(fd, p, strlen(p), 0) < 0) {
545 free(p);
546 fatal("send");
547 }
548 free(p);
549 }
550
551 /* Return a specified ident error. */
552 static void
iderror(int fd,int lport,int fport,const char * error)553 iderror(int fd, int lport, int fport, const char *error)
554 {
555 char *p;
556
557 if (asprintf(&p, "%d,%d:ERROR:%s\r\n", lport, fport, error) < 0)
558 fatal("asprintf");
559 if (send(fd, p, strlen(p), 0) < 0) {
560 free(p);
561 fatal("send");
562 }
563 free(p);
564 }
565
566 /* Return the IP address of the connecting host. */
567 static const char *
gethost(struct sockaddr * sa)568 gethost(struct sockaddr *sa)
569 {
570 static char host[NI_MAXHOST];
571
572 if (getnameinfo(sa, sa->sa_len, host, sizeof(host),
573 NULL, 0, NI_NUMERICHOST) == 0)
574 return host;
575
576 return "UNKNOWN";
577 }
578
579 /* Setup sockets, for daemon mode. */
580 static int *
socketsetup(const char * address,const char * port,int af)581 socketsetup(const char *address, const char *port, int af)
582 {
583 struct addrinfo hints, *res, *res0;
584 int error, maxs, *s, *socks;
585 const char *cause = NULL;
586 socklen_t y = 1;
587
588 (void)memset(&hints, 0, sizeof(hints));
589 hints.ai_flags = AI_PASSIVE;
590 hints.ai_family = af;
591 hints.ai_socktype = SOCK_STREAM;
592 error = getaddrinfo(address, port, &hints, &res0);
593 if (error) {
594 die("getaddrinfo: %s", gai_strerror(error));
595 /* NOTREACHED */
596 }
597
598 /* Count max number of sockets we may open. */
599 for (maxs = 0, res = res0; res != NULL; res = res->ai_next)
600 maxs++;
601
602 socks = malloc((maxs + 1) * sizeof(int));
603 if (socks == NULL) {
604 die("malloc: %s", strerror(errno));
605 /* NOTREACHED */
606 }
607
608 *socks = 0;
609 s = socks + 1;
610 for (res = res0; res != NULL; res = res->ai_next) {
611 *s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
612 if (*s < 0) {
613 cause = "socket";
614 continue;
615 }
616 (void)setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, &y, sizeof(y));
617 if (bind(*s, res->ai_addr, res->ai_addrlen) < 0) {
618 cause = "bind";
619 (void)close(*s);
620 continue;
621 }
622 if (listen(*s, 5) < 0) {
623 cause = "listen";
624 (void)close(*s);
625 continue;
626 }
627 *socks = *socks + 1;
628 s++;
629 }
630
631 if (*socks == 0) {
632 free(socks);
633 die("%s: %s", cause, strerror(errno));
634 /* NOTREACHED */
635 }
636 if (res0)
637 freeaddrinfo(res0);
638
639 return socks;
640 }
641
642 /* UID lookup wrapper. */
643 static int
ident_getuid(struct sockaddr_storage * ss,socklen_t len,struct sockaddr * proxy,uid_t * uid)644 ident_getuid(struct sockaddr_storage *ss, socklen_t len,
645 struct sockaddr *proxy, uid_t *uid)
646 {
647 int rc;
648
649 rc = sysctl_getuid(ss, len, uid);
650 if (rc == -1 && proxy != NULL)
651 rc = sysctl_proxy_getuid(ss, proxy, uid);
652
653 return rc;
654 }
655
656 /* Try to get the UID of the connection owner using sysctl. */
657 static int
sysctl_getuid(struct sockaddr_storage * ss,socklen_t len,uid_t * uid)658 sysctl_getuid(struct sockaddr_storage *ss, socklen_t len, uid_t *uid)
659 {
660 int mib[4];
661 uid_t myuid;
662 size_t uidlen;
663
664 uidlen = sizeof(myuid);
665
666 mib[0] = CTL_NET;
667 mib[1] = ss->ss_family;
668 mib[2] = IPPROTO_TCP;
669 mib[3] = TCPCTL_IDENT;
670
671 if (sysctl(mib, sizeof(mib)/ sizeof(int), &myuid, &uidlen, ss, len) < 0)
672 return -1;
673 *uid = myuid;
674
675 return 0;
676 }
677
678 /* Try to get the UID of the connection owner using sysctl (proxy version). */
679 static int
sysctl_proxy_getuid(struct sockaddr_storage * ss,struct sockaddr * proxy,uid_t * uid)680 sysctl_proxy_getuid(struct sockaddr_storage *ss, struct sockaddr *proxy,
681 uid_t *uid)
682 {
683 struct sockaddr_storage new[2];
684 int rc, name[CTL_MAXNAME];
685 size_t i;
686 struct kinfo_pcb *kp;
687 size_t sz, len;
688 const char *list;
689
690 rc = -1;
691 sz = CTL_MAXNAME;
692 list = NULL;
693
694 /* Retrieve a list of sockets. */
695 switch (ss[0].ss_family) {
696 case AF_INET:
697 /* We only accept queries from the proxy. */
698 if (in_hosteq(satosin(&ss[0])->sin_addr,
699 satosin(proxy)->sin_addr))
700 list = "net.inet.tcp.pcblist";
701 break;
702 case AF_INET6:
703 /* We only accept queries from the proxy. */
704 if (IN6_ARE_ADDR_EQUAL(&satosin6(&ss[0])->sin6_addr,
705 &satosin6(proxy)->sin6_addr))
706 list = "net.inet6.tcp.pcblist";
707 break;
708 default:
709 maybe_syslog(LOG_ERR, "Unsupported protocol for proxy (no. %d)",
710 ss[0].ss_family);
711 }
712 if (list != NULL)
713 rc = sysctlnametomib(list, &name[0], &sz);
714 if (rc == -1)
715 return -1;
716 len = sz;
717
718 name[len++] = PCB_ALL;
719 name[len++] = 0;
720 name[len++] = sizeof(struct kinfo_pcb);
721 name[len++] = INT_MAX;
722
723 kp = NULL;
724 sz = 0;
725 do {
726 rc = sysctl(&name[0], len, kp, &sz, NULL, 0);
727 if (rc == -1 && errno != ENOMEM)
728 return -1;
729 if (kp == NULL) {
730 kp = malloc(sz);
731 rc = -1;
732 }
733 if (kp == NULL)
734 return -1;
735 } while (rc == -1);
736
737 rc = -1;
738 /*
739 * Walk through the list of sockets and try to find a match.
740 * We don't know who has sent the query (we only know that the
741 * proxy has forwarded to us) so just try to match the ports and
742 * the local address.
743 */
744 for (i = 0; i < sz / sizeof(struct kinfo_pcb); i++) {
745 switch (ss[0].ss_family) {
746 case AF_INET:
747 /* Foreign and local ports must match. */
748 if (satosin(&ss[0])->sin_port !=
749 satosin(&kp[i].ki_src)->sin_port)
750 continue;
751 if (satosin(&ss[1])->sin_port !=
752 satosin(&kp[i].ki_dst)->sin_port)
753 continue;
754 /* Foreign address may not match proxy address. */
755 if (in_hosteq(satosin(proxy)->sin_addr,
756 satosin(&kp[i].ki_dst)->sin_addr))
757 continue;
758 /* Local addresses must match. */
759 if (!in_hosteq(satosin(&ss[1])->sin_addr,
760 satosin(&kp[i].ki_src)->sin_addr))
761 continue;
762 break;
763 case AF_INET6:
764 /* Foreign and local ports must match. */
765 if (satosin6(&ss[0])->sin6_port !=
766 satosin6(&kp[i].ki_src)->sin6_port)
767 continue;
768 if (satosin6(&ss[1])->sin6_port !=
769 satosin6(&kp[i].ki_dst)->sin6_port)
770 continue;
771 /* Foreign address may not match proxy address. */
772 if (IN6_ARE_ADDR_EQUAL(&satosin6(proxy)->sin6_addr,
773 &satosin6(&kp[i].ki_dst)->sin6_addr))
774 continue;
775 /* Local addresses must match. */
776 if (!IN6_ARE_ADDR_EQUAL(&satosin6(&ss[1])->sin6_addr,
777 &satosin6(&kp[i].ki_src)->sin6_addr))
778 continue;
779 break;
780 }
781
782 /*
783 * We have found the foreign address, copy it to a new
784 * struct and retrieve the UID of the connection owner.
785 */
786 (void)memcpy(&new[0], &kp[i].ki_dst, kp[i].ki_dst.sa_len);
787 (void)memcpy(&new[1], &kp[i].ki_src, kp[i].ki_src.sa_len);
788
789 rc = sysctl_getuid(new, sizeof(new), uid);
790
791 /* Done. */
792 break;
793 }
794
795 free(kp);
796 return rc;
797 }
798
799 /* Forward ident queries. Returns 1 when successful, or zero if not. */
800 static int
forward(int fd,struct sockaddr * nat_addr,int nat_lport,int fport,int lport)801 forward(int fd, struct sockaddr *nat_addr, int nat_lport, int fport, int lport)
802 {
803 char buf[BUFSIZ], reply[BUFSIZ], *p;
804 ssize_t n;
805 int sock;
806
807 /* Connect to the NAT host. */
808 sock = socket(nat_addr->sa_family, SOCK_STREAM, 0);
809 if (sock < 0) {
810 maybe_syslog(LOG_ERR, "socket: %m");
811 return 0;
812 }
813 if (connect(sock, nat_addr, nat_addr->sa_len) < 0) {
814 maybe_syslog(LOG_ERR, "Can't connect to %s: %m",
815 gethost(nat_addr));
816 (void)close(sock);
817 return 0;
818 }
819
820 /*
821 * Send the ident query to the NAT host, but use as local port
822 * the port of the NAT host.
823 */
824 (void)snprintf(buf, sizeof(buf), "%d , %d\r\n", fport, nat_lport);
825 if (send(sock, buf, strlen(buf), 0) < 0) {
826 maybe_syslog(LOG_ERR, "send: %m");
827 (void)close(sock);
828 return 0;
829 }
830
831 /* Read the reply from the NAT host. */
832 if ((n = recv(sock, reply, sizeof(reply) - 1, 0)) < 0) {
833 maybe_syslog(LOG_ERR, "recv: %m");
834 (void)close(sock);
835 return 0;
836 } else if (n == 0) {
837 maybe_syslog(LOG_NOTICE, "recv: EOF");
838 (void)close(sock);
839 return 0;
840 }
841 reply[n] = '\0';
842 if (dflag)
843 maybe_syslog(LOG_ERR, "Replied %s", reply);
844 (void)close(sock);
845
846 /* Extract everything after the port specs from the ident reply. */
847 for (p = reply; *p != '\0' && *p != ':'; p++)
848 continue;
849 if (*p == '\0' || *++p == '\0') {
850 maybe_syslog(LOG_ERR, "Malformed ident reply from %s",
851 gethost(nat_addr));
852 return 0;
853 }
854 /* Build reply for the requesting host, use the original local port. */
855 (void)snprintf(buf, sizeof(buf), "%d,%d:%s", lport, fport, p);
856
857 /* Send the reply from the NAT host back to the requesting host. */
858 if (send(fd, buf, strlen(buf), 0) < 0) {
859 maybe_syslog(LOG_ERR, "send: %m");
860 return 0;
861 }
862
863 return 1;
864 }
865
866 /* Check if a .noident file exists in the user home directory. */
867 static int
check_noident(const char * homedir)868 check_noident(const char *homedir)
869 {
870 struct stat sb;
871 char *path;
872 int ret;
873
874 if (homedir == NULL)
875 return 0;
876 if (asprintf(&path, "%s/.noident", homedir) < 0)
877 return 0;
878 ret = stat(path, &sb);
879
880 free(path);
881 return (ret == 0);
882 }
883
884 /*
885 * Check if a .ident file exists in the user home directory and
886 * return the contents of that file.
887 */
888 static int
check_userident(const char * homedir,char * username,size_t len)889 check_userident(const char *homedir, char *username, size_t len)
890 {
891 struct stat sb;
892 char *path, *p;
893 ssize_t n;
894 int fd;
895
896 if (len == 0 || homedir == NULL)
897 return 0;
898 if (asprintf(&path, "%s/.ident", homedir) < 0)
899 return 0;
900 if ((fd = open(path, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < 0) {
901 free(path);
902 return 0;
903 }
904 if (fstat(fd, &sb) < 0 || !S_ISREG(sb.st_mode)) {
905 (void)close(fd);
906 free(path);
907 return 0;
908 }
909 if ((n = read(fd, username, len - 1)) < 1) {
910 (void)close(fd);
911 free(path);
912 return 0;
913 }
914 username[n] = '\0';
915
916 if ((p = strpbrk(username, "\r\n")) != NULL)
917 *p = '\0';
918
919 (void)close(fd);
920 free(path);
921 return 1;
922 }
923
924 /* Generate a random string. */
925 static void
random_string(char * str,size_t len)926 random_string(char *str, size_t len)
927 {
928 static const char chars[] = "abcdefghijklmnopqrstuvwxyz1234567890";
929 char *p;
930
931 if (len == 0)
932 return;
933 for (p = str; len > 1; len--)
934 *p++ = chars[arc4random() % (sizeof(chars) - 1)];
935 *p = '\0';
936 }
937
938 /* Change the output format. */
939 static int
change_format(const char * format,struct passwd * pw,char * dest,size_t len)940 change_format(const char *format, struct passwd *pw, char *dest, size_t len)
941 {
942 struct group *gr;
943 const char *cp;
944 char **gmp;
945 size_t bp;
946
947 if (len == 0 || ((gr = getgrgid(pw->pw_gid)) == NULL))
948 return 0;
949
950 for (bp = 0, cp = format; *cp != '\0' && bp < len - 1; cp++) {
951 if (*cp != '%') {
952 dest[bp++] = *cp;
953 continue;
954 }
955 if (*++cp == '\0')
956 break;
957 switch (*cp) {
958 case 'u':
959 (void)snprintf(&dest[bp], len - bp, "%s", pw->pw_name);
960 break;
961 case 'U':
962 (void)snprintf(&dest[bp], len - bp, "%d", pw->pw_uid);
963 break;
964 case 'g':
965 (void)snprintf(&dest[bp], len - bp, "%s", gr->gr_name);
966 break;
967 case 'G':
968 (void)snprintf(&dest[bp], len - bp, "%d", gr->gr_gid);
969 break;
970 case 'l':
971 (void)snprintf(&dest[bp], len - bp, "%s", gr->gr_name);
972 bp += strlen(&dest[bp]);
973 if (bp >= len)
974 break;
975 setgrent();
976 while ((gr = getgrent()) != NULL) {
977 if (gr->gr_gid == pw->pw_gid)
978 continue;
979 for (gmp = gr->gr_mem; *gmp && **gmp; gmp++) {
980 if (strcmp(*gmp, pw->pw_name) == 0) {
981 (void)snprintf(&dest[bp],
982 len - bp, ",%s",
983 gr->gr_name);
984 bp += strlen(&dest[bp]);
985 break;
986 }
987 }
988 if (bp >= len)
989 break;
990 }
991 endgrent();
992 break;
993 case 'L':
994 (void)snprintf(&dest[bp], len - bp, "%u", gr->gr_gid);
995 bp += strlen(&dest[bp]);
996 if (bp >= len)
997 break;
998 setgrent();
999 while ((gr = getgrent()) != NULL) {
1000 if (gr->gr_gid == pw->pw_gid)
1001 continue;
1002 for (gmp = gr->gr_mem; *gmp && **gmp; gmp++) {
1003 if (strcmp(*gmp, pw->pw_name) == 0) {
1004 (void)snprintf(&dest[bp],
1005 len - bp, ",%u",
1006 gr->gr_gid);
1007 bp += strlen(&dest[bp]);
1008 break;
1009 }
1010 }
1011 if (bp >= len)
1012 break;
1013 }
1014 endgrent();
1015 break;
1016 default:
1017 dest[bp] = *cp;
1018 dest[bp+1] = '\0';
1019 break;
1020 }
1021 bp += strlen(&dest[bp]);
1022 }
1023 dest[bp] = '\0';
1024
1025 return 1;
1026 }
1027
1028 /* Just exit when we caught SIGALRM. */
1029 static void
timeout_handler(int __unused s)1030 timeout_handler(int __unused s)
1031 {
1032 maybe_syslog(LOG_INFO, "Timeout for request, closing connection...");
1033 exit(EXIT_FAILURE);
1034 }
1035
1036 /* Report error message string through syslog and quit. */
1037 static void
fatal(const char * func)1038 fatal(const char *func)
1039 {
1040 maybe_syslog(LOG_ERR, "%s: %m", func);
1041 exit(EXIT_FAILURE);
1042 }
1043
1044 /*
1045 * Report an error through syslog and/or stderr and quit. Only used when
1046 * running identd in the background and when it isn't a daemon yet.
1047 */
1048 static void
die(const char * message,...)1049 die(const char *message, ...)
1050 {
1051 va_list ap;
1052
1053 if (bflag) {
1054 va_start(ap, message);
1055 vwarnx(message, ap);
1056 va_end(ap);
1057 }
1058
1059 if (lflag) {
1060 va_start(ap, message);
1061 vsyslog(LOG_ERR, message, ap);
1062 va_end(ap);
1063 }
1064
1065 exit(EXIT_FAILURE);
1066 }
1067
1068 /* Log using syslog, but only if enabled with the -l flag. */
1069 void
maybe_syslog(int priority,const char * message,...)1070 maybe_syslog(int priority, const char *message, ...)
1071 {
1072 va_list ap;
1073
1074 if (lflag) {
1075 va_start(ap, message);
1076 vsyslog(priority, message, ap);
1077 va_end(ap);
1078 }
1079 }
1080