X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=src%2Fserver%2Fserver.c;h=1faa6fe914e2ddb26653479209c27411d61d6e57;hb=0e15ed888a4d398530a74a6b713414e649767358;hp=3169ca0fa9b98ef0e649002212c5167e34e1ee86;hpb=bd4eed9ef150a921ee80121522a1a7918739b720;p=tpg%2Fopendispense2.git

diff --git a/src/server/server.c b/src/server/server.c
index 3169ca0..1faa6fe 100644
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -18,8 +18,9 @@
 #include <string.h>
 #include <limits.h>
 #include <stdarg.h>
-#include <signal.h>
-#include <ident.h>
+#include <signal.h>	// Signal handling
+#include <ident.h>	// AUTHIDENT
+#include <time.h>	// time(2)
 
 #define	DEBUG_TRACE_CLIENT	0
 #define HACK_NO_REFUNDS	1
@@ -34,6 +35,9 @@
 
 #define MSG_STR_TOO_LONG	"499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n"
 
+#define IDENT_TRUSTED_NETWORK 0x825F0D00
+#define IDENT_TRUSTED_NETMASK 0xFFFFFFC0
+
 // === TYPES ===
 typedef struct sClient
 {
@@ -163,6 +167,7 @@ void Server_Start(void)
 		}
 		if( pid != 0 ) {
 			// Parent, quit
+			printf("Forked child %i\n", pid);
 			exit(0);
 		}
 		// In child
@@ -175,6 +180,8 @@ void Server_Start(void)
 		freopen("/dev/null", "r", stdin);
 		freopen(gsServer_LogFile, "a", stdout);
 		freopen(gsServer_ErrorLog, "a", stderr);
+		fprintf(stdout, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
+		fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
 		#endif
 	}
 
@@ -541,24 +548,40 @@ void Server_Cmd_AUTHIDENT(tClient *Client, char *Args)
 	char	*username;
 	 int	userflags;
 	const int ident_timeout = 5;
+	socklen_t len;
+	struct sockaddr_in client_addr;
+	uint32_t  client_ip;
 
 	if( Args != NULL && strlen(Args) ) {
 		sendf(Client->Socket, "407 AUTHIDENT takes no arguments\n");
 		return ;
 	}
 
-	// Check if trusted
-	if( !Client->bIsTrusted ) {
-		if(giDebugLevel)
-			Debug(Client, "Untrusted client attempting to AUTHIDENT");
-		sendf(Client->Socket, "401 Untrusted\n");
+	// Check if trusted (only works with INET sockets at present)
+	len = sizeof(client_addr);
+	if( getpeername(Client->Socket, (struct sockaddr*)&client_addr, &len) == -1 ) {
+		Debug(Client, "500 getpeername() failed\n");
+		perror("Getting AUTHIDENT peer name");
+		sendf(Client->Socket, "500 getpeername() failed\n");
 		return ;
 	}
 
+	client_ip = client_addr.sin_addr.s_addr;
+	if(giDebugLevel >= 2) {
+		Debug(Client, "client_ip = %x, ntohl(client_ip) = %x", client_ip, ntohl(client_ip));
+	}
+	if( ntohl(client_ip) != 0x7F000001 && (ntohl(client_ip) & IDENT_TRUSTED_NETMASK) != IDENT_TRUSTED_NETWORK ) {
+			if(giDebugLevel)
+				Debug(Client, "Untrusted client attempting to AUTHIDENT");
+			sendf(Client->Socket, "401 Untrusted\n");
+			return ;
+	}
+
 	// Get username via IDENT
 	username = ident_id(Client->Socket, ident_timeout);
-	if (!username) {
+	if( !username ) {
 		sendf(Client->Socket, "403 Authentication failure: IDENT auth timed out\n");
+		return ;
 	}
 
 	// Get UID