From: David Adam (zanchey) Date: Tue, 30 Aug 2011 15:35:37 +0000 (+0800) Subject: Server - Add authentication by IDENT support X-Git-Url: https://git.ucc.asn.au/?a=commitdiff_plain;h=bd4eed9ef150a921ee80121522a1a7918739b720;p=tpg%2Fopendispense2.git Server - Add authentication by IDENT support --- diff --git a/src/server/Makefile b/src/server/Makefile index f73e6c7..6acb88c 100644 --- a/src/server/Makefile +++ b/src/server/Makefile @@ -8,7 +8,7 @@ BIN := ../../dispsrv DEPFILES := $(OBJ:%.o=%.d) -LINKFLAGS := -g ../../cokebank.so -lutil -Wl,-rpath,. -Wl,-rpath,/usr/local/sbin +LINKFLAGS := -g ../../cokebank.so -lutil -lident -Wl,-rpath,. -Wl,-rpath,/usr/local/sbin CPPFLAGS := CFLAGS := -Wall -Wextra -Werror -g diff --git a/src/server/server.c b/src/server/server.c index 6286f43..3169ca0 100644 --- a/src/server/server.c +++ b/src/server/server.c @@ -19,6 +19,7 @@ #include #include #include +#include #define DEBUG_TRACE_CLIENT 0 #define HACK_NO_REFUNDS 1 @@ -58,6 +59,7 @@ void Server_ParseClientCommand(tClient *Client, char *CommandString); void Server_Cmd_USER(tClient *Client, char *Args); void Server_Cmd_PASS(tClient *Client, char *Args); void Server_Cmd_AUTOAUTH(tClient *Client, char *Args); +void Server_Cmd_AUTHIDENT(tClient *Client, char *Args); void Server_Cmd_SETEUSER(tClient *Client, char *Args); void Server_Cmd_ENUMITEMS(tClient *Client, char *Args); void Server_Cmd_ITEMINFO(tClient *Client, char *Args); @@ -88,6 +90,7 @@ const struct sClientCommand { {"USER", Server_Cmd_USER}, {"PASS", Server_Cmd_PASS}, {"AUTOAUTH", Server_Cmd_AUTOAUTH}, + {"AUTHIDENT", Server_Cmd_AUTHIDENT}, {"SETEUSER", Server_Cmd_SETEUSER}, {"ENUM_ITEMS", Server_Cmd_ENUMITEMS}, {"ITEM_INFO", Server_Cmd_ITEMINFO}, @@ -528,6 +531,79 @@ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) sendf(Client->Socket, "200 Auth OK\n"); } +/** + * \brief Authenticate as a user using the IDENT protocol + * + * Usage: AUTHIDENT + */ +void Server_Cmd_AUTHIDENT(tClient *Client, char *Args) +{ + char *username; + int userflags; + const int ident_timeout = 5; + + if( Args != NULL && strlen(Args) ) { + sendf(Client->Socket, "407 AUTHIDENT takes no arguments\n"); + return ; + } + + // Check if trusted + if( !Client->bIsTrusted ) { + if(giDebugLevel) + Debug(Client, "Untrusted client attempting to AUTHIDENT"); + sendf(Client->Socket, "401 Untrusted\n"); + return ; + } + + // Get username via IDENT + username = ident_id(Client->Socket, ident_timeout); + if (!username) { + sendf(Client->Socket, "403 Authentication failure: IDENT auth timed out\n"); + } + + // Get UID + Client->UID = Bank_GetAcctByName( username, 0 ); + if( Client->UID < 0 ) { + if(giDebugLevel) + Debug(Client, "Unknown user '%s'", username); + sendf(Client->Socket, "403 Authentication failure: unknown account\n"); + free(username); + return ; + } + + userflags = Bank_GetFlags(Client->UID); + // You can't be an internal account + if( userflags & USER_FLAG_INTERNAL ) { + if(giDebugLevel) + Debug(Client, "IDENT auth as '%s', not allowed", username); + Client->UID = -1; + sendf(Client->Socket, "403 Authentication failure: that account is internal\n"); + free(username); + return ; + } + + // Disabled accounts + if( userflags & USER_FLAG_DISABLED ) { + Client->UID = -1; + sendf(Client->Socket, "403 Authentication failure: account disabled\n"); + free(username); + return ; + } + + // Save username + if(Client->Username) + free(Client->Username); + Client->Username = strdup(username); + + Client->bIsAuthed = 1; + + if(giDebugLevel) + Debug(Client, "IDENT authenticated as '%s' (%i)", username, Client->UID); + free(username); + + sendf(Client->Socket, "200 Auth OK\n"); +} + /** * \brief Set effective user */