From 6beeb1b708550be0d4a53b272283e17e5e35fe17 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 17:01:30 +0200
Subject: Adding upstream version 2.4.57.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 modules/metadata/mod_ident.c | 344 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 344 insertions(+)
 create mode 100644 modules/metadata/mod_ident.c

(limited to 'modules/metadata/mod_ident.c')

diff --git a/modules/metadata/mod_ident.c b/modules/metadata/mod_ident.c
new file mode 100644
index 0000000..5520a80
--- /dev/null
+++ b/modules/metadata/mod_ident.c
@@ -0,0 +1,344 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * mod_ident: Handle RFC 1413 ident request
+ * obtained from rfc1413.c
+ *
+ * rfc1413() speaks a common subset of the RFC 1413, AUTH, TAP and IDENT
+ * protocols. The code queries an RFC 1413 etc. compatible daemon on a remote
+ * host to look up the owner of a connection. The information should not be
+ * used for authentication purposes. This routine intercepts alarm signals.
+ *
+ * Author: Wietse Venema, Eindhoven University of Technology,
+ * The Netherlands.
+ */
+
+/* Some small additions for Apache --- ditch the "sccsid" var if
+ * compiling with gcc (it *has* changed), include ap_config.h for the
+ * prototypes it defines on at least one system (SunlOSs) which has
+ * them missing from the standard header files, and one minor change
+ * below (extra parens around assign "if (foo = bar) ..." to shut up
+ * gcc -Wall).
+ */
+
+/* Rewritten by David Robinson */
+
+#include "apr.h"
+#include "apr_network_io.h"
+#include "apr_strings.h"
+#include "apr_optional.h"
+
+#define APR_WANT_STDIO
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+
+#include "httpd.h"              /* for server_rec, conn_rec, etc. */
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"           /* for aplog_error */
+#include "util_ebcdic.h"
+
+/* Whether we should enable rfc1413 identity checking */
+#ifndef DEFAULT_RFC1413
+#define DEFAULT_RFC1413    0
+#endif
+
+#define RFC1413_UNSET 2
+
+/* request timeout (sec) */
+#ifndef RFC1413_TIMEOUT
+#define RFC1413_TIMEOUT   30
+#endif
+
+/* Local stuff. */
+
+/* Semi-well-known port */
+#define RFC1413_PORT     113
+
+/* maximum allowed length of userid */
+#define RFC1413_USERLEN  512
+
+/* rough limit on the amount of data we accept. */
+#define RFC1413_MAXDATA 1000
+
+/* default username, if it could not determined */
+#define FROM_UNKNOWN  "unknown"
+
+typedef struct {
+    int do_rfc1413;
+    int timeout_unset;
+    apr_time_t timeout;
+} ident_config_rec;
+
+static apr_status_t rfc1413_connect(apr_socket_t **newsock, conn_rec *conn,
+                                    server_rec *srv, apr_time_t timeout)
+{
+    apr_status_t rv;
+    apr_sockaddr_t *localsa, *destsa;
+
+    if ((rv = apr_sockaddr_info_get(&localsa, conn->local_ip, APR_UNSPEC,
+                              0, /* ephemeral port */
+                              0, conn->pool)) != APR_SUCCESS) {
+        /* This should not fail since we have a numeric address string
+         * as the host. */
+        ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv, APLOGNO(01492)
+                     "rfc1413: apr_sockaddr_info_get(%s) failed",
+                     conn->local_ip);
+        return rv;
+    }
+
+    if ((rv = apr_sockaddr_info_get(&destsa, conn->client_ip,
+                              localsa->family, /* has to match */
+                              RFC1413_PORT, 0, conn->pool)) != APR_SUCCESS) {
+        /* This should not fail since we have a numeric address string
+         * as the host. */
+        ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv, APLOGNO(01493)
+                     "rfc1413: apr_sockaddr_info_get(%s) failed",
+                     conn->client_ip);
+        return rv;
+    }
+
+    if ((rv = apr_socket_create(newsock,
+                                localsa->family, /* has to match */
+                                SOCK_STREAM, 0, conn->pool)) != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv, APLOGNO(01494)
+                     "rfc1413: error creating query socket");
+        return rv;
+    }
+
+    if ((rv = apr_socket_timeout_set(*newsock, timeout)) != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv, APLOGNO(01495)
+                     "rfc1413: error setting query socket timeout");
+        apr_socket_close(*newsock);
+        return rv;
+    }
+
+/*
+ * Bind the local and remote ends of the query socket to the same
+ * IP addresses as the connection under investigation. We go
+ * through all this trouble because the local or remote system
+ * might have more than one network address. The RFC1413 etc.
+ * client sends only port numbers; the server takes the IP
+ * addresses from the query socket.
+ */
+
+    if ((rv = apr_socket_bind(*newsock, localsa)) != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv, APLOGNO(01496)
+                     "rfc1413: Error binding query socket to local port");
+        apr_socket_close(*newsock);
+        return rv;
+    }
+
+/*
+ * errors from connect usually imply the remote machine doesn't support
+ * the service; don't log such an error
+ */
+    if ((rv = apr_socket_connect(*newsock, destsa)) != APR_SUCCESS) {
+        apr_socket_close(*newsock);
+        return rv;
+    }
+
+    return APR_SUCCESS;
+}
+
+static apr_status_t rfc1413_query(apr_socket_t *sock, conn_rec *conn,
+                                  server_rec *srv)
+{
+    apr_port_t rmt_port, our_port;
+    apr_port_t sav_rmt_port, sav_our_port;
+    apr_size_t i;
+    char *cp;
+    char buffer[RFC1413_MAXDATA + 1];
+    char user[RFC1413_USERLEN + 1];     /* XXX */
+    apr_size_t buflen;
+
+    sav_our_port = conn->local_addr->port;
+    sav_rmt_port = conn->client_addr->port;
+
+    /* send the data */
+    buflen = apr_snprintf(buffer, sizeof(buffer), "%hu,%hu\r\n", sav_rmt_port,
+                          sav_our_port);
+    ap_xlate_proto_to_ascii(buffer, buflen);
+
+    /* send query to server. Handle short write. */
+    i = 0;
+    while (i < buflen) {
+        apr_size_t j = strlen(buffer + i);
+        apr_status_t status;
+        status  = apr_socket_send(sock, buffer+i, &j);
+        if (status != APR_SUCCESS) {
+            ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv, APLOGNO(01497)
+                         "write: rfc1413: error sending request");
+            return status;
+        }
+        else if (j > 0) {
+            i+=j;
+        }
+    }
+
+    /*
+     * Read response from server. - the response should be newline
+     * terminated according to rfc - make sure it doesn't stomp its
+     * way out of the buffer.
+     */
+
+    i = 0;
+    memset(buffer, '\0', sizeof(buffer));
+    /*
+     * Note that the strchr function below checks for \012 instead of '\n'
+     * this allows it to work on both ASCII and EBCDIC machines.
+     */
+    while ((cp = strchr(buffer, '\012')) == NULL && i < sizeof(buffer) - 1) {
+        apr_size_t j = sizeof(buffer) - 1 - i;
+        apr_status_t status;
+        status = apr_socket_recv(sock, buffer+i, &j);
+        if (status != APR_SUCCESS) {
+            ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv, APLOGNO(01498)
+                         "read: rfc1413: error reading response");
+            return status;
+        }
+        else if (j > 0) {
+            i+=j;
+        }
+        else if (status == APR_SUCCESS && j == 0) {
+            /* Oops... we ran out of data before finding newline */
+            return APR_EINVAL;
+        }
+    }
+
+/* RFC1413_USERLEN = 512 */
+    ap_xlate_proto_from_ascii(buffer, i);
+    if (sscanf(buffer, "%hu , %hu : USERID :%*[^:]:%512s", &rmt_port, &our_port,
+               user) != 3 || sav_rmt_port != rmt_port
+        || sav_our_port != our_port)
+        return APR_EINVAL;
+
+    /*
+     * Strip trailing carriage return. It is part of the
+     * protocol, not part of the data.
+     */
+
+    if ((cp = strchr(user, '\r')))
+        *cp = '\0';
+
+    conn->remote_logname = apr_pstrdup(conn->pool, user);
+
+    return APR_SUCCESS;
+}
+
+static const char *set_idcheck(cmd_parms *cmd, void *d_, int arg)
+{
+    ident_config_rec *d = d_;
+
+    d->do_rfc1413 = arg ? 1 : 0;
+    return NULL;
+}
+
+static const char *set_timeout(cmd_parms *cmd, void *d_, const char *arg)
+{
+    ident_config_rec *d = d_;
+
+    d->timeout = apr_time_from_sec(atoi(arg));
+    d->timeout_unset = 0;
+    return NULL;
+}
+
+static void *create_ident_dir_config(apr_pool_t *p, char *d)
+{
+    ident_config_rec *conf = apr_palloc(p, sizeof(*conf));
+
+    conf->do_rfc1413 = DEFAULT_RFC1413 | RFC1413_UNSET;
+    conf->timeout = apr_time_from_sec(RFC1413_TIMEOUT);
+    conf->timeout_unset = 1;
+
+    return (void *)conf;
+}
+
+static void *merge_ident_dir_config(apr_pool_t *p, void *old_, void *new_)
+{
+    ident_config_rec *conf = (ident_config_rec *)apr_pcalloc(p, sizeof(*conf));
+    ident_config_rec *old = (ident_config_rec *) old_;
+    ident_config_rec *new = (ident_config_rec *) new_;
+
+    conf->timeout = new->timeout_unset
+                        ? old->timeout
+                        : new->timeout;
+
+    conf->do_rfc1413 = new->do_rfc1413 & RFC1413_UNSET
+                           ? old->do_rfc1413
+                           : new->do_rfc1413;
+
+    return (void *)conf;
+}
+
+static const command_rec ident_cmds[] =
+{
+    AP_INIT_FLAG("IdentityCheck", set_idcheck, NULL, RSRC_CONF|ACCESS_CONF,
+                 "Enable identd (RFC 1413) user lookups - SLOW"),
+    AP_INIT_TAKE1("IdentityCheckTimeout", set_timeout, NULL,
+                  RSRC_CONF|ACCESS_CONF,
+                  "Identity check (RFC 1413) timeout duration (sec)"),
+    {NULL}
+};
+
+module AP_MODULE_DECLARE_DATA ident_module;
+
+/*
+ * Optional function for the core to the actual ident request
+ */
+static const char *ap_ident_lookup(request_rec *r)
+{
+    ident_config_rec *conf;
+    apr_socket_t *sock;
+    apr_status_t rv;
+    conn_rec *conn = r->connection;
+    server_rec *srv = r->server;
+
+    conf = ap_get_module_config(r->per_dir_config, &ident_module);
+
+    /* return immediately if ident requests are disabled */
+    if (!(conf->do_rfc1413 & ~RFC1413_UNSET)) {
+        return NULL;
+    }
+
+    rv = rfc1413_connect(&sock, conn, srv, conf->timeout);
+    if (rv == APR_SUCCESS) {
+        rv = rfc1413_query(sock, conn, srv);
+        apr_socket_close(sock);
+    }
+    if (rv != APR_SUCCESS) {
+        conn->remote_logname = FROM_UNKNOWN;
+    }
+
+    return (const char *)conn->remote_logname;
+}
+
+static void register_hooks(apr_pool_t *p)
+{
+    APR_REGISTER_OPTIONAL_FN(ap_ident_lookup);
+}
+
+AP_DECLARE_MODULE(ident) =
+{
+    STANDARD20_MODULE_STUFF,
+    create_ident_dir_config,       /* dir config creater */
+    merge_ident_dir_config,        /* dir merger --- default is to override */
+    NULL,                          /* server config */
+    NULL,                          /* merge server config */
+    ident_cmds,                    /* command apr_table_t */
+    register_hooks                 /* register hooks */
+};
-- 
cgit v1.2.3