-#ifdef DEBUG
- if (conn > NONE)
- Log(LOG_DEBUG,
- "Connection %d: received PONG. Lag: %ld seconds.", conn,
- time(NULL) - Conn_LastPing(Client_Conn(Client)));
- else
- Log(LOG_DEBUG,
- "Connection %d: received PONG.", conn);
-#endif
- return CONNECTED;
-} /* IRC_PONG */
-
-
-/**
- * Initiate client registration.
- *
- * This function is called after the daemon received the required NICK and
- * USER commands of a new client. If the daemon is compiled with support for
- * PAM, the authentication sub-processs is forked; otherwise the global server
- * password is checked.
- *
- * @param Client The client logging in.
- * @returns CONNECTED or DISCONNECTED.
- */
-static bool
-Hello_User(CLIENT * Client)
-{
-#ifdef PAM
- int pipefd[2], result;
- pid_t pid;
-#endif
- CONN_ID conn;
-
- assert(Client != NULL);
- conn = Client_Conn(Client);
-
-#ifndef STRICT_RFC
- if (Conf_AuthPing) {
- /* Did we receive the "auth PONG" already? */
- if (Conn_GetAuthPing(conn)) {
- Client_SetType(Client, CLIENT_WAITAUTHPING);
- LogDebug("Connection %d: Waiting for AUTH PONG ...", conn);
- return CONNECTED;
- }
- }
-#endif
-
-#ifdef PAM
- if (!Conf_PAM) {
- /* Don't do any PAM authentication at all, instead emulate
- * the beahiour of the daemon compiled without PAM support:
- * because there can't be any "server password", all
- * passwords supplied are classified as "wrong". */
- if(Client_Password(Client)[0] == '\0')
- return Hello_User_PostAuth(Client);
- Reject_Client(Client, "non-empty password");
- return DISCONNECTED;
- }
-
- if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) {
- /* Clients are not required to send a password and to be PAM-
- * authenticated at all. If not, they won't become "identified"
- * and keep the "~" in their supplied user name.
- * Therefore it is sensible to either set Conf_PAMisOptional or
- * to enable IDENT lookups -- not both. */
- return Hello_User_PostAuth(Client);
- }
-
- /* Fork child process for PAM authentication; and make sure that the
- * process timeout is set higher than the login timeout! */
- pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
- cb_Read_Auth_Result, Conf_PongTimeout + 1);
- if (pid > 0) {
- LogDebug("Authenticator for connection %d created (PID %d).",
- conn, pid);
- return CONNECTED;
- } else {
- /* Sub process */
- Log_Init_Subprocess("Auth");
- Conn_CloseAllSockets(NONE);
- result = PAM_Authenticate(Client);
- if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
- Log_Subprocess(LOG_ERR,
- "Failed to pipe result to parent!");
- Log_Exit_Subprocess("Auth");
- exit(0);
- }
-#else
- /* Check global server password ... */
- if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) {
- /* Bad password! */
- Reject_Client(Client, "bad server password");
- return DISCONNECTED;
- }
- return Hello_User_PostAuth(Client);
-#endif
-}
-
-
-#ifdef PAM
-
-/**
- * Read result of the authenticatior sub-process from pipe
- *
- * @param r_fd File descriptor of the pipe.
- * @param events (ignored IO specification)
- */
-static void
-cb_Read_Auth_Result(int r_fd, UNUSED short events)
-{
- CONN_ID conn;
- CLIENT *client;
- int result;
- size_t len;
- PROC_STAT *proc;
-
- LogDebug("Auth: Got callback on fd %d, events %d", r_fd, events);
- conn = Conn_GetFromProc(r_fd);
- if (conn == NONE) {
- /* Ops, none found? Probably the connection has already
- * been closed!? We'll ignore that ... */
- io_close(r_fd);
- LogDebug("Auth: Got callback for unknown connection!?");
- return;
- }
- proc = Conn_GetProcStat(conn);
- client = Conn_GetClient(conn);
-
- /* Read result from pipe */
- len = Proc_Read(proc, &result, sizeof(result));
- Proc_Close(proc);
- if (len == 0)
- return;
-
- if (len != sizeof(result)) {
- Log(LOG_CRIT, "Auth: Got malformed result!");
- Reject_Client(client, "internal error");
- return;
- }
-
- if (result == true) {
- Client_SetUser(client, Client_OrigUser(client), true);
- (void)Hello_User_PostAuth(client);