/*
* ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2012 Alexander Barton (alex@barton.de) and Contributors.
+ * Copyright (c)2001-2014 Alexander Barton (alex@barton.de) and Contributors.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* Functions to deal with client logins
*/
-#include "imp.h"
#include <assert.h>
#include <stdlib.h>
+#include <stdio.h>
#include <string.h>
-#include <strings.h>
#include <unistd.h>
-#include "defines.h"
#include "conn.h"
#include "class.h"
-#include "client.h"
#include "client-cap.h"
#include "channel.h"
#include "conf.h"
-#include "io.h"
#include "parse.h"
#include "log.h"
#include "messages.h"
#include "ngircd.h"
-#include "pam.h"
#include "irc-info.h"
+#include "irc-mode.h"
#include "irc-write.h"
-#include "exp.h"
#include "login.h"
#ifdef PAM
+
+#include "io.h"
+#include "pam.h"
+
static void cb_Read_Auth_Result PARAMS((int r_fd, UNUSED short events));
+
#endif
/**
#ifdef PAM
if (!Conf_PAM) {
- /* Don't do any PAM authentication at all, instead emulate
- * the beahiour of the daemon compiled without PAM support:
- * because there can't be any "server password", all
- * passwords supplied are classified as "wrong". */
- if(Conn_Password(conn)[0] == '\0')
+ /* Don't do any PAM authentication at all if PAM is not
+ * enabled, instead emulate the behavior of the daemon
+ * compiled without PAM support. */
+ if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0)
return Login_User_PostAuth(Client);
- Client_Reject(Client, "Non-empty password", false);
+ Client_Reject(Client, "Bad server password", false);
return DISCONNECTED;
}
return Login_User_PostAuth(Client);
}
- /* Fork child process for PAM authentication; and make sure that the
- * process timeout is set higher than the login timeout! */
- pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
- cb_Read_Auth_Result, Conf_PongTimeout + 1);
- if (pid > 0) {
- LogDebug("Authenticator for connection %d created (PID %d).",
- conn, pid);
- return CONNECTED;
- } else {
- /* Sub process */
- Log_Init_Subprocess("Auth");
- Conn_CloseAllSockets(NONE);
- result = PAM_Authenticate(Client);
- if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
- Log_Subprocess(LOG_ERR,
- "Failed to pipe result to parent!");
- Log_Exit_Subprocess("Auth");
- exit(0);
- }
+ if (Conf_PAM) {
+ /* Fork child process for PAM authentication; and make sure that the
+ * process timeout is set higher than the login timeout! */
+ pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
+ cb_Read_Auth_Result, Conf_PongTimeout + 1);
+ if (pid > 0) {
+ LogDebug("Authenticator for connection %d created (PID %d).",
+ conn, pid);
+ return CONNECTED;
+ } else {
+ /* Sub process */
+ Log_Init_Subprocess("Auth");
+ Conn_CloseAllSockets(NONE);
+ result = PAM_Authenticate(Client);
+ if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
+ Log_Subprocess(LOG_ERR,
+ "Failed to pipe result to parent!");
+ Log_Exit_Subprocess("Auth");
+ exit(0);
+ }
+ } else return CONNECTED;
#else
/* Check global server password ... */
if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
GLOBAL bool
Login_User_PostAuth(CLIENT *Client)
{
+ REQUEST Req;
+ char modes[CLIENT_MODE_LEN + 1];
+
assert(Client != NULL);
if (Class_HandleServerBans(Client) != CONNECTED)
return false;
if (!IRC_WriteStrClient
(Client, RPL_YOURHOST_MSG, Client_ID(Client),
- Client_ID(Client_ThisServer()), PACKAGE_VERSION, TARGET_CPU,
- TARGET_VENDOR, TARGET_OS))
+ Client_ID(Client_ThisServer()), PACKAGE_VERSION, HOST_CPU,
+ HOST_VENDOR, HOST_OS))
return false;
if (!IRC_WriteStrClient
(Client, RPL_CREATED_MSG, Client_ID(Client), NGIRCd_StartStr))
if (!IRC_Show_MOTD(Client))
return DISCONNECTED;
- /* Suspend the client for a second ... */
- IRC_SetPenalty(Client, 1);
+ /* Set default user modes */
+ if (Conf_DefaultUserModes[0]) {
+ snprintf(modes, sizeof(modes), "+%s", Conf_DefaultUserModes);
+ Req.prefix = Client_ID(Client_ThisServer());
+ Req.command = "MODE";
+ Req.argc = 2;
+ Req.argv[0] = Client_ID(Client);
+ Req.argv[1] = modes;
+ IRC_MODE(Client, &Req);
+ } else
+ IRC_SetPenalty(Client, 1);
return CONNECTED;
}
#ifdef PAM
/**
- * Read result of the authenticatior sub-process from pipe
+ * Read result of the authenticator sub-process from pipe
*
* @param r_fd File descriptor of the pipe.
* @param events (ignored IO specification)
static void
cb_Read_Auth_Result(int r_fd, UNUSED short events)
{
+ char user[CLIENT_USER_LEN], *ptr;
CONN_ID conn;
CLIENT *client;
int result;
}
if (result == true) {
- Client_SetUser(client, Client_OrigUser(client), true);
+ /* Authentication succeeded, now set the correct user name
+ * supplied by the client (without prepended '~' for exmaple),
+ * but cut it at the first '@' character: */
+ strlcpy(user, Client_OrigUser(client), sizeof(user));
+ ptr = strchr(user, '@');
+ if (ptr)
+ *ptr = '\0';
+ Client_SetUser(client, user, true);
(void)Login_User_PostAuth(client);
} else
Client_Reject(client, "Bad password", false);