X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=src%2Fngircd%2Firc-login.c;h=54818fe4879f05d2d05f438cb3e98d646818641f;hb=5a200e154347bde2a885ad1ede620d8d946b6420;hp=eeecf96d82d88b40af7b4693ec1edbc3056bb6c8;hpb=06a20b87c464c67b288daf8bff841ce21e9105f3;p=ngircd-alex.git diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index eeecf96d..54818fe4 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -47,7 +47,6 @@ static bool Hello_User PARAMS(( CLIENT *Client )); static bool Hello_User_PostAuth PARAMS(( CLIENT *Client )); static void Kill_Nick PARAMS(( char *Nick, char *Reason )); static void Introduce_Client PARAMS((CLIENT *To, CLIENT *Client, int Type)); -static void Reject_Client PARAMS((CLIENT *Client)); static void cb_introduceClient PARAMS((CLIENT *Client, CLIENT *Prefix, void *i)); @@ -937,12 +936,6 @@ Hello_User(CLIENT * Client) } #endif - if (Class_IsMember(CLASS_GLINE, Client) || - Class_IsMember(CLASS_KLINE, Client)) { - Reject_Client(Client); - return DISCONNECTED; - } - #ifdef PAM if (!Conf_PAM) { /* Don't do any PAM authentication at all, instead emulate @@ -951,10 +944,19 @@ Hello_User(CLIENT * Client) * passwords supplied are classified as "wrong". */ if(Client_Password(Client)[0] == '\0') return Hello_User_PostAuth(Client); - Reject_Client(Client); + Client_Reject(Client, "Non-empty password", false); return DISCONNECTED; } + if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) { + /* Clients are not required to send a password and to be PAM- + * authenticated at all. If not, they won't become "identified" + * and keep the "~" in their supplied user name. + * Therefore it is sensible to either set Conf_PAMisOptional or + * to enable IDENT lookups -- not both. */ + return Hello_User_PostAuth(Client); + } + /* Fork child process for PAM authentication; and make sure that the * process timeout is set higher than the login timeout! */ pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, @@ -978,7 +980,7 @@ Hello_User(CLIENT * Client) /* Check global server password ... */ if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) { /* Bad password! */ - Reject_Client(Client); + Client_Reject(Client, "Bad server password", false); return DISCONNECTED; } return Hello_User_PostAuth(Client); @@ -1023,7 +1025,7 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events) if (len != sizeof(result)) { Log(LOG_CRIT, "Auth: Got malformed result!"); - Reject_Client(client); + Client_Reject(client, "Internal error", false); return; } @@ -1031,31 +1033,12 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events) Client_SetUser(client, Client_OrigUser(client), true); (void)Hello_User_PostAuth(client); } else - Reject_Client(client); + Client_Reject(client, "Bad password", false); } #endif -/** - * Reject a client because of wrong password. - * - * This function is called either when the global server password or a password - * checked using PAM has been wrong. - * - * @param Client The client to reject. - */ -static void -Reject_Client(CLIENT *Client) -{ - Log(LOG_ERR, - "User \"%s\" rejected (connection %d): Access denied!", - Client_Mask(Client), Client_Conn(Client)); - Conn_Close(Client_Conn(Client), NULL, - "Access denied! Bad password?", true); -} - - /** * Finish client registration. * @@ -1068,6 +1051,11 @@ Reject_Client(CLIENT *Client) static bool Hello_User_PostAuth(CLIENT *Client) { + assert(Client != NULL); + + if (Class_HandleServerBans(Client) != CONNECTED) + return DISCONNECTED; + Introduce_Client(NULL, Client, CLIENT_USER); if (!IRC_WriteStrClient