X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=src%2Fngircd%2Firc-login.c;h=bbb2f0d5e430c88a904514ff77bbfa3d3ed49b92;hb=f2fa1045e24f81e5c844dd50d6e299cb1ad9acb2;hp=067703a81f64db01bb1a5f30d8b60a73d3f48127;hpb=7f8d0ea5a3e927b8b6dd84eae63849ae17cdf5ae;p=ngircd-alex.git

diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c
index 067703a8..bbb2f0d5 100644
--- a/src/ngircd/irc-login.c
+++ b/src/ngircd/irc-login.c
@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2010 Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2011 Alexander Barton (alex@barton.de) and Contributors.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +27,7 @@
 
 #include "ngircd.h"
 #include "conn-func.h"
+#include "class.h"
 #include "conf.h"
 #include "channel.h"
 #include "io.h"
@@ -46,7 +47,7 @@ static bool Hello_User PARAMS(( CLIENT *Client ));
 static bool Hello_User_PostAuth PARAMS(( CLIENT *Client ));
 static void Kill_Nick PARAMS(( char *Nick, char *Reason ));
 static void Introduce_Client PARAMS((CLIENT *To, CLIENT *Client, int Type));
-static void Reject_Client PARAMS((CLIENT *Client));
+static void Reject_Client PARAMS((CLIENT *Client, const char *InternalReason));
 
 static void cb_introduceClient PARAMS((CLIENT *Client, CLIENT *Prefix,
 				       void *i));
@@ -653,32 +654,37 @@ IRC_QUIT( CLIENT *Client, REQUEST *Req )
 	CLIENT *target;
 	char quitmsg[LINE_LEN];
 
-	assert( Client != NULL );
-	assert( Req != NULL );
+	assert(Client != NULL);
+	assert(Req != NULL);
 
 	/* Wrong number of arguments? */
-	if( Req->argc > 1 )
-		return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command );
+	if (Req->argc > 1)
+		return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
+					  Client_ID(Client), Req->command);
 
 	if (Req->argc == 1)
 		strlcpy(quitmsg, Req->argv[0], sizeof quitmsg);
 
-	if ( Client_Type( Client ) == CLIENT_SERVER )
-	{
+	if (Client_Type(Client) == CLIENT_SERVER) {
 		/* Server */
-		target = Client_Search( Req->prefix );
-		if( ! target )
-		{
-			Log( LOG_WARNING, "Got QUIT from %s for unknown client!?", Client_ID( Client ));
+		target = Client_Search(Req->prefix);
+		if (!target) {
+			Log(LOG_WARNING,
+			    "Got QUIT from %s for unknown client!?",
+			    Client_ID(Client));
 			return CONNECTED;
 		}
 
-		Client_Destroy( target, "Got QUIT command.", Req->argc == 1 ? quitmsg : NULL, true);
-
-		return CONNECTED;
-	}
-	else
-	{
+		if (target != Client) {
+			Client_Destroy(target, "Got QUIT command.",
+				       Req->argc == 1 ? quitmsg : NULL, true);
+			return CONNECTED;
+		} else {
+			Conn_Close(Client_Conn(Client), "Got QUIT command.",
+				   Req->argc == 1 ? quitmsg : NULL, true);
+			return DISCONNECTED;
+		}
+	} else {
 		if (Req->argc == 1 && quitmsg[0] != '\"') {
 			/* " " to avoid confusion */
 			strlcpy(quitmsg, "\"", sizeof quitmsg);
@@ -687,7 +693,8 @@ IRC_QUIT( CLIENT *Client, REQUEST *Req )
 		}
 
 		/* User, Service, or not yet registered */
-		Conn_Close( Client_Conn( Client ), "Got QUIT command.", Req->argc == 1 ? quitmsg : NULL, true);
+		Conn_Close(Client_Conn(Client), "Got QUIT command.",
+			   Req->argc == 1 ? quitmsg : NULL, true);
 
 		return DISCONNECTED;
 	}
@@ -938,10 +945,19 @@ Hello_User(CLIENT * Client)
 		 * passwords supplied are classified as "wrong". */
 		if(Client_Password(Client)[0] == '\0')
 			return Hello_User_PostAuth(Client);
-		Reject_Client(Client);
+		Reject_Client(Client, "non-empty password");
 		return DISCONNECTED;
 	}
 
+	if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) {
+		/* Clients are not required to send a password and to be PAM-
+		 * authenticated at all. If not, they won't become "identified"
+		 * and keep the "~" in their supplied user name.
+		 * Therefore it is sensible to either set Conf_PAMisOptional or
+		 * to enable IDENT lookups -- not both. */
+		return Hello_User_PostAuth(Client);
+	}
+
 	/* Fork child process for PAM authentication; and make sure that the
 	 * process timeout is set higher than the login timeout! */
 	pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
@@ -953,6 +969,7 @@ Hello_User(CLIENT * Client)
 	} else {
 		/* Sub process */
 		Log_Init_Subprocess("Auth");
+		Conn_CloseAllSockets(NONE);
 		result = PAM_Authenticate(Client);
 		if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
 			Log_Subprocess(LOG_ERR,
@@ -964,7 +981,7 @@ Hello_User(CLIENT * Client)
 	/* Check global server password ... */
 	if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) {
 		/* Bad password! */
-		Reject_Client(Client);
+		Reject_Client(Client, "bad server password");
 		return DISCONNECTED;
 	}
 	return Hello_User_PostAuth(Client);
@@ -1003,12 +1020,13 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events)
 
 	/* Read result from pipe */
 	len = Proc_Read(proc, &result, sizeof(result));
+	Proc_Close(proc);
 	if (len == 0)
 		return;
 
 	if (len != sizeof(result)) {
 		Log(LOG_CRIT, "Auth: Got malformed result!");
-		Reject_Client(client);
+		Reject_Client(client, "internal error");
 		return;
 	}
 
@@ -1016,7 +1034,7 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events)
 		Client_SetUser(client, Client_OrigUser(client), true);
 		(void)Hello_User_PostAuth(client);
 	} else
-		Reject_Client(client);
+		Reject_Client(client, "bad password");
 }
 
 #endif
@@ -1031,12 +1049,12 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events)
  * @param Client	The client to reject.
  */
 static void
-Reject_Client(CLIENT *Client)
+Reject_Client(CLIENT *Client, const char *InternalReason)
 {
 	Log(LOG_ERR,
-	    "User \"%s\" rejected (connection %d): Access denied!",
-	    Client_Mask(Client), Client_Conn(Client));
-	Conn_Close(Client_Conn(Client), NULL,
+	    "User \"%s\" rejected (connection %d): %s!",
+	    Client_Mask(Client), Client_Conn(Client), InternalReason);
+	Conn_Close(Client_Conn(Client), InternalReason,
 		   "Access denied! Bad password?", true);
 }
 
@@ -1053,6 +1071,15 @@ Reject_Client(CLIENT *Client)
 static bool
 Hello_User_PostAuth(CLIENT *Client)
 {
+	if (Class_IsMember(CLASS_GLINE, Client)) {
+		Reject_Client(Client, "G-Line'd");
+		return DISCONNECTED;
+	}
+	if (Class_IsMember(CLASS_KLINE, Client)) {
+		Reject_Client(Client, "K-Line'd");
+		return DISCONNECTED;
+	}
+
 	Introduce_Client(NULL, Client, CLIENT_USER);
 
 	if (!IRC_WriteStrClient
@@ -1096,20 +1123,22 @@ Hello_User_PostAuth(CLIENT *Client)
  * @param Reason	Reason for the KILL.
  */
 static void
-Kill_Nick( char *Nick, char *Reason )
+Kill_Nick(char *Nick, char *Reason)
 {
 	REQUEST r;
 
-	assert( Nick != NULL );
-	assert( Reason != NULL );
+	assert (Nick != NULL);
+	assert (Reason != NULL);
 
-	r.prefix = (char *)Client_ThisServer( );
+	r.prefix = NULL;
 	r.argv[0] = Nick;
 	r.argv[1] = Reason;
 	r.argc = 2;
 
-	Log( LOG_ERR, "User(s) with nick \"%s\" will be disconnected: %s", Nick, Reason );
-	IRC_KILL( Client_ThisServer( ), &r );
+	Log(LOG_ERR, "User(s) with nick \"%s\" will be disconnected: %s",
+	    Nick, Reason);
+
+	IRC_KILL(Client_ThisServer(), &r);
 } /* Kill_Nick */