/*
* ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2010 Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2011 Alexander Barton (alex@barton.de) and Contributors.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#include "ngircd.h"
#include "conn-func.h"
+#include "class.h"
#include "conf.h"
#include "channel.h"
#include "io.h"
static bool Hello_User_PostAuth PARAMS(( CLIENT *Client ));
static void Kill_Nick PARAMS(( char *Nick, char *Reason ));
static void Introduce_Client PARAMS((CLIENT *To, CLIENT *Client, int Type));
-static void Reject_Client PARAMS((CLIENT *Client));
static void cb_introduceClient PARAMS((CLIENT *Client, CLIENT *Prefix,
void *i));
/* Register new nickname of this client */
Client_SetID( target, Req->argv[0] );
+#ifndef STRICT_RFC
+ if (Conf_AuthPing) {
+ Conn_SetAuthPing(Client_Conn(Client), rand());
+ IRC_WriteStrClient(Client, "PING :%ld",
+ Conn_GetAuthPing(Client_Conn(Client)));
+ LogDebug("Connection %d: sent AUTH PING %ld ...",
+ Client_Conn(Client),
+ Conn_GetAuthPing(Client_Conn(Client)));
+ }
+#endif
+
/* If we received a valid USER command already then
* register the new client! */
if( Client_Type( Client ) == CLIENT_GOTUSER )
CLIENT *target;
char quitmsg[LINE_LEN];
- assert( Client != NULL );
- assert( Req != NULL );
+ assert(Client != NULL);
+ assert(Req != NULL);
/* Wrong number of arguments? */
- if( Req->argc > 1 )
- return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command );
+ if (Req->argc > 1)
+ return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
+ Client_ID(Client), Req->command);
if (Req->argc == 1)
strlcpy(quitmsg, Req->argv[0], sizeof quitmsg);
- if ( Client_Type( Client ) == CLIENT_SERVER )
- {
+ if (Client_Type(Client) == CLIENT_SERVER) {
/* Server */
- target = Client_Search( Req->prefix );
- if( ! target )
- {
- Log( LOG_WARNING, "Got QUIT from %s for unknown client!?", Client_ID( Client ));
+ target = Client_Search(Req->prefix);
+ if (!target) {
+ Log(LOG_WARNING,
+ "Got QUIT from %s for unknown client!?",
+ Client_ID(Client));
return CONNECTED;
}
- Client_Destroy( target, "Got QUIT command.", Req->argc == 1 ? quitmsg : NULL, true);
-
- return CONNECTED;
- }
- else
- {
+ if (target != Client) {
+ Client_Destroy(target, "Got QUIT command.",
+ Req->argc == 1 ? quitmsg : NULL, true);
+ return CONNECTED;
+ } else {
+ Conn_Close(Client_Conn(Client), "Got QUIT command.",
+ Req->argc == 1 ? quitmsg : NULL, true);
+ return DISCONNECTED;
+ }
+ } else {
if (Req->argc == 1 && quitmsg[0] != '\"') {
/* " " to avoid confusion */
strlcpy(quitmsg, "\"", sizeof quitmsg);
}
/* User, Service, or not yet registered */
- Conn_Close( Client_Conn( Client ), "Got QUIT command.", Req->argc == 1 ? quitmsg : NULL, true);
+ Conn_Close(Client_Conn(Client), "Got QUIT command.",
+ Req->argc == 1 ? quitmsg : NULL, true);
return DISCONNECTED;
}
} /* IRC_QUIT */
+#ifndef STRICT_RFC
+
+/**
+ * Handler for HTTP command, e.g. GET and POST
+ *
+ * We handle these commands here to avoid the quite long timeout when
+ * some user tries to access this IRC daemon using an web browser ...
+ *
+ * @param Client The client from which this command has been received.
+ * @param Req Request structure with prefix and all parameters.
+ * @returns CONNECTED or DISCONNECTED.
+ */
GLOBAL bool
IRC_QUIT_HTTP( CLIENT *Client, REQUEST *Req )
{
return IRC_QUIT(Client, Req);
} /* IRC_QUIT_HTTP */
+#endif
+
/**
* Handler for the IRC "PING" command.
IRC_PONG(CLIENT *Client, REQUEST *Req)
{
CLIENT *target, *from;
+ CONN_ID conn;
+#ifndef STRICT_RFC
+ long auth_ping;
+#endif
char *s;
assert(Client != NULL);
assert(Req != NULL);
/* Wrong number of arguments? */
- if (Req->argc < 1)
- return IRC_WriteStrClient(Client, ERR_NOORIGIN_MSG,
- Client_ID(Client));
- if (Req->argc > 2)
- return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
- Client_ID(Client), Req->command);
+ if (Req->argc < 1) {
+ if (Client_Type(Client) == CLIENT_USER)
+ return IRC_WriteStrClient(Client, ERR_NOORIGIN_MSG,
+ Client_ID(Client));
+ else
+ return CONNECTED;
+ }
+ if (Req->argc > 2) {
+ if (Client_Type(Client) == CLIENT_USER)
+ return IRC_WriteStrClient(Client,
+ ERR_NEEDMOREPARAMS_MSG,
+ Client_ID(Client),
+ Req->command);
+ else
+ return CONNECTED;
+ }
/* Forward? */
if (Req->argc == 2 && Client_Type(Client) == CLIENT_SERVER) {
/* The connection timestamp has already been updated when the data has
* been read from so socket, so we don't need to update it here. */
+
+ conn = Client_Conn(Client);
+
+#ifndef STRICT_RFC
+ /* Check authentication PING-PONG ... */
+ auth_ping = Conn_GetAuthPing(conn);
+ if (auth_ping) {
+ LogDebug("AUTH PONG: waiting for token \"%ld\", got \"%s\" ...",
+ auth_ping, Req->argv[0]);
+ if (auth_ping == atoi(Req->argv[0])) {
+ Conn_SetAuthPing(conn, 0);
+ if (Client_Type(Client) == CLIENT_WAITAUTHPING)
+ Hello_User(Client);
+ } else
+ if (!IRC_WriteStrClient(Client,
+ "To connect, type /QUOTE PONG %ld",
+ auth_ping))
+ return DISCONNECTED;
+ }
+#endif
+
#ifdef DEBUG
- if (Client_Conn(Client) > NONE)
+ if (conn > NONE)
Log(LOG_DEBUG,
- "Connection %d: received PONG. Lag: %ld seconds.",
- Client_Conn(Client),
+ "Connection %d: received PONG. Lag: %ld seconds.", conn,
time(NULL) - Conn_LastPing(Client_Conn(Client)));
else
Log(LOG_DEBUG,
- "Connection %d: received PONG.", Client_Conn(Client));
+ "Connection %d: received PONG.", conn);
#endif
return CONNECTED;
} /* IRC_PONG */
{
#ifdef PAM
int pipefd[2], result;
- CONN_ID conn;
pid_t pid;
+#endif
+ CONN_ID conn;
assert(Client != NULL);
conn = Client_Conn(Client);
+#ifndef STRICT_RFC
+ if (Conf_AuthPing) {
+ /* Did we receive the "auth PONG" already? */
+ if (Conn_GetAuthPing(conn)) {
+ Client_SetType(Client, CLIENT_WAITAUTHPING);
+ LogDebug("Connection %d: Waiting for AUTH PONG ...", conn);
+ return CONNECTED;
+ }
+ }
+#endif
+
+#ifdef PAM
if (!Conf_PAM) {
/* Don't do any PAM authentication at all, instead emulate
* the beahiour of the daemon compiled without PAM support:
* passwords supplied are classified as "wrong". */
if(Client_Password(Client)[0] == '\0')
return Hello_User_PostAuth(Client);
- Reject_Client(Client);
+ Client_Reject(Client, "Non-empty password", false);
return DISCONNECTED;
}
+ if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) {
+ /* Clients are not required to send a password and to be PAM-
+ * authenticated at all. If not, they won't become "identified"
+ * and keep the "~" in their supplied user name.
+ * Therefore it is sensible to either set Conf_PAMisOptional or
+ * to enable IDENT lookups -- not both. */
+ return Hello_User_PostAuth(Client);
+ }
+
/* Fork child process for PAM authentication; and make sure that the
* process timeout is set higher than the login timeout! */
pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
} else {
/* Sub process */
Log_Init_Subprocess("Auth");
+ Conn_CloseAllSockets(NONE);
result = PAM_Authenticate(Client);
if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
Log_Subprocess(LOG_ERR,
exit(0);
}
#else
- assert(Client != NULL);
-
/* Check global server password ... */
if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) {
/* Bad password! */
- Reject_Client(Client);
+ Client_Reject(Client, "Bad server password", false);
return DISCONNECTED;
}
return Hello_User_PostAuth(Client);
/* Read result from pipe */
len = Proc_Read(proc, &result, sizeof(result));
+ Proc_Close(proc);
if (len == 0)
return;
if (len != sizeof(result)) {
Log(LOG_CRIT, "Auth: Got malformed result!");
- Reject_Client(client);
+ Client_Reject(client, "Internal error", false);
return;
}
Client_SetUser(client, Client_OrigUser(client), true);
(void)Hello_User_PostAuth(client);
} else
- Reject_Client(client);
+ Client_Reject(client, "Bad password", false);
}
#endif
-/**
- * Reject a client because of wrong password.
- *
- * This function is called either when the global server password or a password
- * checked using PAM has been wrong.
- *
- * @param Client The client to reject.
- */
-static void
-Reject_Client(CLIENT *Client)
-{
- Log(LOG_ERR,
- "User \"%s\" rejected (connection %d): Access denied!",
- Client_Mask(Client), Client_Conn(Client));
- Conn_Close(Client_Conn(Client), NULL,
- "Access denied! Bad password?", true);
-}
-
-
/**
* Finish client registration.
*
static bool
Hello_User_PostAuth(CLIENT *Client)
{
+ assert(Client != NULL);
+
+ if (Class_HandleServerBans(Client) != CONNECTED)
+ return DISCONNECTED;
+
Introduce_Client(NULL, Client, CLIENT_USER);
if (!IRC_WriteStrClient
* @param Reason Reason for the KILL.
*/
static void
-Kill_Nick( char *Nick, char *Reason )
+Kill_Nick(char *Nick, char *Reason)
{
REQUEST r;
- assert( Nick != NULL );
- assert( Reason != NULL );
+ assert (Nick != NULL);
+ assert (Reason != NULL);
- r.prefix = (char *)Client_ThisServer( );
+ r.prefix = NULL;
r.argv[0] = Nick;
r.argv[1] = Reason;
r.argc = 2;
- Log( LOG_ERR, "User(s) with nick \"%s\" will be disconnected: %s", Nick, Reason );
- IRC_KILL( Client_ThisServer( ), &r );
+ Log(LOG_ERR, "User(s) with nick \"%s\" will be disconnected: %s",
+ Nick, Reason);
+
+ IRC_KILL(Client_ThisServer(), &r);
} /* Kill_Nick */