/*
* ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2010 Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2011 Alexander Barton (alex@barton.de) and Contributors.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
* Please read the file COPYING, README and AUTHORS for more information.
- *
- * Login and logout
*/
-
#include "portab.h"
+/**
+ * @file
+ * Login and logout
+ */
+
#include "imp.h"
#include <assert.h>
#include <stdio.h>
#include "ngircd.h"
#include "conn-func.h"
+#include "class.h"
#include "conf.h"
#include "channel.h"
#include "io.h"
static bool Hello_User_PostAuth PARAMS(( CLIENT *Client ));
static void Kill_Nick PARAMS(( char *Nick, char *Reason ));
static void Introduce_Client PARAMS((CLIENT *To, CLIENT *Client, int Type));
-static void Reject_Client PARAMS((CLIENT *Client));
static void cb_introduceClient PARAMS((CLIENT *Client, CLIENT *Prefix,
void *i));
#endif
/**
- * Handler for the IRC command "PASS".
+ * Handler for the IRC "PASS" command.
+ *
* See RFC 2813 section 4.1.1, and RFC 2812 section 3.1.1.
+ *
+ * @param Client The client from which this command has been received.
+ * @param Req Request structure with prefix and all parameters.
+ * @returns CONNECTED or DISCONNECTED.
*/
GLOBAL bool
IRC_PASS( CLIENT *Client, REQUEST *Req )
if (type && strcmp(type, PROTOIRCPLUS) == 0) {
/* The peer seems to be a server which supports the
* IRC+ protocol (see doc/Protocol.txt). */
- serverver = ptr + 1;
- flags = strchr(serverver, ':');
+ serverver = ptr ? ptr + 1 : "?";
+ flags = strchr(ptr ? serverver : impl, ':');
if (flags) {
*flags = '\0';
flags++;
} else
flags = "";
Log(LOG_INFO,
- "Peer announces itself as %s-%s using protocol %d.%d/IRC+ (flags: \"%s\").",
- impl, serverver, protohigh, protolow, flags);
+ "Peer on conenction %d announces itself as %s-%s using protocol %d.%d/IRC+ (flags: \"%s\").",
+ Client_Conn(Client), impl, serverver,
+ protohigh, protolow, flags);
} else {
/* The peer seems to be a server supporting the
* "original" IRC protocol (RFC 2813). */
else
flags = "";
Log(LOG_INFO,
- "Peer announces itself as \"%s\" using protocol %d.%d (flags: \"%s\").",
- impl, protohigh, protolow, flags);
+ "Peer on connection %d announces itself as \"%s\" using protocol %d.%d (flags: \"%s\").",
+ Client_Conn(Client), impl,
+ protohigh, protolow, flags);
}
Client_SetFlags(Client, flags);
}
/**
- * IRC "NICK" command.
+ * Handler for the IRC "NICK" command.
+ *
+ * See RFC 2812, 3.1.2 "Nick message", and RFC 2813, 4.1.3 "Nick".
+ *
* This function implements the IRC command "NICK" which is used to register
* with the server, to change already registered nicknames and to introduce
* new users which are connected to other servers.
+ *
+ * @param Client The client from which this command has been received.
+ * @param Req Request structure with prefix and all parameters.
+ * @returns CONNECTED or DISCONNECTED.
*/
GLOBAL bool
IRC_NICK( CLIENT *Client, REQUEST *Req )
/* Register new nickname of this client */
Client_SetID( target, Req->argv[0] );
+#ifndef STRICT_RFC
+ if (Conf_AuthPing) {
+ Conn_SetAuthPing(Client_Conn(Client), rand());
+ IRC_WriteStrClient(Client, "PING :%ld",
+ Conn_GetAuthPing(Client_Conn(Client)));
+ LogDebug("Connection %d: sent AUTH PING %ld ...",
+ Client_Conn(Client),
+ Conn_GetAuthPing(Client_Conn(Client)));
+ }
+#endif
+
/* If we received a valid USER command already then
* register the new client! */
if( Client_Type( Client ) == CLIENT_GOTUSER )
/**
- * Handler for the IRC command "USER".
+ * Handler for the IRC "USER" command.
+ *
+ * See RFC 2812, 3.1.3 "User message".
+ *
+ * @param Client The client from which this command has been received.
+ * @param Req Request structure with prefix and all parameters.
+ * @returns CONNECTED or DISCONNECTED.
*/
GLOBAL bool
IRC_USER(CLIENT * Client, REQUEST * Req)
/**
- * Handler for the IRC command "SERVICE".
+ * Handler for the IRC "SERVICE" command.
+ *
* This function implements IRC Services registration using the SERVICE command
* defined in RFC 2812 3.1.6 and RFC 2813 4.1.4.
+ *
* At the moment ngIRCd doesn't support directly linked services, so this
* function returns ERR_ERRONEUSNICKNAME when the SERVICE command has not been
* received from a peer server.
+ *
+ * @param Client The client from which this command has been received.
+ * @param Req Request structure with prefix and all parameters.
+ * @returns CONNECTED or DISCONNECTED..
*/
GLOBAL bool
IRC_SERVICE(CLIENT *Client, REQUEST *Req)
/**
- * Handler for the IRC command "WEBIRC".
- * Syntax: WEBIRC <password> <username> <real-hostname> <real-IP-address>
+ * Handler for the IRC "WEBIRC" command.
+ *
+ * See doc/Protocol.txt, section II.4:
+ * "Update webchat/proxy client information".
+ *
+ * @param Client The client from which this command has been received.
+ * @param Req Request structure with prefix and all parameters.
+ * @returns CONNECTED or DISCONNECTED.
*/
GLOBAL bool
IRC_WEBIRC(CLIENT *Client, REQUEST *Req)
} /* IRC_WEBIRC */
+/**
+ * Handler for the IRC "QUIT" command.
+ *
+ * See RFC 2812, 3.1.7 "Quit", and RFC 2813, 4.1.5 "Quit".
+ *
+ * @param Client The client from which this command has been received.
+ * @param Req Request structure with prefix and all parameters.
+ * @returns CONNECTED or DISCONNECTED.
+ */
GLOBAL bool
IRC_QUIT( CLIENT *Client, REQUEST *Req )
{
CLIENT *target;
char quitmsg[LINE_LEN];
- assert( Client != NULL );
- assert( Req != NULL );
+ assert(Client != NULL);
+ assert(Req != NULL);
/* Wrong number of arguments? */
- if( Req->argc > 1 )
- return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command );
+ if (Req->argc > 1)
+ return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
+ Client_ID(Client), Req->command);
if (Req->argc == 1)
strlcpy(quitmsg, Req->argv[0], sizeof quitmsg);
- if ( Client_Type( Client ) == CLIENT_SERVER )
- {
+ if (Client_Type(Client) == CLIENT_SERVER) {
/* Server */
- target = Client_Search( Req->prefix );
- if( ! target )
- {
- Log( LOG_WARNING, "Got QUIT from %s for unknown client!?", Client_ID( Client ));
+ target = Client_Search(Req->prefix);
+ if (!target) {
+ Log(LOG_WARNING,
+ "Got QUIT from %s for unknown client!?",
+ Client_ID(Client));
return CONNECTED;
}
- Client_Destroy( target, "Got QUIT command.", Req->argc == 1 ? quitmsg : NULL, true);
-
- return CONNECTED;
- }
- else
- {
+ if (target != Client) {
+ Client_Destroy(target, "Got QUIT command.",
+ Req->argc == 1 ? quitmsg : NULL, true);
+ return CONNECTED;
+ } else {
+ Conn_Close(Client_Conn(Client), "Got QUIT command.",
+ Req->argc == 1 ? quitmsg : NULL, true);
+ return DISCONNECTED;
+ }
+ } else {
if (Req->argc == 1 && quitmsg[0] != '\"') {
/* " " to avoid confusion */
strlcpy(quitmsg, "\"", sizeof quitmsg);
}
/* User, Service, or not yet registered */
- Conn_Close( Client_Conn( Client ), "Got QUIT command.", Req->argc == 1 ? quitmsg : NULL, true);
+ Conn_Close(Client_Conn(Client), "Got QUIT command.",
+ Req->argc == 1 ? quitmsg : NULL, true);
return DISCONNECTED;
}
} /* IRC_QUIT */
+#ifndef STRICT_RFC
+
+/**
+ * Handler for HTTP command, e.g. GET and POST
+ *
+ * We handle these commands here to avoid the quite long timeout when
+ * some user tries to access this IRC daemon using an web browser ...
+ *
+ * @param Client The client from which this command has been received.
+ * @param Req Request structure with prefix and all parameters.
+ * @returns CONNECTED or DISCONNECTED.
+ */
+GLOBAL bool
+IRC_QUIT_HTTP( CLIENT *Client, REQUEST *Req )
+{
+ Req->argc = 1;
+ Req->argv[0] = "Oops, HTTP request received? This is IRC!";
+ return IRC_QUIT(Client, Req);
+} /* IRC_QUIT_HTTP */
+
+#endif
+
+
+/**
+ * Handler for the IRC "PING" command.
+ *
+ * See RFC 2812, 3.7.2 "Ping message".
+ *
+ * @param Client The client from which this command has been received.
+ * @param Req Request structure with prefix and all parameters.
+ * @returns CONNECTED or DISCONNECTED.
+ */
GLOBAL bool
IRC_PING(CLIENT *Client, REQUEST *Req)
{
} /* IRC_PING */
+/**
+ * Handler for the IRC "PONG" command.
+ *
+ * See RFC 2812, 3.7.3 "Pong message".
+ *
+ * @param Client The client from which this command has been received.
+ * @param Req Request structure with prefix and all parameters.
+ * @returns CONNECTED or DISCONNECTED.
+ */
GLOBAL bool
IRC_PONG(CLIENT *Client, REQUEST *Req)
{
CLIENT *target, *from;
+ CONN_ID conn;
+#ifndef STRICT_RFC
+ long auth_ping;
+#endif
char *s;
assert(Client != NULL);
assert(Req != NULL);
/* Wrong number of arguments? */
- if (Req->argc < 1)
- return IRC_WriteStrClient(Client, ERR_NOORIGIN_MSG,
- Client_ID(Client));
- if (Req->argc > 2)
- return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
- Client_ID(Client), Req->command);
+ if (Req->argc < 1) {
+ if (Client_Type(Client) == CLIENT_USER)
+ return IRC_WriteStrClient(Client, ERR_NOORIGIN_MSG,
+ Client_ID(Client));
+ else
+ return CONNECTED;
+ }
+ if (Req->argc > 2) {
+ if (Client_Type(Client) == CLIENT_USER)
+ return IRC_WriteStrClient(Client,
+ ERR_NEEDMOREPARAMS_MSG,
+ Client_ID(Client),
+ Req->command);
+ else
+ return CONNECTED;
+ }
/* Forward? */
if (Req->argc == 2 && Client_Type(Client) == CLIENT_SERVER) {
/* The connection timestamp has already been updated when the data has
* been read from so socket, so we don't need to update it here. */
+
+ conn = Client_Conn(Client);
+
+#ifndef STRICT_RFC
+ /* Check authentication PING-PONG ... */
+ auth_ping = Conn_GetAuthPing(conn);
+ if (auth_ping) {
+ LogDebug("AUTH PONG: waiting for token \"%ld\", got \"%s\" ...",
+ auth_ping, Req->argv[0]);
+ if (auth_ping == atoi(Req->argv[0])) {
+ Conn_SetAuthPing(conn, 0);
+ if (Client_Type(Client) == CLIENT_WAITAUTHPING)
+ Hello_User(Client);
+ } else
+ if (!IRC_WriteStrClient(Client,
+ "To connect, type /QUOTE PONG %ld",
+ auth_ping))
+ return DISCONNECTED;
+ }
+#endif
+
#ifdef DEBUG
- if (Client_Conn(Client) > NONE)
+ if (conn > NONE)
Log(LOG_DEBUG,
- "Connection %d: received PONG. Lag: %ld seconds.",
- Client_Conn(Client),
+ "Connection %d: received PONG. Lag: %ld seconds.", conn,
time(NULL) - Conn_LastPing(Client_Conn(Client)));
else
Log(LOG_DEBUG,
- "Connection %d: received PONG.", Client_Conn(Client));
+ "Connection %d: received PONG.", conn);
#endif
return CONNECTED;
} /* IRC_PONG */
+/**
+ * Initiate client registration.
+ *
+ * This function is called after the daemon received the required NICK and
+ * USER commands of a new client. If the daemon is compiled with support for
+ * PAM, the authentication sub-processs is forked; otherwise the global server
+ * password is checked.
+ *
+ * @param Client The client logging in.
+ * @returns CONNECTED or DISCONNECTED.
+ */
static bool
Hello_User(CLIENT * Client)
{
#ifdef PAM
int pipefd[2], result;
- CONN_ID conn;
pid_t pid;
+#endif
+ CONN_ID conn;
assert(Client != NULL);
conn = Client_Conn(Client);
- if (Conf_NoPAM) {
+#ifndef STRICT_RFC
+ if (Conf_AuthPing) {
+ /* Did we receive the "auth PONG" already? */
+ if (Conn_GetAuthPing(conn)) {
+ Client_SetType(Client, CLIENT_WAITAUTHPING);
+ LogDebug("Connection %d: Waiting for AUTH PONG ...", conn);
+ return CONNECTED;
+ }
+ }
+#endif
+
+#ifdef PAM
+ if (!Conf_PAM) {
/* Don't do any PAM authentication at all, instead emulate
* the beahiour of the daemon compiled without PAM support:
* because there can't be any "server password", all
* passwords supplied are classified as "wrong". */
if(Client_Password(Client)[0] == '\0')
return Hello_User_PostAuth(Client);
- Reject_Client(Client);
+ Client_Reject(Client, "Non-empty password", false);
return DISCONNECTED;
}
- pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result);
+ if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) {
+ /* Clients are not required to send a password and to be PAM-
+ * authenticated at all. If not, they won't become "identified"
+ * and keep the "~" in their supplied user name.
+ * Therefore it is sensible to either set Conf_PAMisOptional or
+ * to enable IDENT lookups -- not both. */
+ return Hello_User_PostAuth(Client);
+ }
+
+ /* Fork child process for PAM authentication; and make sure that the
+ * process timeout is set higher than the login timeout! */
+ pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
+ cb_Read_Auth_Result, Conf_PongTimeout + 1);
if (pid > 0) {
LogDebug("Authenticator for connection %d created (PID %d).",
conn, pid);
} else {
/* Sub process */
Log_Init_Subprocess("Auth");
+ Conn_CloseAllSockets(NONE);
result = PAM_Authenticate(Client);
- write(pipefd[1], &result, sizeof(result));
+ if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
+ Log_Subprocess(LOG_ERR,
+ "Failed to pipe result to parent!");
Log_Exit_Subprocess("Auth");
exit(0);
}
#else
- assert(Client != NULL);
-
/* Check global server password ... */
if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) {
/* Bad password! */
- Reject_Client(Client);
+ Client_Reject(Client, "Bad server password", false);
return DISCONNECTED;
}
return Hello_User_PostAuth(Client);
/**
* Read result of the authenticatior sub-process from pipe
+ *
+ * @param r_fd File descriptor of the pipe.
+ * @param events (ignored IO specification)
*/
static void
cb_Read_Auth_Result(int r_fd, UNUSED short events)
/* Read result from pipe */
len = Proc_Read(proc, &result, sizeof(result));
+ Proc_Close(proc);
if (len == 0)
return;
if (len != sizeof(result)) {
Log(LOG_CRIT, "Auth: Got malformed result!");
- Reject_Client(client);
+ Client_Reject(client, "Internal error", false);
return;
}
- if (result == true)
+ if (result == true) {
+ Client_SetUser(client, Client_OrigUser(client), true);
(void)Hello_User_PostAuth(client);
- else
- Reject_Client(client);
+ } else
+ Client_Reject(client, "Bad password", false);
}
#endif
-static void
-Reject_Client(CLIENT *Client)
-{
- Log(LOG_ERR,
- "User \"%s\" rejected (connection %d): Access denied!",
- Client_Mask(Client), Client_Conn(Client));
- Conn_Close(Client_Conn(Client), NULL,
- "Access denied! Bad password?", true);
-}
-
-
+/**
+ * Finish client registration.
+ *
+ * Introduce the new client to the network and send all "hello messages"
+ * to it after authentication has been succeeded.
+ *
+ * @param Client The client logging in.
+ * @returns CONNECTED or DISCONNECTED.
+ */
static bool
Hello_User_PostAuth(CLIENT *Client)
{
+ assert(Client != NULL);
+
+ if (Class_HandleServerBans(Client) != CONNECTED)
+ return DISCONNECTED;
+
Introduce_Client(NULL, Client, CLIENT_USER);
if (!IRC_WriteStrClient
}
+/**
+ * Kill all users with a specific nick name in the network.
+ *
+ * @param Nick Nick name.
+ * @param Reason Reason for the KILL.
+ */
static void
-Kill_Nick( char *Nick, char *Reason )
+Kill_Nick(char *Nick, char *Reason)
{
REQUEST r;
- assert( Nick != NULL );
- assert( Reason != NULL );
+ assert (Nick != NULL);
+ assert (Reason != NULL);
- r.prefix = (char *)Client_ThisServer( );
+ r.prefix = NULL;
r.argv[0] = Nick;
r.argv[1] = Reason;
r.argc = 2;
- Log( LOG_ERR, "User(s) with nick \"%s\" will be disconnected: %s", Nick, Reason );
- IRC_KILL( Client_ThisServer( ), &r );
+ Log(LOG_ERR, "User(s) with nick \"%s\" will be disconnected: %s",
+ Nick, Reason);
+
+ IRC_KILL(Client_ThisServer(), &r);
} /* Kill_Nick */
+/**
+ * Introduce a new user or service client in the network.
+ *
+ * @param From Remote server introducing the client or NULL (local).
+ * @param Client New client.
+ * @param Type Type of the client (CLIENT_USER or CLIENT_SERVICE).
+ */
static void
Introduce_Client(CLIENT *From, CLIENT *Client, int Type)
{
} /* Introduce_Client */
+/**
+ * Introduce a new user or service client to a remote server.
+ *
+ * This function differentiates between RFC1459 and RFC2813 server links and
+ * generates the appropriate commands to register the new user or service.
+ *
+ * @param To The remote server to inform.
+ * @param Prefix Prefix for the generated commands.
+ * @param data CLIENT structure of the new client.
+ */
static void
cb_introduceClient(CLIENT *To, CLIENT *Prefix, void *data)
{