#include "ngircd.h"
#include "conn-func.h"
+#include "class.h"
#include "conf.h"
#include "channel.h"
#include "io.h"
static bool Hello_User_PostAuth PARAMS(( CLIENT *Client ));
static void Kill_Nick PARAMS(( char *Nick, char *Reason ));
static void Introduce_Client PARAMS((CLIENT *To, CLIENT *Client, int Type));
-static void Reject_Client PARAMS((CLIENT *Client));
+static void Reject_Client PARAMS((CLIENT *Client, const char *InternalReason));
static void cb_introduceClient PARAMS((CLIENT *Client, CLIENT *Prefix,
void *i));
* passwords supplied are classified as "wrong". */
if(Client_Password(Client)[0] == '\0')
return Hello_User_PostAuth(Client);
- Reject_Client(Client);
+ Reject_Client(Client, "non-empty password");
return DISCONNECTED;
}
+ if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) {
+ /* Clients are not required to send a password and to be PAM-
+ * authenticated at all. If not, they won't become "identified"
+ * and keep the "~" in their supplied user name.
+ * Therefore it is sensible to either set Conf_PAMisOptional or
+ * to enable IDENT lookups -- not both. */
+ return Hello_User_PostAuth(Client);
+ }
+
/* Fork child process for PAM authentication; and make sure that the
* process timeout is set higher than the login timeout! */
pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
/* Check global server password ... */
if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) {
/* Bad password! */
- Reject_Client(Client);
+ Reject_Client(Client, "bad server password");
return DISCONNECTED;
}
return Hello_User_PostAuth(Client);
if (len != sizeof(result)) {
Log(LOG_CRIT, "Auth: Got malformed result!");
- Reject_Client(client);
+ Reject_Client(client, "internal error");
return;
}
Client_SetUser(client, Client_OrigUser(client), true);
(void)Hello_User_PostAuth(client);
} else
- Reject_Client(client);
+ Reject_Client(client, "bad password");
}
#endif
* @param Client The client to reject.
*/
static void
-Reject_Client(CLIENT *Client)
+Reject_Client(CLIENT *Client, const char *InternalReason)
{
Log(LOG_ERR,
- "User \"%s\" rejected (connection %d): Access denied!",
- Client_Mask(Client), Client_Conn(Client));
- Conn_Close(Client_Conn(Client), NULL,
+ "User \"%s\" rejected (connection %d): %s!",
+ Client_Mask(Client), Client_Conn(Client), InternalReason);
+ Conn_Close(Client_Conn(Client), InternalReason,
"Access denied! Bad password?", true);
}
static bool
Hello_User_PostAuth(CLIENT *Client)
{
+ if (Class_IsMember(CLASS_GLINE, Client)) {
+ Reject_Client(Client, "G-Line'd");
+ return DISCONNECTED;
+ }
+ if (Class_IsMember(CLASS_KLINE, Client)) {
+ Reject_Client(Client, "K-Line'd");
+ return DISCONNECTED;
+ }
+
Introduce_Client(NULL, Client, CLIENT_USER);
if (!IRC_WriteStrClient