Allow "@" character in user names for authentication

[ngircd-alex.git] / src / ngircd / login.c

diff --git a/src/ngircd/login.c b/src/ngircd/login.c
index 2c305402d77893158ac009ad989303ed53a8ddbf..d8c8c40a2d6c0d0bf9f510c8299cf8f11c160d6b 100644 (file)
--- a/src/ngircd/login.c
+++ b/src/ngircd/login.c
@@ -19,6 +19,7 @@
 #include "imp.h"
 #include <assert.h>
 #include <stdlib.h>
+#include <string.h>
 #include <strings.h>
 #include <unistd.h>
 
@@ -26,6 +27,7 @@
 #include "conn.h"
 #include "class.h"
 #include "client.h"
+#include "client-cap.h"
 #include "channel.h"
 #include "conf.h"
 #include "io.h"
@@ -78,19 +80,27 @@ Login_User(CLIENT * Client)
        }
 #endif
 
+       /* Still waiting for "CAP END" command? */
+       if (Client_Cap(Client) & CLIENT_CAP_PENDING) {
+               Client_SetType(Client, CLIENT_WAITCAPEND);
+               LogDebug("Connection %d: Waiting for CAP END ...", conn);
+               return CONNECTED;
+       }
+
 #ifdef PAM
        if (!Conf_PAM) {
                /* Don't do any PAM authentication at all, instead emulate
                 * the beahiour of the daemon compiled without PAM support:
                 * because there can't be any "server password", all
                 * passwords supplied are classified as "wrong". */
-               if(Client_Password(Client)[0] == '\0')
+               if(Conn_Password(conn)[0] == '\0')
                        return Login_User_PostAuth(Client);
                Client_Reject(Client, "Non-empty password", false);
                return DISCONNECTED;
        }
 
-       if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) {
+       if (Conf_PAMIsOptional &&
+           strcmp(Conn_Password(conn), "") == 0) {
                /* Clients are not required to send a password and to be PAM-
                 * authenticated at all. If not, they won't become "identified"
                 * and keep the "~" in their supplied user name.
@@ -120,7 +130,7 @@ Login_User(CLIENT * Client)
        }
 #else
        /* Check global server password ... */
-       if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) {
+       if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
                /* Bad password! */
                Client_Reject(Client, "Bad server password", false);
                return DISCONNECTED;
@@ -153,8 +163,8 @@ Login_User_PostAuth(CLIENT *Client)
                return false;
        if (!IRC_WriteStrClient
            (Client, RPL_YOURHOST_MSG, Client_ID(Client),
-            Client_ID(Client_ThisServer()), PACKAGE_VERSION, TARGET_CPU,
-            TARGET_VENDOR, TARGET_OS))
+            Client_ID(Client_ThisServer()), PACKAGE_VERSION, HOST_CPU,
+            HOST_VENDOR, HOST_OS))
                return false;
        if (!IRC_WriteStrClient
            (Client, RPL_CREATED_MSG, Client_ID(Client), NGIRCd_StartStr))
@@ -192,6 +202,7 @@ Login_User_PostAuth(CLIENT *Client)
 static void
 cb_Read_Auth_Result(int r_fd, UNUSED short events)
 {
+       char user[CLIENT_USER_LEN], *ptr;
        CONN_ID conn;
        CLIENT *client;
        int result;
@@ -223,7 +234,14 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events)
        }
 
        if (result == true) {
-               Client_SetUser(client, Client_OrigUser(client), true);
+               /* Authentication succeeded, now set the correct user name
+                * supplied by the client (without prepended '~' for exmaple),
+                * but cut it at the first '@' character: */
+               strlcpy(user, Client_OrigUser(client), sizeof(user));
+               ptr = strchr(user, '@');
+               if (ptr)
+                       *ptr = '\0';
+               Client_SetUser(client, user, true);
                (void)Login_User_PostAuth(client);
        } else
                Client_Reject(client, "Bad password", false);