X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Firc-login.c;h=bbb2f0d5e430c88a904514ff77bbfa3d3ed49b92;hp=3c4eb189d58b7035d2c7bd7df7c53d47bceddced;hb=56b7e67307c1be110eaa4e84681bca03df21bd69;hpb=33e8c2480649193799d88d003b9257873aaf2b31

diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c
index 3c4eb189..bbb2f0d5 100644
--- a/src/ngircd/irc-login.c
+++ b/src/ngircd/irc-login.c
@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2010 Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2011 Alexander Barton (alex@barton.de) and Contributors.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +27,7 @@
 
 #include "ngircd.h"
 #include "conn-func.h"
+#include "class.h"
 #include "conf.h"
 #include "channel.h"
 #include "io.h"
@@ -46,7 +47,7 @@ static bool Hello_User PARAMS(( CLIENT *Client ));
 static bool Hello_User_PostAuth PARAMS(( CLIENT *Client ));
 static void Kill_Nick PARAMS(( char *Nick, char *Reason ));
 static void Introduce_Client PARAMS((CLIENT *To, CLIENT *Client, int Type));
-static void Reject_Client PARAMS((CLIENT *Client));
+static void Reject_Client PARAMS((CLIENT *Client, const char *InternalReason));
 
 static void cb_introduceClient PARAMS((CLIENT *Client, CLIENT *Prefix,
 				       void *i));
@@ -271,6 +272,17 @@ IRC_NICK( CLIENT *Client, REQUEST *Req )
 			/* Register new nickname of this client */
 			Client_SetID( target, Req->argv[0] );
 
+#ifndef STRICT_RFC
+			if (Conf_AuthPing) {
+				Conn_SetAuthPing(Client_Conn(Client), rand());
+				IRC_WriteStrClient(Client, "PING :%ld",
+					Conn_GetAuthPing(Client_Conn(Client)));
+				LogDebug("Connection %d: sent AUTH PING %ld ...",
+					Client_Conn(Client),
+					Conn_GetAuthPing(Client_Conn(Client)));
+			}
+#endif
+
 			/* If we received a valid USER command already then
 			 * register the new client! */
 			if( Client_Type( Client ) == CLIENT_GOTUSER )
@@ -642,32 +654,37 @@ IRC_QUIT( CLIENT *Client, REQUEST *Req )
 	CLIENT *target;
 	char quitmsg[LINE_LEN];
 
-	assert( Client != NULL );
-	assert( Req != NULL );
+	assert(Client != NULL);
+	assert(Req != NULL);
 
 	/* Wrong number of arguments? */
-	if( Req->argc > 1 )
-		return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command );
+	if (Req->argc > 1)
+		return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
+					  Client_ID(Client), Req->command);
 
 	if (Req->argc == 1)
 		strlcpy(quitmsg, Req->argv[0], sizeof quitmsg);
 
-	if ( Client_Type( Client ) == CLIENT_SERVER )
-	{
+	if (Client_Type(Client) == CLIENT_SERVER) {
 		/* Server */
-		target = Client_Search( Req->prefix );
-		if( ! target )
-		{
-			Log( LOG_WARNING, "Got QUIT from %s for unknown client!?", Client_ID( Client ));
+		target = Client_Search(Req->prefix);
+		if (!target) {
+			Log(LOG_WARNING,
+			    "Got QUIT from %s for unknown client!?",
+			    Client_ID(Client));
 			return CONNECTED;
 		}
 
-		Client_Destroy( target, "Got QUIT command.", Req->argc == 1 ? quitmsg : NULL, true);
-
-		return CONNECTED;
-	}
-	else
-	{
+		if (target != Client) {
+			Client_Destroy(target, "Got QUIT command.",
+				       Req->argc == 1 ? quitmsg : NULL, true);
+			return CONNECTED;
+		} else {
+			Conn_Close(Client_Conn(Client), "Got QUIT command.",
+				   Req->argc == 1 ? quitmsg : NULL, true);
+			return DISCONNECTED;
+		}
+	} else {
 		if (Req->argc == 1 && quitmsg[0] != '\"') {
 			/* " " to avoid confusion */
 			strlcpy(quitmsg, "\"", sizeof quitmsg);
@@ -676,17 +693,21 @@ IRC_QUIT( CLIENT *Client, REQUEST *Req )
 		}
 
 		/* User, Service, or not yet registered */
-		Conn_Close( Client_Conn( Client ), "Got QUIT command.", Req->argc == 1 ? quitmsg : NULL, true);
+		Conn_Close(Client_Conn(Client), "Got QUIT command.",
+			   Req->argc == 1 ? quitmsg : NULL, true);
 
 		return DISCONNECTED;
 	}
 } /* IRC_QUIT */
 
 
+#ifndef STRICT_RFC
+
 /**
- * Handler for the IRC "PING" command.
+ * Handler for HTTP command, e.g. GET and POST
  *
- * See RFC 2812, 3.7.2 "Ping message".
+ * We handle these commands here to avoid the quite long timeout when
+ * some user tries to access this IRC daemon using an web browser ...
  *
  * @param Client	The client from which this command has been received.
  * @param Req		Request structure with prefix and all parameters.
@@ -695,11 +716,23 @@ IRC_QUIT( CLIENT *Client, REQUEST *Req )
 GLOBAL bool
 IRC_QUIT_HTTP( CLIENT *Client, REQUEST *Req )
 {
-	Req->argc = 0;
+	Req->argc = 1;
+	Req->argv[0] = "Oops, HTTP request received? This is IRC!";
 	return IRC_QUIT(Client, Req);
-}
+} /* IRC_QUIT_HTTP */
 
+#endif
 
+
+/**
+ * Handler for the IRC "PING" command.
+ *
+ * See RFC 2812, 3.7.2 "Ping message".
+ *
+ * @param Client	The client from which this command has been received.
+ * @param Req		Request structure with prefix and all parameters.
+ * @returns		CONNECTED or DISCONNECTED.
+ */
 GLOBAL bool
 IRC_PING(CLIENT *Client, REQUEST *Req)
 {
@@ -782,18 +815,32 @@ GLOBAL bool
 IRC_PONG(CLIENT *Client, REQUEST *Req)
 {
 	CLIENT *target, *from;
+	CONN_ID conn;
+#ifndef STRICT_RFC
+	long auth_ping;
+#endif
 	char *s;
 
 	assert(Client != NULL);
 	assert(Req != NULL);
 
 	/* Wrong number of arguments? */
-	if (Req->argc < 1)
-		return IRC_WriteStrClient(Client, ERR_NOORIGIN_MSG,
-					  Client_ID(Client));
-	if (Req->argc > 2)
-		return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
-					  Client_ID(Client), Req->command);
+	if (Req->argc < 1) {
+		if (Client_Type(Client) == CLIENT_USER)
+			return IRC_WriteStrClient(Client, ERR_NOORIGIN_MSG,
+						  Client_ID(Client));
+		else
+			return CONNECTED;
+	}
+	if (Req->argc > 2) {
+		if (Client_Type(Client) == CLIENT_USER)
+			return IRC_WriteStrClient(Client,
+						  ERR_NEEDMOREPARAMS_MSG,
+						  Client_ID(Client),
+						  Req->command);
+		else
+			return CONNECTED;
+	}
 
 	/* Forward? */
 	if (Req->argc == 2 && Client_Type(Client) == CLIENT_SERVER) {
@@ -822,15 +869,35 @@ IRC_PONG(CLIENT *Client, REQUEST *Req)
 
 	/* The connection timestamp has already been updated when the data has
 	 * been read from so socket, so we don't need to update it here. */
+
+	conn = Client_Conn(Client);
+
+#ifndef STRICT_RFC
+	/* Check authentication PING-PONG ... */
+	auth_ping = Conn_GetAuthPing(conn);
+	if (auth_ping) {
+		LogDebug("AUTH PONG: waiting for token \"%ld\", got \"%s\" ...",
+			 auth_ping, Req->argv[0]);
+		if (auth_ping == atoi(Req->argv[0])) {
+			Conn_SetAuthPing(conn, 0);
+			if (Client_Type(Client) == CLIENT_WAITAUTHPING)
+				Hello_User(Client);
+		} else
+			if (!IRC_WriteStrClient(Client,
+					"To connect, type /QUOTE PONG %ld",
+					auth_ping))
+				return DISCONNECTED;
+	}
+#endif
+
 #ifdef DEBUG
-	if (Client_Conn(Client) > NONE)
+	if (conn > NONE)
 		Log(LOG_DEBUG,
-			"Connection %d: received PONG. Lag: %ld seconds.",
-			Client_Conn(Client),
+			"Connection %d: received PONG. Lag: %ld seconds.", conn,
 			time(NULL) - Conn_LastPing(Client_Conn(Client)));
 	else
 		 Log(LOG_DEBUG,
-			"Connection %d: received PONG.", Client_Conn(Client));
+			"Connection %d: received PONG.", conn);
 #endif
 	return CONNECTED;
 } /* IRC_PONG */
@@ -852,12 +919,25 @@ Hello_User(CLIENT * Client)
 {
 #ifdef PAM
 	int pipefd[2], result;
-	CONN_ID conn;
 	pid_t pid;
+#endif
+	CONN_ID conn;
 
 	assert(Client != NULL);
 	conn = Client_Conn(Client);
 
+#ifndef STRICT_RFC
+	if (Conf_AuthPing) {
+		/* Did we receive the "auth PONG" already? */
+		if (Conn_GetAuthPing(conn)) {
+			Client_SetType(Client, CLIENT_WAITAUTHPING);
+			LogDebug("Connection %d: Waiting for AUTH PONG ...", conn);
+			return CONNECTED;
+		}
+	}
+#endif
+
+#ifdef PAM
 	if (!Conf_PAM) {
 		/* Don't do any PAM authentication at all, instead emulate
 		 * the beahiour of the daemon compiled without PAM support:
@@ -865,10 +945,19 @@ Hello_User(CLIENT * Client)
 		 * passwords supplied are classified as "wrong". */
 		if(Client_Password(Client)[0] == '\0')
 			return Hello_User_PostAuth(Client);
-		Reject_Client(Client);
+		Reject_Client(Client, "non-empty password");
 		return DISCONNECTED;
 	}
 
+	if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) {
+		/* Clients are not required to send a password and to be PAM-
+		 * authenticated at all. If not, they won't become "identified"
+		 * and keep the "~" in their supplied user name.
+		 * Therefore it is sensible to either set Conf_PAMisOptional or
+		 * to enable IDENT lookups -- not both. */
+		return Hello_User_PostAuth(Client);
+	}
+
 	/* Fork child process for PAM authentication; and make sure that the
 	 * process timeout is set higher than the login timeout! */
 	pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
@@ -880,6 +969,7 @@ Hello_User(CLIENT * Client)
 	} else {
 		/* Sub process */
 		Log_Init_Subprocess("Auth");
+		Conn_CloseAllSockets(NONE);
 		result = PAM_Authenticate(Client);
 		if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
 			Log_Subprocess(LOG_ERR,
@@ -888,12 +978,10 @@ Hello_User(CLIENT * Client)
 		exit(0);
 	}
 #else
-	assert(Client != NULL);
-
 	/* Check global server password ... */
 	if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) {
 		/* Bad password! */
-		Reject_Client(Client);
+		Reject_Client(Client, "bad server password");
 		return DISCONNECTED;
 	}
 	return Hello_User_PostAuth(Client);
@@ -932,12 +1020,13 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events)
 
 	/* Read result from pipe */
 	len = Proc_Read(proc, &result, sizeof(result));
+	Proc_Close(proc);
 	if (len == 0)
 		return;
 
 	if (len != sizeof(result)) {
 		Log(LOG_CRIT, "Auth: Got malformed result!");
-		Reject_Client(client);
+		Reject_Client(client, "internal error");
 		return;
 	}
 
@@ -945,7 +1034,7 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events)
 		Client_SetUser(client, Client_OrigUser(client), true);
 		(void)Hello_User_PostAuth(client);
 	} else
-		Reject_Client(client);
+		Reject_Client(client, "bad password");
 }
 
 #endif
@@ -960,12 +1049,12 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events)
  * @param Client	The client to reject.
  */
 static void
-Reject_Client(CLIENT *Client)
+Reject_Client(CLIENT *Client, const char *InternalReason)
 {
 	Log(LOG_ERR,
-	    "User \"%s\" rejected (connection %d): Access denied!",
-	    Client_Mask(Client), Client_Conn(Client));
-	Conn_Close(Client_Conn(Client), NULL,
+	    "User \"%s\" rejected (connection %d): %s!",
+	    Client_Mask(Client), Client_Conn(Client), InternalReason);
+	Conn_Close(Client_Conn(Client), InternalReason,
 		   "Access denied! Bad password?", true);
 }
 
@@ -982,6 +1071,15 @@ Reject_Client(CLIENT *Client)
 static bool
 Hello_User_PostAuth(CLIENT *Client)
 {
+	if (Class_IsMember(CLASS_GLINE, Client)) {
+		Reject_Client(Client, "G-Line'd");
+		return DISCONNECTED;
+	}
+	if (Class_IsMember(CLASS_KLINE, Client)) {
+		Reject_Client(Client, "K-Line'd");
+		return DISCONNECTED;
+	}
+
 	Introduce_Client(NULL, Client, CLIENT_USER);
 
 	if (!IRC_WriteStrClient
@@ -1025,20 +1123,22 @@ Hello_User_PostAuth(CLIENT *Client)
  * @param Reason	Reason for the KILL.
  */
 static void
-Kill_Nick( char *Nick, char *Reason )
+Kill_Nick(char *Nick, char *Reason)
 {
 	REQUEST r;
 
-	assert( Nick != NULL );
-	assert( Reason != NULL );
+	assert (Nick != NULL);
+	assert (Reason != NULL);
 
-	r.prefix = (char *)Client_ThisServer( );
+	r.prefix = NULL;
 	r.argv[0] = Nick;
 	r.argv[1] = Reason;
 	r.argc = 2;
 
-	Log( LOG_ERR, "User(s) with nick \"%s\" will be disconnected: %s", Nick, Reason );
-	IRC_KILL( Client_ThisServer( ), &r );
+	Log(LOG_ERR, "User(s) with nick \"%s\" will be disconnected: %s",
+	    Nick, Reason);
+
+	IRC_KILL(Client_ThisServer(), &r);
 } /* Kill_Nick */