X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Firc-login.c;h=edaefd61cfc119fbd26de3a26d55eb65bc0146d0;hp=0bcbe3edc5b45ec0e36f8124137dc96872892353;hb=d9325e803010d9a305182a4216bfbde168094dfa;hpb=57a2faf4a74c65a6f12caf2d69c34e4f08c659f9 diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index 0bcbe3ed..edaefd61 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -7,13 +7,15 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * Please read the file COPYING, README and AUTHORS for more information. - * - * Login and logout */ - #include "portab.h" +/** + * @file + * Login and logout + */ + #include "imp.h" #include #include @@ -54,8 +56,13 @@ static void cb_Read_Auth_Result PARAMS((int r_fd, UNUSED short events)); #endif /** - * Handler for the IRC command "PASS". + * Handler for the IRC "PASS" command. + * * See RFC 2813 section 4.1.1, and RFC 2812 section 3.1.1. + * + * @param Client The client from which this command has been received. + * @param Req Request structure with prefix and all parameters. + * @returns CONNECTED or DISCONNECTED. */ GLOBAL bool IRC_PASS( CLIENT *Client, REQUEST *Req ) @@ -143,16 +150,17 @@ IRC_PASS( CLIENT *Client, REQUEST *Req ) if (type && strcmp(type, PROTOIRCPLUS) == 0) { /* The peer seems to be a server which supports the * IRC+ protocol (see doc/Protocol.txt). */ - serverver = ptr + 1; - flags = strchr(serverver, ':'); + serverver = ptr ? ptr + 1 : "?"; + flags = strchr(ptr ? serverver : impl, ':'); if (flags) { *flags = '\0'; flags++; } else flags = ""; Log(LOG_INFO, - "Peer announces itself as %s-%s using protocol %d.%d/IRC+ (flags: \"%s\").", - impl, serverver, protohigh, protolow, flags); + "Peer on conenction %d announces itself as %s-%s using protocol %d.%d/IRC+ (flags: \"%s\").", + Client_Conn(Client), impl, serverver, + protohigh, protolow, flags); } else { /* The peer seems to be a server supporting the * "original" IRC protocol (RFC 2813). */ @@ -161,8 +169,9 @@ IRC_PASS( CLIENT *Client, REQUEST *Req ) else flags = ""; Log(LOG_INFO, - "Peer announces itself as \"%s\" using protocol %d.%d (flags: \"%s\").", - impl, protohigh, protolow, flags); + "Peer on connection %d announces itself as \"%s\" using protocol %d.%d (flags: \"%s\").", + Client_Conn(Client), impl, + protohigh, protolow, flags); } Client_SetFlags(Client, flags); } @@ -172,10 +181,17 @@ IRC_PASS( CLIENT *Client, REQUEST *Req ) /** - * IRC "NICK" command. + * Handler for the IRC "NICK" command. + * + * See RFC 2812, 3.1.2 "Nick message", and RFC 2813, 4.1.3 "Nick". + * * This function implements the IRC command "NICK" which is used to register * with the server, to change already registered nicknames and to introduce * new users which are connected to other servers. + * + * @param Client The client from which this command has been received. + * @param Req Request structure with prefix and all parameters. + * @returns CONNECTED or DISCONNECTED. */ GLOBAL bool IRC_NICK( CLIENT *Client, REQUEST *Req ) @@ -255,6 +271,17 @@ IRC_NICK( CLIENT *Client, REQUEST *Req ) /* Register new nickname of this client */ Client_SetID( target, Req->argv[0] ); +#ifndef STRICT_RFC + if (Conf_AuthPing) { + Conn_SetAuthPing(Client_Conn(Client), rand()); + IRC_WriteStrClient(Client, "PING :%ld", + Conn_GetAuthPing(Client_Conn(Client))); + LogDebug("Connection %d: sent AUTH PING %ld ...", + Client_Conn(Client), + Conn_GetAuthPing(Client_Conn(Client))); + } +#endif + /* If we received a valid USER command already then * register the new client! */ if( Client_Type( Client ) == CLIENT_GOTUSER ) @@ -377,7 +404,13 @@ IRC_NICK( CLIENT *Client, REQUEST *Req ) /** - * Handler for the IRC command "USER". + * Handler for the IRC "USER" command. + * + * See RFC 2812, 3.1.3 "User message". + * + * @param Client The client from which this command has been received. + * @param Req Request structure with prefix and all parameters. + * @returns CONNECTED or DISCONNECTED. */ GLOBAL bool IRC_USER(CLIENT * Client, REQUEST * Req) @@ -470,12 +503,18 @@ IRC_USER(CLIENT * Client, REQUEST * Req) /** - * Handler for the IRC command "SERVICE". + * Handler for the IRC "SERVICE" command. + * * This function implements IRC Services registration using the SERVICE command * defined in RFC 2812 3.1.6 and RFC 2813 4.1.4. + * * At the moment ngIRCd doesn't support directly linked services, so this * function returns ERR_ERRONEUSNICKNAME when the SERVICE command has not been * received from a peer server. + * + * @param Client The client from which this command has been received. + * @param Req Request structure with prefix and all parameters. + * @returns CONNECTED or DISCONNECTED.. */ GLOBAL bool IRC_SERVICE(CLIENT *Client, REQUEST *Req) @@ -568,8 +607,14 @@ IRC_SERVICE(CLIENT *Client, REQUEST *Req) /** - * Handler for the IRC command "WEBIRC". - * Syntax: WEBIRC + * Handler for the IRC "WEBIRC" command. + * + * See doc/Protocol.txt, section II.4: + * "Update webchat/proxy client information". + * + * @param Client The client from which this command has been received. + * @param Req Request structure with prefix and all parameters. + * @returns CONNECTED or DISCONNECTED. */ GLOBAL bool IRC_WEBIRC(CLIENT *Client, REQUEST *Req) @@ -593,38 +638,52 @@ IRC_WEBIRC(CLIENT *Client, REQUEST *Req) } /* IRC_WEBIRC */ +/** + * Handler for the IRC "QUIT" command. + * + * See RFC 2812, 3.1.7 "Quit", and RFC 2813, 4.1.5 "Quit". + * + * @param Client The client from which this command has been received. + * @param Req Request structure with prefix and all parameters. + * @returns CONNECTED or DISCONNECTED. + */ GLOBAL bool IRC_QUIT( CLIENT *Client, REQUEST *Req ) { CLIENT *target; char quitmsg[LINE_LEN]; - assert( Client != NULL ); - assert( Req != NULL ); + assert(Client != NULL); + assert(Req != NULL); /* Wrong number of arguments? */ - if( Req->argc > 1 ) - return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command ); + if (Req->argc > 1) + return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, + Client_ID(Client), Req->command); if (Req->argc == 1) strlcpy(quitmsg, Req->argv[0], sizeof quitmsg); - if ( Client_Type( Client ) == CLIENT_SERVER ) - { + if (Client_Type(Client) == CLIENT_SERVER) { /* Server */ - target = Client_Search( Req->prefix ); - if( ! target ) - { - Log( LOG_WARNING, "Got QUIT from %s for unknown client!?", Client_ID( Client )); + target = Client_Search(Req->prefix); + if (!target) { + Log(LOG_WARNING, + "Got QUIT from %s for unknown client!?", + Client_ID(Client)); return CONNECTED; } - Client_Destroy( target, "Got QUIT command.", Req->argc == 1 ? quitmsg : NULL, true); - - return CONNECTED; - } - else - { + if (target != Client) { + Client_Destroy(target, "Got QUIT command.", + Req->argc == 1 ? quitmsg : NULL, true); + return CONNECTED; + } else { + Conn_Close(Client_Conn(Client), "Got QUIT command.", + Req->argc == 1 ? quitmsg : NULL, true); + return DISCONNECTED; + } + } else { if (Req->argc == 1 && quitmsg[0] != '\"') { /* " " to avoid confusion */ strlcpy(quitmsg, "\"", sizeof quitmsg); @@ -633,13 +692,46 @@ IRC_QUIT( CLIENT *Client, REQUEST *Req ) } /* User, Service, or not yet registered */ - Conn_Close( Client_Conn( Client ), "Got QUIT command.", Req->argc == 1 ? quitmsg : NULL, true); + Conn_Close(Client_Conn(Client), "Got QUIT command.", + Req->argc == 1 ? quitmsg : NULL, true); return DISCONNECTED; } } /* IRC_QUIT */ +#ifndef STRICT_RFC + +/** + * Handler for HTTP command, e.g. GET and POST + * + * We handle these commands here to avoid the quite long timeout when + * some user tries to access this IRC daemon using an web browser ... + * + * @param Client The client from which this command has been received. + * @param Req Request structure with prefix and all parameters. + * @returns CONNECTED or DISCONNECTED. + */ +GLOBAL bool +IRC_QUIT_HTTP( CLIENT *Client, REQUEST *Req ) +{ + Req->argc = 1; + Req->argv[0] = "Oops, HTTP request received? This is IRC!"; + return IRC_QUIT(Client, Req); +} /* IRC_QUIT_HTTP */ + +#endif + + +/** + * Handler for the IRC "PING" command. + * + * See RFC 2812, 3.7.2 "Ping message". + * + * @param Client The client from which this command has been received. + * @param Req Request structure with prefix and all parameters. + * @returns CONNECTED or DISCONNECTED. + */ GLOBAL bool IRC_PING(CLIENT *Client, REQUEST *Req) { @@ -709,22 +801,45 @@ IRC_PING(CLIENT *Client, REQUEST *Req) } /* IRC_PING */ +/** + * Handler for the IRC "PONG" command. + * + * See RFC 2812, 3.7.3 "Pong message". + * + * @param Client The client from which this command has been received. + * @param Req Request structure with prefix and all parameters. + * @returns CONNECTED or DISCONNECTED. + */ GLOBAL bool IRC_PONG(CLIENT *Client, REQUEST *Req) { CLIENT *target, *from; + CONN_ID conn; +#ifndef STRICT_RFC + long auth_ping; +#endif char *s; assert(Client != NULL); assert(Req != NULL); /* Wrong number of arguments? */ - if (Req->argc < 1) - return IRC_WriteStrClient(Client, ERR_NOORIGIN_MSG, - Client_ID(Client)); - if (Req->argc > 2) - return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, - Client_ID(Client), Req->command); + if (Req->argc < 1) { + if (Client_Type(Client) == CLIENT_USER) + return IRC_WriteStrClient(Client, ERR_NOORIGIN_MSG, + Client_ID(Client)); + else + return CONNECTED; + } + if (Req->argc > 2) { + if (Client_Type(Client) == CLIENT_USER) + return IRC_WriteStrClient(Client, + ERR_NEEDMOREPARAMS_MSG, + Client_ID(Client), + Req->command); + else + return CONNECTED; + } /* Forward? */ if (Req->argc == 2 && Client_Type(Client) == CLIENT_SERVER) { @@ -753,32 +868,90 @@ IRC_PONG(CLIENT *Client, REQUEST *Req) /* The connection timestamp has already been updated when the data has * been read from so socket, so we don't need to update it here. */ + + conn = Client_Conn(Client); + +#ifndef STRICT_RFC + /* Check authentication PING-PONG ... */ + auth_ping = Conn_GetAuthPing(conn); + if (auth_ping) { + LogDebug("AUTH PONG: waiting for token \"%ld\", got \"%s\" ...", + auth_ping, Req->argv[0]); + if (auth_ping == atoi(Req->argv[0])) { + Conn_SetAuthPing(conn, 0); + if (Client_Type(Client) == CLIENT_WAITAUTHPING) + Hello_User(Client); + } else + if (!IRC_WriteStrClient(Client, + "To connect, type /QUOTE PONG %ld", + auth_ping)) + return DISCONNECTED; + } +#endif + #ifdef DEBUG - if (Client_Conn(Client) > NONE) + if (conn > NONE) Log(LOG_DEBUG, - "Connection %d: received PONG. Lag: %ld seconds.", - Client_Conn(Client), + "Connection %d: received PONG. Lag: %ld seconds.", conn, time(NULL) - Conn_LastPing(Client_Conn(Client))); else Log(LOG_DEBUG, - "Connection %d: received PONG.", Client_Conn(Client)); + "Connection %d: received PONG.", conn); #endif return CONNECTED; } /* IRC_PONG */ +/** + * Initiate client registration. + * + * This function is called after the daemon received the required NICK and + * USER commands of a new client. If the daemon is compiled with support for + * PAM, the authentication sub-processs is forked; otherwise the global server + * password is checked. + * + * @param Client The client logging in. + * @returns CONNECTED or DISCONNECTED. + */ static bool Hello_User(CLIENT * Client) { #ifdef PAM int pipefd[2], result; - CONN_ID conn; pid_t pid; +#endif + CONN_ID conn; assert(Client != NULL); conn = Client_Conn(Client); - pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result); +#ifndef STRICT_RFC + if (Conf_AuthPing) { + /* Did we receive the "auth PONG" already? */ + if (Conn_GetAuthPing(conn)) { + Client_SetType(Client, CLIENT_WAITAUTHPING); + LogDebug("Connection %d: Waiting for AUTH PONG ...", conn); + return CONNECTED; + } + } +#endif + +#ifdef PAM + if (!Conf_PAM) { + /* Don't do any PAM authentication at all, instead emulate + * the beahiour of the daemon compiled without PAM support: + * because there can't be any "server password", all + * passwords supplied are classified as "wrong". */ + if(Client_Password(Client)[0] == '\0') + return Hello_User_PostAuth(Client); + Reject_Client(Client); + return DISCONNECTED; + } + + /* Fork child process for PAM authentication; and make sure that the + * process timeout is set higher than the login timeout! */ + pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, + cb_Read_Auth_Result, Conf_PongTimeout + 1); if (pid > 0) { LogDebug("Authenticator for connection %d created (PID %d).", conn, pid); @@ -786,17 +959,14 @@ Hello_User(CLIENT * Client) } else { /* Sub process */ Log_Init_Subprocess("Auth"); - if (Conf_NoPAM) { - result = (Client_Password(Client)[0] == '\0'); - } else - result = PAM_Authenticate(Client); - write(pipefd[1], &result, sizeof(result)); + result = PAM_Authenticate(Client); + if (write(pipefd[1], &result, sizeof(result)) != sizeof(result)) + Log_Subprocess(LOG_ERR, + "Failed to pipe result to parent!"); Log_Exit_Subprocess("Auth"); exit(0); } #else - assert(Client != NULL); - /* Check global server password ... */ if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) { /* Bad password! */ @@ -812,6 +982,9 @@ Hello_User(CLIENT * Client) /** * Read result of the authenticatior sub-process from pipe + * + * @param r_fd File descriptor of the pipe. + * @param events (ignored IO specification) */ static void cb_Read_Auth_Result(int r_fd, UNUSED short events) @@ -839,24 +1012,30 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events) if (len == 0) return; - /* Make sure authenticator sub-process is dead now ... */ - Proc_Kill(proc); - if (len != sizeof(result)) { Log(LOG_CRIT, "Auth: Got malformed result!"); Reject_Client(client); return; } - if (result == true) + if (result == true) { + Client_SetUser(client, Client_OrigUser(client), true); (void)Hello_User_PostAuth(client); - else + } else Reject_Client(client); } #endif +/** + * Reject a client because of wrong password. + * + * This function is called either when the global server password or a password + * checked using PAM has been wrong. + * + * @param Client The client to reject. + */ static void Reject_Client(CLIENT *Client) { @@ -868,6 +1047,15 @@ Reject_Client(CLIENT *Client) } +/** + * Finish client registration. + * + * Introduce the new client to the network and send all "hello messages" + * to it after authentication has been succeeded. + * + * @param Client The client logging in. + * @returns CONNECTED or DISCONNECTED. + */ static bool Hello_User_PostAuth(CLIENT *Client) { @@ -907,24 +1095,39 @@ Hello_User_PostAuth(CLIENT *Client) } +/** + * Kill all users with a specific nick name in the network. + * + * @param Nick Nick name. + * @param Reason Reason for the KILL. + */ static void -Kill_Nick( char *Nick, char *Reason ) +Kill_Nick(char *Nick, char *Reason) { REQUEST r; - assert( Nick != NULL ); - assert( Reason != NULL ); + assert (Nick != NULL); + assert (Reason != NULL); - r.prefix = (char *)Client_ThisServer( ); + r.prefix = NULL; r.argv[0] = Nick; r.argv[1] = Reason; r.argc = 2; - Log( LOG_ERR, "User(s) with nick \"%s\" will be disconnected: %s", Nick, Reason ); - IRC_KILL( Client_ThisServer( ), &r ); + Log(LOG_ERR, "User(s) with nick \"%s\" will be disconnected: %s", + Nick, Reason); + + IRC_KILL(Client_ThisServer(), &r); } /* Kill_Nick */ +/** + * Introduce a new user or service client in the network. + * + * @param From Remote server introducing the client or NULL (local). + * @param Client New client. + * @param Type Type of the client (CLIENT_USER or CLIENT_SERVICE). + */ static void Introduce_Client(CLIENT *From, CLIENT *Client, int Type) { @@ -958,6 +1161,16 @@ Introduce_Client(CLIENT *From, CLIENT *Client, int Type) } /* Introduce_Client */ +/** + * Introduce a new user or service client to a remote server. + * + * This function differentiates between RFC1459 and RFC2813 server links and + * generates the appropriate commands to register the new user or service. + * + * @param To The remote server to inform. + * @param Prefix Prefix for the generated commands. + * @param data CLIENT structure of the new client. + */ static void cb_introduceClient(CLIENT *To, CLIENT *Prefix, void *data) {