X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Flogin.c;h=23c3b6848d94e540bc71f7a38ab504ff6bbb9ca8;hp=bbde6359d70434748779ba96a8868134a8e1aa19;hb=485d0aec813db9966922f17aae044df2d82b0b67;hpb=139f5961a078dfd23a469d98c3942f42595854aa diff --git a/src/ngircd/login.c b/src/ngircd/login.c index bbde6359..23c3b684 100644 --- a/src/ngircd/login.c +++ b/src/ngircd/login.c @@ -19,6 +19,7 @@ #include "imp.h" #include #include +#include #include #include #include @@ -37,6 +38,7 @@ #include "ngircd.h" #include "pam.h" #include "irc-info.h" +#include "irc-mode.h" #include "irc-write.h" #include "exp.h" @@ -89,13 +91,12 @@ Login_User(CLIENT * Client) #ifdef PAM if (!Conf_PAM) { - /* Don't do any PAM authentication at all, instead emulate - * the behavior of the daemon compiled without PAM support: - * because there can't be any "server password", all - * passwords supplied are classified as "wrong". */ - if(Conn_Password(conn)[0] == '\0') + /* Don't do any PAM authentication at all if PAM is not + * enabled, instead emulate the behavior of the daemon + * compiled without PAM support. */ + if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0) return Login_User_PostAuth(Client); - Client_Reject(Client, "Non-empty password", false); + Client_Reject(Client, "Bad server password", false); return DISCONNECTED; } @@ -109,25 +110,27 @@ Login_User(CLIENT * Client) return Login_User_PostAuth(Client); } - /* Fork child process for PAM authentication; and make sure that the - * process timeout is set higher than the login timeout! */ - pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, - cb_Read_Auth_Result, Conf_PongTimeout + 1); - if (pid > 0) { - LogDebug("Authenticator for connection %d created (PID %d).", - conn, pid); - return CONNECTED; - } else { - /* Sub process */ - Log_Init_Subprocess("Auth"); - Conn_CloseAllSockets(NONE); - result = PAM_Authenticate(Client); - if (write(pipefd[1], &result, sizeof(result)) != sizeof(result)) - Log_Subprocess(LOG_ERR, - "Failed to pipe result to parent!"); - Log_Exit_Subprocess("Auth"); - exit(0); - } + if (Conf_PAM) { + /* Fork child process for PAM authentication; and make sure that the + * process timeout is set higher than the login timeout! */ + pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, + cb_Read_Auth_Result, Conf_PongTimeout + 1); + if (pid > 0) { + LogDebug("Authenticator for connection %d created (PID %d).", + conn, pid); + return CONNECTED; + } else { + /* Sub process */ + Log_Init_Subprocess("Auth"); + Conn_CloseAllSockets(NONE); + result = PAM_Authenticate(Client); + if (write(pipefd[1], &result, sizeof(result)) != sizeof(result)) + Log_Subprocess(LOG_ERR, + "Failed to pipe result to parent!"); + Log_Exit_Subprocess("Auth"); + exit(0); + } + } else return CONNECTED; #else /* Check global server password ... */ if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) { @@ -151,6 +154,9 @@ Login_User(CLIENT * Client) GLOBAL bool Login_User_PostAuth(CLIENT *Client) { + REQUEST Req; + char modes[CLIENT_MODE_LEN + 1]; + assert(Client != NULL); if (Class_HandleServerBans(Client) != CONNECTED) @@ -185,8 +191,17 @@ Login_User_PostAuth(CLIENT *Client) if (!IRC_Show_MOTD(Client)) return DISCONNECTED; - /* Suspend the client for a second ... */ - IRC_SetPenalty(Client, 1); + /* Set default user modes */ + if (Conf_DefaultUserModes[0]) { + snprintf(modes, sizeof(modes), "+%s", Conf_DefaultUserModes); + Req.prefix = Client_ThisServer(); + Req.command = "MODE"; + Req.argc = 2; + Req.argv[0] = Client_ID(Client); + Req.argv[1] = modes; + IRC_MODE(Client, &Req); + } else + IRC_SetPenalty(Client, 1); return CONNECTED; }