X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Flogin.c;h=23c3b6848d94e540bc71f7a38ab504ff6bbb9ca8;hp=d79344b5941bcfa59ab61ff4a0acd49131fb4b48;hb=485d0aec813db9966922f17aae044df2d82b0b67;hpb=82bf4eb0591631e638120e0540fbbb7ceb4e19a9

diff --git a/src/ngircd/login.c b/src/ngircd/login.c
index d79344b5..23c3b684 100644
--- a/src/ngircd/login.c
+++ b/src/ngircd/login.c
@@ -19,6 +19,7 @@
 #include "imp.h"
 #include <assert.h>
 #include <stdlib.h>
+#include <stdio.h>
 #include <string.h>
 #include <strings.h>
 #include <unistd.h>
@@ -37,6 +38,7 @@
 #include "ngircd.h"
 #include "pam.h"
 #include "irc-info.h"
+#include "irc-mode.h"
 #include "irc-write.h"
 
 #include "exp.h"
@@ -89,13 +91,12 @@ Login_User(CLIENT * Client)
 
 #ifdef PAM
 	if (!Conf_PAM) {
-		/* Don't do any PAM authentication at all, instead emulate
-		 * the beahiour of the daemon compiled without PAM support:
-		 * because there can't be any "server password", all
-		 * passwords supplied are classified as "wrong". */
-		if(Conn_Password(conn)[0] == '\0')
+		/* Don't do any PAM authentication at all if PAM is not
+		 * enabled, instead emulate the behavior of the daemon
+		 * compiled without PAM support. */
+		if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0) 
 			return Login_User_PostAuth(Client);
-		Client_Reject(Client, "Non-empty password", false);
+		Client_Reject(Client, "Bad server password", false);
 		return DISCONNECTED;
 	}
 
@@ -109,25 +110,27 @@ Login_User(CLIENT * Client)
 		return Login_User_PostAuth(Client);
 	}
 
-	/* Fork child process for PAM authentication; and make sure that the
-	 * process timeout is set higher than the login timeout! */
-	pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
-			cb_Read_Auth_Result, Conf_PongTimeout + 1);
-	if (pid > 0) {
-		LogDebug("Authenticator for connection %d created (PID %d).",
-			 conn, pid);
-		return CONNECTED;
-	} else {
-		/* Sub process */
-		Log_Init_Subprocess("Auth");
-		Conn_CloseAllSockets(NONE);
-		result = PAM_Authenticate(Client);
-		if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
-			Log_Subprocess(LOG_ERR,
-				       "Failed to pipe result to parent!");
-		Log_Exit_Subprocess("Auth");
-		exit(0);
-	}
+	if (Conf_PAM) {
+		/* Fork child process for PAM authentication; and make sure that the
+		 * process timeout is set higher than the login timeout! */
+		pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
+				cb_Read_Auth_Result, Conf_PongTimeout + 1);
+		if (pid > 0) {
+			LogDebug("Authenticator for connection %d created (PID %d).",
+				 conn, pid);
+			return CONNECTED;
+		} else {
+			/* Sub process */
+			Log_Init_Subprocess("Auth");
+			Conn_CloseAllSockets(NONE);
+			result = PAM_Authenticate(Client);
+			if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
+				Log_Subprocess(LOG_ERR,
+					       "Failed to pipe result to parent!");
+			Log_Exit_Subprocess("Auth");
+			exit(0);
+		}
+	} else return CONNECTED;
 #else
 	/* Check global server password ... */
 	if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
@@ -151,6 +154,9 @@ Login_User(CLIENT * Client)
 GLOBAL bool
 Login_User_PostAuth(CLIENT *Client)
 {
+	REQUEST Req;
+	char modes[CLIENT_MODE_LEN + 1];
+
 	assert(Client != NULL);
 
 	if (Class_HandleServerBans(Client) != CONNECTED)
@@ -185,8 +191,17 @@ Login_User_PostAuth(CLIENT *Client)
 	if (!IRC_Show_MOTD(Client))
 		return DISCONNECTED;
 
-	/* Suspend the client for a second ... */
-	IRC_SetPenalty(Client, 1);
+	/* Set default user modes */
+	if (Conf_DefaultUserModes[0]) {
+		snprintf(modes, sizeof(modes), "+%s", Conf_DefaultUserModes);
+		Req.prefix = Client_ThisServer();
+		Req.command = "MODE";
+		Req.argc = 2;
+		Req.argv[0] = Client_ID(Client);
+		Req.argv[1] = modes;
+		IRC_MODE(Client, &Req);
+	} else
+		IRC_SetPenalty(Client, 1);
 
 	return CONNECTED;
 }
@@ -194,7 +209,7 @@ Login_User_PostAuth(CLIENT *Client)
 #ifdef PAM
 
 /**
- * Read result of the authenticatior sub-process from pipe
+ * Read result of the authenticator sub-process from pipe
  *
  * @param r_fd		File descriptor of the pipe.
  * @param events	(ignored IO specification)
@@ -202,6 +217,7 @@ Login_User_PostAuth(CLIENT *Client)
 static void
 cb_Read_Auth_Result(int r_fd, UNUSED short events)
 {
+	char user[CLIENT_USER_LEN], *ptr;
 	CONN_ID conn;
 	CLIENT *client;
 	int result;
@@ -233,7 +249,14 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events)
 	}
 
 	if (result == true) {
-		Client_SetUser(client, Client_OrigUser(client), true);
+		/* Authentication succeeded, now set the correct user name
+		 * supplied by the client (without prepended '~' for exmaple),
+		 * but cut it at the first '@' character: */
+		strlcpy(user, Client_OrigUser(client), sizeof(user));
+		ptr = strchr(user, '@');
+		if (ptr)
+			*ptr = '\0';
+		Client_SetUser(client, user, true);
 		(void)Login_User_PostAuth(client);
 	} else
 		Client_Reject(client, "Bad password", false);