X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Flogin.c;h=64cc81251c6594cbd129a56270262fa9fede6c19;hp=2c305402d77893158ac009ad989303ed53a8ddbf;hb=b71a0ddbd570f5163ede198d635c3b03abd3e27e;hpb=edfcc2f9d5b796fd30f60138591e4f96d54cfcf6

diff --git a/src/ngircd/login.c b/src/ngircd/login.c
index 2c305402..64cc8125 100644
--- a/src/ngircd/login.c
+++ b/src/ngircd/login.c
@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2012 Alexander Barton (alex@barton.de) and Contributors.
+ * Copyright (c)2001-2014 Alexander Barton (alex@barton.de) and Contributors.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,32 +16,34 @@
  * Functions to deal with client logins
  */
 
-#include "imp.h"
 #include <assert.h>
 #include <stdlib.h>
-#include <strings.h>
+#include <stdio.h>
+#include <string.h>
 #include <unistd.h>
 
-#include "defines.h"
 #include "conn.h"
 #include "class.h"
-#include "client.h"
+#include "client-cap.h"
 #include "channel.h"
 #include "conf.h"
-#include "io.h"
 #include "parse.h"
 #include "log.h"
 #include "messages.h"
 #include "ngircd.h"
-#include "pam.h"
 #include "irc-info.h"
+#include "irc-mode.h"
 #include "irc-write.h"
 
-#include "exp.h"
 #include "login.h"
 
 #ifdef PAM
+
+#include "io.h"
+#include "pam.h"
+
 static void cb_Read_Auth_Result PARAMS((int r_fd, UNUSED short events));
+
 #endif
 
 /**
@@ -78,19 +80,26 @@ Login_User(CLIENT * Client)
 	}
 #endif
 
+	/* Still waiting for "CAP END" command? */
+	if (Client_Cap(Client) & CLIENT_CAP_PENDING) {
+		Client_SetType(Client, CLIENT_WAITCAPEND);
+		LogDebug("Connection %d: Waiting for CAP END ...", conn);
+		return CONNECTED;
+	}
+
 #ifdef PAM
 	if (!Conf_PAM) {
-		/* Don't do any PAM authentication at all, instead emulate
-		 * the beahiour of the daemon compiled without PAM support:
-		 * because there can't be any "server password", all
-		 * passwords supplied are classified as "wrong". */
-		if(Client_Password(Client)[0] == '\0')
+		/* Don't do any PAM authentication at all if PAM is not
+		 * enabled, instead emulate the behavior of the daemon
+		 * compiled without PAM support. */
+		if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0) 
 			return Login_User_PostAuth(Client);
-		Client_Reject(Client, "Non-empty password", false);
+		Client_Reject(Client, "Bad server password", false);
 		return DISCONNECTED;
 	}
 
-	if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) {
+	if (Conf_PAMIsOptional &&
+	    strcmp(Conn_Password(conn), "") == 0) {
 		/* Clients are not required to send a password and to be PAM-
 		 * authenticated at all. If not, they won't become "identified"
 		 * and keep the "~" in their supplied user name.
@@ -99,28 +108,30 @@ Login_User(CLIENT * Client)
 		return Login_User_PostAuth(Client);
 	}
 
-	/* Fork child process for PAM authentication; and make sure that the
-	 * process timeout is set higher than the login timeout! */
-	pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
-			cb_Read_Auth_Result, Conf_PongTimeout + 1);
-	if (pid > 0) {
-		LogDebug("Authenticator for connection %d created (PID %d).",
-			 conn, pid);
-		return CONNECTED;
-	} else {
-		/* Sub process */
-		Log_Init_Subprocess("Auth");
-		Conn_CloseAllSockets(NONE);
-		result = PAM_Authenticate(Client);
-		if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
-			Log_Subprocess(LOG_ERR,
-				       "Failed to pipe result to parent!");
-		Log_Exit_Subprocess("Auth");
-		exit(0);
-	}
+	if (Conf_PAM) {
+		/* Fork child process for PAM authentication; and make sure that the
+		 * process timeout is set higher than the login timeout! */
+		pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
+				cb_Read_Auth_Result, Conf_PongTimeout + 1);
+		if (pid > 0) {
+			LogDebug("Authenticator for connection %d created (PID %d).",
+				 conn, pid);
+			return CONNECTED;
+		} else {
+			/* Sub process */
+			Log_Init_Subprocess("Auth");
+			Conn_CloseAllSockets(NONE);
+			result = PAM_Authenticate(Client);
+			if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
+				Log_Subprocess(LOG_ERR,
+					       "Failed to pipe result to parent!");
+			Log_Exit_Subprocess("Auth");
+			exit(0);
+		}
+	} else return CONNECTED;
 #else
 	/* Check global server password ... */
-	if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) {
+	if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
 		/* Bad password! */
 		Client_Reject(Client, "Bad server password", false);
 		return DISCONNECTED;
@@ -141,6 +152,9 @@ Login_User(CLIENT * Client)
 GLOBAL bool
 Login_User_PostAuth(CLIENT *Client)
 {
+	REQUEST Req;
+	char modes[CLIENT_MODE_LEN + 1];
+
 	assert(Client != NULL);
 
 	if (Class_HandleServerBans(Client) != CONNECTED)
@@ -153,8 +167,8 @@ Login_User_PostAuth(CLIENT *Client)
 		return false;
 	if (!IRC_WriteStrClient
 	    (Client, RPL_YOURHOST_MSG, Client_ID(Client),
-	     Client_ID(Client_ThisServer()), PACKAGE_VERSION, TARGET_CPU,
-	     TARGET_VENDOR, TARGET_OS))
+	     Client_ID(Client_ThisServer()), PACKAGE_VERSION, HOST_CPU,
+	     HOST_VENDOR, HOST_OS))
 		return false;
 	if (!IRC_WriteStrClient
 	    (Client, RPL_CREATED_MSG, Client_ID(Client), NGIRCd_StartStr))
@@ -175,8 +189,17 @@ Login_User_PostAuth(CLIENT *Client)
 	if (!IRC_Show_MOTD(Client))
 		return DISCONNECTED;
 
-	/* Suspend the client for a second ... */
-	IRC_SetPenalty(Client, 1);
+	/* Set default user modes */
+	if (Conf_DefaultUserModes[0]) {
+		snprintf(modes, sizeof(modes), "+%s", Conf_DefaultUserModes);
+		Req.prefix = Client_ID(Client_ThisServer());
+		Req.command = "MODE";
+		Req.argc = 2;
+		Req.argv[0] = Client_ID(Client);
+		Req.argv[1] = modes;
+		IRC_MODE(Client, &Req);
+	} else
+		IRC_SetPenalty(Client, 1);
 
 	return CONNECTED;
 }
@@ -184,7 +207,7 @@ Login_User_PostAuth(CLIENT *Client)
 #ifdef PAM
 
 /**
- * Read result of the authenticatior sub-process from pipe
+ * Read result of the authenticator sub-process from pipe
  *
  * @param r_fd		File descriptor of the pipe.
  * @param events	(ignored IO specification)
@@ -192,6 +215,7 @@ Login_User_PostAuth(CLIENT *Client)
 static void
 cb_Read_Auth_Result(int r_fd, UNUSED short events)
 {
+	char user[CLIENT_USER_LEN], *ptr;
 	CONN_ID conn;
 	CLIENT *client;
 	int result;
@@ -223,7 +247,14 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events)
 	}
 
 	if (result == true) {
-		Client_SetUser(client, Client_OrigUser(client), true);
+		/* Authentication succeeded, now set the correct user name
+		 * supplied by the client (without prepended '~' for exmaple),
+		 * but cut it at the first '@' character: */
+		strlcpy(user, Client_OrigUser(client), sizeof(user));
+		ptr = strchr(user, '@');
+		if (ptr)
+			*ptr = '\0';
+		Client_SetUser(client, user, true);
 		(void)Login_User_PostAuth(client);
 	} else
 		Client_Reject(client, "Bad password", false);