X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Flogin.c;h=8218ed14b4bed2092bf9209dfcbc121a96e24984;hp=ad45219eca164aeb16cd3cf6f3ad485fe880439c;hb=b130b35f48d19450240748425e12d21f2c38350f;hpb=bd3a7ccb158c9f2eac1af77804529b76d99c3e79 diff --git a/src/ngircd/login.c b/src/ngircd/login.c index ad45219e..8218ed14 100644 --- a/src/ngircd/login.c +++ b/src/ngircd/login.c @@ -16,33 +16,34 @@ * Functions to deal with client logins */ -#include "imp.h" #include #include -#include +#include +#include #include -#include "defines.h" #include "conn.h" #include "class.h" -#include "client.h" #include "client-cap.h" #include "channel.h" #include "conf.h" -#include "io.h" #include "parse.h" #include "log.h" #include "messages.h" #include "ngircd.h" -#include "pam.h" #include "irc-info.h" +#include "irc-mode.h" #include "irc-write.h" -#include "exp.h" #include "login.h" #ifdef PAM + +#include "io.h" +#include "pam.h" + static void cb_Read_Auth_Result PARAMS((int r_fd, UNUSED short events)); + #endif /** @@ -80,22 +81,25 @@ Login_User(CLIENT * Client) #endif /* Still waiting for "CAP END" command? */ - if (Client_Cap(Client) & CLIENT_CAP_PENDING) + if (Client_Cap(Client) & CLIENT_CAP_PENDING) { + Client_SetType(Client, CLIENT_WAITCAPEND); + LogDebug("Connection %d: Waiting for CAP END ...", conn); return CONNECTED; + } #ifdef PAM if (!Conf_PAM) { - /* Don't do any PAM authentication at all, instead emulate - * the beahiour of the daemon compiled without PAM support: - * because there can't be any "server password", all - * passwords supplied are classified as "wrong". */ - if(Client_Password(Client)[0] == '\0') + /* Don't do any PAM authentication at all if PAM is not + * enabled, instead emulate the behavior of the daemon + * compiled without PAM support. */ + if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0) return Login_User_PostAuth(Client); - Client_Reject(Client, "Non-empty password", false); + Client_Reject(Client, "Bad server password", false); return DISCONNECTED; } - if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) { + if (Conf_PAMIsOptional && + strcmp(Conn_Password(conn), "") == 0) { /* Clients are not required to send a password and to be PAM- * authenticated at all. If not, they won't become "identified" * and keep the "~" in their supplied user name. @@ -104,28 +108,30 @@ Login_User(CLIENT * Client) return Login_User_PostAuth(Client); } - /* Fork child process for PAM authentication; and make sure that the - * process timeout is set higher than the login timeout! */ - pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, - cb_Read_Auth_Result, Conf_PongTimeout + 1); - if (pid > 0) { - LogDebug("Authenticator for connection %d created (PID %d).", - conn, pid); - return CONNECTED; - } else { - /* Sub process */ - Log_Init_Subprocess("Auth"); - Conn_CloseAllSockets(NONE); - result = PAM_Authenticate(Client); - if (write(pipefd[1], &result, sizeof(result)) != sizeof(result)) - Log_Subprocess(LOG_ERR, - "Failed to pipe result to parent!"); - Log_Exit_Subprocess("Auth"); - exit(0); - } + if (Conf_PAM) { + /* Fork child process for PAM authentication; and make sure that the + * process timeout is set higher than the login timeout! */ + pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, + cb_Read_Auth_Result, Conf_PongTimeout + 1); + if (pid > 0) { + LogDebug("Authenticator for connection %d created (PID %d).", + conn, pid); + return CONNECTED; + } else { + /* Sub process */ + Log_Init_Subprocess("Auth"); + Conn_CloseAllSockets(NONE); + result = PAM_Authenticate(Client); + if (write(pipefd[1], &result, sizeof(result)) != sizeof(result)) + Log_Subprocess(LOG_ERR, + "Failed to pipe result to parent!"); + Log_Exit_Subprocess("Auth"); + exit(0); + } + } else return CONNECTED; #else /* Check global server password ... */ - if (strcmp(Client_Password(Client), Conf_ServerPwd) != 0) { + if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) { /* Bad password! */ Client_Reject(Client, "Bad server password", false); return DISCONNECTED; @@ -146,6 +152,9 @@ Login_User(CLIENT * Client) GLOBAL bool Login_User_PostAuth(CLIENT *Client) { + REQUEST Req; + char modes[CLIENT_MODE_LEN + 1]; + assert(Client != NULL); if (Class_HandleServerBans(Client) != CONNECTED) @@ -158,8 +167,8 @@ Login_User_PostAuth(CLIENT *Client) return false; if (!IRC_WriteStrClient (Client, RPL_YOURHOST_MSG, Client_ID(Client), - Client_ID(Client_ThisServer()), PACKAGE_VERSION, TARGET_CPU, - TARGET_VENDOR, TARGET_OS)) + Client_ID(Client_ThisServer()), PACKAGE_VERSION, HOST_CPU, + HOST_VENDOR, HOST_OS)) return false; if (!IRC_WriteStrClient (Client, RPL_CREATED_MSG, Client_ID(Client), NGIRCd_StartStr)) @@ -180,8 +189,17 @@ Login_User_PostAuth(CLIENT *Client) if (!IRC_Show_MOTD(Client)) return DISCONNECTED; - /* Suspend the client for a second ... */ - IRC_SetPenalty(Client, 1); + /* Set default user modes */ + if (Conf_DefaultUserModes[0]) { + snprintf(modes, sizeof(modes), "+%s", Conf_DefaultUserModes); + Req.prefix = Client_ThisServer(); + Req.command = "MODE"; + Req.argc = 2; + Req.argv[0] = Client_ID(Client); + Req.argv[1] = modes; + IRC_MODE(Client, &Req); + } else + IRC_SetPenalty(Client, 1); return CONNECTED; } @@ -189,7 +207,7 @@ Login_User_PostAuth(CLIENT *Client) #ifdef PAM /** - * Read result of the authenticatior sub-process from pipe + * Read result of the authenticator sub-process from pipe * * @param r_fd File descriptor of the pipe. * @param events (ignored IO specification) @@ -197,6 +215,7 @@ Login_User_PostAuth(CLIENT *Client) static void cb_Read_Auth_Result(int r_fd, UNUSED short events) { + char user[CLIENT_USER_LEN], *ptr; CONN_ID conn; CLIENT *client; int result; @@ -228,7 +247,14 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events) } if (result == true) { - Client_SetUser(client, Client_OrigUser(client), true); + /* Authentication succeeded, now set the correct user name + * supplied by the client (without prepended '~' for exmaple), + * but cut it at the first '@' character: */ + strlcpy(user, Client_OrigUser(client), sizeof(user)); + ptr = strchr(user, '@'); + if (ptr) + *ptr = '\0'; + Client_SetUser(client, user, true); (void)Login_User_PostAuth(client); } else Client_Reject(client, "Bad password", false);