Annotation of ircnowd/src/ngircd/login.c, Revision 1.1
1.1 ! tomglok 1: /*
! 2: * ngIRCd -- The Next Generation IRC Daemon
! 3: * Copyright (c)2001-2014 Alexander Barton (alex@barton.de) and Contributors.
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify
! 6: * it under the terms of the GNU General Public License as published by
! 7: * the Free Software Foundation; either version 2 of the License, or
! 8: * (at your option) any later version.
! 9: * Please read the file COPYING, README and AUTHORS for more information.
! 10: */
! 11:
! 12: #include "portab.h"
! 13:
! 14: /**
! 15: * @file
! 16: * Functions to deal with client logins
! 17: */
! 18:
! 19: #include <assert.h>
! 20: #include <stdlib.h>
! 21: #include <stdio.h>
! 22: #include <string.h>
! 23: #include <unistd.h>
! 24:
! 25: #include "conn.h"
! 26: #include "class.h"
! 27: #include "client-cap.h"
! 28: #include "channel.h"
! 29: #include "conf.h"
! 30: #include "parse.h"
! 31: #include "log.h"
! 32: #include "messages.h"
! 33: #include "ngircd.h"
! 34: #include "irc-info.h"
! 35: #include "irc-mode.h"
! 36: #include "irc-write.h"
! 37:
! 38: #include "login.h"
! 39:
! 40: #ifdef PAM
! 41:
! 42: #include "io.h"
! 43: #include "pam.h"
! 44:
! 45: static void cb_Read_Auth_Result PARAMS((int r_fd, UNUSED short events));
! 46:
! 47: #endif
! 48:
! 49: /**
! 50: * Initiate client login.
! 51: *
! 52: * This function is called after the daemon received the required NICK and
! 53: * USER commands of a new client. If the daemon is compiled with support for
! 54: * PAM, the authentication sub-processs is forked; otherwise the global server
! 55: * password is checked.
! 56: *
! 57: * @param Client The client logging in.
! 58: * @returns CONNECTED or DISCONNECTED.
! 59: */
! 60: GLOBAL bool
! 61: Login_User(CLIENT * Client)
! 62: {
! 63: #ifdef PAM
! 64: int pipefd[2], result;
! 65: pid_t pid;
! 66: #endif
! 67: CONN_ID conn;
! 68:
! 69: assert(Client != NULL);
! 70: conn = Client_Conn(Client);
! 71:
! 72: #ifndef STRICT_RFC
! 73: if (Conf_AuthPing) {
! 74: /* Did we receive the "auth PONG" already? */
! 75: if (Conn_GetAuthPing(conn)) {
! 76: Client_SetType(Client, CLIENT_WAITAUTHPING);
! 77: LogDebug("Connection %d: Waiting for AUTH PONG ...", conn);
! 78: return CONNECTED;
! 79: }
! 80: }
! 81: #endif
! 82:
! 83: /* Still waiting for "CAP END" command? */
! 84: if (Client_Cap(Client) & CLIENT_CAP_PENDING) {
! 85: Client_SetType(Client, CLIENT_WAITCAPEND);
! 86: LogDebug("Connection %d: Waiting for CAP END ...", conn);
! 87: return CONNECTED;
! 88: }
! 89:
! 90: #ifdef PAM
! 91: if (!Conf_PAM) {
! 92: /* Don't do any PAM authentication at all if PAM is not
! 93: * enabled, instead emulate the behavior of the daemon
! 94: * compiled without PAM support. */
! 95: if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0)
! 96: return Login_User_PostAuth(Client);
! 97: Client_Reject(Client, "Bad server password", false);
! 98: return DISCONNECTED;
! 99: }
! 100:
! 101: if (Conf_PAMIsOptional &&
! 102: strcmp(Conn_Password(conn), "") == 0) {
! 103: /* Clients are not required to send a password and to be PAM-
! 104: * authenticated at all. If not, they won't become "identified"
! 105: * and keep the "~" in their supplied user name.
! 106: * Therefore it is sensible to either set Conf_PAMisOptional or
! 107: * to enable IDENT lookups -- not both. */
! 108: return Login_User_PostAuth(Client);
! 109: }
! 110:
! 111: if (Conf_PAM) {
! 112: /* Fork child process for PAM authentication; and make sure that the
! 113: * process timeout is set higher than the login timeout! */
! 114: pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
! 115: cb_Read_Auth_Result, Conf_PongTimeout + 1);
! 116: if (pid > 0) {
! 117: LogDebug("Authenticator for connection %d created (PID %d).",
! 118: conn, pid);
! 119: return CONNECTED;
! 120: } else {
! 121: /* Sub process */
! 122: Log_Init_Subprocess("Auth");
! 123: Conn_CloseAllSockets(NONE);
! 124: result = PAM_Authenticate(Client);
! 125: if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
! 126: Log_Subprocess(LOG_ERR,
! 127: "Failed to pipe result to parent!");
! 128: Log_Exit_Subprocess("Auth");
! 129: exit(0);
! 130: }
! 131: } else return CONNECTED;
! 132: #else
! 133: /* Check global server password ... */
! 134: if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
! 135: /* Bad password! */
! 136: Client_Reject(Client, "Bad server password", false);
! 137: return DISCONNECTED;
! 138: }
! 139: return Login_User_PostAuth(Client);
! 140: #endif
! 141: }
! 142:
! 143: /**
! 144: * Finish client registration.
! 145: *
! 146: * Introduce the new client to the network and send all "hello messages"
! 147: * to it after authentication has been succeeded.
! 148: *
! 149: * @param Client The client logging in.
! 150: * @return CONNECTED or DISCONNECTED.
! 151: */
! 152: GLOBAL bool
! 153: Login_User_PostAuth(CLIENT *Client)
! 154: {
! 155: REQUEST Req;
! 156: char modes[CLIENT_MODE_LEN + 1];
! 157:
! 158: assert(Client != NULL);
! 159:
! 160: if (Class_HandleServerBans(Client) != CONNECTED)
! 161: return DISCONNECTED;
! 162:
! 163: Client_Introduce(NULL, Client, CLIENT_USER);
! 164:
! 165: if (!IRC_WriteStrClient
! 166: (Client, RPL_WELCOME_MSG, Client_ID(Client), Client_Mask(Client)))
! 167: return false;
! 168: if (!IRC_WriteStrClient
! 169: (Client, RPL_YOURHOST_MSG, Client_ID(Client),
! 170: Client_ID(Client_ThisServer()), PACKAGE_VERSION, HOST_CPU,
! 171: HOST_VENDOR, HOST_OS))
! 172: return false;
! 173: if (!IRC_WriteStrClient
! 174: (Client, RPL_CREATED_MSG, Client_ID(Client), NGIRCd_StartStr))
! 175: return false;
! 176: if (!IRC_WriteStrClient
! 177: (Client, RPL_MYINFO_MSG, Client_ID(Client),
! 178: Client_ID(Client_ThisServer()), PACKAGE_VERSION, USERMODES,
! 179: CHANMODES))
! 180: return false;
! 181:
! 182: /* Features supported by this server (005 numeric, ISUPPORT),
! 183: * see <http://www.irc.org/tech_docs/005.html> for details. */
! 184: if (!IRC_Send_ISUPPORT(Client))
! 185: return DISCONNECTED;
! 186:
! 187: if (!IRC_Send_LUSERS(Client))
! 188: return DISCONNECTED;
! 189: if (!IRC_Show_MOTD(Client))
! 190: return DISCONNECTED;
! 191:
! 192: /* Set default user modes */
! 193: if (Conf_DefaultUserModes[0]) {
! 194: snprintf(modes, sizeof(modes), "+%s", Conf_DefaultUserModes);
! 195: Req.prefix = Client_ID(Client_ThisServer());
! 196: Req.command = "MODE";
! 197: Req.argc = 2;
! 198: Req.argv[0] = Client_ID(Client);
! 199: Req.argv[1] = modes;
! 200: IRC_MODE(Client, &Req);
! 201: } else
! 202: IRC_SetPenalty(Client, 1);
! 203:
! 204: return CONNECTED;
! 205: }
! 206:
! 207: #ifdef PAM
! 208:
! 209: /**
! 210: * Read result of the authenticator sub-process from pipe
! 211: *
! 212: * @param r_fd File descriptor of the pipe.
! 213: * @param events (ignored IO specification)
! 214: */
! 215: static void
! 216: cb_Read_Auth_Result(int r_fd, UNUSED short events)
! 217: {
! 218: char user[CLIENT_USER_LEN], *ptr;
! 219: CONN_ID conn;
! 220: CLIENT *client;
! 221: int result;
! 222: size_t len;
! 223: PROC_STAT *proc;
! 224:
! 225: LogDebug("Auth: Got callback on fd %d, events %d", r_fd, events);
! 226: conn = Conn_GetFromProc(r_fd);
! 227: if (conn == NONE) {
! 228: /* Ops, none found? Probably the connection has already
! 229: * been closed!? We'll ignore that ... */
! 230: io_close(r_fd);
! 231: LogDebug("Auth: Got callback for unknown connection!?");
! 232: return;
! 233: }
! 234: proc = Conn_GetProcStat(conn);
! 235: client = Conn_GetClient(conn);
! 236:
! 237: /* Read result from pipe */
! 238: len = Proc_Read(proc, &result, sizeof(result));
! 239: Proc_Close(proc);
! 240: if (len == 0)
! 241: return;
! 242:
! 243: if (len != sizeof(result)) {
! 244: Log(LOG_CRIT, "Auth: Got malformed result!");
! 245: Client_Reject(client, "Internal error", false);
! 246: return;
! 247: }
! 248:
! 249: if (result == true) {
! 250: /* Authentication succeeded, now set the correct user name
! 251: * supplied by the client (without prepended '~' for exmaple),
! 252: * but cut it at the first '@' character: */
! 253: strlcpy(user, Client_OrigUser(client), sizeof(user));
! 254: ptr = strchr(user, '@');
! 255: if (ptr)
! 256: *ptr = '\0';
! 257: Client_SetUser(client, user, true);
! 258: (void)Login_User_PostAuth(client);
! 259: } else
! 260: Client_Reject(client, "Bad password", false);
! 261: }
! 262:
! 263: #endif
! 264:
! 265: /* -eof- */
CVSweb
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to login.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [local] / ircnowd / src / ngircd