Annotation of ircnowd/src/ngircd/login.c, Revision 1.1.1.1
1.1 tomglok 1: /*
2: * ngIRCd -- The Next Generation IRC Daemon
3: * Copyright (c)2001-2014 Alexander Barton (alex@barton.de) and Contributors.
4: *
5: * This program is free software; you can redistribute it and/or modify
6: * it under the terms of the GNU General Public License as published by
7: * the Free Software Foundation; either version 2 of the License, or
8: * (at your option) any later version.
9: * Please read the file COPYING, README and AUTHORS for more information.
10: */
11:
12: #include "portab.h"
13:
14: /**
15: * @file
16: * Functions to deal with client logins
17: */
18:
19: #include <assert.h>
20: #include <stdlib.h>
21: #include <stdio.h>
22: #include <string.h>
23: #include <unistd.h>
24:
25: #include "conn.h"
26: #include "class.h"
27: #include "client-cap.h"
28: #include "channel.h"
29: #include "conf.h"
30: #include "parse.h"
31: #include "log.h"
32: #include "messages.h"
33: #include "ngircd.h"
34: #include "irc-info.h"
35: #include "irc-mode.h"
36: #include "irc-write.h"
37:
38: #include "login.h"
39:
40: #ifdef PAM
41:
42: #include "io.h"
43: #include "pam.h"
44:
45: static void cb_Read_Auth_Result PARAMS((int r_fd, UNUSED short events));
46:
47: #endif
48:
49: /**
50: * Initiate client login.
51: *
52: * This function is called after the daemon received the required NICK and
53: * USER commands of a new client. If the daemon is compiled with support for
54: * PAM, the authentication sub-processs is forked; otherwise the global server
55: * password is checked.
56: *
57: * @param Client The client logging in.
58: * @returns CONNECTED or DISCONNECTED.
59: */
60: GLOBAL bool
61: Login_User(CLIENT * Client)
62: {
63: #ifdef PAM
64: int pipefd[2], result;
65: pid_t pid;
66: #endif
67: CONN_ID conn;
68:
69: assert(Client != NULL);
70: conn = Client_Conn(Client);
71:
72: #ifndef STRICT_RFC
73: if (Conf_AuthPing) {
74: /* Did we receive the "auth PONG" already? */
75: if (Conn_GetAuthPing(conn)) {
76: Client_SetType(Client, CLIENT_WAITAUTHPING);
77: LogDebug("Connection %d: Waiting for AUTH PONG ...", conn);
78: return CONNECTED;
79: }
80: }
81: #endif
82:
83: /* Still waiting for "CAP END" command? */
84: if (Client_Cap(Client) & CLIENT_CAP_PENDING) {
85: Client_SetType(Client, CLIENT_WAITCAPEND);
86: LogDebug("Connection %d: Waiting for CAP END ...", conn);
87: return CONNECTED;
88: }
89:
90: #ifdef PAM
91: if (!Conf_PAM) {
92: /* Don't do any PAM authentication at all if PAM is not
93: * enabled, instead emulate the behavior of the daemon
94: * compiled without PAM support. */
95: if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0)
96: return Login_User_PostAuth(Client);
97: Client_Reject(Client, "Bad server password", false);
98: return DISCONNECTED;
99: }
100:
101: if (Conf_PAMIsOptional &&
102: strcmp(Conn_Password(conn), "") == 0) {
103: /* Clients are not required to send a password and to be PAM-
104: * authenticated at all. If not, they won't become "identified"
105: * and keep the "~" in their supplied user name.
106: * Therefore it is sensible to either set Conf_PAMisOptional or
107: * to enable IDENT lookups -- not both. */
108: return Login_User_PostAuth(Client);
109: }
110:
111: if (Conf_PAM) {
112: /* Fork child process for PAM authentication; and make sure that the
113: * process timeout is set higher than the login timeout! */
114: pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
115: cb_Read_Auth_Result, Conf_PongTimeout + 1);
116: if (pid > 0) {
117: LogDebug("Authenticator for connection %d created (PID %d).",
118: conn, pid);
119: return CONNECTED;
120: } else {
121: /* Sub process */
122: Log_Init_Subprocess("Auth");
123: Conn_CloseAllSockets(NONE);
124: result = PAM_Authenticate(Client);
125: if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
126: Log_Subprocess(LOG_ERR,
127: "Failed to pipe result to parent!");
128: Log_Exit_Subprocess("Auth");
129: exit(0);
130: }
131: } else return CONNECTED;
132: #else
133: /* Check global server password ... */
134: if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
135: /* Bad password! */
136: Client_Reject(Client, "Bad server password", false);
137: return DISCONNECTED;
138: }
139: return Login_User_PostAuth(Client);
140: #endif
141: }
142:
143: /**
144: * Finish client registration.
145: *
146: * Introduce the new client to the network and send all "hello messages"
147: * to it after authentication has been succeeded.
148: *
149: * @param Client The client logging in.
150: * @return CONNECTED or DISCONNECTED.
151: */
152: GLOBAL bool
153: Login_User_PostAuth(CLIENT *Client)
154: {
155: REQUEST Req;
156: char modes[CLIENT_MODE_LEN + 1];
157:
158: assert(Client != NULL);
159:
160: if (Class_HandleServerBans(Client) != CONNECTED)
161: return DISCONNECTED;
162:
163: Client_Introduce(NULL, Client, CLIENT_USER);
164:
165: if (!IRC_WriteStrClient
166: (Client, RPL_WELCOME_MSG, Client_ID(Client), Client_Mask(Client)))
167: return false;
168: if (!IRC_WriteStrClient
169: (Client, RPL_YOURHOST_MSG, Client_ID(Client),
170: Client_ID(Client_ThisServer()), PACKAGE_VERSION, HOST_CPU,
171: HOST_VENDOR, HOST_OS))
172: return false;
173: if (!IRC_WriteStrClient
174: (Client, RPL_CREATED_MSG, Client_ID(Client), NGIRCd_StartStr))
175: return false;
176: if (!IRC_WriteStrClient
177: (Client, RPL_MYINFO_MSG, Client_ID(Client),
178: Client_ID(Client_ThisServer()), PACKAGE_VERSION, USERMODES,
179: CHANMODES))
180: return false;
181:
182: /* Features supported by this server (005 numeric, ISUPPORT),
183: * see <http://www.irc.org/tech_docs/005.html> for details. */
184: if (!IRC_Send_ISUPPORT(Client))
185: return DISCONNECTED;
186:
187: if (!IRC_Send_LUSERS(Client))
188: return DISCONNECTED;
189: if (!IRC_Show_MOTD(Client))
190: return DISCONNECTED;
191:
192: /* Set default user modes */
193: if (Conf_DefaultUserModes[0]) {
194: snprintf(modes, sizeof(modes), "+%s", Conf_DefaultUserModes);
195: Req.prefix = Client_ID(Client_ThisServer());
196: Req.command = "MODE";
197: Req.argc = 2;
198: Req.argv[0] = Client_ID(Client);
199: Req.argv[1] = modes;
200: IRC_MODE(Client, &Req);
201: } else
202: IRC_SetPenalty(Client, 1);
203:
204: return CONNECTED;
205: }
206:
207: #ifdef PAM
208:
209: /**
210: * Read result of the authenticator sub-process from pipe
211: *
212: * @param r_fd File descriptor of the pipe.
213: * @param events (ignored IO specification)
214: */
215: static void
216: cb_Read_Auth_Result(int r_fd, UNUSED short events)
217: {
218: char user[CLIENT_USER_LEN], *ptr;
219: CONN_ID conn;
220: CLIENT *client;
221: int result;
222: size_t len;
223: PROC_STAT *proc;
224:
225: LogDebug("Auth: Got callback on fd %d, events %d", r_fd, events);
226: conn = Conn_GetFromProc(r_fd);
227: if (conn == NONE) {
228: /* Ops, none found? Probably the connection has already
229: * been closed!? We'll ignore that ... */
230: io_close(r_fd);
231: LogDebug("Auth: Got callback for unknown connection!?");
232: return;
233: }
234: proc = Conn_GetProcStat(conn);
235: client = Conn_GetClient(conn);
236:
237: /* Read result from pipe */
238: len = Proc_Read(proc, &result, sizeof(result));
239: Proc_Close(proc);
240: if (len == 0)
241: return;
242:
243: if (len != sizeof(result)) {
244: Log(LOG_CRIT, "Auth: Got malformed result!");
245: Client_Reject(client, "Internal error", false);
246: return;
247: }
248:
249: if (result == true) {
250: /* Authentication succeeded, now set the correct user name
251: * supplied by the client (without prepended '~' for exmaple),
252: * but cut it at the first '@' character: */
253: strlcpy(user, Client_OrigUser(client), sizeof(user));
254: ptr = strchr(user, '@');
255: if (ptr)
256: *ptr = '\0';
257: Client_SetUser(client, user, true);
258: (void)Login_User_PostAuth(client);
259: } else
260: Client_Reject(client, "Bad password", false);
261: }
262:
263: #endif
264:
265: /* -eof- */
CVSweb
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to login.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [local] / ircnowd / src / ngircd