When "PAMIsOptional" is set, clients not sending a password are still
allowed to connect: they won't become "identified" and keep the "~"
character prepended to their supplied user name.
This fixes the problem that ngIRCd can't do any IDENT lookups because
of the socket has already been closed in the child process.
The bug has been introduced starting with ngIRCd 17 ... :-(
(commit ID 6ebb31ab35)
When enabled, this configuration option lets ngIRCd send a PING with an
numeric "token" to clients logging in; and it will not become registered
in the network until the client responds with the correct PONG.
This is used by QuakeNet for example (ircu/snircd), and looks like this:
NICK nick
:irc.example.net PING :1858979527
USER user . . :real name
PONG 1858979527
:irc.example.net 001 nick :Welcome to the Internet Relay Network ...
This fixes the followin GCC warning on modern Linux systems as well:
irc-login.c: In function ‘Hello_User’:
irc-login.c:876: warning: ignoring return value of ‘write’,
declared with attribute warn_unused_result
Don't do a NULL-pointer dereference when a remote server using the
IRC+ protocol sends an invalid PASS command without the required
<serverversion> parameter ...
ngircd unfortunately uses several options using double-negation, e.g.
NoIdent = No, NoPam = No, etc.
This renames all options by dropping the "No" prefix, e.g.
"NoIdent = no" becomes "Ident = yes".
The old options will continue to work, but will cause a warning
message.
Also update man pages and default config.
To prevent silly
'Ident = yes' from appearing in --configtest output in the
'ident support not compiled in and Ident Option not used' case,
make default value depend on feature availability.
If feature is available, enable by default, otherwise disable.
We might consider moving these options to a new
[Feature]
section, or something like that, because none of these options are
essential.
Another possible improvement:
'Ident = yes' option in ngircd.conf causes a warning if ngircd was
built without ident support.
This does not happen with e.g. zeroconf....
This avoids a race and potentionally killing the wrong process on
systems that use randomized process IDs; now the child itself is
responsible to exit in a timely manner using SIGALRM.
When the "NoPAM" configuration option is set and ngIRCd is compiled
with support for PAM, ngIRCd will not call any PAM functions: all
connection attemps without password will succeed instead and all
connection attemps with password will fail.
If ngIRCd is compiled without PAM support, this option is a dummy
option and nothing changes: the global server password will still be
in effect.
For each client connection a child process is forked which handles the
actual PAM authentication and reports the result back to the master
process using a pipe for communication.
While the PAM authentication is in process the daemon does not block.
The Client_SetOrigUser() function is used to store the peer-provided
user name (see USER command) in its original form, not changed by
IDENT results, for example.
Users having the user mode "c" set receive NOTICE messages on each
new client connection to the local server as well as disconnects.
Only IRC operators (users having the mode "o" set) are allowed to
set the 'c' user mode.
These connect/disconnect messages can be useful for open proxy
scanners -- BOPM (http://wiki.blitzed.org/BOPM) is now functional
with ngIRCd, for example.
The WEBIRC command is used by some Web-to-IRC gateways to set the correct
user name and host name of users instead of their own.
Syntax: WEBIRC <password> <username> <hostname> <ip-address>
The <password> must be set using the new configuration variable "WebircPassword" in the [Global] section of ngircd.conf.
Please note that the <ip-address> is currently not used by ngIRCd (we don't store it in the CLIENT structure, only the resolved hostname).
when ngircd is build without DEBUG enabled, LOG_DEBUG messages
are always discarded.
To avoid the extra code, ngircd has a LogDebug() wrapper which
gets removed by the compiler when compiling without DEBUG defined.
Update a few functings which were using the
Log(LOG_DEBUG, .. interface directly without #ifdef DEBUG guards.
text data bss dec hex filename
127748 1900 28280 157928 268e8 ngircd.before
126836 1896 28280 157012 26554 ngircd.after
This patch
- introduces a new server flag "S" to indicate that the server can handle
the SERVICE command (on server links),
- implements the IRC command "SERVICE" for server-server links,
- uses the "SERVICE" command to announce IRC services when a new
server connects to it,
- and fixes the Send_Message() function to let it send messages to
services using a "target mask".
If the remote server doesn't indicate that it can handle the "SERVICE"
command (it has not set the "S" flag), services are announced as regular
users as before.
This patch enables ngIRCd to handle IRC services as real services, and not
as "fake users":
- Set correct client type CLIENT_SERVICE for services,
- Change log messages to include correct client type,
- PRIVMSG: allow users to send messages to services,
- Send services nick names to other servers (as users).
Please note that this patch doesn't announce services as services in the
network, but as regular users (as before). Only the local server knows
of services as services (see LUSERS command, for example). It is up to
one of the next patches to fix this and to introduce the SERVICE command
in server to server communication.
The propagation of services as regular users between servers doesn't limit
the functionality of the IRC services and will be the fallback for servers
that don't support "real" services propagation in the future.
Introduce a new configuration variable "ServiceMask" in SERVER blocks to
define a mask matching nick names that should be treated as services.
Regular servers don't need this parameter (leave it empty, the default),
but you should set it to "*Serv" when connection ircservices, for example.
This patch allows ngIRCd to detect services, it doesn't change the
functionality: you only get different log messages ;-)
All the required information is already stored in the CLIENT structure
of new new connection, so pass this to Introduce_Client() and don't
invent an unneeded new structure ...
This patch allows ngIRCd to detect right after receiving the SERVER command
from the peer whether the RFC 1459 compatibility mode must be used or not.
And it fixes the announcement of users during establishing new server links
with such peers.
This patch enables ngIRCd to deal with NICK and USER commands following
RFC 1459 to register new clients, and to send these commands instead of one
full NICK command as specified in RFC 2813 on connections that are in RFC
1459 compatibility mode.
Can be useful for e. g. IRC services that simulate a RFC 1459 server.
Alexander Barton