- ngIRCd GIT Updates - lists.barton.de

Florian Westphal : startup: open /dev/null before chroot
by fw＠arthur.barton.de 01 Aug '10

01 Aug '10

Module: ngircd.git Branch: master Commit: a02bc9cc6f821a604f6ae4a865b0da8eec4da5a4 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=a02bc9cc… Author: Florian Westphal <fw(a)strlen.de> Date: Sun Aug 1 00:05:07 2010 +0200 startup: open /dev/null before chroot before people had to create a /dev/null inside the chroot to make redirection work. --- src/ngircd/ngircd.c | 53 ++++++++++++++++++++++++++------------------------ 1 files changed, 28 insertions(+), 25 deletions(-) diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c index ec42b23..4d329d2 100644 --- a/src/ngircd/ngircd.c +++ b/src/ngircd/ngircd.c @@ -67,7 +67,7 @@ static void Pidfile_Delete PARAMS(( void )); static void Fill_Version PARAMS(( void )); -static void Setup_FDStreams PARAMS(( void )); +static void Setup_FDStreams PARAMS(( int fd )); static bool NGIRCd_Init PARAMS(( bool )); @@ -646,27 +646,16 @@ Pidfile_Create(pid_t pid) * Redirect stdin, stdout and stderr to apropriate file handles. */ static void -Setup_FDStreams( void ) +Setup_FDStreams(int fd) { - int fd; - - /* Test if we can open /dev/null for reading and writing. If not - * we are most probably chrooted already and the server has been - * restarted. So we simply don't try to redirect stdXXX ... */ - fd = open( "/dev/null", O_RDWR ); - if ( fd < 0 ) { - Log(LOG_WARNING, "Could not open /dev/null: %s", strerror(errno)); + if (fd < 0) return; - } fflush(stdout); fflush(stderr); /* Create new stdin(0), stdout(1) and stderr(2) descriptors */ dup2( fd, 0 ); dup2( fd, 1 ); dup2( fd, 2 ); - - /* Close newly opened file descriptor if not stdin/out/err */ - if( fd > 2 ) close( fd ); } /* Setup_FDStreams */ @@ -709,12 +698,19 @@ NGIRCd_Init( bool NGIRCd_NoDaemon ) bool chrooted = false; struct passwd *pwd; struct group *grp; - int real_errno; + int real_errno, fd = -1; pid_t pid; if (initialized) return true; + if (!NGIRCd_NoDaemon) { + /* open /dev/null before chroot() */ + fd = open( "/dev/null", O_RDWR); + if (fd < 0) + Log(LOG_WARNING, "Could not open /dev/null: %s", strerror(errno)); + } + if (!ConnSSL_InitLibrary()) Log(LOG_WARNING, "Warning: Error during SSL initialization, continuing ..."); @@ -722,15 +718,14 @@ NGIRCd_Init( bool NGIRCd_NoDaemon ) if( Conf_Chroot[0] ) { if( chdir( Conf_Chroot ) != 0 ) { Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno )); - return false; + goto out; } if( chroot( Conf_Chroot ) != 0 ) { if (errno != EPERM) { Log( LOG_ERR, "Can't change root directory to \"%s\": %s", Conf_Chroot, strerror( errno )); - - return false; + goto out; } } else { chrooted = true; @@ -744,7 +739,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon ) if (! NGIRCd_getNobodyID(&Conf_UID, &Conf_GID)) { Log(LOG_WARNING, "Could not get user/group ID of user \"nobody\": %s", errno ? strerror(errno) : "not found" ); - return false; + goto out; } } @@ -754,7 +749,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon ) real_errno = errno; Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno )); if (real_errno != EPERM) - return false; + goto out; } } @@ -764,7 +759,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon ) real_errno = errno; Log(LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror(errno)); if (real_errno != EPERM) - return false; + goto out; } } @@ -797,7 +792,11 @@ NGIRCd_Init( bool NGIRCd_NoDaemon ) strerror(errno)); /* Detach stdin, stdout and stderr */ - Setup_FDStreams( ); + Setup_FDStreams(fd); + if (fd > 2) { + close(fd); + fd = -1; + } } pid = getpid(); @@ -824,8 +823,8 @@ NGIRCd_Init( bool NGIRCd_NoDaemon ) /* Change working directory to home directory of the user * we are running as (only when running in daemon mode and not in chroot) */ - - if ( pwd ) { + + if (pwd) { if (!NGIRCd_NoDaemon ) { if( chdir( pwd->pw_dir ) == 0 ) Log( LOG_DEBUG, "Changed working directory to \"%s\" ...", pwd->pw_dir ); @@ -837,7 +836,11 @@ NGIRCd_Init( bool NGIRCd_NoDaemon ) Log( LOG_ERR, "Can't get user informaton for UID %d!?", Conf_UID ); } -return true; + return true; + out: + if (fd > 2) + close(fd); + return false; } /* -eof- */

1 0

Florian Westphal : Allow IRC operators to use MODE command on any channel ( closes: #100)
by alex＠arthur.barton.de 25 Jul '10

25 Jul '10

Module: ngircd.git Branch: master Commit: acb66d64637d33661ff4345e9bb37444109e9d11 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=acb66d64… Author: Florian Westphal <fw(a)strlen.de> Date: Fri May 14 20:07:34 2010 +0200 Allow IRC operators to use MODE command on any channel (closes: #100) This allows IRC operators to change channel modes of ANY channel, even without joining these channels first. --- src/ngircd/irc-mode.c | 16 ++++++++++------ 1 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/ngircd/irc-mode.c b/src/ngircd/irc-mode.c index 80a6003..86a509d 100644 --- a/src/ngircd/irc-mode.c +++ b/src/ngircd/irc-mode.c @@ -297,7 +297,8 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel) { char the_modes[COMMAND_LEN], the_args[COMMAND_LEN], x[2], argadd[CLIENT_PASS_LEN], *mode_ptr; - bool connected, set, modeok = true, skiponce, use_servermode = false, retval; + bool connected, set, skiponce, retval, onchannel; + bool modeok = true, use_servermode = false; int mode_arg, arg_arg; CLIENT *client; long l; @@ -314,14 +315,13 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel) /* Is the user allowed to change modes? */ if (Client_Type(Client) == CLIENT_USER) { /* Is the originating user on that channel? */ - if (!Channel_IsMemberOf(Channel, Origin)) - return IRC_WriteStrClient(Origin, ERR_NOTONCHANNEL_MSG, - Client_ID(Origin), Channel_Name(Channel)); + onchannel = Channel_IsMemberOf(Channel, Origin); modeok = false; /* channel operator? */ - if (strchr(Channel_UserModes(Channel, Origin), 'o')) + if (onchannel && + strchr(Channel_UserModes(Channel, Origin), 'o')) { modeok = true; - else if (Conf_OperCanMode) { + } else if (Conf_OperCanMode) { /* IRC-Operators can use MODE as well */ if (Client_OperByMe(Origin)) { modeok = true; @@ -329,6 +329,10 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel) use_servermode = true; /* Change Origin to Server */ } } + + if (!onchannel && !use_servermode) + return IRC_WriteStrClient(Origin, ERR_NOTONCHANNEL_MSG, + Client_ID(Origin), Channel_Name(Channel)); } mode_arg = 1;

1 0

Alexander Barton : Allow IRC ops to change channel modes even without OperServerMode set
by alex＠arthur.barton.de 25 Jul '10

25 Jul '10

Module: ngircd.git Branch: master Commit: 01e40f4b55ee8b5ee5e6f32d41f53989e858f54a URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=01e40f4b… Author: Alexander Barton <alex(a)barton.de> Date: Sun Jul 25 16:44:38 2010 +0200 Allow IRC ops to change channel modes even without OperServerMode set --- src/ngircd/irc-mode.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/ngircd/irc-mode.c b/src/ngircd/irc-mode.c index 86a509d..45defeb 100644 --- a/src/ngircd/irc-mode.c +++ b/src/ngircd/irc-mode.c @@ -330,7 +330,7 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel) } } - if (!onchannel && !use_servermode) + if (!onchannel && !modeok) return IRC_WriteStrClient(Origin, ERR_NOTONCHANNEL_MSG, Client_ID(Origin), Channel_Name(Channel)); }

1 0

Alexander Barton : Added mailmap file for git-[short]log and git-blame
by alex＠arthur.barton.de 25 Jul '10

25 Jul '10

Module: ngircd.git Branch: master Commit: 63a304755acc107287ac6fd86d6aca6f7b6e004b URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=63a30475… Author: Alexander Barton <alex(a)barton.de> Date: Sun Jul 25 15:13:50 2010 +0200 Added mailmap file for git-[short]log and git-blame --- .mailmap | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000..f7696ca --- /dev/null +++ b/.mailmap @@ -0,0 +1,4 @@ +# mailmap file for git-[short]log and git-blame + +Alexander Barton <anonymous> +Ali Shemiran <ashemira(a)ucsd.edu>

1 0

Alexander Barton : Remove Proc_Kill(), use timeout to kill child processes
by alex＠arthur.barton.de 14 Jul '10

14 Jul '10

Module: ngircd.git Branch: master Commit: 6ebb31ab35e7f9258f4df9d0bfd111dc75677bfe URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=6ebb31ab… Author: Alexander Barton <alex(a)barton.de> Date: Wed Jul 14 10:29:05 2010 +0200 Remove Proc_Kill(), use timeout to kill child processes This avoids a race and potentionally killing the wrong process on systems that use randomized process IDs; now the child itself is responsible to exit in a timely manner using SIGALRM. --- src/ngircd/conn.c | 4 ---- src/ngircd/irc-login.c | 5 ++++- src/ngircd/proc.c | 30 ++++++++++++------------------ src/ngircd/proc.h | 4 +--- src/ngircd/resolve.c | 7 +++++-- 5 files changed, 22 insertions(+), 28 deletions(-) diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c index d8df627..58a3cbf 100644 --- a/src/ngircd/conn.c +++ b/src/ngircd/conn.c @@ -1091,10 +1091,6 @@ Conn_Close( CONN_ID Idx, const char *LogMsg, const char *FwdMsg, bool InformClie in_k, out_k); } - /* Kill possibly running subprocess */ - if (Proc_InProgress(&My_Connections[Idx].proc_stat)) - Proc_Kill(&My_Connections[Idx].proc_stat); - /* Servers: Modify time of next connect attempt? */ Conf_UnsetServer( Idx ); diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index b1b739b..03fea99 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -789,7 +789,10 @@ Hello_User(CLIENT * Client) return DISCONNECTED; } - pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result); + /* Fork child process for PAM authentication; and make sure that the + * process timeout is set higher than the login timeout! */ + pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, + cb_Read_Auth_Result, Conf_PongTimeout + 1); if (pid > 0) { LogDebug("Authenticator for connection %d created (PID %d).", conn, pid); diff --git a/src/ngircd/proc.c b/src/ngircd/proc.c index 1e8cac3..dbcff6f 100644 --- a/src/ngircd/proc.c +++ b/src/ngircd/proc.c @@ -23,6 +23,7 @@ #include "log.h" #include "io.h" +#include "conn.h" #include "exp.h" #include "proc.h" @@ -42,7 +43,7 @@ Proc_InitStruct (PROC_STAT *proc) * Fork a child process. */ GLOBAL pid_t -Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc)(int, short)) +Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc)(int, short), int timeout) { pid_t pid; @@ -67,7 +68,10 @@ Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc)(int, short)) case 0: /* New child process: */ signal(SIGTERM, Proc_GenericSignalHandler); + signal(SIGALRM, Proc_GenericSignalHandler); close(pipefds[0]); + alarm(timeout); + Conn_CloseAllSockets(); return 0; } @@ -88,21 +92,6 @@ Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc)(int, short)) } /** - * Kill forked child process. - */ -GLOBAL void -Proc_Kill(PROC_STAT *proc) -{ - assert(proc != NULL); - - if (proc->pipe_fd > 0) - io_close(proc->pipe_fd); - if (proc->pid > 0) - kill(proc->pid, SIGTERM); - Proc_InitStruct(proc); -} - -/** * Generic signal handler for forked child processes. */ GLOBAL void @@ -114,12 +103,17 @@ Proc_GenericSignalHandler(int Signal) Log_Subprocess(LOG_DEBUG, "Child got TERM signal, exiting."); #endif exit(1); + case SIGALRM: +#ifdef DEBUG + Log_Subprocess(LOG_DEBUG, "Child got ALARM signal, exiting."); +#endif + exit(1); } } /** * Read bytes from a pipe of a forked child process. - * In addition, this function makes sure that the child process is dead + * In addition, this function makes sure that the child process is ignored * after all data has been read or a fatal error occurred. */ GLOBAL size_t @@ -142,7 +136,7 @@ Proc_Read(PROC_STAT *proc, void *buffer, size_t buflen) else if (bytes_read == 0) LogDebug("Can't read from child process %ld: EOF", proc->pid); #endif - Proc_Kill(proc); + Proc_InitStruct(proc); return (size_t)bytes_read; } diff --git a/src/ngircd/proc.h b/src/ngircd/proc.h index 40a2c29..57612f1 100644 --- a/src/ngircd/proc.h +++ b/src/ngircd/proc.h @@ -26,9 +26,7 @@ typedef struct _Proc_Stat { GLOBAL void Proc_InitStruct PARAMS((PROC_STAT *proc)); GLOBAL pid_t Proc_Fork PARAMS((PROC_STAT *proc, int *pipefds, - void (*cbfunc)(int, short))); - -GLOBAL void Proc_Kill PARAMS((PROC_STAT *proc)); + void (*cbfunc)(int, short), int timeout)); GLOBAL void Proc_GenericSignalHandler PARAMS((int Signal)); diff --git a/src/ngircd/resolve.c b/src/ngircd/resolve.c index b88ec11..9bc3a87 100644 --- a/src/ngircd/resolve.c +++ b/src/ngircd/resolve.c @@ -12,6 +12,8 @@ */ +#define RESOLVER_TIMEOUT (Conf_PongTimeout*3)/4 + #include "portab.h" #include "imp.h" @@ -33,6 +35,7 @@ #include "array.h" #include "conn.h" +#include "conf.h" #include "defines.h" #include "log.h" #include "ng_ipaddr.h" @@ -63,7 +66,7 @@ Resolve_Addr(PROC_STAT * s, const ng_ipaddr_t *Addr, int identsock, assert(s != NULL); - pid = Proc_Fork(s, pipefd, cbfunc); + pid = Proc_Fork(s, pipefd, cbfunc, RESOLVER_TIMEOUT); if (pid > 0) { LogDebug("Resolver for %s created (PID %d).", ng_ipaddr_tostr(Addr), pid); return true; @@ -89,7 +92,7 @@ Resolve_Name( PROC_STAT *s, const char *Host, void (*cbfunc)(int, short)) assert(s != NULL); - pid = Proc_Fork(s, pipefd, cbfunc); + pid = Proc_Fork(s, pipefd, cbfunc, RESOLVER_TIMEOUT); if (pid > 0) { /* Main process */ #ifdef DEBUG

1 0

Alexander Barton : New configuration option "NoPAM" to disable PAM
by alex＠arthur.barton.de 14 Jul '10

14 Jul '10

Module: ngircd.git Branch: master Commit: f369177617a0f54e34a1af6fa44d1d1e3f953aeb URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=f3691776… Author: Alexander Barton <alex(a)barton.de> Date: Tue Jul 13 15:10:35 2010 +0200 New configuration option "NoPAM" to disable PAM When the "NoPAM" configuration option is set and ngIRCd is compiled with support for PAM, ngIRCd will not call any PAM functions: all connection attemps without password will succeed instead and all connection attemps with password will fail. If ngIRCd is compiled without PAM support, this option is a dummy option and nothing changes: the global server password will still be in effect. --- doc/sample-ngircd.conf | 3 +++ man/ngircd.conf.5.tmpl | 6 ++++++ src/ngircd/conf.c | 7 +++++++ src/ngircd/conf.h | 3 +++ src/ngircd/irc-login.c | 5 ++++- 5 files changed, 23 insertions(+), 1 deletions(-) diff --git a/doc/sample-ngircd.conf b/doc/sample-ngircd.conf index daa0801..645d1b8 100644 --- a/doc/sample-ngircd.conf +++ b/doc/sample-ngircd.conf @@ -135,6 +135,9 @@ # with support for it. ;NoIdent = no + # Don't use PAM, even if ngIRCd has been compiled with support for it. + ;NoPAM = no + # try to connect to other irc servers using ipv4 and ipv6, if possible ;ConnectIPv6 = yes ;ConnectIPv4 = yes diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 46e0308..ad88871 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -210,6 +210,12 @@ If ngIRCd is compiled with IDENT support this can be used to disable IDENT lookups at run time. Default: no. .TP +\fBNoPAM\fR +If ngIRCd is compiled with PAM support this can be used to disable all calls +to the PAM library at runtime; all users connecting without password are +allowed to connect, all passwords given will fail. +Default: no. +.TP \fBConnectIPv4\fR Set this to no if you do not want ngIRCd to connect to other IRC servers using IPv4. This allows usage of ngIRCd in IPv6-only setups. diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index f78eaee..834a1da 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -331,6 +331,7 @@ Conf_Test( void ) printf(" PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); printf(" NoDNS = %s\n", yesno_to_str(Conf_NoDNS)); printf(" NoIdent = %s\n", yesno_to_str(Conf_NoIdent)); + printf(" NoPAM = %s\n", yesno_to_str(Conf_NoPAM)); #ifdef WANT_IPV6 printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); @@ -580,6 +581,7 @@ Set_Defaults(bool InitServers) Conf_ConnectRetry = 60; Conf_NoDNS = false; Conf_NoIdent = false; + Conf_NoPAM = false; Conf_Oper_Count = 0; Conf_Channel_Count = 0; @@ -986,6 +988,11 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) #endif return; } + if(strcasecmp(Var, "NoPAM") == 0) { + /* don't use PAM library to authenticate users */ + Conf_NoPAM = Check_ArgIsTrue(Arg); + return; + } #ifdef WANT_IPV6 /* the default setting for all the WANT_IPV6 special options is 'true' */ if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) { diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 8e397fa..74abc1d 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -152,6 +152,9 @@ GLOBAL bool Conf_NoDNS; /* Disable IDENT lookups, even when compiled with support for it */ GLOBAL bool Conf_NoIdent; +/* Disable all usage of PAM, even when compiled with support for it */ +GLOBAL bool Conf_NoPAM; + /* * try to connect to remote systems using the ipv6 protocol, * if they have an ipv6 address? (default yes) diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index 10e2df8..0789540 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -787,7 +787,10 @@ Hello_User(CLIENT * Client) /* Sub process */ signal(SIGTERM, Proc_GenericSignalHandler); Log_Init_Subprocess("Auth"); - result = PAM_Authenticate(Client); + if (Conf_NoPAM) { + result = (Client_Password(Client)[0] == '\0'); + } else + result = PAM_Authenticate(Client); write(pipefd[1], &result, sizeof(result)); Log_Exit_Subprocess("Auth"); exit(0);

1 0

Alexander Barton : Set NoPAM= yes in configuration files used for the testsuite
by alex＠arthur.barton.de 14 Jul '10

14 Jul '10

Module: ngircd.git Branch: master Commit: 6faf44bc6daf1b8d2e01c08ab15d234aa23ced59 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=6faf44bc… Author: Alexander Barton <alex(a)barton.de> Date: Tue Jul 13 16:48:24 2010 +0200 Set NoPAM=yes in configuration files used for the testsuite --- src/testsuite/ngircd-test1.conf | 1 + src/testsuite/ngircd-test2.conf | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/testsuite/ngircd-test1.conf b/src/testsuite/ngircd-test1.conf index 51a57fb..25ec842 100644 --- a/src/testsuite/ngircd-test1.conf +++ b/src/testsuite/ngircd-test1.conf @@ -11,6 +11,7 @@ OperCanUseMode = yes MaxJoins = 4 NoIdent = yes + NoPAM = yes [Operator] Name = TestOp diff --git a/src/testsuite/ngircd-test2.conf b/src/testsuite/ngircd-test2.conf index e6d1696..0805b4e 100644 --- a/src/testsuite/ngircd-test2.conf +++ b/src/testsuite/ngircd-test2.conf @@ -11,6 +11,7 @@ OperCanUseMode = yes MaxJoins = 4 NoIdent = yes + NoPAM = yes [Operator] Name = TestOp

1 0

Alexander Barton : Mark some variables as "unused" to prevent compiler warnings
by alex＠arthur.barton.de 14 Jul '10

14 Jul '10

Module: ngircd.git Branch: master Commit: 41034950d9cb6bdfc14abe99bf080058189d8933 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=41034950… Author: Alexander Barton <alex(a)barton.de> Date: Tue Jul 13 16:50:00 2010 +0200 Mark some variables as "unused" to prevent compiler warnings Some variables are only used when compiling with IDENT or PAM support or when the debug code is enabled. Mark them as "unused" so that gcc doesn't generate warnings when neither of these options is enabled. --- src/ngircd/client.c | 2 +- src/ngircd/log.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ngircd/client.c b/src/ngircd/client.c index 8402499..96d40d2 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -363,7 +363,7 @@ Client_SetUser( CLIENT *Client, const char *User, bool Idented ) * @param User User name to set. */ GLOBAL void -Client_SetOrigUser(CLIENT *Client, const char *User) { +Client_SetOrigUser(CLIENT UNUSED *Client, const char UNUSED *User) { assert(Client != NULL); assert(User != NULL); diff --git a/src/ngircd/log.c b/src/ngircd/log.c index c8dbdd3..0cfe3b7 100644 --- a/src/ngircd/log.c +++ b/src/ngircd/log.c @@ -264,7 +264,7 @@ va_dcl GLOBAL void -Log_Init_Subprocess(char *Name) +Log_Init_Subprocess(char UNUSED *Name) { #ifdef SYSLOG openlog( PACKAGE_NAME, LOG_CONS|LOG_PID, LOG_LOCAL5 ); @@ -277,7 +277,7 @@ Log_Init_Subprocess(char *Name) GLOBAL void -Log_Exit_Subprocess(char *Name) +Log_Exit_Subprocess(char UNUSED *Name) { #ifdef DEBUG Log_Subprocess(LOG_DEBUG, "%s sub-process %ld done.",

1 0

Alexander Barton : Use Proc_GenericSignalHandler() as handler for SIGTERM by default
by alex＠arthur.barton.de 14 Jul '10

14 Jul '10

Module: ngircd.git Branch: master Commit: 57a2faf4a74c65a6f12caf2d69c34e4f08c659f9 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=57a2faf4… Author: Alexander Barton <alex(a)barton.de> Date: Tue Jul 13 22:04:35 2010 +0200 Use Proc_GenericSignalHandler() as handler for SIGTERM by default --- src/ngircd/irc-login.c | 1 - src/ngircd/proc.c | 1 + src/ngircd/resolve.c | 16 ++-------------- 3 files changed, 3 insertions(+), 15 deletions(-) diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index 0789540..0bcbe3e 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -785,7 +785,6 @@ Hello_User(CLIENT * Client) return CONNECTED; } else { /* Sub process */ - signal(SIGTERM, Proc_GenericSignalHandler); Log_Init_Subprocess("Auth"); if (Conf_NoPAM) { result = (Client_Password(Client)[0] == '\0'); diff --git a/src/ngircd/proc.c b/src/ngircd/proc.c index f543883..11cb039 100644 --- a/src/ngircd/proc.c +++ b/src/ngircd/proc.c @@ -66,6 +66,7 @@ Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc)(int, short)) return -1; case 0: /* New child process: */ + signal(SIGTERM, Proc_GenericSignalHandler); close(pipefds[0]); return 0; } diff --git a/src/ngircd/resolve.c b/src/ngircd/resolve.c index 808ce53..b88ec11 100644 --- a/src/ngircd/resolve.c +++ b/src/ngircd/resolve.c @@ -42,7 +42,6 @@ #include "io.h" -static void Init_Subprocess PARAMS(( void )); static void Do_ResolveAddr PARAMS(( const ng_ipaddr_t *Addr, int Sock, int w_fd )); static void Do_ResolveName PARAMS(( const char *Host, int w_fd )); @@ -70,7 +69,7 @@ Resolve_Addr(PROC_STAT * s, const ng_ipaddr_t *Addr, int identsock, return true; } else if( pid == 0 ) { /* Sub process */ - Init_Subprocess(); + Log_Init_Subprocess("Resolver"); Do_ResolveAddr( Addr, identsock, pipefd[1]); Log_Exit_Subprocess("Resolver"); exit(0); @@ -99,7 +98,7 @@ Resolve_Name( PROC_STAT *s, const char *Host, void (*cbfunc)(int, short)) return true; } else if( pid == 0 ) { /* Sub process */ - Init_Subprocess(); + Log_Init_Subprocess("Resolver"); Do_ResolveName(Host, pipefd[1]); Log_Exit_Subprocess("Resolver"); exit(0); @@ -108,17 +107,6 @@ Resolve_Name( PROC_STAT *s, const char *Host, void (*cbfunc)(int, short)) } /* Resolve_Name */ -/** - * Initialize forked resolver subprocess. - */ -static void -Init_Subprocess(void) -{ - signal(SIGTERM, Proc_GenericSignalHandler); - Log_Init_Subprocess("Resolver"); -} - - #if !defined(HAVE_GETADDRINFO) || !defined(HAVE_GETNAMEINFO) #if !defined(WANT_IPV6) && defined(h_errno) static char *

1 0

Alexander Barton : Don't even fork a PAM-subprocess if "NoPAM" option is set
by alex＠arthur.barton.de 14 Jul '10

14 Jul '10

Module: ngircd.git Branch: master Commit: 6131822af6c0e2476dd539239d497dc0067271bc URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=6131822a… Author: Alexander Barton <alex(a)barton.de> Date: Tue Jul 13 22:14:53 2010 +0200 Don't even fork a PAM-subprocess if "NoPAM" option is set --- src/ngircd/irc-login.c | 16 ++++++++++++---- 1 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index 0bcbe3e..8ac5471 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -778,6 +778,17 @@ Hello_User(CLIENT * Client) assert(Client != NULL); conn = Client_Conn(Client); + if (Conf_NoPAM) { + /* Don't do any PAM authentication at all, instead emulate + * the beahiour of the daemon compiled without PAM support: + * because there can't be any "server password", all + * passwords supplied are classified as "wrong". */ + if(Client_Password(Client)[0] == '\0') + return Hello_User_PostAuth(Client); + Reject_Client(Client); + return DISCONNECTED; + } + pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result); if (pid > 0) { LogDebug("Authenticator for connection %d created (PID %d).", @@ -786,10 +797,7 @@ Hello_User(CLIENT * Client) } else { /* Sub process */ Log_Init_Subprocess("Auth"); - if (Conf_NoPAM) { - result = (Client_Password(Client)[0] == '\0'); - } else - result = PAM_Authenticate(Client); + result = PAM_Authenticate(Client); write(pipefd[1], &result, sizeof(result)); Log_Exit_Subprocess("Auth"); exit(0);

1 0