Committer : entrope
CVSROOT : /cvsroot/undernet-ircu
Module : ircu2.10
Branch tags: u2_10_12_branch
Commit time: 2006-05-08 01:55:18 UTC
Modified files:
Tag: u2_10_12_branch
ChangeLog include/s_auth.h ircd/ircd.c ircd/s_auth.c
Log message:
Give iauth its full share of time to respond.
Specifically, do not time it out at the same time as DNS and ident.
---------------------- diff included ----------------------
Index: ircu2.10/ChangeLog
diff -u ircu2.10/ChangeLog:1.710.2.97 ircu2.10/ChangeLog:1.710.2.98
--- ircu2.10/ChangeLog:1.710.2.97 Sun May 7 18:30:20 2006
+++ ircu2.10/ChangeLog Sun May 7 18:55:08 2006
@@ -1,5 +1,16 @@
2006-05-07 Michael Poole <[EMAIL PROTECTED]>
+ * include/s_auth.h (auth_ping_timeout): Declare new function.
+
+ * ircd/ircd.c (check_pings): Move auth timeout logic into that new
+ function.
+
+ * ircd/s_auth.c (HeaderMessages): Insert new message.
+ (auth_ping_timeout): Define new function.
+ (auth_timeout_callback): Remove "hurry" notification from here.
+
+2006-05-07 Michael Poole <[EMAIL PROTECTED]>
+
* include/s_auth.h (destroy_auth_request): Remove second argument.
* ircd/list.c (free_client): Update to match.
Index: ircu2.10/include/s_auth.h
diff -u ircu2.10/include/s_auth.h:1.6.2.2 ircu2.10/include/s_auth.h:1.6.2.3
--- ircu2.10/include/s_auth.h:1.6.2.2 Sun May 7 18:30:24 2006
+++ ircu2.10/include/s_auth.h Sun May 7 18:55:08 2006
@@ -17,7 +17,7 @@
*/
/** @file
* @brief Interface for DNS and ident lookups.
- * @version $Id: s_auth.h,v 1.6.2.2 2006/05/08 01:30:24 entrope Exp $
+ * @version $Id: s_auth.h,v 1.6.2.3 2006/05/08 01:55:08 entrope Exp $
*/
#ifndef INCLUDED_s_auth_h
#define INCLUDED_s_auth_h
@@ -34,6 +34,7 @@
struct StatDesc;
extern void start_auth(struct Client *);
+extern int auth_ping_timeout(struct Client *);
extern int auth_set_pong(struct AuthRequest *auth, unsigned int cookie);
extern int auth_set_user(struct AuthRequest *auth, const char *username, const
char *userinfo);
extern int auth_set_nick(struct AuthRequest *auth, const char *nickname);
Index: ircu2.10/ircd/ircd.c
diff -u ircu2.10/ircd/ircd.c:1.91.2.2 ircu2.10/ircd/ircd.c:1.91.2.3
--- ircu2.10/ircd/ircd.c:1.91.2.2 Wed Feb 15 19:26:53 2006
+++ ircu2.10/ircd/ircd.c Sun May 7 18:55:08 2006
@@ -19,7 +19,7 @@
*/
/** @file
* @brief Entry point and other initialization functions for the daemon.
- * @version $Id: ircd.c,v 1.91.2.2 2006/02/16 03:26:53 entrope Exp $
+ * @version $Id: ircd.c,v 1.91.2.3 2006/05/08 01:55:08 entrope Exp $
*/
#include "config.h"
@@ -379,28 +379,18 @@
*/
if (!IsRegistered(cptr)) {
assert(!IsServer(cptr));
- if ((CurrentTime-cli_firsttime(cptr) >= max_ping)) {
- /* Display message if they have sent a NICK and a USER but no
- * nospoof PONG.
- */
- if (*(cli_name(cptr)) && cli_user(cptr) && *(cli_user(cptr))->username)
{
- send_reply(cptr, SND_EXPLICIT | ERR_BADPING,
- ":Your client may not be compatible with this server.");
- send_reply(cptr, SND_EXPLICIT | ERR_BADPING,
- ":Compatible clients are available at %s",
- feature_str(FEAT_URL_CLIENTS));
- }
- exit_client_msg(cptr,cptr,&me, "Registration Timeout");
- continue;
- } else {
- /* OK, they still have enough time left, so we'll just skip to the
- * next client. Set the next check to be when their time is up, if
- * that's before the currently scheduled next check -- hikari */
- expire = cli_firsttime(cptr) + max_ping;
- if (expire < next_check)
- next_check = expire;
+ /* If client authorization time has expired, ask auth whether they
+ * should be checked again later. */
+ if ((CurrentTime-cli_firsttime(cptr) >= max_ping)
+ && auth_ping_timeout(cptr))
continue;
- }
+ /* OK, they still have enough time left, so we'll just skip to the
+ * next client. Set the next check to be when their time is up, if
+ * that's before the currently scheduled next check -- hikari */
+ expire = cli_firsttime(cptr) + max_ping;
+ if (expire < next_check)
+ next_check = expire;
+ continue;
}
/* Quit the client after max_ping*2 - they should have answered by now */
Index: ircu2.10/ircd/s_auth.c
diff -u ircu2.10/ircd/s_auth.c:1.37.2.10 ircu2.10/ircd/s_auth.c:1.37.2.11
--- ircu2.10/ircd/s_auth.c:1.37.2.10 Sun May 7 18:30:24 2006
+++ ircu2.10/ircd/s_auth.c Sun May 7 18:55:08 2006
@@ -31,7 +31,7 @@
*/
/** @file
* @brief Implementation of DNS and ident lookups.
- * @version $Id: s_auth.c,v 1.37.2.10 2006/05/08 01:30:24 entrope Exp $
+ * @version $Id: s_auth.c,v 1.37.2.11 2006/05/08 01:55:08 entrope Exp $
*/
#include "config.h"
@@ -117,6 +117,7 @@
MSG("NOTICE AUTH :*** Checking Ident\r\n"),
MSG("NOTICE AUTH :*** Got ident response\r\n"),
MSG("NOTICE AUTH :*** No ident response\r\n"),
+ MSG("NOTICE AUTH :*** \r\n"),
MSG("NOTICE AUTH :*** Your forward and reverse DNS do not match, "
"ignoring hostname.\r\n"),
MSG("NOTICE AUTH :*** Invalid hostname\r\n")
@@ -131,6 +132,7 @@
REPORT_DO_ID,
REPORT_FIN_ID,
REPORT_FAIL_ID,
+ REPORT_FAIL_IAUTH,
REPORT_IP_MISMATCH,
REPORT_INVAL_DNS
} ReportType;
@@ -718,6 +720,49 @@
cli_auth(auth->client) = NULL;
}
+/** Handle a 'ping' (authorization) timeout for a client.
+ * @param[in] cptr The client whose session authorization has timed out.
+ * @return Zero if client is kept, CPTR_KILLED if client rejected.
+ */
+int auth_ping_timeout(struct Client *cptr)
+{
+ struct AuthRequest *auth;
+ enum AuthRequestFlag flag;
+
+ auth = cli_auth(cptr);
+
+ /* Check for a user-controlled timeout. */
+ for (flag = 0; flag < AR_LAST_SCAN; ++flag) {
+ if (FlagHas(&auth->flags, flag)) {
+ /* Display message if they have sent a NICK and a USER but no
+ * nospoof PONG.
+ */
+ if (*(cli_name(cptr)) && cli_user(cptr) && *(cli_user(cptr))->username) {
+ send_reply(cptr, SND_EXPLICIT | ERR_BADPING,
+ ":Your client may not be compatible with this server.");
+ send_reply(cptr, SND_EXPLICIT | ERR_BADPING,
+ ":Compatible clients are available at %s",
+ feature_str(FEAT_URL_CLIENTS));
+ }
+ return exit_client_msg(cptr, cptr, &me, "Registration Timeout");
+ }
+ }
+
+ /* Check for iauth timeout. */
+ if (FlagHas(&auth->flags, AR_IAUTH_PENDING)) {
+ sendto_iauth(cptr, "T");
+ if (IAuthHas(iauth, IAUTH_REQUIRED)) {
+ sendheader(cptr, REPORT_FAIL_IAUTH);
+ return exit_client_msg(cptr, cptr, &me, "Authorization Timeout");
+ }
+ FlagClr(&auth->flags, AR_IAUTH_PENDING);
+ return check_auth_finished(auth);
+ }
+
+ assert(0 && "Unexpectedly reached end of auth_ping_timeout()");
+ return 0;
+}
+
/** Timeout a given auth request.
* @param[in] ev A timer event whose associated data is the expired
* struct AuthRequest.
@@ -736,14 +781,6 @@
log_write(LS_RESOLVER, L_INFO, 0, "Registration timeout %s",
get_client_name(auth->client, HIDE_IP));
- /* Tell iauth if we will let the client on. */
- if (FlagHas(&auth->flags, AR_IAUTH_PENDING)
- && !IAuthHas(iauth, IAUTH_REQUIRED))
- {
- sendto_iauth(auth->client, "T");
- FlagClr(&auth->flags , AR_IAUTH_PENDING);
- }
-
/* Notify client if ident lookup failed. */
if (FlagHas(&auth->flags, AR_AUTH_PENDING)) {
FlagClr(&auth->flags, AR_AUTH_PENDING);
----------------------- End of diff -----------------------
_______________________________________________
Patches mailing list
[email protected]
http://undernet.sbg.org/mailman/listinfo/patches
