From: Michael Poole Date: Mon, 8 May 2006 01:55:08 +0000 (+0000) Subject: Give iauth its full share of time to respond. X-Git-Url: http://git.pk910.de/?p=ircu2.10.12-pk.git;a=commitdiff_plain;h=bd863fec8b3422931140f07b89fe7255907eeae9 Give iauth its full share of time to respond. Specifically, do not time it out at the same time as DNS and ident. git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/branches/u2_10_12_branch@1650 c9e4aea6-c8fd-4c43-8297-357d70d61c8c --- diff --git a/ChangeLog b/ChangeLog index 48a92bb..343b6b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2006-05-07 Michael Poole + + * include/s_auth.h (auth_ping_timeout): Declare new function. + + * ircd/ircd.c (check_pings): Move auth timeout logic into that new + function. + + * ircd/s_auth.c (HeaderMessages): Insert new message. + (auth_ping_timeout): Define new function. + (auth_timeout_callback): Remove "hurry" notification from here. + 2006-05-07 Michael Poole * include/s_auth.h (destroy_auth_request): Remove second argument. diff --git a/include/s_auth.h b/include/s_auth.h index 51693db..2831088 100644 --- a/include/s_auth.h +++ b/include/s_auth.h @@ -34,6 +34,7 @@ struct AuthRequest; struct StatDesc; extern void start_auth(struct Client *); +extern int auth_ping_timeout(struct Client *); extern int auth_set_pong(struct AuthRequest *auth, unsigned int cookie); extern int auth_set_user(struct AuthRequest *auth, const char *username, const char *userinfo); extern int auth_set_nick(struct AuthRequest *auth, const char *nickname); diff --git a/ircd/ircd.c b/ircd/ircd.c index 2c0046f..8503d0c 100644 --- a/ircd/ircd.c +++ b/ircd/ircd.c @@ -379,28 +379,18 @@ static void check_pings(struct Event* ev) { */ if (!IsRegistered(cptr)) { assert(!IsServer(cptr)); - if ((CurrentTime-cli_firsttime(cptr) >= max_ping)) { - /* Display message if they have sent a NICK and a USER but no - * nospoof PONG. - */ - if (*(cli_name(cptr)) && cli_user(cptr) && *(cli_user(cptr))->username) { - send_reply(cptr, SND_EXPLICIT | ERR_BADPING, - ":Your client may not be compatible with this server."); - send_reply(cptr, SND_EXPLICIT | ERR_BADPING, - ":Compatible clients are available at %s", - feature_str(FEAT_URL_CLIENTS)); - } - exit_client_msg(cptr,cptr,&me, "Registration Timeout"); - continue; - } else { - /* OK, they still have enough time left, so we'll just skip to the - * next client. Set the next check to be when their time is up, if - * that's before the currently scheduled next check -- hikari */ - expire = cli_firsttime(cptr) + max_ping; - if (expire < next_check) - next_check = expire; + /* If client authorization time has expired, ask auth whether they + * should be checked again later. */ + if ((CurrentTime-cli_firsttime(cptr) >= max_ping) + && auth_ping_timeout(cptr)) continue; - } + /* OK, they still have enough time left, so we'll just skip to the + * next client. Set the next check to be when their time is up, if + * that's before the currently scheduled next check -- hikari */ + expire = cli_firsttime(cptr) + max_ping; + if (expire < next_check) + next_check = expire; + continue; } /* Quit the client after max_ping*2 - they should have answered by now */ diff --git a/ircd/s_auth.c b/ircd/s_auth.c index bb6f30a..d64fb5c 100644 --- a/ircd/s_auth.c +++ b/ircd/s_auth.c @@ -117,6 +117,7 @@ static struct { MSG("NOTICE AUTH :*** Checking Ident\r\n"), MSG("NOTICE AUTH :*** Got ident response\r\n"), MSG("NOTICE AUTH :*** No ident response\r\n"), + MSG("NOTICE AUTH :*** \r\n"), MSG("NOTICE AUTH :*** Your forward and reverse DNS do not match, " "ignoring hostname.\r\n"), MSG("NOTICE AUTH :*** Invalid hostname\r\n") @@ -131,6 +132,7 @@ typedef enum { REPORT_DO_ID, REPORT_FIN_ID, REPORT_FAIL_ID, + REPORT_FAIL_IAUTH, REPORT_IP_MISMATCH, REPORT_INVAL_DNS } ReportType; @@ -718,6 +720,49 @@ void destroy_auth_request(struct AuthRequest* auth) cli_auth(auth->client) = NULL; } +/** Handle a 'ping' (authorization) timeout for a client. + * @param[in] cptr The client whose session authorization has timed out. + * @return Zero if client is kept, CPTR_KILLED if client rejected. + */ +int auth_ping_timeout(struct Client *cptr) +{ + struct AuthRequest *auth; + enum AuthRequestFlag flag; + + auth = cli_auth(cptr); + + /* Check for a user-controlled timeout. */ + for (flag = 0; flag < AR_LAST_SCAN; ++flag) { + if (FlagHas(&auth->flags, flag)) { + /* Display message if they have sent a NICK and a USER but no + * nospoof PONG. + */ + if (*(cli_name(cptr)) && cli_user(cptr) && *(cli_user(cptr))->username) { + send_reply(cptr, SND_EXPLICIT | ERR_BADPING, + ":Your client may not be compatible with this server."); + send_reply(cptr, SND_EXPLICIT | ERR_BADPING, + ":Compatible clients are available at %s", + feature_str(FEAT_URL_CLIENTS)); + } + return exit_client_msg(cptr, cptr, &me, "Registration Timeout"); + } + } + + /* Check for iauth timeout. */ + if (FlagHas(&auth->flags, AR_IAUTH_PENDING)) { + sendto_iauth(cptr, "T"); + if (IAuthHas(iauth, IAUTH_REQUIRED)) { + sendheader(cptr, REPORT_FAIL_IAUTH); + return exit_client_msg(cptr, cptr, &me, "Authorization Timeout"); + } + FlagClr(&auth->flags, AR_IAUTH_PENDING); + return check_auth_finished(auth); + } + + assert(0 && "Unexpectedly reached end of auth_ping_timeout()"); + return 0; +} + /** Timeout a given auth request. * @param[in] ev A timer event whose associated data is the expired * struct AuthRequest. @@ -736,14 +781,6 @@ static void auth_timeout_callback(struct Event* ev) log_write(LS_RESOLVER, L_INFO, 0, "Registration timeout %s", get_client_name(auth->client, HIDE_IP)); - /* Tell iauth if we will let the client on. */ - if (FlagHas(&auth->flags, AR_IAUTH_PENDING) - && !IAuthHas(iauth, IAUTH_REQUIRED)) - { - sendto_iauth(auth->client, "T"); - FlagClr(&auth->flags , AR_IAUTH_PENDING); - } - /* Notify client if ident lookup failed. */ if (FlagHas(&auth->flags, AR_AUTH_PENDING)) { FlagClr(&auth->flags, AR_AUTH_PENDING);