int fork() { ReturnStatus status; /* result returned by Proc_Fork */ int pid; /* process id of child, or 0, set by Proc_Fork */ /* Fork without sharing the heap. */ status = Proc_Fork(FALSE, &pid); if (status == PROC_CHILD_PROC) { return(0); } if (status != SUCCESS) { errno = Compat_MapCode(status); return(UNIX_ERROR); } return((int) pid); }
/** * Initiate client login. * * This function is called after the daemon received the required NICK and * USER commands of a new client. If the daemon is compiled with support for * PAM, the authentication sub-processs is forked; otherwise the global server * password is checked. * * @param Client The client logging in. * @returns CONNECTED or DISCONNECTED. */ GLOBAL bool Login_User(CLIENT * Client) { #ifdef PAM int pipefd[2], result; pid_t pid; #endif CONN_ID conn; assert(Client != NULL); conn = Client_Conn(Client); #ifndef STRICT_RFC if (Conf_AuthPing) { /* Did we receive the "auth PONG" already? */ if (Conn_GetAuthPing(conn)) { Client_SetType(Client, CLIENT_WAITAUTHPING); LogDebug("Connection %d: Waiting for AUTH PONG ...", conn); return CONNECTED; } } #endif /* Still waiting for "CAP END" command? */ if (Client_Cap(Client) & CLIENT_CAP_PENDING) { Client_SetType(Client, CLIENT_WAITCAPEND); LogDebug("Connection %d: Waiting for CAP END ...", conn); return CONNECTED; } #ifdef PAM if (!Conf_PAM) { /* Don't do any PAM authentication at all if PAM is not * enabled, instead emulate the behavior of the daemon * compiled without PAM support. */ if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0) return Login_User_PostAuth(Client); Client_Reject(Client, "Bad server password", false); return DISCONNECTED; } if (Conf_PAMIsOptional && strcmp(Conn_Password(conn), "") == 0) { /* Clients are not required to send a password and to be PAM- * authenticated at all. If not, they won't become "identified" * and keep the "~" in their supplied user name. * Therefore it is sensible to either set Conf_PAMisOptional or * to enable IDENT lookups -- not both. */ return Login_User_PostAuth(Client); } if (Conf_PAM) { /* Fork child process for PAM authentication; and make sure that the * process timeout is set higher than the login timeout! */ pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result, Conf_PongTimeout + 1); if (pid > 0) { LogDebug("Authenticator for connection %d created (PID %d).", conn, pid); return CONNECTED; } else { /* Sub process */ Log_Init_Subprocess("Auth"); Conn_CloseAllSockets(NONE); result = PAM_Authenticate(Client); if (write(pipefd[1], &result, sizeof(result)) != sizeof(result)) Log_Subprocess(LOG_ERR, "Failed to pipe result to parent!"); Log_Exit_Subprocess("Auth"); exit(0); } } else return CONNECTED; #else /* Check global server password ... */ if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) { /* Bad password! */ Client_Reject(Client, "Bad server password", false); return DISCONNECTED; } return Login_User_PostAuth(Client); #endif }