Re: Most recent version of the FAQ?

[Kurt Roeckx <Q@xxxxxxx>]

On Fri, Apr 28, 2000 at 08:33:09PM -0400, Jack Twilley wrote:
> >>>>> "Kurt" == Kurt Roeckx <Q@xxxxxxx> writes:
> 
> Kurt> Did you read iauth-internals.txt? If that didn't help, try
> Kurt> reading some of the other modules, or ask.
> 
> Hmmm.  That looks useful.  Let me try to explain my goal in English,
> and then try to describe how I'd make iauth do the right thing.
> 
> Basically, I want to remove identd checking and use my own custom
> checking as the sole authentication method. 

Currenlty ident checking is always turned on, you'll need to modify iauth
to not do it then.

in a_conf.c there is:

        if (ident == NULL)
            {
                ident = *last = (AnInstance *) malloc(sizeof(AnInstance));
...

That needs to be changed/removed to turn that off.

> All users will have to
> submit a username and password.  There exists a C function that, given
> said username and password, gives a yes or no answer.  If the answer
> is no, the user is removed, preferably with a message.

I'm not sure iauth and/or ircd currently allow to send a message to the
client. I think that that was done because there can be mutliple modules
that reject the client.

> passwd_init will send the following to the ircd:
> A * passwd
> s
> O RTA
> >passwd_init successful

The "A * passwd" is send by iauth itself.

The "s" neither. iauth will send statistics every 60 seconds to ircd,
which sends an "s" first, to remove the old. Then it asks every module
that keeps stats to send it.

The "O RTA" should not be send by the module itself, but should be
done using the options in iauth.conf. I think you want required (R),
notimeout (T) and extinfo (A).

Take a look at some of the other mod_*'s in the iauth dir.

> passwd_stats will send the following to the ircd:
> S passwd connected 0 badname 0 badpasswd 0 out of 0

Looks good.

> passwd_start will send the following to the ircd:
> (success)
> U 2 192.168.2.10 13578 earthpig
> D 2 203.36.167.162 13578

Sending the "U ..." is good, but i think you have to set authuser,
authfrom and state to correct values. Iauth can in some cases need to send
it again because of the way ircd works (fd remap).

try something like this:

	if (cldata[cl].authuser)
		free(cldata[cl].authuser);
	cldata[cl].authuser = mystrdup(ch);
	cldata[cl].authfrom = cldata[cl].instance->in;
	cldata[cl].state |= A_UNIX;

You should not send that you're done authenticating it, iauth will do that
for you.

Also note that the ip's need to be the same :)

> (failure)
> I 2 203.36.167.162 13578 NOTICE AUTH :Bad password
> >client from 203.36.167.162:13578 denied: Bad password
> K 2 203.36.167.162 13578
> D 2 203.36.167.162 13578

I have no idea what "I ..." is supposed to do. But I guess you want
something to be able to send data to the client.

I don't think you need that "K ...", I think that's only needed if you
want to kill a client that's already been connected. Setting A_DENY should
be enough. 

Someone correct me if I'm wrong :)

Again, you should not send the "D ..."


Kurt