]>
Commit | Line | Data |
---|---|---|
189935b1 | 1 | OVERVIEW |
2 | ======== | |
3 | ||
4 | The IAUTH protocol used here is based on the one in ircd-hybrid 7.0, | |
5 | with minor changes to support login-on-connect and true IAUTH-side | |
6 | connection classes. (Several networks use central authorities to vary | |
7 | per-netblock connection limits; for example, users from one ISP may | |
8 | only be allowed one connection per IP, or one shell provider's | |
9 | netblock may be limited to 50 total connections.) IAUTH-side | |
10 | connection classes are controlled by a configuration option; if that | |
11 | is enabled, this document will say ICLASS is enabled. | |
12 | ||
13 | As in IRC, lines sent between the IRC and IAUTH servers are limited to | |
14 | 512 characters, including the terminating <CR> <LF> sequence. As in | |
15 | IRC, the final argument on a line may be prefixed with :, and must be | |
16 | prefixed with : if it contains a space (decimal 32) character. Tokens | |
17 | are separated by single space characters, and each line is a separate | |
18 | command. The first token on a line is a case-insensitive command | |
19 | name; unrecognized commands must be ignored. | |
20 | ||
21 | GREETING | |
22 | ======== | |
23 | ||
24 | The IRC server connects and sends the Server greeting: | |
25 | Server <servername> [password] | |
26 | If ICLASS is enabled, it sends a list of currently connected users: | |
27 | MyUsers <uid>:<username>@<hostname>:<ip> ... | |
28 | The IRC server may send several MyUsers lines. When it has sent all | |
29 | MyUsers lines, it sends an EndUsers line: | |
30 | EndUsers | |
31 | If ICLASS is disabled, EndUsers is sent immediately after Server. | |
32 | ||
33 | LOGIN REQUESTS | |
34 | ============== | |
35 | ||
36 | When users connect, the IRC server sends a DoAuth request: | |
37 | FullAuth <uid> <nickname> <username> <hostname> <ip> <account> <password> <realname> | |
38 | <uid> is a text string up to 20 characters long that identifies the | |
39 | client, and is unique a BadAuth response is received or until an | |
40 | ExitUser command is sent with the same uid (see below for details on | |
41 | those messages). <uid> may not contain a colon character. <nickname> | |
42 | is the client's initially requested nickname. <username> is the | |
43 | username returned by the ident server (RFC 1413), or a tilde-prefixed | |
44 | username supplied by the user. <hostname> is a text hostname, | |
45 | possibly in the form of a dotted quad or IPv6 address, or the | |
46 | character '?'. <ip> is a dotted quad IPv4 address or an IPv6 hex | |
47 | address. <account> and <password> are optional, and are used when the | |
48 | client attempts login-on-connect. <realname> is the realname | |
49 | specified by the client's USER message, and may contain spaces. | |
50 | ||
51 | If the client is accepted, the IAUTH server responds: | |
52 | DoneAuth <uid> <username> <hostname> <class> [account] | |
53 | <username> is a replacement username, and <hostname> is a replacement | |
54 | hostname. If the <hostname> from DoAuth was ?, <hostname> is the | |
55 | result of a DNS lookup for the client. <class> is the name of a | |
56 | connection class for the client. <account> is optional and is | |
57 | provided if the user's login was successful. | |
58 | ||
59 | If the client is rejected, the IAUTH server responds: | |
60 | BadAuth <uid> :<reason> | |
61 | <reason> may include spaces, and should have a leading ':' sentinel. | |
62 | ||
63 | DISCONNECTS | |
64 | =========== | |
65 | ||
66 | If ICLASS is enabled, the IRC server sends ExitUser when a client | |
67 | disconnects: | |
68 | ExitUser <uid> | |
69 | ||
70 | DIFFERENCES FROM IRCD-HYBRID | |
71 | ============================ | |
72 | ||
73 | The ircd-hybrid IAUTH code is slightly bitrotted and disabled in 7.0 | |
74 | (through at least 7.0.1). This code added the following items: | |
75 | MyUsers, EndUsers and ExitUser commands | |
76 | Server passwords may contain whitespace and be prefixed by : | |
77 | DoneAuth may include an account name | |
78 | FullAuth command replaces DoAuth command and adds account, password, | |
79 | realname parameters | |
80 | The Class command is present in ircd-hybrid's code but not used here. | |
81 | IP addresses in ircd-hybrid are "in unsigned int format," which is | |
82 | limited to IPv4, and so it is not used here. |