Commit Diff

Commit:
f369177617a0f54e34a1af6fa44d1d1e3f953aeb
From:
Alexander Barton <alex@barton.de>
Date:
Message:
New configuration option "NoPAM" to disable PAM When the "NoPAM" configuration option is set and ngIRCd is compiled with support for PAM, ngIRCd will not call any PAM functions: all connection attemps without password will succeed instead and all connection attemps with password will fail. If ngIRCd is compiled without PAM support, this option is a dummy option and nothing changes: the global server password will still be in effect.
Actions:
Patch | Tree
commit - 37ee0a331394d990e514a1a7b2b52ecb879b9701
commit + f369177617a0f54e34a1af6fa44d1d1e3f953aeb
blob - daa0801211af2d60088520b9410fef1abf0483a8
blob + 645d1b8afbc525fef0d689f9c36b801bff67db5f
--- doc/sample-ngircd.conf
+++ doc/sample-ngircd.conf
@@ -135,6 +135,9 @@
 	# with support for it.
 	;NoIdent = no
 
+	# Don't use PAM, even if ngIRCd has been compiled with support for it.
+	;NoPAM = no
+
 	# try to connect to other irc servers using ipv4 and ipv6, if possible
 	;ConnectIPv6 = yes
 	;ConnectIPv4 = yes
blob - 46e0308a3f3e9fce27cd18f652dc0b2a1606648f
blob + ad888713ee7d0ee310404b15c02211ff7bd6c20a
--- man/ngircd.conf.5.tmpl
+++ man/ngircd.conf.5.tmpl
@@ -208,6 +208,12 @@ Default: no.
 \fBNoIdent\fR
 If ngIRCd is compiled with IDENT support this can be used to disable IDENT
 lookups at run time.
+Default: no.
+.TP
+\fBNoPAM\fR
+If ngIRCd is compiled with PAM support this can be used to disable all calls
+to the PAM library at runtime; all users connecting without password are
+allowed to connect, all passwords given will fail.
 Default: no.
 .TP
 \fBConnectIPv4\fR
blob - f78eaee64d985f01aa294e9cdf7ce6fd56401aa0
blob + 834a1da330e989300993d5377bf6c8b726119ce5
--- src/ngircd/conf.c
+++ src/ngircd/conf.c
@@ -331,6 +331,7 @@ Conf_Test( void )
 	printf("  PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly));
 	printf("  NoDNS = %s\n", yesno_to_str(Conf_NoDNS));
 	printf("  NoIdent = %s\n", yesno_to_str(Conf_NoIdent));
+	printf("  NoPAM = %s\n", yesno_to_str(Conf_NoPAM));
 
 #ifdef WANT_IPV6
 	printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@@ -580,6 +581,7 @@ Set_Defaults(bool InitServers)
 	Conf_ConnectRetry = 60;
 	Conf_NoDNS = false;
 	Conf_NoIdent = false;
+	Conf_NoPAM = false;
 
 	Conf_Oper_Count = 0;
 	Conf_Channel_Count = 0;
@@ -986,6 +988,11 @@ Handle_GLOBAL( int Line, char *Var, char *Arg )
 #endif
 		return;
 	}
+	if(strcasecmp(Var, "NoPAM") == 0) {
+		/* don't use PAM library to authenticate users */
+		Conf_NoPAM = Check_ArgIsTrue(Arg);
+		return;
+	}
 #ifdef WANT_IPV6
 	/* the default setting for all the WANT_IPV6 special options is 'true' */
 	if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) {
blob - 8e397fafcf437b9531b8e2d70294a018bf39ae16
blob + 74abc1d95010d889ba626f76c836abcc8fc7db14
--- src/ngircd/conf.h
+++ src/ngircd/conf.h
@@ -152,6 +152,9 @@ GLOBAL bool Conf_NoDNS;
 /* Disable IDENT lookups, even when compiled with support for it */
 GLOBAL bool Conf_NoIdent;
 
+/* Disable all usage of PAM, even when compiled with support for it */
+GLOBAL bool Conf_NoPAM;
+
 /*
  * try to connect to remote systems using the ipv6 protocol,
  * if they have an ipv6 address? (default yes)
blob - 10e2df82614469bf7ed58116c6f5c00ea1133418
blob + 078954024a887bf1495ee8a0672e01530c93359f
--- src/ngircd/irc-login.c
+++ src/ngircd/irc-login.c
@@ -787,7 +787,10 @@ Hello_User(CLIENT * Client)
 		/* Sub process */
 		signal(SIGTERM, Proc_GenericSignalHandler);
 		Log_Init_Subprocess("Auth");
-		result = PAM_Authenticate(Client);
+		if (Conf_NoPAM) {
+			result = (Client_Password(Client)[0] == '\0');
+		} else
+			result = PAM_Authenticate(Client);
 		write(pipefd[1], &result, sizeof(result));
 		Log_Exit_Subprocess("Auth");
 		exit(0);