commit 6131822af6c0e2476dd539239d497dc0067271bc
from: Alexander Barton <alex@barton.de>
date: Tue Jul 13 20:14:53 2010 UTC

Don't even fork a PAM-subprocess if "NoPAM" option is set

commit - 57a2faf4a74c65a6f12caf2d69c34e4f08c659f9
commit + 6131822af6c0e2476dd539239d497dc0067271bc
blob - 0bcbe3edc5b45ec0e36f8124137dc96872892353
blob + 8ac5471ad488bfd36eaf1067969263ff6aa5778f
--- src/ngircd/irc-login.c
+++ src/ngircd/irc-login.c
@@ -777,6 +777,17 @@ Hello_User(CLIENT * Client)
 
 	assert(Client != NULL);
 	conn = Client_Conn(Client);
+
+	if (Conf_NoPAM) {
+		/* Don't do any PAM authentication at all, instead emulate
+		 * the beahiour of the daemon compiled without PAM support:
+		 * because there can't be any "server password", all
+		 * passwords supplied are classified as "wrong". */
+		if(Client_Password(Client)[0] == '\0')
+			return Hello_User_PostAuth(Client);
+		Reject_Client(Client);
+		return DISCONNECTED;
+	}
 
 	pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result);
 	if (pid > 0) {
@@ -786,10 +797,7 @@ Hello_User(CLIENT * Client)
 	} else {
 		/* Sub process */
 		Log_Init_Subprocess("Auth");
-		if (Conf_NoPAM) {
-			result = (Client_Password(Client)[0] == '\0');
-		} else
-			result = PAM_Authenticate(Client);
+		result = PAM_Authenticate(Client);
 		write(pipefd[1], &result, sizeof(result));
 		Log_Exit_Subprocess("Auth");
 		exit(0);