commit 86a64ce6aa522e5cbdb3a90b878e09a3b61d07bf from: Alexander Barton date: Sun Jun 05 23:08:55 2016 UTC Add "PAMServiceName" configuration option This setting allows to run multiple ngIRCd instances with separate PAM configurations on each instance. If one sets it to ngircd-foo, PAM will use /etc/pam.d/ngircd-foo instead of the default /etc/pam.d/ngircd. Thanks to "somechris" for the patch & pull request! Closes #226. commit - a93247d32f79d4b354c4a9e15bf05d787610eb2c commit + 86a64ce6aa522e5cbdb3a90b878e09a3b61d07bf blob - a4346b1e87488935551807d535fd1a6e548e08f7 blob + 3f9ba0884dee843eb494a59c98f397e6bb26f5cb --- doc/sample-ngircd.conf.tmpl +++ doc/sample-ngircd.conf.tmpl @@ -226,6 +226,15 @@ # character prepended to their respective user names! ;PAMIsOptional = no + # When PAM is enabled, this value determines the used PAM + # configuration. + # This setting allows to run multiple ngIRCd instances with + # different PAM configurations on each instance. + # If you set it to "ngircd-foo", PAM will use + # /etc/pam.d/ngircd-foo instead of the default + # /etc/pam.d/ngircd. + ;PAMServiceName = ngircd + # Let ngIRCd send an "authentication PING" when a new client connects, # and register this client only after receiving the corresponding # "PONG" reply. blob - 935ac035f7775cf6a454fcf39c3dd3faeeb171fc blob + aacacab3e91f6514d9cbb8278376bda29c97979a --- man/ngircd.conf.5.tmpl +++ man/ngircd.conf.5.tmpl @@ -338,6 +338,14 @@ To make some use of this behavior, it most probably is able to distinguish between Ident'ified and PAM-authenticated users: both don't have a "~" character prepended to their respective user names! Default: no. +.TP +\fBPAMServiceName\fR (string) +When PAM is enabled, this value determines the used PAM configuration. +This setting allows to run multiple ngIRCd instances with different +PAM configurations on each instance. If you set it to "ngircd-foo", +PAM will use /etc/pam.d/ngircd-foo instead of the default +/etc/pam.d/ngircd. +Default: ngircd. .TP \fBRequireAuthPing\fR (boolean) Let ngIRCd send an "authentication PING" when a new client connects, and blob - 98a2c1d790f63eadeda6dcd2073046a4407055ec blob + 01ec3c09510ae18324900d4fd3651ea63865b401 --- src/ngircd/conf.c +++ src/ngircd/conf.c @@ -419,6 +419,7 @@ Conf_Test( void ) #ifdef PAM printf(" PAM = %s\n", yesno_to_str(Conf_PAM)); printf(" PAMIsOptional = %s\n", yesno_to_str(Conf_PAMIsOptional)); + printf(" PAMServiceName = %s\n", Conf_PAMServiceName); #endif #ifndef STRICT_RFC printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing)); @@ -807,6 +808,7 @@ Set_Defaults(bool InitServers) Conf_PAM = false; #endif Conf_PAMIsOptional = false; + strcpy(Conf_PAMServiceName, "ngircd"); Conf_ScrubCTCP = false; #ifdef SYSLOG #ifdef LOG_LOCAL5 @@ -1831,6 +1833,12 @@ Handle_OPTIONS(const char *File, int Line, char *Var, } if (strcasecmp(Var, "PAMIsOptional") == 0 ) { Conf_PAMIsOptional = Check_ArgIsTrue(Arg); + return; + } + if (strcasecmp(Var, "PAMServiceName") == 0) { + len = strlcpy(Conf_PAMServiceName, Arg, sizeof(Conf_PAMServiceName)); + if (len >= sizeof(Conf_PAMServiceName)) + Config_Error_TooLong(File, Line, Var); return; } if (strcasecmp(Var, "PredefChannelsOnly") == 0) { blob - 70de20af9edbb6321b739eac123124baa74e5575 blob + 7203b86a3b630ce559a6693d7af26234cd1fa84d --- src/ngircd/conf.h +++ src/ngircd/conf.h @@ -203,6 +203,9 @@ GLOBAL bool Conf_PAM; /** Don't require all clients to send a password an to be PAM authenticated */ GLOBAL bool Conf_PAMIsOptional; +/** The service name to use for PAM */ +GLOBAL char Conf_PAMServiceName[MAX_PAM_SERVICE_NAME_LEN]; + /** Disable all CTCP commands except for /me ? */ GLOBAL bool Conf_ScrubCTCP; blob - 6bea174e2d46725bd36284973e4a6d630d94e810 blob + f2666905e2512ae78396052bc861b19c77bb7de5 --- src/ngircd/defines.h +++ src/ngircd/defines.h @@ -61,7 +61,10 @@ /** Size of default connection pool. */ #define CONNECTION_POOL 100 +/** Size of buffer for PAM service name. */ +#define MAX_PAM_SERVICE_NAME_LEN 64 + /* Hard-coded (default) options */ /** Delay after startup before outgoing connections are initiated in seconds. */ blob - d2a8a54e5d66eb15f5edfb573720c83f797d5dee blob + 4e47ddb16d8d8be0eaa3b0ccddb6e411e1837960 --- src/ngircd/pam.c +++ src/ngircd/pam.c @@ -32,6 +32,7 @@ #include "log.h" #include "conn.h" #include "client.h" +#include "conf.h" #include "pam.h" @@ -101,7 +102,7 @@ PAM_Authenticate(CLIENT *Client) { conv.appdata_ptr = Conn_Password(Client_Conn(Client)); /* Initialize PAM */ - retval = pam_start("ngircd", Client_OrigUser(Client), &conv, &pam); + retval = pam_start(Conf_PAMServiceName, Client_OrigUser(Client), &conv, &pam); if (retval != PAM_SUCCESS) { Log(LOG_ERR, "PAM: Failed to create authenticator! (%d)", retval); return false;