commit e84000f7b8b8fb8ae29f53f66dea488f904e0838 from: Christian Aistleitner date: Sun Jun 05 21:48:29 2016 UTC Add PAMServiceName setting to specify the used PAM configuration This setting allows to run multiple ngIRCd instances with PAM configurations on each instance. If one sets it to "ngircd-foo", PAM will use `/etc/pam.d/ngircd-foo` instead of the default `/etc/pam.d/ngircd`. commit - a93247d32f79d4b354c4a9e15bf05d787610eb2c commit + e84000f7b8b8fb8ae29f53f66dea488f904e0838 blob - a4346b1e87488935551807d535fd1a6e548e08f7 blob + 3f9ba0884dee843eb494a59c98f397e6bb26f5cb --- doc/sample-ngircd.conf.tmpl +++ doc/sample-ngircd.conf.tmpl @@ -226,6 +226,15 @@ # character prepended to their respective user names! ;PAMIsOptional = no + # When PAM is enabled, this value determines the used PAM + # configuration. + # This setting allows to run multiple ngIRCd instances with + # different PAM configurations on each instance. + # If you set it to "ngircd-foo", PAM will use + # /etc/pam.d/ngircd-foo instead of the default + # /etc/pam.d/ngircd. + ;PAMServiceName = ngircd + # Let ngIRCd send an "authentication PING" when a new client connects, # and register this client only after receiving the corresponding # "PONG" reply. blob - 935ac035f7775cf6a454fcf39c3dd3faeeb171fc blob + aacacab3e91f6514d9cbb8278376bda29c97979a --- man/ngircd.conf.5.tmpl +++ man/ngircd.conf.5.tmpl @@ -338,6 +338,14 @@ To make some use of this behavior, it most probably is able to distinguish between Ident'ified and PAM-authenticated users: both don't have a "~" character prepended to their respective user names! Default: no. +.TP +\fBPAMServiceName\fR (string) +When PAM is enabled, this value determines the used PAM configuration. +This setting allows to run multiple ngIRCd instances with different +PAM configurations on each instance. If you set it to "ngircd-foo", +PAM will use /etc/pam.d/ngircd-foo instead of the default +/etc/pam.d/ngircd. +Default: ngircd. .TP \fBRequireAuthPing\fR (boolean) Let ngIRCd send an "authentication PING" when a new client connects, and blob - 98a2c1d790f63eadeda6dcd2073046a4407055ec blob + 01ec3c09510ae18324900d4fd3651ea63865b401 --- src/ngircd/conf.c +++ src/ngircd/conf.c @@ -419,6 +419,7 @@ Conf_Test( void ) #ifdef PAM printf(" PAM = %s\n", yesno_to_str(Conf_PAM)); printf(" PAMIsOptional = %s\n", yesno_to_str(Conf_PAMIsOptional)); + printf(" PAMServiceName = %s\n", Conf_PAMServiceName); #endif #ifndef STRICT_RFC printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing)); @@ -807,6 +808,7 @@ Set_Defaults(bool InitServers) Conf_PAM = false; #endif Conf_PAMIsOptional = false; + strcpy(Conf_PAMServiceName, "ngircd"); Conf_ScrubCTCP = false; #ifdef SYSLOG #ifdef LOG_LOCAL5 @@ -1831,6 +1833,12 @@ Handle_OPTIONS(const char *File, int Line, char *Var, } if (strcasecmp(Var, "PAMIsOptional") == 0 ) { Conf_PAMIsOptional = Check_ArgIsTrue(Arg); + return; + } + if (strcasecmp(Var, "PAMServiceName") == 0) { + len = strlcpy(Conf_PAMServiceName, Arg, sizeof(Conf_PAMServiceName)); + if (len >= sizeof(Conf_PAMServiceName)) + Config_Error_TooLong(File, Line, Var); return; } if (strcasecmp(Var, "PredefChannelsOnly") == 0) { blob - 70de20af9edbb6321b739eac123124baa74e5575 blob + 7203b86a3b630ce559a6693d7af26234cd1fa84d --- src/ngircd/conf.h +++ src/ngircd/conf.h @@ -203,6 +203,9 @@ GLOBAL bool Conf_PAM; /** Don't require all clients to send a password an to be PAM authenticated */ GLOBAL bool Conf_PAMIsOptional; +/** The service name to use for PAM */ +GLOBAL char Conf_PAMServiceName[MAX_PAM_SERVICE_NAME_LEN]; + /** Disable all CTCP commands except for /me ? */ GLOBAL bool Conf_ScrubCTCP; blob - 6bea174e2d46725bd36284973e4a6d630d94e810 blob + f2666905e2512ae78396052bc861b19c77bb7de5 --- src/ngircd/defines.h +++ src/ngircd/defines.h @@ -61,7 +61,10 @@ /** Size of default connection pool. */ #define CONNECTION_POOL 100 +/** Size of buffer for PAM service name. */ +#define MAX_PAM_SERVICE_NAME_LEN 64 + /* Hard-coded (default) options */ /** Delay after startup before outgoing connections are initiated in seconds. */ blob - d2a8a54e5d66eb15f5edfb573720c83f797d5dee blob + 4e47ddb16d8d8be0eaa3b0ccddb6e411e1837960 --- src/ngircd/pam.c +++ src/ngircd/pam.c @@ -32,6 +32,7 @@ #include "log.h" #include "conn.h" #include "client.h" +#include "conf.h" #include "pam.h" @@ -101,7 +102,7 @@ PAM_Authenticate(CLIENT *Client) { conv.appdata_ptr = Conn_Password(Client_Conn(Client)); /* Initialize PAM */ - retval = pam_start("ngircd", Client_OrigUser(Client), &conv, &pam); + retval = pam_start(Conf_PAMServiceName, Client_OrigUser(Client), &conv, &pam); if (retval != PAM_SUCCESS) { Log(LOG_ERR, "PAM: Failed to create authenticator! (%d)", retval); return false;