X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=src%2Fngircd%2Firc-login.c;h=03fea99ad4e8f79ceb3a426d073f75444817933e;hb=04e38f17ae671f84b93e06c6eefa9235dd71d6ce;hp=0bcbe3edc5b45ec0e36f8124137dc96872892353;hpb=57a2faf4a74c65a6f12caf2d69c34e4f08c659f9;p=ngircd-alex.git

diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c
index 0bcbe3ed..03fea99a 100644
--- a/src/ngircd/irc-login.c
+++ b/src/ngircd/irc-login.c
@@ -778,7 +778,21 @@ Hello_User(CLIENT * Client)
 	assert(Client != NULL);
 	conn = Client_Conn(Client);
 
-	pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result);
+	if (Conf_NoPAM) {
+		/* Don't do any PAM authentication at all, instead emulate
+		 * the beahiour of the daemon compiled without PAM support:
+		 * because there can't be any "server password", all
+		 * passwords supplied are classified as "wrong". */
+		if(Client_Password(Client)[0] == '\0')
+			return Hello_User_PostAuth(Client);
+		Reject_Client(Client);
+		return DISCONNECTED;
+	}
+
+	/* Fork child process for PAM authentication; and make sure that the
+	 * process timeout is set higher than the login timeout! */
+	pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
+			cb_Read_Auth_Result, Conf_PongTimeout + 1);
 	if (pid > 0) {
 		LogDebug("Authenticator for connection %d created (PID %d).",
 			 conn, pid);
@@ -786,10 +800,7 @@ Hello_User(CLIENT * Client)
 	} else {
 		/* Sub process */
 		Log_Init_Subprocess("Auth");
-		if (Conf_NoPAM) {
-			result = (Client_Password(Client)[0] == '\0');
-		} else
-			result = PAM_Authenticate(Client);
+		result = PAM_Authenticate(Client);
 		write(pipefd[1], &result, sizeof(result));
 		Log_Exit_Subprocess("Auth");
 		exit(0);
@@ -839,18 +850,16 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events)
 	if (len == 0)
 		return;
 
-	/* Make sure authenticator sub-process is dead now ... */
-	Proc_Kill(proc);
-
 	if (len != sizeof(result)) {
 		Log(LOG_CRIT, "Auth: Got malformed result!");
 		Reject_Client(client);
 		return;
 	}
 
-	if (result == true)
+	if (result == true) {
+		Client_SetUser(client, Client_OrigUser(client), true);
 		(void)Hello_User_PostAuth(client);
-	else
+	} else
 		Reject_Client(client);
 }