X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=src%2Fngircd%2Firc-login.c;h=03fea99ad4e8f79ceb3a426d073f75444817933e;hb=ade8902b88a525622a40dc3c2276e35a8dad29ac;hp=10e2df82614469bf7ed58116c6f5c00ea1133418;hpb=28424d013d4909a7d5a2501537ad39ae74873724;p=ngircd-alex.git diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index 10e2df82..03fea99a 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -778,14 +778,27 @@ Hello_User(CLIENT * Client) assert(Client != NULL); conn = Client_Conn(Client); - pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result); + if (Conf_NoPAM) { + /* Don't do any PAM authentication at all, instead emulate + * the beahiour of the daemon compiled without PAM support: + * because there can't be any "server password", all + * passwords supplied are classified as "wrong". */ + if(Client_Password(Client)[0] == '\0') + return Hello_User_PostAuth(Client); + Reject_Client(Client); + return DISCONNECTED; + } + + /* Fork child process for PAM authentication; and make sure that the + * process timeout is set higher than the login timeout! */ + pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, + cb_Read_Auth_Result, Conf_PongTimeout + 1); if (pid > 0) { LogDebug("Authenticator for connection %d created (PID %d).", conn, pid); return CONNECTED; } else { /* Sub process */ - signal(SIGTERM, Proc_GenericSignalHandler); Log_Init_Subprocess("Auth"); result = PAM_Authenticate(Client); write(pipefd[1], &result, sizeof(result)); @@ -837,18 +850,16 @@ cb_Read_Auth_Result(int r_fd, UNUSED short events) if (len == 0) return; - /* Make sure authenticator sub-process is dead now ... */ - Proc_Kill(proc); - if (len != sizeof(result)) { Log(LOG_CRIT, "Auth: Got malformed result!"); Reject_Client(client); return; } - if (result == true) + if (result == true) { + Client_SetUser(client, Client_OrigUser(client), true); (void)Hello_User_PostAuth(client); - else + } else Reject_Client(client); }