assert(Client != NULL);
conn = Client_Conn(Client);
- pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result);
+ if (Conf_NoPAM) {
+ /* Don't do any PAM authentication at all, instead emulate
+ * the beahiour of the daemon compiled without PAM support:
+ * because there can't be any "server password", all
+ * passwords supplied are classified as "wrong". */
+ if(Client_Password(Client)[0] == '\0')
+ return Hello_User_PostAuth(Client);
+ Reject_Client(Client);
+ return DISCONNECTED;
+ }
+
+ /* Fork child process for PAM authentication; and make sure that the
+ * process timeout is set higher than the login timeout! */
+ pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
+ cb_Read_Auth_Result, Conf_PongTimeout + 1);
if (pid > 0) {
LogDebug("Authenticator for connection %d created (PID %d).",
conn, pid);
return CONNECTED;
} else {
/* Sub process */
- signal(SIGTERM, Proc_GenericSignalHandler);
Log_Init_Subprocess("Auth");
result = PAM_Authenticate(Client);
write(pipefd[1], &result, sizeof(result));
if (len == 0)
return;
- /* Make sure authenticator sub-process is dead now ... */
- Proc_Kill(proc);
-
if (len != sizeof(result)) {
Log(LOG_CRIT, "Auth: Got malformed result!");
Reject_Client(client);
return;
}
- if (result == true)
+ if (result == true) {
+ Client_SetUser(client, Client_OrigUser(client), true);
(void)Hello_User_PostAuth(client);
- else
+ } else
Reject_Client(client);
}