From 485d0aec813db9966922f17aae044df2d82b0b67 Mon Sep 17 00:00:00 2001 From: Roy Sindre Norangshol Date: Thu, 27 Feb 2014 00:21:18 +0100 Subject: [PATCH] Use server password when PAM is compiled in but disabled --- src/ngircd/conf.c | 7 +++---- src/ngircd/login.c | 51 +++++++++++++++++++++++----------------------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index bdbb506f..34abbad1 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -370,9 +370,8 @@ Conf_Test( void ) ? (const char*) array_start(&Conf_Motd) : ""); } printf(" Network = %s\n", Conf_Network); -#ifndef PAM - printf(" Password = %s\n", Conf_ServerPwd); -#endif + if (!Conf_PAM) + printf(" Password = %s\n", Conf_ServerPwd); printf(" PidFile = %s\n", Conf_PidFile); printf(" Ports = "); ports_puts(&Conf_ListenPorts); @@ -2259,7 +2258,7 @@ Validate_Config(bool Configtest, bool Rehash) } #ifdef PAM - if (Conf_ServerPwd[0]) + if (Conf_PAM && Conf_ServerPwd[0]) Config_Error(LOG_ERR, "This server uses PAM, \"Password\" in [Global] section will be ignored!"); #endif diff --git a/src/ngircd/login.c b/src/ngircd/login.c index 4011b8bc..23c3b684 100644 --- a/src/ngircd/login.c +++ b/src/ngircd/login.c @@ -91,13 +91,12 @@ Login_User(CLIENT * Client) #ifdef PAM if (!Conf_PAM) { - /* Don't do any PAM authentication at all, instead emulate - * the behavior of the daemon compiled without PAM support: - * because there can't be any "server password", all - * passwords supplied are classified as "wrong". */ - if(Conn_Password(conn)[0] == '\0') + /* Don't do any PAM authentication at all if PAM is not + * enabled, instead emulate the behavior of the daemon + * compiled without PAM support. */ + if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0) return Login_User_PostAuth(Client); - Client_Reject(Client, "Non-empty password", false); + Client_Reject(Client, "Bad server password", false); return DISCONNECTED; } @@ -111,25 +110,27 @@ Login_User(CLIENT * Client) return Login_User_PostAuth(Client); } - /* Fork child process for PAM authentication; and make sure that the - * process timeout is set higher than the login timeout! */ - pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, - cb_Read_Auth_Result, Conf_PongTimeout + 1); - if (pid > 0) { - LogDebug("Authenticator for connection %d created (PID %d).", - conn, pid); - return CONNECTED; - } else { - /* Sub process */ - Log_Init_Subprocess("Auth"); - Conn_CloseAllSockets(NONE); - result = PAM_Authenticate(Client); - if (write(pipefd[1], &result, sizeof(result)) != sizeof(result)) - Log_Subprocess(LOG_ERR, - "Failed to pipe result to parent!"); - Log_Exit_Subprocess("Auth"); - exit(0); - } + if (Conf_PAM) { + /* Fork child process for PAM authentication; and make sure that the + * process timeout is set higher than the login timeout! */ + pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, + cb_Read_Auth_Result, Conf_PongTimeout + 1); + if (pid > 0) { + LogDebug("Authenticator for connection %d created (PID %d).", + conn, pid); + return CONNECTED; + } else { + /* Sub process */ + Log_Init_Subprocess("Auth"); + Conn_CloseAllSockets(NONE); + result = PAM_Authenticate(Client); + if (write(pipefd[1], &result, sizeof(result)) != sizeof(result)) + Log_Subprocess(LOG_ERR, + "Failed to pipe result to parent!"); + Log_Exit_Subprocess("Auth"); + exit(0); + } + } else return CONNECTED; #else /* Check global server password ... */ if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) { -- 2.39.2