Module: ngircd.git Branch: master Commit: 6131822af6c0e2476dd539239d497dc0067271bc URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=61318...
Author: Alexander Barton alex@barton.de Date: Tue Jul 13 22:14:53 2010 +0200
Don't even fork a PAM-subprocess if "NoPAM" option is set
---
src/ngircd/irc-login.c | 16 ++++++++++++---- 1 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index 0bcbe3e..8ac5471 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -778,6 +778,17 @@ Hello_User(CLIENT * Client) assert(Client != NULL); conn = Client_Conn(Client);
+ if (Conf_NoPAM) { + /* Don't do any PAM authentication at all, instead emulate + * the beahiour of the daemon compiled without PAM support: + * because there can't be any "server password", all + * passwords supplied are classified as "wrong". */ + if(Client_Password(Client)[0] == '\0') + return Hello_User_PostAuth(Client); + Reject_Client(Client); + return DISCONNECTED; + } + pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result); if (pid > 0) { LogDebug("Authenticator for connection %d created (PID %d).", @@ -786,10 +797,7 @@ Hello_User(CLIENT * Client) } else { /* Sub process */ Log_Init_Subprocess("Auth"); - if (Conf_NoPAM) { - result = (Client_Password(Client)[0] == '\0'); - } else - result = PAM_Authenticate(Client); + result = PAM_Authenticate(Client); write(pipefd[1], &result, sizeof(result)); Log_Exit_Subprocess("Auth"); exit(0);