Alexander Barton : Don't even fork a PAM-subprocess if "NoPAM" option is set - ngIRCd GIT Updates

14 Jul 2010

Module: ngircd.git
Branch: master
Commit: 6131822af6c0e2476dd539239d497dc0067271bc
URL:    http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=61318...
Author: Alexander Barton alex@barton.de
Date:   Tue Jul 13 22:14:53 2010 +0200
Don't even fork a PAM-subprocess if "NoPAM" option is set
---
src/ngircd/irc-login.c |   16 ++++++++++++----
 1 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c
index 0bcbe3e..8ac5471 100644
--- a/src/ngircd/irc-login.c
+++ b/src/ngircd/irc-login.c
@@ -778,6 +778,17 @@ Hello_User(CLIENT * Client)
    assert(Client != NULL);
    conn = Client_Conn(Client);
+	if (Conf_NoPAM) {
+		/* Don't do any PAM authentication at all, instead emulate
+		 * the beahiour of the daemon compiled without PAM support:
+		 * because there can't be any "server password", all
+		 * passwords supplied are classified as "wrong". */
+		if(Client_Password(Client)[0] == '\0')
+			return Hello_User_PostAuth(Client);
+		Reject_Client(Client);
+		return DISCONNECTED;
+	}
+
    pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, cb_Read_Auth_Result);
    if (pid > 0) {
    	LogDebug("Authenticator for connection %d created (PID %d).",
@@ -786,10 +797,7 @@ Hello_User(CLIENT * Client)
    } else {
    	/* Sub process */
    	Log_Init_Subprocess("Auth");
-		if (Conf_NoPAM) {
-			result = (Client_Password(Client)[0] == '\0');
-		} else
-			result = PAM_Authenticate(Client);
+		result = PAM_Authenticate(Client);
    	write(pipefd[1], &result, sizeof(result));
    	Log_Exit_Subprocess("Auth");
    	exit(0);

    