diff options
| author | Alexander Barton <alex@barton.de> | 2012-01-01 17:12:36 +0100 |
|---|---|---|
| committer | Alexander Barton <alex@barton.de> | 2012-01-01 17:12:36 +0100 |
| commit | 56b7e67307c1be110eaa4e84681bca03df21bd69 (patch) | |
| tree | bffeb569b68a53b4f632cb84c050d1eceed78f41 /src | |
| parent | b681aa5b9f985247df31772282e520479ffb2ece (diff) | |
| download | ngircd-56b7e67307c1be110eaa4e84681bca03df21bd69.tar.gz ngircd-56b7e67307c1be110eaa4e84681bca03df21bd69.zip | |
New configuration option "PAMIsOptional"
When "PAMIsOptional" is set, clients not sending a password are still allowed to connect: they won't become "identified" and keep the "~" character prepended to their supplied user name.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ngircd/conf.c | 6 | ||||
| -rw-r--r-- | src/ngircd/conf.h | 3 | ||||
| -rw-r--r-- | src/ngircd/irc-login.c | 9 |
3 files changed, 18 insertions, 0 deletions
diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index b930b6c8..b0c7fb4b 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -373,6 +373,7 @@ Conf_Test( void ) printf(" OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); #ifdef PAM printf(" PAM = %s\n", yesno_to_str(Conf_PAM)); + printf(" PAMIsOptional = %s\n", yesno_to_str(Conf_PAMIsOptional)); #endif printf(" PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); #ifndef STRICT_RFC @@ -697,6 +698,7 @@ Set_Defaults(bool InitServers) #else Conf_PAM = false; #endif + Conf_PAMIsOptional = false; Conf_PredefChannelsOnly = false; #ifdef SYSLOG Conf_ScrubCTCP = false; @@ -1500,6 +1502,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) WarnPAM(Line); return; } + if (strcasecmp(Var, "PAMIsOptional") == 0 ) { + Conf_PAMIsOptional = Check_ArgIsTrue(Arg); + return; + } if (strcasecmp(Var, "PredefChannelsOnly") == 0) { Conf_PredefChannelsOnly = Check_ArgIsTrue(Arg); return; diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 5a6fff87..be19afc6 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -184,6 +184,9 @@ GLOBAL bool Conf_NoticeAuth; /** Enable all usage of PAM, even when compiled with support for it */ GLOBAL bool Conf_PAM; +/** Don't require all clients to send a password an to be PAM authenticated */ +GLOBAL bool Conf_PAMIsOptional; + /** Disable all CTCP commands except for /me ? */ GLOBAL bool Conf_ScrubCTCP; diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index 8d821608..bbb2f0d5 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -949,6 +949,15 @@ Hello_User(CLIENT * Client) return DISCONNECTED; } + if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) { + /* Clients are not required to send a password and to be PAM- + * authenticated at all. If not, they won't become "identified" + * and keep the "~" in their supplied user name. + * Therefore it is sensible to either set Conf_PAMisOptional or + * to enable IDENT lookups -- not both. */ + return Hello_User_PostAuth(Client); + } + /* Fork child process for PAM authentication; and make sure that the * process timeout is set higher than the login timeout! */ pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, |