diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/ngircd/conf.c | 6 | ||||
| -rw-r--r-- | src/ngircd/conf.h | 3 | ||||
| -rw-r--r-- | src/ngircd/irc-login.c | 9 |
3 files changed, 18 insertions, 0 deletions
diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index b930b6c8..b0c7fb4b 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -373,6 +373,7 @@ Conf_Test( void ) printf(" OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); #ifdef PAM printf(" PAM = %s\n", yesno_to_str(Conf_PAM)); + printf(" PAMIsOptional = %s\n", yesno_to_str(Conf_PAMIsOptional)); #endif printf(" PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); #ifndef STRICT_RFC @@ -697,6 +698,7 @@ Set_Defaults(bool InitServers) #else Conf_PAM = false; #endif + Conf_PAMIsOptional = false; Conf_PredefChannelsOnly = false; #ifdef SYSLOG Conf_ScrubCTCP = false; @@ -1500,6 +1502,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) WarnPAM(Line); return; } + if (strcasecmp(Var, "PAMIsOptional") == 0 ) { + Conf_PAMIsOptional = Check_ArgIsTrue(Arg); + return; + } if (strcasecmp(Var, "PredefChannelsOnly") == 0) { Conf_PredefChannelsOnly = Check_ArgIsTrue(Arg); return; diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 5a6fff87..be19afc6 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -184,6 +184,9 @@ GLOBAL bool Conf_NoticeAuth; /** Enable all usage of PAM, even when compiled with support for it */ GLOBAL bool Conf_PAM; +/** Don't require all clients to send a password an to be PAM authenticated */ +GLOBAL bool Conf_PAMIsOptional; + /** Disable all CTCP commands except for /me ? */ GLOBAL bool Conf_ScrubCTCP; diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index 8d821608..bbb2f0d5 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -949,6 +949,15 @@ Hello_User(CLIENT * Client) return DISCONNECTED; } + if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) { + /* Clients are not required to send a password and to be PAM- + * authenticated at all. If not, they won't become "identified" + * and keep the "~" in their supplied user name. + * Therefore it is sensible to either set Conf_PAMisOptional or + * to enable IDENT lookups -- not both. */ + return Hello_User_PostAuth(Client); + } + /* Fork child process for PAM authentication; and make sure that the * process timeout is set higher than the login timeout! */ pid = Proc_Fork(Conn_GetProcStat(conn), pipefd, |