From b932baab5240d80512406e660efece151add0d9d Mon Sep 17 00:00:00 2001
From: Loganius <31364192+TheMiningTeamYT@users.noreply.github.com>
Date: Fri, 19 Dec 2025 10:17:43 -0600
Subject: Handle clients which erroneously send passwords for non-password
 protected servers

Ignore passwords sent by clients when not configured/needed.

Closes #332.
---
 src/ngircd/login.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ngircd/login.c b/src/ngircd/login.c
index 3412e337..75f85940 100644
--- a/src/ngircd/login.c
+++ b/src/ngircd/login.c
@@ -93,7 +93,8 @@ Login_User(CLIENT * Client)
 		/* Don't do any PAM authentication at all if PAM is not
 		 * enabled, instead emulate the behavior of the daemon
 		 * compiled without PAM support. */
-		if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0)
+		if (Conf_ServerPwd[0] == 0 || 
+			strcmp(Conn_Password(conn), Conf_ServerPwd) == 0)
 			return Login_User_PostAuth(Client);
 		Client_Reject(Client, "Bad server password", false);
 		return DISCONNECTED;
@@ -132,7 +133,8 @@ Login_User(CLIENT * Client)
 	} else return CONNECTED;
 #else
 	/* Check global server password ... */
-	if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
+	if (Conf_ServerPwd[0] != 0 && 
+		strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
 		/* Bad password! */
 		Client_Reject(Client, "Bad server password", false);
 		return DISCONNECTED;
-- 
cgit 1.4.1