repo: ngircd
action: commit
revision: 
path_from: 
revision_from: e84000f7b8b8fb8ae29f53f66dea488f904e0838:
path_to: 
revision_to:
git.thebackupbox.net
ngircd
git clone git://git.thebackupbox.net/ngircd
commit e84000f7b8b8fb8ae29f53f66dea488f904e0838
Author: Christian Aistleitner 
Date:   Sun Jun 5 12:46:56 2016 +0200

    Add PAMServiceName setting to specify the used PAM configuration

    This setting allows to run multiple ngIRCd instances with
    PAM configurations on each instance.
    If one sets it to "ngircd-foo", PAM will use `/etc/pam.d/ngircd-foo`
    instead of the default `/etc/pam.d/ngircd`.

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index a4346b1e87488935551807d535fd1a6e548e08f7..
index ..3f9ba0884dee843eb494a59c98f397e6bb26f5cb 100644
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -226,6 +226,15 @@
 	# character prepended to their respective user names!
 	;PAMIsOptional = no

+	# When PAM is enabled, this value determines the used PAM
+	# configuration.
+	# This setting allows to run multiple ngIRCd instances with
+	# different PAM configurations on each instance.
+	# If you set it to "ngircd-foo", PAM will use
+	# /etc/pam.d/ngircd-foo instead of the default
+	# /etc/pam.d/ngircd.
+	;PAMServiceName = ngircd
+
 	# Let ngIRCd send an "authentication PING" when a new client connects,
 	# and register this client only after receiving the corresponding
 	# "PONG" reply.
diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl
index 935ac035f7775cf6a454fcf39c3dd3faeeb171fc..
index ..aacacab3e91f6514d9cbb8278376bda29c97979a 100644
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -339,6 +339,14 @@ able to distinguish between Ident'ified and PAM-authenticated users: both
 don't have a "~" character prepended to their respective user names!
 Default: no.
 .TP
+\fBPAMServiceName\fR (string)
+When PAM is enabled, this value determines the used PAM configuration.
+This setting allows to run multiple ngIRCd instances with different
+PAM configurations on each instance. If you set it to "ngircd-foo",
+PAM will use /etc/pam.d/ngircd-foo instead of the default
+/etc/pam.d/ngircd.
+Default: ngircd.
+.TP
 \fBRequireAuthPing\fR (boolean)
 Let ngIRCd send an "authentication PING" when a new client connects, and
 register this client only after receiving the corresponding "PONG" reply.
diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 98a2c1d790f63eadeda6dcd2073046a4407055ec..
index ..01ec3c09510ae18324900d4fd3651ea63865b401 100644
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -419,6 +419,7 @@ Conf_Test( void )
 #ifdef PAM
 	printf("  PAM = %s\n", yesno_to_str(Conf_PAM));
 	printf("  PAMIsOptional = %s\n", yesno_to_str(Conf_PAMIsOptional));
+	printf("  PAMServiceName = %s\n", Conf_PAMServiceName);
 #endif
 #ifndef STRICT_RFC
 	printf("  RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing));
@@ -807,6 +808,7 @@ Set_Defaults(bool InitServers)
 	Conf_PAM = false;
 #endif
 	Conf_PAMIsOptional = false;
+	strcpy(Conf_PAMServiceName, "ngircd");
 	Conf_ScrubCTCP = false;
 #ifdef SYSLOG
 #ifdef LOG_LOCAL5
@@ -1833,6 +1835,12 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg)
 		Conf_PAMIsOptional = Check_ArgIsTrue(Arg);
 		return;
 	}
+	if (strcasecmp(Var, "PAMServiceName") == 0) {
+		len = strlcpy(Conf_PAMServiceName, Arg, sizeof(Conf_PAMServiceName));
+		if (len >= sizeof(Conf_PAMServiceName))
+			Config_Error_TooLong(File, Line, Var);
+		return;
+	}
 	if (strcasecmp(Var, "PredefChannelsOnly") == 0) {
 		/*
 		 * TODO: This section and support for "PredefChannelsOnly"
diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index 70de20af9edbb6321b739eac123124baa74e5575..
index ..7203b86a3b630ce559a6693d7af26234cd1fa84d 100644
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -203,6 +203,9 @@ GLOBAL bool Conf_PAM;
 /** Don't require all clients to send a password an to be PAM authenticated */
 GLOBAL bool Conf_PAMIsOptional;

+/** The service name to use for PAM */
+GLOBAL char Conf_PAMServiceName[MAX_PAM_SERVICE_NAME_LEN];
+
 /** Disable all CTCP commands except for /me ? */
 GLOBAL bool Conf_ScrubCTCP;

diff --git a/src/ngircd/defines.h b/src/ngircd/defines.h
index 6bea174e2d46725bd36284973e4a6d630d94e810..
index ..f2666905e2512ae78396052bc861b19c77bb7de5 100644
--- a/src/ngircd/defines.h
+++ b/src/ngircd/defines.h
@@ -61,6 +61,9 @@
 /** Size of default connection pool. */
 #define CONNECTION_POOL 100

+/** Size of buffer for PAM service name. */
+#define MAX_PAM_SERVICE_NAME_LEN 64
+

 /* Hard-coded (default) options */

diff --git a/src/ngircd/pam.c b/src/ngircd/pam.c
index d2a8a54e5d66eb15f5edfb573720c83f797d5dee..
index ..4e47ddb16d8d8be0eaa3b0ccddb6e411e1837960 100644
--- a/src/ngircd/pam.c
+++ b/src/ngircd/pam.c
@@ -32,6 +32,7 @@
 #include "log.h"
 #include "conn.h"
 #include "client.h"
+#include "conf.h"

 #include "pam.h"

@@ -101,7 +102,7 @@ PAM_Authenticate(CLIENT *Client) {
 	conv.appdata_ptr = Conn_Password(Client_Conn(Client));

 	/* Initialize PAM */
-	retval = pam_start("ngircd", Client_OrigUser(Client), &conv, &pam);
+	retval = pam_start(Conf_PAMServiceName, Client_OrigUser(Client), &conv, &pam);
 	if (retval != PAM_SUCCESS) {
 		Log(LOG_ERR, "PAM: Failed to create authenticator! (%d)", retval);
 		return false;

-----END OF PAGE-----