repo: ngircd
action: commit
revision: 
path_from: 
revision_from: f369177617a0f54e34a1af6fa44d1d1e3f953aeb:
path_to: 
revision_to: 

commit f369177617a0f54e34a1af6fa44d1d1e3f953aeb
Author: Alexander Barton 
Date:   Tue Jul 13 15:10:35 2010 +0200

    New configuration option "NoPAM" to disable PAM

    When the "NoPAM" configuration option is set and ngIRCd is compiled
    with support for PAM, ngIRCd will not call any PAM functions: all
    connection attemps without password will succeed instead and all
    connection attemps with password will fail.

    If ngIRCd is compiled without PAM support, this option is a dummy
    option and nothing changes: the global server password will still be
    in effect.

diff --git a/doc/sample-ngircd.conf b/doc/sample-ngircd.conf

--- a/doc/sample-ngircd.conf
+++ b/doc/sample-ngircd.conf
@@ -135,6 +135,9 @@
 	# with support for it.
 	;NoIdent = no

+	# Don't use PAM, even if ngIRCd has been compiled with support for it.
+	;NoPAM = no
+
 	# try to connect to other irc servers using ipv4 and ipv6, if possible
 	;ConnectIPv6 = yes
 	;ConnectIPv4 = yes
diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl

--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -210,6 +210,12 @@ If ngIRCd is compiled with IDENT support this can be used to disable IDENT
 lookups at run time.
 Default: no.
 .TP
+\fBNoPAM\fR
+If ngIRCd is compiled with PAM support this can be used to disable all calls
+to the PAM library at runtime; all users connecting without password are
+allowed to connect, all passwords given will fail.
+Default: no.
+.TP
 \fBConnectIPv4\fR
 Set this to no if you do not want ngIRCd to connect to other IRC servers using
 IPv4. This allows usage of ngIRCd in IPv6-only setups.
diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c

--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -331,6 +331,7 @@ Conf_Test( void )
 	printf("  PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly));
 	printf("  NoDNS = %s\n", yesno_to_str(Conf_NoDNS));
 	printf("  NoIdent = %s\n", yesno_to_str(Conf_NoIdent));
+	printf("  NoPAM = %s\n", yesno_to_str(Conf_NoPAM));

 #ifdef WANT_IPV6
 	printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@@ -580,6 +581,7 @@ Set_Defaults(bool InitServers)
 	Conf_ConnectRetry = 60;
 	Conf_NoDNS = false;
 	Conf_NoIdent = false;
+	Conf_NoPAM = false;

 	Conf_Oper_Count = 0;
 	Conf_Channel_Count = 0;
@@ -986,6 +988,11 @@ Handle_GLOBAL( int Line, char *Var, char *Arg )
 #endif
 		return;
 	}
+	if(strcasecmp(Var, "NoPAM") == 0) {
+		/* don't use PAM library to authenticate users */
+		Conf_NoPAM = Check_ArgIsTrue(Arg);
+		return;
+	}
 #ifdef WANT_IPV6
 	/* the default setting for all the WANT_IPV6 special options is 'true' */
 	if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) {
diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h

--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -152,6 +152,9 @@ GLOBAL bool Conf_NoDNS;
 /* Disable IDENT lookups, even when compiled with support for it */
 GLOBAL bool Conf_NoIdent;

+/* Disable all usage of PAM, even when compiled with support for it */
+GLOBAL bool Conf_NoPAM;
+
 /*
  * try to connect to remote systems using the ipv6 protocol,
  * if they have an ipv6 address? (default yes)
diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c

--- a/src/ngircd/irc-login.c
+++ b/src/ngircd/irc-login.c
@@ -787,7 +787,10 @@ Hello_User(CLIENT * Client)
 		/* Sub process */
 		signal(SIGTERM, Proc_GenericSignalHandler);
 		Log_Init_Subprocess("Auth");
-		result = PAM_Authenticate(Client);
+		if (Conf_NoPAM) {
+			result = (Client_Password(Client)[0] == '\0');
+		} else
+			result = PAM_Authenticate(Client);
 		write(pipefd[1], &result, sizeof(result));
 		Log_Exit_Subprocess("Auth");
 		exit(0);

-----END OF PAGE-----