Merge pull request #6 from norrs/pam_server_password_fix

Validate server password when PAM is disabled.

src/ngircd/conf.c

@@ -370,9 +370,8 @@ Conf_Test( void )
 		       ? (const char*) array_start(&Conf_Motd) : "");
 	}
 	printf("  Network = %s\n", Conf_Network);
-#ifndef PAM
+	if (!Conf_PAM) 
 		printf("  Password = %s\n", Conf_ServerPwd);
-#endif
 	printf("  PidFile = %s\n", Conf_PidFile);
 	printf("  Ports = ");
 	ports_puts(&Conf_ListenPorts);
@@ -2259,7 +2258,7 @@ Validate_Config(bool Configtest, bool Rehash)
 	}
 
 #ifdef PAM
-	if (Conf_ServerPwd[0])
+	if (Conf_PAM && Conf_ServerPwd[0])
 		Config_Error(LOG_ERR,
 			     "This server uses PAM, \"Password\" in [Global] section will be ignored!");
 #endif

src/ngircd/login.c

@@ -91,13 +91,12 @@ Login_User(CLIENT * Client)
 
 #ifdef PAM
 	if (!Conf_PAM) {
-		/* Don't do any PAM authentication at all, instead emulate
-		 * the behavior of the daemon compiled without PAM support:
-		 * because there can't be any "server password", all
-		 * passwords supplied are classified as "wrong". */
-		if(Conn_Password(conn)[0] == '\0')
+		/* Don't do any PAM authentication at all if PAM is not
+		 * enabled, instead emulate the behavior of the daemon
+		 * compiled without PAM support. */
+		if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0) 
 			return Login_User_PostAuth(Client);
-		Client_Reject(Client, "Non-empty password", false);
+		Client_Reject(Client, "Bad server password", false);
 		return DISCONNECTED;
 	}
 
@@ -111,6 +110,7 @@ Login_User(CLIENT * Client)
 		return Login_User_PostAuth(Client);
 	}
 
+	if (Conf_PAM) {
 		/* Fork child process for PAM authentication; and make sure that the
 		 * process timeout is set higher than the login timeout! */
 		pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
@@ -130,6 +130,7 @@ Login_User(CLIENT * Client)
 			Log_Exit_Subprocess("Auth");
 			exit(0);
 		}
+	} else return CONNECTED;
 #else
 	/* Check global server password ... */
 	if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {