Add PAMServiceName setting to specify the used PAM configuration
This setting allows to run multiple ngIRCd instances with PAM configurations on each instance. If one sets it to "ngircd-foo", PAM will use `/etc/pam.d/ngircd-foo` instead of the default `/etc/pam.d/ngircd`.
This commit is contained in:
parent
a93247d32f
commit
e84000f7b8
|
@ -226,6 +226,15 @@
|
||||||
# character prepended to their respective user names!
|
# character prepended to their respective user names!
|
||||||
;PAMIsOptional = no
|
;PAMIsOptional = no
|
||||||
|
|
||||||
|
# When PAM is enabled, this value determines the used PAM
|
||||||
|
# configuration.
|
||||||
|
# This setting allows to run multiple ngIRCd instances with
|
||||||
|
# different PAM configurations on each instance.
|
||||||
|
# If you set it to "ngircd-foo", PAM will use
|
||||||
|
# /etc/pam.d/ngircd-foo instead of the default
|
||||||
|
# /etc/pam.d/ngircd.
|
||||||
|
;PAMServiceName = ngircd
|
||||||
|
|
||||||
# Let ngIRCd send an "authentication PING" when a new client connects,
|
# Let ngIRCd send an "authentication PING" when a new client connects,
|
||||||
# and register this client only after receiving the corresponding
|
# and register this client only after receiving the corresponding
|
||||||
# "PONG" reply.
|
# "PONG" reply.
|
||||||
|
|
|
@ -339,6 +339,14 @@ able to distinguish between Ident'ified and PAM-authenticated users: both
|
||||||
don't have a "~" character prepended to their respective user names!
|
don't have a "~" character prepended to their respective user names!
|
||||||
Default: no.
|
Default: no.
|
||||||
.TP
|
.TP
|
||||||
|
\fBPAMServiceName\fR (string)
|
||||||
|
When PAM is enabled, this value determines the used PAM configuration.
|
||||||
|
This setting allows to run multiple ngIRCd instances with different
|
||||||
|
PAM configurations on each instance. If you set it to "ngircd-foo",
|
||||||
|
PAM will use /etc/pam.d/ngircd-foo instead of the default
|
||||||
|
/etc/pam.d/ngircd.
|
||||||
|
Default: ngircd.
|
||||||
|
.TP
|
||||||
\fBRequireAuthPing\fR (boolean)
|
\fBRequireAuthPing\fR (boolean)
|
||||||
Let ngIRCd send an "authentication PING" when a new client connects, and
|
Let ngIRCd send an "authentication PING" when a new client connects, and
|
||||||
register this client only after receiving the corresponding "PONG" reply.
|
register this client only after receiving the corresponding "PONG" reply.
|
||||||
|
|
|
@ -419,6 +419,7 @@ Conf_Test( void )
|
||||||
#ifdef PAM
|
#ifdef PAM
|
||||||
printf(" PAM = %s\n", yesno_to_str(Conf_PAM));
|
printf(" PAM = %s\n", yesno_to_str(Conf_PAM));
|
||||||
printf(" PAMIsOptional = %s\n", yesno_to_str(Conf_PAMIsOptional));
|
printf(" PAMIsOptional = %s\n", yesno_to_str(Conf_PAMIsOptional));
|
||||||
|
printf(" PAMServiceName = %s\n", Conf_PAMServiceName);
|
||||||
#endif
|
#endif
|
||||||
#ifndef STRICT_RFC
|
#ifndef STRICT_RFC
|
||||||
printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing));
|
printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing));
|
||||||
|
@ -807,6 +808,7 @@ Set_Defaults(bool InitServers)
|
||||||
Conf_PAM = false;
|
Conf_PAM = false;
|
||||||
#endif
|
#endif
|
||||||
Conf_PAMIsOptional = false;
|
Conf_PAMIsOptional = false;
|
||||||
|
strcpy(Conf_PAMServiceName, "ngircd");
|
||||||
Conf_ScrubCTCP = false;
|
Conf_ScrubCTCP = false;
|
||||||
#ifdef SYSLOG
|
#ifdef SYSLOG
|
||||||
#ifdef LOG_LOCAL5
|
#ifdef LOG_LOCAL5
|
||||||
|
@ -1833,6 +1835,12 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg)
|
||||||
Conf_PAMIsOptional = Check_ArgIsTrue(Arg);
|
Conf_PAMIsOptional = Check_ArgIsTrue(Arg);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if (strcasecmp(Var, "PAMServiceName") == 0) {
|
||||||
|
len = strlcpy(Conf_PAMServiceName, Arg, sizeof(Conf_PAMServiceName));
|
||||||
|
if (len >= sizeof(Conf_PAMServiceName))
|
||||||
|
Config_Error_TooLong(File, Line, Var);
|
||||||
|
return;
|
||||||
|
}
|
||||||
if (strcasecmp(Var, "PredefChannelsOnly") == 0) {
|
if (strcasecmp(Var, "PredefChannelsOnly") == 0) {
|
||||||
/*
|
/*
|
||||||
* TODO: This section and support for "PredefChannelsOnly"
|
* TODO: This section and support for "PredefChannelsOnly"
|
||||||
|
|
|
@ -203,6 +203,9 @@ GLOBAL bool Conf_PAM;
|
||||||
/** Don't require all clients to send a password an to be PAM authenticated */
|
/** Don't require all clients to send a password an to be PAM authenticated */
|
||||||
GLOBAL bool Conf_PAMIsOptional;
|
GLOBAL bool Conf_PAMIsOptional;
|
||||||
|
|
||||||
|
/** The service name to use for PAM */
|
||||||
|
GLOBAL char Conf_PAMServiceName[MAX_PAM_SERVICE_NAME_LEN];
|
||||||
|
|
||||||
/** Disable all CTCP commands except for /me ? */
|
/** Disable all CTCP commands except for /me ? */
|
||||||
GLOBAL bool Conf_ScrubCTCP;
|
GLOBAL bool Conf_ScrubCTCP;
|
||||||
|
|
||||||
|
|
|
@ -61,6 +61,9 @@
|
||||||
/** Size of default connection pool. */
|
/** Size of default connection pool. */
|
||||||
#define CONNECTION_POOL 100
|
#define CONNECTION_POOL 100
|
||||||
|
|
||||||
|
/** Size of buffer for PAM service name. */
|
||||||
|
#define MAX_PAM_SERVICE_NAME_LEN 64
|
||||||
|
|
||||||
|
|
||||||
/* Hard-coded (default) options */
|
/* Hard-coded (default) options */
|
||||||
|
|
||||||
|
|
|
@ -32,6 +32,7 @@
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "conn.h"
|
#include "conn.h"
|
||||||
#include "client.h"
|
#include "client.h"
|
||||||
|
#include "conf.h"
|
||||||
|
|
||||||
#include "pam.h"
|
#include "pam.h"
|
||||||
|
|
||||||
|
@ -101,7 +102,7 @@ PAM_Authenticate(CLIENT *Client) {
|
||||||
conv.appdata_ptr = Conn_Password(Client_Conn(Client));
|
conv.appdata_ptr = Conn_Password(Client_Conn(Client));
|
||||||
|
|
||||||
/* Initialize PAM */
|
/* Initialize PAM */
|
||||||
retval = pam_start("ngircd", Client_OrigUser(Client), &conv, &pam);
|
retval = pam_start(Conf_PAMServiceName, Client_OrigUser(Client), &conv, &pam);
|
||||||
if (retval != PAM_SUCCESS) {
|
if (retval != PAM_SUCCESS) {
|
||||||
Log(LOG_ERR, "PAM: Failed to create authenticator! (%d)", retval);
|
Log(LOG_ERR, "PAM: Failed to create authenticator! (%d)", retval);
|
||||||
return false;
|
return false;
|
||||||
|
|
Loading…
Reference in New Issue