~emersion/soju-dev

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[PATCH] auth/pam: allow specifying PAM service name as driver param

Siva Mahadevan <me@svmhdvn.name>
Details
Message ID
<20240518214904.7863-1-me@svmhdvn.name>
DKIM signature
pass
Download raw message
Patch: +13 -7
---
Ideally, I'd actually like to use "soju" as the default service name as do most
third-party applications supporting PAM. However, I'm keeping it as "login" to
avoid a breaking change to the configuration.

 auth/auth.go     |  2 +-
 auth/pam.go      | 11 ++++++++---
 auth/pam_stub.go |  2 +-
 doc/soju.1.scd   |  5 +++--
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/auth/auth.go b/auth/auth.go
index 188e149..39b4f8c 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -24,7 +24,7 @@ func New(driver, source string) (Authenticator, error) {
	case "oauth2":
		return newOAuth2(source)
	case "pam":
		return newPAM()
		return newPAM(source)
	default:
		return nil, fmt.Errorf("unknown auth driver %q", driver)
	}
diff --git a/auth/pam.go b/auth/pam.go
index a7f3663..071142b 100644
--- a/auth/pam.go
+++ b/auth/pam.go
@@ -11,14 +11,19 @@ import (
	"git.sr.ht/~emersion/soju/database"
)

type pamAuth struct{}
type pamAuth struct {
	service string
}

var (
	_ PlainAuthenticator = (*pamAuth)(nil)
)

func newPAM() (Authenticator, error) {
	return pamAuth{}, nil
func newPAM(service string) (Authenticator, error) {
	if service == "" {
		service = "login"
	}
	return pamAuth{service}, nil
}

func (pamAuth) AuthPlain(ctx context.Context, db database.Database, username, password string) error {
diff --git a/auth/pam_stub.go b/auth/pam_stub.go
index 92b12cd..e0ce96f 100644
--- a/auth/pam_stub.go
+++ b/auth/pam_stub.go
@@ -6,6 +6,6 @@ import (
	"errors"
)

func newPAM() (Authenticator, error) {
func newPAM(service string) (Authenticator, error) {
	return nil, errors.New("PAM support is disabled")
}
diff --git a/doc/soju.1.scd b/doc/soju.1.scd
index f06d5f8..a4ea35b 100644
--- a/doc/soju.1.scd
+++ b/doc/soju.1.scd
@@ -235,8 +235,9 @@ The following directives are supported:
		and password in the URL. The authorization server must support OAuth 2.0
		Authorization Server Metadata (RFC 8414) and OAuth 2.0 Token
		Introspection (RFC 7662).
	*auth pam*
		Use PAM authentication.
	*auth pam* [service]
		Use PAM authentication. The service name is optional and defaults to
		"login".

# IRC SERVICE

-- 
2.45.1
Reply to thread Export thread (mbox)