[PATCH] auth/pam: allow specifying PAM service name as driver param
Export this patch
---
Ideally, I'd actually like to use "soju" as the default service name as do most
third-party applications supporting PAM. However, I'm keeping it as "login" to
avoid a breaking change to the configuration.
auth/auth.go | 2 +-
auth/pam.go | 11 ++++++++---
auth/pam_stub.go | 2 +-
doc/soju.1.scd | 5 +++--
4 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/auth/auth.go b/auth/auth.go
index 188e149..39b4f8c 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -24,7 +24,7 @@ func New(driver, source string) (Authenticator, error) {
case "oauth2":
return newOAuth2(source)
case "pam":
- return newPAM()
+ return newPAM(source)
default:
return nil, fmt.Errorf("unknown auth driver %q", driver)
}
diff --git a/auth/pam.go b/auth/pam.go
index a7f3663..071142b 100644
--- a/auth/pam.go
+++ b/auth/pam.go
@@ -11,14 +11,19 @@ import (
"git.sr.ht/~emersion/soju/database"
)
-type pamAuth struct{}
+type pamAuth struct {
+ service string
+}
var (
_ PlainAuthenticator = (*pamAuth)(nil)
)
-func newPAM() (Authenticator, error) {
- return pamAuth{}, nil
+func newPAM(service string) (Authenticator, error) {
+ if service == "" {
+ service = "login"
+ }
+ return pamAuth{service}, nil
}
func (pamAuth) AuthPlain(ctx context.Context, db database.Database, username, password string) error {
diff --git a/auth/pam_stub.go b/auth/pam_stub.go
index 92b12cd..e0ce96f 100644
--- a/auth/pam_stub.go
+++ b/auth/pam_stub.go
@@ -6,6 +6,6 @@ import (
"errors"
)
-func newPAM() (Authenticator, error) {
+func newPAM(service string) (Authenticator, error) {
return nil, errors.New("PAM support is disabled")
}
diff --git a/doc/soju.1.scd b/doc/soju.1.scd
index f06d5f8..a4ea35b 100644
--- a/doc/soju.1.scd
+++ b/doc/soju.1.scd
@@ -235,8 +235,9 @@ The following directives are supported:
and password in the URL. The authorization server must support OAuth 2.0
Authorization Server Metadata (RFC 8414) and OAuth 2.0 Token
Introspection (RFC 7662).
- *auth pam*
- Use PAM authentication.
+ *auth pam* [service]
+ Use PAM authentication. The service name is optional and defaults to
+ "login".
# IRC SERVICE
--
2.45.1