Add "AuthOnlyViaModule" global/user setting

Setting AuthOnlyViaModule on a user causes CheckPass to never return true, causing all authentication attempts using the configured password to fail, both on IRC connections and for webadmin. This is useful in situations where an external module (cyrusauth, certauth, imapauth) handles authentication. Setting the global AuthOnlyViaModule option causes similar behavior across every user. If AuthOnlyViaModule is set to true globally, it cannot be overridden per-user. Close #1474 Close #331
2026-03-28 17:42:41 +01:00 · 2017-12-18 23:00:40 -05:00
parent 3d874f6fe4
commit 42939c998f
9 changed files with 89 additions and 0 deletions
--- a/modules/webadmin.cpp
+++ b/modules/webadmin.cpp
@@ -210,6 +210,15 @@ class CWebAdminMod : public CModule {
            pNewUser->SetPass(sHash, CUser::HASH_DEFAULT, sSalt);
        }

+        sArg = WebSock.GetParam("authonlyviamodule");
+        if (spSession->IsAdmin()) {
+            if (!sArg.empty()) {
+                pNewUser->SetAuthOnlyViaModule(sArg.ToBool());
+            }
+        } else if (pUser) {
+            pNewUser->SetAuthOnlyViaModule(pUser->AuthOnlyViaModule());
+        }
+
        VCString vsArgs;

        WebSock.GetRawParam("allowedips").Split("\n", vsArgs);
@@ -344,11 +353,14 @@ class CWebAdminMod : public CModule {
            pNewUser->SetDenyLoadMod(WebSock.GetParam("denyloadmod").ToBool());
            pNewUser->SetDenySetBindHost(
                WebSock.GetParam("denysetbindhost").ToBool());
+            pNewUser->SetAuthOnlyViaModule(
+                WebSock.GetParam("authonlyviamodule").ToBool());
            sArg = WebSock.GetParam("maxnetworks");
            if (!sArg.empty()) pNewUser->SetMaxNetworks(sArg.ToUInt());
        } else if (pUser) {
            pNewUser->SetDenyLoadMod(pUser->DenyLoadMod());
            pNewUser->SetDenySetBindHost(pUser->DenySetBindHost());
+            pNewUser->SetAuthOnlyViaModule(pUser->AuthOnlyViaModule());
            pNewUser->SetMaxNetworks(pUser->MaxNetworks());
        }

@@ -1327,6 +1339,7 @@ class CWebAdminMod : public CModule {
            Tmpl["ImAdmin"] = CString(spSession->IsAdmin());

            Tmpl["Username"] = pUser->GetUserName();
+            Tmpl["AuthOnlyViaModule"] = CString(pUser->AuthOnlyViaModule());
            Tmpl["Nick"] = pUser->GetNick();
            Tmpl["AltNick"] = pUser->GetAltNick();
            Tmpl["StatusPrefix"] = pUser->GetStatusPrefix();
@@ -1872,6 +1885,7 @@ class CWebAdminMod : public CModule {
            Tmpl["ProtectWebSessions"] =
                CString(CZNC::Get().GetProtectWebSessions());
            Tmpl["HideVersion"] = CString(CZNC::Get().GetHideVersion());
+            Tmpl["AuthOnlyViaModule"] = CString(CZNC::Get().GetAuthOnlyViaModule());

            const VCString& vsMotd = CZNC::Get().GetMotd();
            for (const CString& sMotd : vsMotd) {
@@ -2018,6 +2032,8 @@ class CWebAdminMod : public CModule {
        CZNC::Get().SetProtectWebSessions(sArg.ToBool());
        sArg = WebSock.GetParam("hideversion");
        CZNC::Get().SetHideVersion(sArg.ToBool());
+        sArg = WebSock.GetParam("authonlyviamodule");
+        CZNC::Get().SetAuthOnlyViaModule(sArg.ToBool());

        VCString vsArgs;
        WebSock.GetRawParam("motd").Split("\n", vsArgs);