commit b932baab5240d80512406e660efece151add0d9d
from: Loganius <31364192+TheMiningTeamYT@users.noreply.github.com>
via: GitHub <noreply@github.com>
date: Fri Dec 19 16:17:43 2025 UTC

Handle clients which erroneously send passwords for non-password protected servers

Ignore passwords sent by clients when not configured/needed.

Closes #332.

commit - 3e4ca16dc245727c64f23494636601c29fd07643
commit + b932baab5240d80512406e660efece151add0d9d
blob - 3412e337a75e6e63a1ef03afd098c1e173878814
blob + 75f8594023ff15f49142a2b0a0d319ea3b243c41
--- src/ngircd/login.c
+++ src/ngircd/login.c
@@ -93,7 +93,8 @@ Login_User(CLIENT * Client)
 		/* Don't do any PAM authentication at all if PAM is not
 		 * enabled, instead emulate the behavior of the daemon
 		 * compiled without PAM support. */
-		if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0)
+		if (Conf_ServerPwd[0] == 0 || 
+			strcmp(Conn_Password(conn), Conf_ServerPwd) == 0)
 			return Login_User_PostAuth(Client);
 		Client_Reject(Client, "Bad server password", false);
 		return DISCONNECTED;
@@ -132,7 +133,8 @@ Login_User(CLIENT * Client)
 	} else return CONNECTED;
 #else
 	/* Check global server password ... */
-	if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
+	if (Conf_ServerPwd[0] != 0 && 
+		strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
 		/* Bad password! */
 		Client_Reject(Client, "Bad server password", false);
 		return DISCONNECTED;