1 files changed, 24 insertions, 6 deletions

diff --git a/plugin/eurephia.c b/plugin/eurephia.c
index c169dc7..3392724 100644
--- a/plugin/eurephia.c
+++ b/plugin/eurephia.c
@@ -212,6 +212,7 @@ eurephiaCTX *eurephiaInit(const char const **argv, const char const **envp)
         // Initialise authentication plug-ins.  If no authentication plug-ins have been enabled,
         // the authplugs context will be NULL.
         ctx->authplugs = eAuthPlugin_Init(ctx);
+        ctx->nointernalauth = atoi_nullsafe(eGet_value(ctx->dbc->config, "auth_disable_internal")) > 0;
 
         // Prepare an empty disconnected list.
         // This one is used to track all clients IP addresses and their corresponding eurephia session ID
@@ -480,20 +481,32 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env)
 
         switch (authmeth->method) {
         case eAM_INTERNDB:
-                /* Authenticate against the internal eurephia database */
-                result = eDBauth_user(ctx, certid, username, passwd);
+                DEBUG(ctx, 12, "Using internal authentication for user '%s'/certid %i",
+                      username, certid);
+                if( ctx->nointernalauth == 0 ) {
+                        /* Authenticate against the internal eurephia database */
+                        result = eDBauth_user(ctx, certid, username, passwd);
+                } else {
+                        eurephia_log(ctx, LOG_WARNING, 0,
+                                     "Internal authentication has been disabled.  Enable "
+                                     "authentication plug-in for user '%s' with certid %i",
+                                     username, certid);
+                        result = 0;
+                }
                 break;
 
         case eAM_PLUGIN:
                 authplug = eAuthPlugin_Get(ctx->authplugs, authmeth->authplugid);
                 if( authplug == NULL ) {
                         eurephia_log(ctx, LOG_ERROR, 0,
-                                "Failed to find authentication plug-in %i to authenticate"
-                                "user '%s' with certid %i",
-                                authmeth->authplugid, username, certid);
+                                     "Failed to find authentication plug-in %i to authenticate"
+                                     "user '%s' with certid %i",
+                                     authmeth->authplugid, username, certid);
                         result = 0;
                         goto exit;
                 }
+                DEBUG(ctx, 12, "Using authentication plugin %i for user '%s'/certid %i",
+                      authmeth->authplugid, username, certid);
 
                 /* Authenticate the user via the auth plug-in */
                 authres = authplug->AuthenticateUser(ctx, authmeth->username, passwd);
@@ -549,7 +562,12 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env)
                 break;
 
         case eAM_BLACKLISTED:
+                DEBUG(ctx, 12, "User '%s'/certid %i is blacklisted", username, certid);
+                result = -1;
+                break;
+
         case eAM_INACTIVE:
+                DEBUG(ctx, 12, "User '%s' is not activated", username);
                 result = -1;
                 break;
 
@@ -563,7 +581,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env)
         eDBauth_FreeAuthMethodResult(ctx, authmeth);
 
         /* If the authentication failed, register the failed attempt */
-        if( result < 1 ) {
+        if( result < 0 ) {
                 eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr);
                 eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest);
                 eDBregister_attempt(ctx, attempt_USERNAME, ATTEMPT_REGISTER, username);