summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Shumaker <lukeshu@sbcglobal.net>2016-06-18 02:09:56 -0400
committerLuke Shumaker <lukeshu@sbcglobal.net>2016-06-18 02:09:56 -0400
commit013abf64fded40efdd5533114b03e16916cd1314 (patch)
treef9fdca3e347cf7df99c8ec32ed7a39e6a58b3058
parent34cecd4762e364ade049c455997051ca55663b6f (diff)
PAM: more special cases
-rw-r--r--go/parabola_hackers/nslcd_backend/db_pam.go21
1 files changed, 21 insertions, 0 deletions
diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go
index e20a63f..a0c390f 100644
--- a/go/parabola_hackers/nslcd_backend/db_pam.go
+++ b/go/parabola_hackers/nslcd_backend/db_pam.go
@@ -44,6 +44,14 @@ func hashPassword(newPassword p.String, oldHash p.String) p.String {
return p.String(crypt.Crypt(string(newPassword), salt))
}
+func dirExists(path string) bool {
+ stat, err := os.Stat(path)
+ if err != nil {
+ return false
+ }
+ return stat.IsDir()
+}
+
func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication {
o.lock.RLock()
ret := make(chan p.PAM_Authentication)
@@ -141,6 +149,12 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
if req.AsRoot == 1 && cred.Uid == 0 {
goto update
}
+ // special hack: if the old password is not
+ // set, but the home directory exists, let the
+ // user set their password
+ if string(user.Passwd.PwHash) == "!" && dirExists(string(user.Passwd.HomeDir)) {
+ goto update
+ }
if !checkPassword(req.OldPassword, user.Passwd.PwHash) {
ret <- p.PAM_PwMod{
Result: p.NSLCD_PAM_PERM_DENIED,
@@ -149,6 +163,13 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
return
}
update:
+ if len(req.NewPassword) == 0 {
+ ret <- p.PAM_PwMod{
+ Result: p.NSLCD_PAM_PERM_DENIED,
+ Error: p.String("password cannot be empty"),
+ }
+ return
+ }
// Update the PwHash in memory
user.Passwd.PwHash = hashPassword(req.NewPassword, user.Passwd.PwHash)