summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
m---------go/lukeshu.com/git/go/libnslcd.git0
-rw-r--r--go/parabola_hackers/nslcd_backend/db_pam.go18
2 files changed, 17 insertions, 1 deletions
diff --git a/go/lukeshu.com/git/go/libnslcd.git b/go/lukeshu.com/git/go/libnslcd.git
-Subproject 132cb9ec42cc4fb6c4a20c49422413ab0a62ef6
+Subproject f71ea8c456d30aee004e4e368ab8c89c74a2a5a
diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go
index 3374170..353fe5e 100644
--- a/go/parabola_hackers/nslcd_backend/db_pam.go
+++ b/go/parabola_hackers/nslcd_backend/db_pam.go
@@ -50,6 +50,16 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat
defer o.lock.RUnlock()
defer close(ret)
+ if req.UserName == "" && req.Password == "" && cred.Uid == 0 {
+ ret <- p.PAM_Authentication{
+ AuthenticationResult: p.NSLCD_PAM_SUCCESS,
+ UserName: "",
+ AuthorizationResult: p.NSLCD_PAM_SUCCESS,
+ AuthorizationError: "",
+ }
+ return
+ }
+
uid := o.name2uid(req.UserName)
if uid < 0 {
return
@@ -127,7 +137,8 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
user := o.users[uid]
// Check the OldPassword
- if req.AsRoot == 1 {
+ switch req.AsRoot {
+ case 0: /* user password */
if !checkPassword(req.OldPassword, user.Passwd.PwHash) {
ret <- p.PAM_PwMod{
Result: p.NSLCD_PAM_PERM_DENIED,
@@ -135,6 +146,11 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
}
return
}
+ case 1: /* root password */
+ // do nothing
+ default:
+ logger.Info("Invalid AsRoot value in PwMod request: %d", req.AsRoot)
+ return
}
// Update the PwHash in memory