1 files changed, 28 insertions, 27 deletions

diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go
index 607c550..e20a63f 100644
--- a/go/parabola_hackers/nslcd_backend/db_pam.go
+++ b/go/parabola_hackers/nslcd_backend/db_pam.go
@@ -18,6 +18,7 @@ package hackers_nslcd_backend
 
 import (
 	"fmt"
+	"os"
 	"parabola_hackers"
 	s "syscall"
 
@@ -26,12 +27,12 @@ import (
 	"lukeshu.com/git/go/libsystemd.git/sd_daemon/logger"
 )
 
-func checkPassword(password string, hash string) bool {
-	return crypt.Crypt(password, hash) == hash
+func checkPassword(password p.String, hash p.String) bool {
+	return crypt.Crypt(string(password), string(hash)) == string(hash)
 }
 
-func hashPassword(newPassword string, oldHash string) string {
-	salt := oldHash
+func hashPassword(newPassword p.String, oldHash p.String) p.String {
+	salt := string(oldHash)
 	if salt == "!" {
 		str, err := parabola_hackers.RandomString(crypt.SaltAlphabet, 8)
 		if err != nil {
@@ -40,7 +41,7 @@ func hashPassword(newPassword string, oldHash string) string {
 		}
 		salt = "$6$" + str + "$"
 	}
-	return crypt.Crypt(newPassword, salt)
+	return p.String(crypt.Crypt(string(newPassword), salt))
 }
 
 func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication {
@@ -50,17 +51,17 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat
 		defer o.lock.RUnlock()
 		defer close(ret)
 
-		if req.UserName == "" && req.Password == "" && cred.Uid == 0 {
+		if len(req.UserName) == 0 && len(req.Password) == 0 && cred.Uid == 0 {
 			ret <- p.PAM_Authentication{
 				AuthenticationResult: p.NSLCD_PAM_SUCCESS,
-				UserName:             "",
+				UserName:             p.String(""),
 				AuthorizationResult:  p.NSLCD_PAM_SUCCESS,
-				AuthorizationError:   "",
+				AuthorizationError:   p.String(""),
 			}
 			return
 		}
 
-		uid := o.name2uid(req.UserName)
+		uid := o.name2uid(string(req.UserName))
 		if uid < 0 {
 			return
 		}
@@ -68,9 +69,9 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat
 		user := o.users[uid]
 		obj := p.PAM_Authentication{
 			AuthenticationResult: p.NSLCD_PAM_AUTH_ERR,
-			UserName:             "",
+			UserName:             p.String(""),
 			AuthorizationResult:  p.NSLCD_PAM_AUTH_ERR,
-			AuthorizationError:   "",
+			AuthorizationError:   p.String(""),
 		}
 		if checkPassword(req.Password, user.Passwd.PwHash) {
 			obj.AuthenticationResult = p.NSLCD_PAM_SUCCESS
@@ -89,13 +90,13 @@ func (o *Hackers) PAM_Authorization(cred s.Ucred, req p.Request_PAM_Authorizatio
 		defer o.lock.RUnlock()
 		defer close(ret)
 
-		uid := o.name2uid(req.UserName)
+		uid := o.name2uid(string(req.UserName))
 		if uid < 0 {
 			return
 		}
 		ret <- p.PAM_Authorization{
 			Result: p.NSLCD_PAM_SUCCESS,
-			Error:  "",
+			Error:  p.String(""),
 		}
 	}()
 	return ret
@@ -112,7 +113,7 @@ func (o *Hackers) PAM_SessionOpen(cred s.Ucred, req p.Request_PAM_SessionOpen) <
 		if err != nil {
 			return
 		}
-		ret <- p.PAM_SessionOpen{SessionID: sessionid}
+		ret <- p.PAM_SessionOpen{SessionID: p.String(sessionid)}
 	}()
 	return ret
 }
@@ -130,7 +131,7 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
 		defer close(ret)
 		defer o.lock.Unlock()
 
-		uid := o.name2uid(req.UserName)
+		uid := o.name2uid(string(req.UserName))
 		if uid < 0 {
 			return
 		}
@@ -138,20 +139,20 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
 
 		// Check the OldPassword
 		if req.AsRoot == 1 && cred.Uid == 0 {
-			// bypass the password check
-		} else {
-			if !checkPassword(req.OldPassword, user.Passwd.PwHash) {
-				ret <- p.PAM_PwMod{
-					Result: p.NSLCD_PAM_PERM_DENIED,
-					Error:  fmt.Sprintf("password change failed: %s", "Old password did not match"),
-				}
-				return
+			goto update
+		}
+		if !checkPassword(req.OldPassword, user.Passwd.PwHash) {
+			ret <- p.PAM_PwMod{
+				Result: p.NSLCD_PAM_PERM_DENIED,
+				Error:  p.String(fmt.Sprintf("password change failed: %s", "Old password did not match")),
 			}
+			return
 		}
+	update:
 
 		// Update the PwHash in memory
 		user.Passwd.PwHash = hashPassword(req.NewPassword, user.Passwd.PwHash)
-		if user.Passwd.PwHash == "" {
+		if len(user.Passwd.PwHash) == 0 {
 			logger.Err("Password hashing failed")
 			return
 		}
@@ -159,9 +160,9 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
 		// Update the PwHash on disk
 		passwords := make(map[string]string, len(o.users))
 		for _, ouser := range o.users {
-			passwords[ouser.Passwd.Name] = ouser.Passwd.PwHash
+			passwords[string(ouser.Passwd.Name)] = string(ouser.Passwd.PwHash)
 		}
-		passwords[user.Passwd.Name] = user.Passwd.PwHash
+		passwords[string(user.Passwd.Name)] = string(user.Passwd.PwHash)
 		err := parabola_hackers.SaveAllPasswords(passwords)
 		if err != nil {
 			logger.Err("Writing passwords to disk: %v", err)
@@ -172,7 +173,7 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
 		o.users[uid] = user
 		ret <- p.PAM_PwMod{
 			Result: p.NSLCD_PAM_SUCCESS,
-			Error:  "",
+			Error:  p.String(""),
 		}
 	}()
 	return ret