From bdcbbb3d9d9c4d0d318bbd68d3fe39389d70bfe5 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Fri, 17 Jun 2016 22:27:39 -0400 Subject: fix PAM --- go/lukeshu.com/git/go/libnslcd.git | 2 +- go/parabola_hackers/nslcd_backend/db_pam.go | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/go/lukeshu.com/git/go/libnslcd.git b/go/lukeshu.com/git/go/libnslcd.git index 132cb9e..f71ea8c 160000 --- a/go/lukeshu.com/git/go/libnslcd.git +++ b/go/lukeshu.com/git/go/libnslcd.git @@ -1 +1 @@ -Subproject commit 132cb9ec42cc4fb6c4a20c49422413ab0a62ef6e +Subproject commit f71ea8c456d30aee004e4e368ab8c89c74a2a5a2 diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go index 3374170..353fe5e 100644 --- a/go/parabola_hackers/nslcd_backend/db_pam.go +++ b/go/parabola_hackers/nslcd_backend/db_pam.go @@ -50,6 +50,16 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat defer o.lock.RUnlock() defer close(ret) + if req.UserName == "" && req.Password == "" && cred.Uid == 0 { + ret <- p.PAM_Authentication{ + AuthenticationResult: p.NSLCD_PAM_SUCCESS, + UserName: "", + AuthorizationResult: p.NSLCD_PAM_SUCCESS, + AuthorizationError: "", + } + return + } + uid := o.name2uid(req.UserName) if uid < 0 { return @@ -127,7 +137,8 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ user := o.users[uid] // Check the OldPassword - if req.AsRoot == 1 { + switch req.AsRoot { + case 0: /* user password */ if !checkPassword(req.OldPassword, user.Passwd.PwHash) { ret <- p.PAM_PwMod{ Result: p.NSLCD_PAM_PERM_DENIED, @@ -135,6 +146,11 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ } return } + case 1: /* root password */ + // do nothing + default: + logger.Info("Invalid AsRoot value in PwMod request: %d", req.AsRoot) + return } // Update the PwHash in memory -- cgit v1.2.2