diff options
Diffstat (limited to 'go/parabola_hackers/nslcd_backend/db_pam.go')
-rw-r--r-- | go/parabola_hackers/nslcd_backend/db_pam.go | 55 |
1 files changed, 28 insertions, 27 deletions
diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go index 607c550..e20a63f 100644 --- a/go/parabola_hackers/nslcd_backend/db_pam.go +++ b/go/parabola_hackers/nslcd_backend/db_pam.go @@ -18,6 +18,7 @@ package hackers_nslcd_backend import ( "fmt" + "os" "parabola_hackers" s "syscall" @@ -26,12 +27,12 @@ import ( "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger" ) -func checkPassword(password string, hash string) bool { - return crypt.Crypt(password, hash) == hash +func checkPassword(password p.String, hash p.String) bool { + return crypt.Crypt(string(password), string(hash)) == string(hash) } -func hashPassword(newPassword string, oldHash string) string { - salt := oldHash +func hashPassword(newPassword p.String, oldHash p.String) p.String { + salt := string(oldHash) if salt == "!" { str, err := parabola_hackers.RandomString(crypt.SaltAlphabet, 8) if err != nil { @@ -40,7 +41,7 @@ func hashPassword(newPassword string, oldHash string) string { } salt = "$6$" + str + "$" } - return crypt.Crypt(newPassword, salt) + return p.String(crypt.Crypt(string(newPassword), salt)) } func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication { @@ -50,17 +51,17 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat defer o.lock.RUnlock() defer close(ret) - if req.UserName == "" && req.Password == "" && cred.Uid == 0 { + if len(req.UserName) == 0 && len(req.Password) == 0 && cred.Uid == 0 { ret <- p.PAM_Authentication{ AuthenticationResult: p.NSLCD_PAM_SUCCESS, - UserName: "", + UserName: p.String(""), AuthorizationResult: p.NSLCD_PAM_SUCCESS, - AuthorizationError: "", + AuthorizationError: p.String(""), } return } - uid := o.name2uid(req.UserName) + uid := o.name2uid(string(req.UserName)) if uid < 0 { return } @@ -68,9 +69,9 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat user := o.users[uid] obj := p.PAM_Authentication{ AuthenticationResult: p.NSLCD_PAM_AUTH_ERR, - UserName: "", + UserName: p.String(""), AuthorizationResult: p.NSLCD_PAM_AUTH_ERR, - AuthorizationError: "", + AuthorizationError: p.String(""), } if checkPassword(req.Password, user.Passwd.PwHash) { obj.AuthenticationResult = p.NSLCD_PAM_SUCCESS @@ -89,13 +90,13 @@ func (o *Hackers) PAM_Authorization(cred s.Ucred, req p.Request_PAM_Authorizatio defer o.lock.RUnlock() defer close(ret) - uid := o.name2uid(req.UserName) + uid := o.name2uid(string(req.UserName)) if uid < 0 { return } ret <- p.PAM_Authorization{ Result: p.NSLCD_PAM_SUCCESS, - Error: "", + Error: p.String(""), } }() return ret @@ -112,7 +113,7 @@ func (o *Hackers) PAM_SessionOpen(cred s.Ucred, req p.Request_PAM_SessionOpen) < if err != nil { return } - ret <- p.PAM_SessionOpen{SessionID: sessionid} + ret <- p.PAM_SessionOpen{SessionID: p.String(sessionid)} }() return ret } @@ -130,7 +131,7 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ defer close(ret) defer o.lock.Unlock() - uid := o.name2uid(req.UserName) + uid := o.name2uid(string(req.UserName)) if uid < 0 { return } @@ -138,20 +139,20 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ // Check the OldPassword if req.AsRoot == 1 && cred.Uid == 0 { - // bypass the password check - } else { - if !checkPassword(req.OldPassword, user.Passwd.PwHash) { - ret <- p.PAM_PwMod{ - Result: p.NSLCD_PAM_PERM_DENIED, - Error: fmt.Sprintf("password change failed: %s", "Old password did not match"), - } - return + goto update + } + if !checkPassword(req.OldPassword, user.Passwd.PwHash) { + ret <- p.PAM_PwMod{ + Result: p.NSLCD_PAM_PERM_DENIED, + Error: p.String(fmt.Sprintf("password change failed: %s", "Old password did not match")), } + return } + update: // Update the PwHash in memory user.Passwd.PwHash = hashPassword(req.NewPassword, user.Passwd.PwHash) - if user.Passwd.PwHash == "" { + if len(user.Passwd.PwHash) == 0 { logger.Err("Password hashing failed") return } @@ -159,9 +160,9 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ // Update the PwHash on disk passwords := make(map[string]string, len(o.users)) for _, ouser := range o.users { - passwords[ouser.Passwd.Name] = ouser.Passwd.PwHash + passwords[string(ouser.Passwd.Name)] = string(ouser.Passwd.PwHash) } - passwords[user.Passwd.Name] = user.Passwd.PwHash + passwords[string(user.Passwd.Name)] = string(user.Passwd.PwHash) err := parabola_hackers.SaveAllPasswords(passwords) if err != nil { logger.Err("Writing passwords to disk: %v", err) @@ -172,7 +173,7 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ o.users[uid] = user ret <- p.PAM_PwMod{ Result: p.NSLCD_PAM_SUCCESS, - Error: "", + Error: p.String(""), } }() return ret |