diff options
Diffstat (limited to 'go/parabola_hackers/nslcd_backend/db_pam.go')
-rw-r--r-- | go/parabola_hackers/nslcd_backend/db_pam.go | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go index 3374170..353fe5e 100644 --- a/go/parabola_hackers/nslcd_backend/db_pam.go +++ b/go/parabola_hackers/nslcd_backend/db_pam.go @@ -50,6 +50,16 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat defer o.lock.RUnlock() defer close(ret) + if req.UserName == "" && req.Password == "" && cred.Uid == 0 { + ret <- p.PAM_Authentication{ + AuthenticationResult: p.NSLCD_PAM_SUCCESS, + UserName: "", + AuthorizationResult: p.NSLCD_PAM_SUCCESS, + AuthorizationError: "", + } + return + } + uid := o.name2uid(req.UserName) if uid < 0 { return @@ -127,7 +137,8 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ user := o.users[uid] // Check the OldPassword - if req.AsRoot == 1 { + switch req.AsRoot { + case 0: /* user password */ if !checkPassword(req.OldPassword, user.Passwd.PwHash) { ret <- p.PAM_PwMod{ Result: p.NSLCD_PAM_PERM_DENIED, @@ -135,6 +146,11 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ } return } + case 1: /* root password */ + // do nothing + default: + logger.Info("Invalid AsRoot value in PwMod request: %d", req.AsRoot) + return } // Update the PwHash in memory |