diff options
author | Simon Rettberg | 2021-04-27 14:29:51 +0200 |
---|---|---|
committer | Simon Rettberg | 2021-04-27 14:29:51 +0200 |
commit | 24e52a3c38c027af438fe6dc0a577dd44202b4a0 (patch) | |
tree | 28faf503c8fbed26a5e60ee6e7390a8df77c06b5 | |
parent | [vmware-common] Increase OS HW limits, move VMware specific limits (diff) | |
download | mltk-24e52a3c38c027af438fe6dc0a577dd44202b4a0.tar.gz mltk-24e52a3c38c027af438fe6dc0a577dd44202b4a0.tar.xz mltk-24e52a3c38c027af438fe6dc0a577dd44202b4a0.zip |
[run-virt] Honor SLX_PRINT_REUSE_PASSWORD for pwdaemon
3 files changed, 20 insertions, 3 deletions
diff --git a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh index e1347e41..6f86e0f8 100755 --- a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh +++ b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh @@ -1,5 +1,12 @@ #!/bin/ash -USERNAME="${PAM_USER}" PASSWORD="${USER_PASSWORD}" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" pwdaemon --daemon "${USER_UID}" +[ -z "${SLX_PXE_CLIENT_IP}${SLX_KCL_SERVERS}" ] && . /opt/openslx/config + +# Allow querying PW via UNIX Socket? +pw=0 +[ "$SLX_PRINT_REUSE_PASSWORD" = "yes" ] && pw=1 + +USERNAME="${PAM_USER}" PASSWORD="${USER_PASSWORD}" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" \ + LOCAL_PW="$pw" pwdaemon --daemon "${USER_UID}" exit 0 diff --git a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials index 613c66ca..4611c461 100644 --- a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials +++ b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials @@ -64,8 +64,15 @@ if [ -n "$TEMP_HOME_DIR" ]; then fi fi fi - [ -n "$XDOMAIN" ] && XDOMAIN="$(echo "$XDOMAIN" | tr '[a-z]' '[A-Z]')\\" - USERNAME="${XDOMAIN}${XUSER}" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" pwdaemon --daemon "${USER_UID}" + [ -n "$XDOMAIN" ] && XDOMAIN="$(echo "$XDOMAIN" | tr 'a-z' 'A-Z')\\" + + [ -z "${SLX_PXE_CLIENT_IP}${SLX_KCL_SERVERS}" ] && . /opt/openslx/config + # Allow querying password via UNIX Socket? + pw=0 + [ "$SLX_PRINT_REUSE_PASSWORD" = "yes" ] && pw=1 + + USERNAME="${XDOMAIN}${XUSER}" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" \ + LOCAL_PW="$pw" pwdaemon --daemon "${USER_UID}" unset XUSER XDOMAIN fi fi diff --git a/core/modules/run-virt/pw_daemon.c b/core/modules/run-virt/pw_daemon.c index 0c9508a3..f25ffffc 100644 --- a/core/modules/run-virt/pw_daemon.c +++ b/core/modules/run-virt/pw_daemon.c @@ -149,7 +149,10 @@ static int mode_daemon(const uid_t uidNumber) const char *envuser = getenv("USERNAME"); volatile char *envpass = getenv("PASSWORD"); const char *pwsocket = getenv("PWSOCKET"); + const char *localstr = getenv("LOCAL_PW"); + int allowLocal = localstr != NULL && atoi(localstr); gid_t gidNumber = 65534; + memset(&addr, 0, sizeof(addr)); memset(&sig, 0, sizeof(sig)); if (envuser == NULL) { |