summaryrefslogtreecommitdiffstats
path: root/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth
diff options
context:
space:
mode:
Diffstat (limited to 'core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth')
-rwxr-xr-xcore/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth18
1 files changed, 13 insertions, 5 deletions
diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth
index 99d5afa8..6bbe8bdc 100755
--- a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth
+++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth
@@ -24,12 +24,14 @@ SCRIPT_USER=$(whoami)
readonly SCRIPT_USER
[ "x$SCRIPT_USER" = "xroot" ] || [ "x$SCRIPT_USER" = "x$PAM_USER" ] || exit 1
-if [ "$PAM_USER" = "root" ]; then
+grepname=$( echo "$PAM_USER" | sed 's/\./\\./g;s/*/\\*/g' )
+
+if [ "$SCRIPT_USER" = "root" ]; then
# See if we have a shadow entry - skip user in that case
- grep -q "^${PAM_USER}:" "/etc/shadow" && exit 1
+ grep -q -i "^${grepname}:" "/etc/shadow" && exit 1
else
# Running in user context - user must be known from before
- grep -q "^${PAM_USER}:x:.*:.*:${PAM_USER}@SLX:" "/etc/passwd" || exit 1
+ grep -q "^${grepname}:x:.*:.*:${grepname}@SLX:" "/etc/passwd" || exit 1
fi
# ppam -- pluggable pluggable authentication module
@@ -60,7 +62,13 @@ for auth_file in /opt/openslx/pam/auth-source.d/*; do
break
done
[ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT="$PAM_USER"
-readonly USER_UID REAL_ACCOUNT
+readonly USER_UID REAL_ACCOUNT USER_NAME
+
+# Confirm caps matches!
+if [ "$USER_NAME" != "$PAM_USER" ]; then
+ echo "Capitalization mismatch: '$PAM_USER' vs. '$USER_NAME'" >&2
+ exit 1
+fi
# No success - access denied
[ -z "$USER_UID" ] && exit 1
@@ -108,7 +116,7 @@ if [ -n "$GROUPENT" ]; then
echo "$GROUPENT" >> '/etc/group'
fi
fi
-readonly USER_GID USER_GROUP USER_NAME
+readonly USER_GID USER_GROUP
. /opt/openslx/pam/common/homedir-passwd
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-01 21:27:40 +0200