From 24e52a3c38c027af438fe6dc0a577dd44202b4a0 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 27 Apr 2021 14:29:51 +0200
Subject: [run-virt] Honor SLX_PRINT_REUSE_PASSWORD for pwdaemon

---
 .../pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh       |  9 ++++++++-
 .../pam/hooks/auth-slx-source.d/99-run_virt_credentials       | 11 +++++++++--
 core/modules/run-virt/pw_daemon.c                             |  3 +++
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh
index e1347e41..6f86e0f8 100755
--- a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh
+++ b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh
@@ -1,5 +1,12 @@
 #!/bin/ash
 
-USERNAME="${PAM_USER}" PASSWORD="${USER_PASSWORD}" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" pwdaemon --daemon "${USER_UID}"
+[ -z "${SLX_PXE_CLIENT_IP}${SLX_KCL_SERVERS}" ] && . /opt/openslx/config
+
+# Allow querying PW via UNIX Socket?
+pw=0
+[ "$SLX_PRINT_REUSE_PASSWORD" = "yes" ] && pw=1
+
+USERNAME="${PAM_USER}" PASSWORD="${USER_PASSWORD}" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" \
+	LOCAL_PW="$pw" pwdaemon --daemon "${USER_UID}"
 exit 0
 
diff --git a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials
index 613c66ca..4611c461 100644
--- a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials
+++ b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials
@@ -64,8 +64,15 @@ if [ -n "$TEMP_HOME_DIR" ]; then
 				fi
 			fi
 		fi
-		[ -n "$XDOMAIN" ] && XDOMAIN="$(echo "$XDOMAIN" | tr '[a-z]' '[A-Z]')\\"
-		USERNAME="${XDOMAIN}${XUSER}" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" pwdaemon --daemon "${USER_UID}"
+		[ -n "$XDOMAIN" ] && XDOMAIN="$(echo "$XDOMAIN" | tr 'a-z' 'A-Z')\\"
+
+		[ -z "${SLX_PXE_CLIENT_IP}${SLX_KCL_SERVERS}" ] && . /opt/openslx/config
+		# Allow querying password via UNIX Socket?
+		pw=0
+		[ "$SLX_PRINT_REUSE_PASSWORD" = "yes" ] && pw=1
+
+		USERNAME="${XDOMAIN}${XUSER}" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" \
+			LOCAL_PW="$pw" pwdaemon --daemon "${USER_UID}"
 		unset XUSER XDOMAIN
 	fi
 fi
diff --git a/core/modules/run-virt/pw_daemon.c b/core/modules/run-virt/pw_daemon.c
index 0c9508a3..f25ffffc 100644
--- a/core/modules/run-virt/pw_daemon.c
+++ b/core/modules/run-virt/pw_daemon.c
@@ -149,7 +149,10 @@ static int mode_daemon(const uid_t uidNumber)
 	const char *envuser = getenv("USERNAME");
 	volatile char *envpass = getenv("PASSWORD");
 	const char *pwsocket = getenv("PWSOCKET");
+	const char *localstr = getenv("LOCAL_PW");
+	int allowLocal = localstr != NULL && atoi(localstr);
 	gid_t gidNumber = 65534;
+
 	memset(&addr, 0, sizeof(addr));
 	memset(&sig, 0, sizeof(sig));
 	if (envuser == NULL) {
-- 
cgit v1.2.3-55-g7522