From f245eb3e3a9b2f7d3faba6e651056c4b1e68576f Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 28 Jun 2019 14:29:06 +0200
Subject: [pam-bwidm] Improve some checks; only generate UID if none yet

---
 .../pam-bwidm/data/opt/openslx/scripts/pam_bwidm   | 39 +++++++++++-----------
 1 file changed, 20 insertions(+), 19 deletions(-)

(limited to 'core/modules/pam-bwidm')

diff --git a/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm b/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm
index 72cd961e..011256a0 100755
--- a/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm
+++ b/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm
@@ -96,7 +96,7 @@ if ! [ -s "${IDP_QUERY_CACHE}" ]; then
 		exit 7
 	fi
 	idpret="$(curl -w "%{http_code}" -o "${IDP_QUERY_CACHE}" --connect-timeout 5 --max-time 15 "$IDP_QUERY_URL")"
-	if [ "x${idpret:0:1}" != "x2" ]; then
+	if [ "${#idpret}" != 3 ] || [ "x${idpret:0:1}" != "x2" ]; then
 		echo "Could not download the list of identity providers from '$IDP_QUERY_URL'. Aborting."
 		rm -f -- "$IDP_QUERY_CACHE"
 		exit 7
@@ -173,25 +173,26 @@ if [ "x$PAM_TYPE" == "xauth" ]; then
 	echo "machine ${HOST} login ${USER_USERNAME} password ********************" > "${NETRC}" # It should be a tmpfs but you never know
 	rm -f -- "${NETRC}"
 	
-	if [ "x$ret" == "x200" ]; then
-		# auth succeeded, lets create a local user representing the bwIDM user
+	if [ "${#ret}" = 3 ] && [ "x${ret:0:1}" == "x2" ]; then
+		# 2xx code, auth succeeded, lets create a local user representing the bwIDM user
 		echo "Login for '$USER_USERNAME' on '$USER_ORGANISATION' succeeded."
-		# create a random 6digit UID
-		LOOPS=0
-		while [ "$LOOPS" -lt 5 ]; do
-			USER_UID="$(( 100000 + $RANDOM ))"
-			# check existence of this UID, if its free, use it
-			getent passwd "$USER_UID" || break
-			let LOOPS++
-		done
-		if [ "$LOOPS" -eq 5 ]; then
-			# could not find an empty random 6-digit UID, so we will use demo's UID...
-			USER_UID="$(id -u demo)"
-			[ -z "$USER_UID" ] && echo "Could not use UID of 'demo' as a fallback, aborting..." && exit 1
-		fi
-
-		# we have a uid, gid, lets just create the local user now
-		if ! grep -q "^${PAM_USER}:" /etc/passwd; then
+		gexp="$( printf "%s" "${PAM_USER}" | sed 's/[][$^\.*]/\\&/g' )" # Basic regexp
+		if ! grep -q "^${gexp}:" /etc/passwd; then
+			# create a random 6digit UID
+			LOOPS=0
+			while [ "$LOOPS" -lt 5 ]; do
+				USER_UID="$(( 100000 + $RANDOM ))"
+				# check existence of this UID, if its free, use it
+				getent passwd "$USER_UID" || break
+				let LOOPS++
+			done
+			if [ "$LOOPS" -eq 5 ]; then
+				# could not find an empty random 6-digit UID, so we will use demo's UID...
+				USER_UID="$(id -u demo)"
+				[ -z "$USER_UID" ] && echo "Could not use UID of 'demo' as a fallback, aborting..." && exit 1
+			fi
+
+			# we have a uid, gid, lets just create the local user now
 			echo "${PAM_USER}:x:${USER_UID}:${USER_GID}:${PAM_USER}:/home/${PAM_USER}:/bin/bash" >> /etc/passwd
 		fi
 		exit 0
-- 
cgit v1.2.3-55-g7522