From 901b5c1add8917438105dc4f7c9d2883edea4849 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 10 Jan 2020 17:30:17 +0100
Subject: [run-virt/pam-slx-plug] Always spawn pwdaemon, and one instance only

---
 .../data/opt/openslx/pam/exec_auth_final           | 25 ++++++++++++++--------
 1 file changed, 16 insertions(+), 9 deletions(-)

(limited to 'core/modules/pam-slx-plug')

diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth_final b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth_final
index 3d12d20f..6ddd2bfb 100755
--- a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth_final
+++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth_final
@@ -3,23 +3,32 @@
 # This is executed in the pam_auth phase, after any real
 # authentication module succeeded. It will execute all scripts in
 # /opt/openslx/pam/hooks/auth-final-exec.d
-# This is in contrast to /opt/openslx/pam/hooks/auth-slx-success.d
+# This is in contrast to /opt/openslx/pam/hooks/auth-slx-source.d
 # which only executes if one of the pam-slx-plugins succeeded authing,
 # but then offers further variables detailing the auth environment.
 
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin"
 
-# Remove password from stdin
-cat &> /dev/null &
-waitpid=$!
+source_dir=/opt/openslx/pam/hooks/auth-final-exec.d
+readonly source_dir
+[ -d "$source_dir" ] || exit 0
+
+# grab the password from stdin asap
+[ "$PAM_TYPE" = "auth" ] || exit 1
+unset USER_PASSWORD
+read -r USER_PASSWORD > /dev/null 2>&1
+readonly USER_PASSWORD
+[ -z "$USER_PASSWORD" ] && echo "No password given." && exit 1
 
 # Only as root
 [ "$(whoami)" != "root" ] && exit 0
 
-source_dir=/opt/openslx/pam/hooks/auth-final-exec.d
-readonly source_dir
+# Set other vars
+getent="$( getent passwd "$PAM_USER" )"
+USER_UID="$( printf "%s" "$getent" | awk -F: '{print $3; exit}' )"
+TEMP_HOME_DIR="$( printf "%s" "$getent" | awk -F: '{print $6; exit}' )"
 
-[ -d "$source_dir" ] || exit 0
+export USER_PASSWORD USER_UID TEMP_HOME_DIR
 
 for file in $source_dir/*; do
 	[ -e "$file" ] || continue # Dir empty, will be the unglobbed string
@@ -34,6 +43,4 @@ for file in $source_dir/*; do
 	"$file" || slxlog "pam-auth-final" "$file didn't exit with code 0"
 done
 
-kill "$waitpid"
-
 exit 0
-- 
cgit v1.2.3-55-g7522