From 7ac77dd0b374a8a9d601ee8e642256ebb46d6dd3 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 22 Sep 2015 18:26:04 +0200
Subject: [mountscript] Fix passing password to ldapsearch (remove trailing
 newline)

---
 data/ad/mountscript | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/data/ad/mountscript b/data/ad/mountscript
index 4812b1e..7a15224 100644
--- a/data/ad/mountscript
+++ b/data/ad/mountscript
@@ -5,6 +5,7 @@
 #
 
 VOLUME=
+RESULT=
 REAL_ACCOUNT=
 if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
 	# determine fileserver and share for home directories
@@ -15,9 +16,11 @@ if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
 		RESULT=$(mktemp)
 		PW="/tmp/pw.${RANDOM}.${RANDOM}.${PAM_USER}.${RANDOM}"
 		mkfifo -m 0600 "${PW}" || slxlog "pam-ad-fifo" "Could not create FIFO at ${PW}"
-		( echo "${PAM_AUTHTOK}" > "${PW}" ) &
-		ldapsearch -y "${PW}" -D "$BINDDN" -l 5 -o nettimeout=5 -o ldif-wrap=no -x -LLL uid="${PAM_USER}" homeMount realAccount > "${RESULT}" 2>/dev/null \
-			|| slxlog "pam-ad-ldapquery" "Could not query LDAP-AD-Proxy for parameters of user '${PAM_USER}'."
+		(
+			echo -n "${PAM_AUTHTOK}" > "${PW}"
+		) &
+		ldapsearch -y "${PW}" -D "$BINDDN" -l 5 -o nettimeout=5 -o ldif-wrap=no -x -LLL uid="${PAM_USER}" homeMount realAccount > "${RESULT}" 2>&1 \
+			|| slxlog "pam-ad-ldapquery" "Could not query LDAP-AD-Proxy for parameters of user '${PAM_USER}'." "${RESULT}"
 		rm -f -- "${PW}"
 		VOLUME=$(cat "${RESULT}" | grep '^homeMount:' | head -n 1 | cut -d ' ' -f 2)
 		[ -z "${VOLUME}" ] && slxlog "pam-ad-ldapvolume" "AD/Proxy did not provide 'homeMount'. Aborting mount for ${PAM_USER}."
-- 
cgit v1.2.3-55-g7522