forked from Hyperion/HyperionOS
hotfix
This commit is contained in:
@@ -1 +1,66 @@
|
||||
local a=...local b={}a.pam=b;local c={}local function d(e)local f=a.vfs.open(e,"r")if not f then error("Failed to open file: "..e)end;local g=a.vfs.read(f,1024000)a.vfs.close(f)return g end;local h=require("crypto.blake2s")if not h then error("Failed to load blake2s")end;if not a.vfs.exists("/etc/pam.d/secret")then local i=""for j=1,256 do i=i..string.char(math.random(1,255))end;local k=a.vfs.open("/etc/pam.d/secret","w")a.vfs.write(k,i)a.vfs.close(k)end;local l=d("/etc/pam.d/secret")function b.authenticate(m,n)local o=d("/etc/passwd")local p=d("/etc/shadow")local q=string.split(o,"\n")local r=string.split(p,"\n")local s={}local t={}for u,v in ipairs(q)do local w=string.split(v,":")s[w[1]]=w end;for u,v in ipairs(r)do local w=string.split(v,":")t[w[1]]=w end;for x,w in pairs(s)do if x==m then local y=string.split(t[x][2],"$")local z=y[2]local A=h(n..z,l)if A==y[3]then c[m]=a.newUUID()return c[m]else return false end end end end;function b.authToken(m,B)return c[m]==B end
|
||||
--:Minify:--
|
||||
local kernel = ...
|
||||
local pam = {}
|
||||
kernel.pam = pam
|
||||
local loggedIn = {}
|
||||
|
||||
local function getFile(path)
|
||||
local file = kernel.vfs.open(path, "r")
|
||||
if not file then error("Failed to open file: "..path) end
|
||||
local content = kernel.vfs.read(file, 1024000)
|
||||
kernel.vfs.close(file)
|
||||
return content
|
||||
end
|
||||
|
||||
local blake2s = require("crypto.blake2s")
|
||||
if not blake2s then error("Failed to load blake2s") end
|
||||
|
||||
if not kernel.vfs.exists("/etc/pam.d/secret") then
|
||||
local key = ""
|
||||
for i=1, 256 do
|
||||
key=key..string.char(math.random(1,255))
|
||||
end
|
||||
local handle = kernel.vfs.open("/etc/pam.d/secret", "w")
|
||||
kernel.vfs.write(handle, key)
|
||||
kernel.vfs.close(handle)
|
||||
end
|
||||
|
||||
local pepper = getFile("/etc/pam.d/secret")
|
||||
|
||||
function pam.authenticate(username, password)
|
||||
local fpasswd = getFile("/etc/passwd")
|
||||
local fshadow = getFile("/etc/shadow")
|
||||
|
||||
local passwdLines = string.split(fpasswd, "\n")
|
||||
local shadowLines = string.split(fshadow, "\n")
|
||||
|
||||
local passwd = {}
|
||||
local shadow = {}
|
||||
for _, line in ipairs(passwdLines) do
|
||||
local fields = string.split(line, ":")
|
||||
passwd[fields[1]] = fields
|
||||
end
|
||||
for _, line in ipairs(shadowLines) do
|
||||
local fields = string.split(line, ":")
|
||||
shadow[fields[1]] = fields
|
||||
end
|
||||
|
||||
for user, fields in pairs(passwd) do
|
||||
if user == username then
|
||||
local shadowPasswd = string.split(shadow[user][2], "$")
|
||||
local salt = shadowPasswd[2]
|
||||
local hashedPassword = blake2s(password .. salt, pepper)
|
||||
if hashedPassword == shadowPasswd[3] then
|
||||
loggedIn[username] = kernel.newUUID()
|
||||
return loggedIn[username]
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
function pam.authToken(username, token)
|
||||
return loggedIn[username] == token
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user