From 26154be2779fbe3f8cd9b8903710ecc8a86c9dd1 Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyich@gmail.com>
Date: Mon, 25 Mar 2024 19:27:46 +0000
Subject: [PATCH] linux-pam: pull upstream fix to restore empty password
 handling

Before the change the login into users without passwords was failing:

    https://github.com/NixOS/nixpkgs/issues/297920

It used to work when `linux-pam` used direct `shadow` access when ran as
root. The switch to external helper have broken that use case.

Let's pull accepted upstream fix to restore empty password handling.
---
 pkgs/os-specific/linux/pam/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix
index c956dfad4c64..2b0c327fbc2e 100644
--- a/pkgs/os-specific/linux/pam/default.nix
+++ b/pkgs/os-specific/linux/pam/default.nix
@@ -22,6 +22,15 @@ stdenv.mkDerivation rec {
       url = "https://github.com/linux-pam/linux-pam/commit/cc9d40b7cdbd3e15ccaa324a0dda1680ef9dea13.patch";
       hash = "sha256-tCnH2yPO4dBbJOZA0fP2gm1EavHRMEJyfzB5Vy7YjAA=";
     })
+
+    # Resotre handling of empty passwords:
+    #   https://github.com/linux-pam/linux-pam/pull/784
+    # TODO: drop upstreamed patch on 1.6.1 update.
+    (fetchpatch {
+      name = "revert-unconditional-helper.patch";
+      url = "https://github.com/linux-pam/linux-pam/commit/8d0c575336ad301cd14e16ad2fdec6fe621764b8.patch";
+      hash = "sha256-z9KfMxxqXQVnmNaixaVjLnQqaGsH8MBHhHbiP/8fvhE=";
+    })
   ];
 
   # Case-insensitivity workaround for https://github.com/linux-pam/linux-pam/issues/569