Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/pam.c
diff options
context:
space:
mode:
authorArthur de Jong <arthur@arthurdejong.org>2010-09-05 11:30:44 +0200
committerArthur de Jong <arthur@arthurdejong.org>2010-09-05 11:30:44 +0200
commit5d0bed9421744105d9f99b12257921ac076cc264 (patch)
tree8609be021b35f423d42dab6d883eb95c8365a9d4 /nslcd/pam.c
parent9a9a18ee35a48980510da613c9caa460f6da7e30 (diff)
implement a rootpwmodpw option that allows root users to change user passwords without a password prompt
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1206 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'nslcd/pam.c')
-rw-r--r--nslcd/pam.c24
1 files changed, 22 insertions, 2 deletions
diff --git a/nslcd/pam.c b/nslcd/pam.c
index ddbe107..8afb27f 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -129,7 +129,7 @@ static int validate_user(MYLDAP_SESSION *session,char *userdn,size_t userdnsz,
}
/* check authentication credentials of the user */
-int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session)
+int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid)
{
int32_t tmpint32;
int rc;
@@ -158,6 +158,16 @@ int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session)
return -1;
}
strcpy(userdn,nslcd_cfg->ldc_rootpwmoddn);
+ /* if the caller is root we will allow the use of the rootpwmodpw option */
+ if ((*password=='\0')&&(calleruid==0)&&(nslcd_cfg->ldc_rootpwmodpw!=NULL))
+ {
+ if (strlen(nslcd_cfg->ldc_rootpwmodpw)>=sizeof(password))
+ {
+ log_log(LOG_ERR,"nslcd_pam_authc(): rootpwmodpw will not fit in password");
+ return -1;
+ }
+ strcpy(password,nslcd_cfg->ldc_rootpwmodpw);
+ }
}
else if (validate_user(session,userdn,sizeof(userdn),username,sizeof(username)))
{
@@ -423,7 +433,7 @@ static int try_pwmod(const char *binddn,const char *userdn,
return rc;
}
-int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session)
+int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid)
{
int32_t tmpint32;
char username[256];
@@ -451,6 +461,16 @@ int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session)
{
binddn=nslcd_cfg->ldc_rootpwmoddn;
userdn[0]='\0'; /* cause validate_user() to get the user DN */
+ /* check if rootpwmodpw should be used */
+ if ((*oldpassword=='\0')&&(calleruid==0)&&(nslcd_cfg->ldc_rootpwmodpw!=NULL))
+ {
+ if (strlen(nslcd_cfg->ldc_rootpwmodpw)>=sizeof(oldpassword))
+ {
+ log_log(LOG_ERR,"nslcd_pam_pwmod(): rootpwmodpw will not fit in oldpassword");
+ return -1;
+ }
+ strcpy(oldpassword,nslcd_cfg->ldc_rootpwmodpw);
+ }
}
/* validate request and fill in the blanks */
if (validate_user(session,userdn,sizeof(userdn),username,sizeof(username)))