implement a pam_password_prohibit_message nslcd.conf option to deny password change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted Cheng

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1715 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2012-07-08 10:26:32 +0200
committer: Arthur de Jong <arthur@arthurdejong.org> 2012-07-08 10:26:32 +0200
commit: a7b45e56fd3515435bbbc2b57dae4d6f3b20113f (patch)
tree: 536db2d4c36e444351b00d41ec0efffdc395a18b /nslcd/pam.c
parent: c8f4cef2c40a3a84cb83badc65618afa16c9b3ab (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/nslcd/pam.c b/nslcd/pam.c
index bcc5d4f..cef908d 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -647,6 +647,18 @@ int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid)
     }
     return -1;
   }
+  /* check if pam_password_prohibit_message is set */
+  if (nslcd_cfg->pam_password_prohibit_message!=NULL)
+  {
+    log_log(LOG_NOTICE,"password change prohibited");
+    WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
+    WRITE_STRING(fp,username);
+    WRITE_STRING(fp,"");
+    WRITE_INT32(fp,NSLCD_PAM_PERM_DENIED);
+    WRITE_STRING(fp,nslcd_cfg->pam_password_prohibit_message);
+    WRITE_INT32(fp,NSLCD_RESULT_END);
+    return 0;
+  }
   /* check if the the user passed the rootpwmoddn */
   if (asroot)
   {
author	Arthur de Jong <arthur@arthurdejong.org>	2012-07-08 10:26:32 +0200
committer	Arthur de Jong <arthur@arthurdejong.org>	2012-07-08 10:26:32 +0200
commit	a7b45e56fd3515435bbbc2b57dae4d6f3b20113f (patch)
tree	536db2d4c36e444351b00d41ec0efffdc395a18b /nslcd/pam.c
parent	c8f4cef2c40a3a84cb83badc65618afa16c9b3ab (diff)