diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2011-03-14 22:42:59 +0100 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2011-03-14 22:42:59 +0100 |
| commit | 9205075b44eae32be7b5034d0e9dc4149d8a93c4 (patch) | |
| tree | 2bed7dc8e8e02cfc9bbf4321578ba1e48a93d8e7 /pam | |
| parent | a637b192ecac93ffee7fb680a3f386c1d2c0e263 (diff) | |
check for user existence before trying password change
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1394 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'pam')
| -rw-r--r-- | pam/pam.c | 29 |
1 files changed, 29 insertions, 0 deletions
@@ -246,6 +246,28 @@ static int nslcd2pam_rc(int rc) } } +/* check whether the specified user is handled by nslcd */ +static int nslcd_request_exists(pam_handle_t *pamh,struct pld_ctx *ctx,struct pld_cfg *cfg, + const char *username) +{ + uid_t dummy_uid; + gid_t dummy_gid; + PAM_REQUEST(NSLCD_ACTION_PASSWD_BYNAME, + /* log debug message */ + pam_syslog(pamh,LOG_DEBUG,"nslcd authentication; user=%s",username), + /* write the request parameters */ + WRITE_STRING(fp,username), + /* read the result entry */ + SKIP_STRING(fp); /* user name */ + SKIP_STRING(fp); /* passwd entry */ + READ_TYPE(fp,dummy_uid,uid_t); + READ_TYPE(fp,dummy_gid,gid_t); + SKIP_STRING(fp); /* gecos */ + SKIP_STRING(fp); /* home dir */ + SKIP_STRING(fp); /* shell */ + ) +} + /* perform an authentication call over nslcd */ static int nslcd_request_authc(pam_handle_t *pamh,struct pld_ctx *ctx,struct pld_cfg *cfg, const char *username,const char *service, @@ -523,6 +545,13 @@ int pam_sm_chauthtok(pam_handle_t *pamh,int flags,int argc,const char **argv) rc=init(pamh,flags,argc,argv,&cfg,&ctx,&username,&service); if (rc!=PAM_SUCCESS) return rc; + /* see if we are dealing with an LDAP user first */ + if (ctx->dn==NULL) + { + rc=nslcd_request_exists(pamh,ctx,&cfg,username); + if (rc!=PAM_SUCCESS) + return remap_pam_rc(rc,&cfg); + } /* prelimenary check, just see if we can connect to the LDAP server and authenticate with the current password */ if (flags&PAM_PRELIM_CHECK) |