From a7b45e56fd3515435bbbc2b57dae4d6f3b20113f Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun, 8 Jul 2012 08:26:32 +0000
Subject: implement a pam_password_prohibit_message nslcd.conf option to deny
 password change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted
 Cheng

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1715 ef36b2f9-881f-0410-afb5-c4e39611909c
---
 nslcd/pam.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'nslcd/pam.c')

diff --git a/nslcd/pam.c b/nslcd/pam.c
index bcc5d4f..cef908d 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -647,6 +647,18 @@ int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid)
     }
     return -1;
   }
+  /* check if pam_password_prohibit_message is set */
+  if (nslcd_cfg->pam_password_prohibit_message!=NULL)
+  {
+    log_log(LOG_NOTICE,"password change prohibited");
+    WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
+    WRITE_STRING(fp,username);
+    WRITE_STRING(fp,"");
+    WRITE_INT32(fp,NSLCD_PAM_PERM_DENIED);
+    WRITE_STRING(fp,nslcd_cfg->pam_password_prohibit_message);
+    WRITE_INT32(fp,NSLCD_RESULT_END);
+    return 0;
+  }
   /* check if the the user passed the rootpwmoddn */
   if (asroot)
   {
-- 
cgit v1.2.3