From aaf024194b29f48f2336116630be713da90a13bd Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Sun, 24 Jan 2010 14:33:21 +0000 Subject: add admindn configuration file option that is used when modifying another user's password git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1059 ef36b2f9-881f-0410-afb5-c4e39611909c --- pam/pam.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) (limited to 'pam/pam.c') diff --git a/pam/pam.c b/pam/pam.c index f47e1c5..855f9ef 100644 --- a/pam/pam.c +++ b/pam/pam.c @@ -2,7 +2,7 @@ pam.c - pam module functions Copyright (C) 2009 Howard Chu - Copyright (C) 2009 Arthur de Jong + Copyright (C) 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -28,6 +28,7 @@ #include #include #include +#include #include "common.h" #include "compat/attrs.h" @@ -596,6 +597,8 @@ static int nslcd_request_pwmod(pld_ctx *ctx,const char *username, READ_BUF_STRING(fp,ctx->authzmsg);) } +/* prompt for LDAP administrator password */ + /* ensure that the context includes and oldpassword field */ static const char *get_old_password(pam_handle_t *pamh, int flags,pld_ctx *ctx) { @@ -635,7 +638,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh,int flags,int argc,const char **argv) int i; struct pam_conv *appconv; pld_ctx *ctx=NULL; - + struct passwd *pwent; + /* parse module options */ for (i=0;ipw_uid!=getuid())) + { + /* prompt for the admin password */ + rc=pam_get_authtok(pamh,PAM_OLDAUTHTOK,&oldpassword,"LDAP administrator password: "); + if (rc!=PAM_SUCCESS) + return rc; + /* try authenticating */ + rc=nslcd_request_authc(ctx,"",service,oldpassword); + } + else + { + /* get old (current) password */ + oldpassword=get_old_password(pamh,flags,ctx); + /* check the old password */ + rc=nslcd_request_authc(ctx,username,service,oldpassword); + } if (rc==PAM_SUCCESS) rc=ctx->authok; if ((rc==PAM_AUTHINFO_UNAVAIL)&&(ignore_flags&IGNORE_UNAVAIL)) -- cgit v1.2.3