CVS commit: src/lib/libpam/modules/pam_deny

Tue, 20 Aug 2013 15:09:10 -0700 

Module Name:    src
Committed By:   perseant
Date:           Tue Aug 20 22:07:44 UTC 2013

Modified Files:
        src/lib/libpam/modules/pam_deny: pam_deny.8 pam_deny.c

Log Message:
Add Edgar Fuss's patch to pam_deny, to allow users to be able to change their
LDAP password with "passwd".


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/lib/libpam/modules/pam_deny/pam_deny.8
cvs rdiff -u -r1.2 -r1.3 src/lib/libpam/modules/pam_deny/pam_deny.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/lib/libpam/modules/pam_deny/pam_deny.8
diff -u src/lib/libpam/modules/pam_deny/pam_deny.8:1.3 src/lib/libpam/modules/pam_deny/pam_deny.8:1.4
--- src/lib/libpam/modules/pam_deny/pam_deny.8:1.3	Sat Feb 26 14:54:25 2005
+++ src/lib/libpam/modules/pam_deny/pam_deny.8	Tue Aug 20 22:07:44 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: pam_deny.8,v 1.3 2005/02/26 14:54:25 thorpej Exp $
+.\" $NetBSD: pam_deny.8,v 1.4 2013/08/20 22:07:44 perseant Exp $
 .\" Copyright (c) 2001 Mark R V Murray
 .\" All rights reserved.
 .\"
@@ -73,6 +73,17 @@ suppress warning messages to the user.
 These messages include
 reasons why the user's
 authentication attempt was declined.
+.It Cm prelim_ignore
+for password management (
+.Dq Li password
+feature), return PAM_IGNORE
+in the preliminary phase.
+This allows the module to be used (with the
+.Dq Li required
+flag) at the end of a chain of
+.Dq Li sufficient
+modules with this service
+(where the entire chain is in fact run twice).
 .El
 .Sh SEE ALSO
 .Xr syslog 3 ,

Index: src/lib/libpam/modules/pam_deny/pam_deny.c
diff -u src/lib/libpam/modules/pam_deny/pam_deny.c:1.2 src/lib/libpam/modules/pam_deny/pam_deny.c:1.3
--- src/lib/libpam/modules/pam_deny/pam_deny.c:1.2	Sun Dec 12 08:18:44 2004
+++ src/lib/libpam/modules/pam_deny/pam_deny.c	Tue Aug 20 22:07:44 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_deny.c,v 1.2 2004/12/12 08:18:44 christos Exp $	*/
+/*	$NetBSD: pam_deny.c,v 1.3 2013/08/20 22:07:44 perseant Exp $	*/
 
 /*-
  * Copyright 2001 Mark R V Murray
@@ -30,10 +30,12 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_deny/pam_deny.c,v 1.9 2002/04/12 22:27:19 des Exp $");
 #else
-__RCSID("$NetBSD: pam_deny.c,v 1.2 2004/12/12 08:18:44 christos Exp $");
+__RCSID("$NetBSD: pam_deny.c,v 1.3 2013/08/20 22:07:44 perseant Exp $");
 #endif
 
 #include <stddef.h>
+#include <string.h>
+#include <syslog.h>
 
 #define PAM_SM_AUTH
 #define PAM_SM_ACCOUNT
@@ -61,7 +63,7 @@ pam_sm_setcred(pam_handle_t *pamh __unus
     int argc __unused, const char *argv[] __unused)
 {
 
-	return (PAM_AUTH_ERR);
+	return (PAM_CRED_ERR);
 }
 
 PAM_EXTERN int
@@ -73,11 +75,25 @@ pam_sm_acct_mgmt(pam_handle_t *pamh __un
 }
 
 PAM_EXTERN int
-pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags __unused,
-    int argc __unused, const char *argv[] __unused)
+pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags,
+    int argc, const char *argv[])
 {
+	int prelim_ignore = 0, debug = 0;
+	int i;
 
-	return (PAM_AUTH_ERR);
+	for (i = 0; i < argc; i++) {
+		if (strcmp(argv[i], "prelim_ignore") == 0)
+			prelim_ignore = 1;
+		else if (strcmp(argv[i], "debug") == 0)
+			debug = 1;
+		else
+			syslog(LOG_ERR, "illegal option %s", argv[i]);
+	}
+
+	if (flags & PAM_PRELIM_CHECK && prelim_ignore)
+		return (PAM_IGNORE);
+	else
+		return (PAM_AUTHTOK_ERR);
 }
 
 PAM_EXTERN int
@@ -85,7 +101,7 @@ pam_sm_open_session(pam_handle_t *pamh _
     int argc __unused, const char *argv[] __unused)
 {
 
-	return (PAM_AUTH_ERR);
+	return (PAM_SESSION_ERR);
 }
 
 PAM_EXTERN int
@@ -93,7 +109,7 @@ pam_sm_close_session(pam_handle_t *pamh 
     int argc __unused, const char *argv[] __unused)
 {
 
-	return (PAM_AUTH_ERR);
+	return (PAM_SESSION_ERR);
 }
 
 PAM_MODULE_ENTRY("pam_deny");

Reply via email to