Module Name: src Committed By: perseant Date: Tue Aug 20 22:07:44 UTC 2013
Modified Files: src/lib/libpam/modules/pam_deny: pam_deny.8 pam_deny.c Log Message: Add Edgar Fuss's patch to pam_deny, to allow users to be able to change their LDAP password with "passwd". To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/lib/libpam/modules/pam_deny/pam_deny.8 cvs rdiff -u -r1.2 -r1.3 src/lib/libpam/modules/pam_deny/pam_deny.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/libpam/modules/pam_deny/pam_deny.8 diff -u src/lib/libpam/modules/pam_deny/pam_deny.8:1.3 src/lib/libpam/modules/pam_deny/pam_deny.8:1.4 --- src/lib/libpam/modules/pam_deny/pam_deny.8:1.3 Sat Feb 26 14:54:25 2005 +++ src/lib/libpam/modules/pam_deny/pam_deny.8 Tue Aug 20 22:07:44 2013 @@ -1,4 +1,4 @@ -.\" $NetBSD: pam_deny.8,v 1.3 2005/02/26 14:54:25 thorpej Exp $ +.\" $NetBSD: pam_deny.8,v 1.4 2013/08/20 22:07:44 perseant Exp $ .\" Copyright (c) 2001 Mark R V Murray .\" All rights reserved. .\" @@ -73,6 +73,17 @@ suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined. +.It Cm prelim_ignore +for password management ( +.Dq Li password +feature), return PAM_IGNORE +in the preliminary phase. +This allows the module to be used (with the +.Dq Li required +flag) at the end of a chain of +.Dq Li sufficient +modules with this service +(where the entire chain is in fact run twice). .El .Sh SEE ALSO .Xr syslog 3 , Index: src/lib/libpam/modules/pam_deny/pam_deny.c diff -u src/lib/libpam/modules/pam_deny/pam_deny.c:1.2 src/lib/libpam/modules/pam_deny/pam_deny.c:1.3 --- src/lib/libpam/modules/pam_deny/pam_deny.c:1.2 Sun Dec 12 08:18:44 2004 +++ src/lib/libpam/modules/pam_deny/pam_deny.c Tue Aug 20 22:07:44 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_deny.c,v 1.2 2004/12/12 08:18:44 christos Exp $ */ +/* $NetBSD: pam_deny.c,v 1.3 2013/08/20 22:07:44 perseant Exp $ */ /*- * Copyright 2001 Mark R V Murray @@ -30,10 +30,12 @@ #ifdef __FreeBSD__ __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_deny/pam_deny.c,v 1.9 2002/04/12 22:27:19 des Exp $"); #else -__RCSID("$NetBSD: pam_deny.c,v 1.2 2004/12/12 08:18:44 christos Exp $"); +__RCSID("$NetBSD: pam_deny.c,v 1.3 2013/08/20 22:07:44 perseant Exp $"); #endif #include <stddef.h> +#include <string.h> +#include <syslog.h> #define PAM_SM_AUTH #define PAM_SM_ACCOUNT @@ -61,7 +63,7 @@ pam_sm_setcred(pam_handle_t *pamh __unus int argc __unused, const char *argv[] __unused) { - return (PAM_AUTH_ERR); + return (PAM_CRED_ERR); } PAM_EXTERN int @@ -73,11 +75,25 @@ pam_sm_acct_mgmt(pam_handle_t *pamh __un } PAM_EXTERN int -pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) +pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags, + int argc, const char *argv[]) { + int prelim_ignore = 0, debug = 0; + int i; - return (PAM_AUTH_ERR); + for (i = 0; i < argc; i++) { + if (strcmp(argv[i], "prelim_ignore") == 0) + prelim_ignore = 1; + else if (strcmp(argv[i], "debug") == 0) + debug = 1; + else + syslog(LOG_ERR, "illegal option %s", argv[i]); + } + + if (flags & PAM_PRELIM_CHECK && prelim_ignore) + return (PAM_IGNORE); + else + return (PAM_AUTHTOK_ERR); } PAM_EXTERN int @@ -85,7 +101,7 @@ pam_sm_open_session(pam_handle_t *pamh _ int argc __unused, const char *argv[] __unused) { - return (PAM_AUTH_ERR); + return (PAM_SESSION_ERR); } PAM_EXTERN int @@ -93,7 +109,7 @@ pam_sm_close_session(pam_handle_t *pamh int argc __unused, const char *argv[] __unused) { - return (PAM_AUTH_ERR); + return (PAM_SESSION_ERR); } PAM_MODULE_ENTRY("pam_deny");