Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Edgar Fuss's patch to pam_deny, to allow users to be able to change their 

LDAP password with "passwd".
This commit is contained in:
perseant 2013-08-20 22:07:44 +00:00
parent 9a5bd26b35
commit 3b0849f66f
2 changed files with 36 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/libpam/modules/pam_deny/pam_deny.8
View File

@ -1,4 +1,4 @@
.\" $NetBSD: pam_deny.8,v 1.3 2005/02/26 14:54:25 thorpej Exp $
.\" $NetBSD: pam_deny.8,v 1.4 2013/08/20 22:07:44 perseant Exp $
.\" Copyright (c) 2001 Mark R V Murray
.\" All rights reserved.
.\"
@ -73,6 +73,17 @@ suppress warning messages to the user.
These messages include
reasons why the user's
authentication attempt was declined.
.It Cm prelim_ignore
for password management (
.Dq Li password
feature), return PAM_IGNORE
in the preliminary phase.
This allows the module to be used (with the
.Dq Li required
flag) at the end of a chain of
.Dq Li sufficient
modules with this service
(where the entire chain is in fact run twice).
.El
.Sh SEE ALSO
.Xr syslog 3 ,

32
lib/libpam/modules/pam_deny/pam_deny.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: pam_deny.c,v 1.2 2004/12/12 08:18:44 christos Exp $ */
/* $NetBSD: pam_deny.c,v 1.3 2013/08/20 22:07:44 perseant Exp $ */
/*-
* Copyright 2001 Mark R V Murray
@ -30,10 +30,12 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_deny/pam_deny.c,v 1.9 2002/04/12 22:27:19 des Exp $");
#else
__RCSID("$NetBSD: pam_deny.c,v 1.2 2004/12/12 08:18:44 christos Exp $");
__RCSID("$NetBSD: pam_deny.c,v 1.3 2013/08/20 22:07:44 perseant Exp $");
#endif
#include <stddef.h>
#include <string.h>
#include <syslog.h>
#define PAM_SM_AUTH
#define PAM_SM_ACCOUNT
@ -61,7 +63,7 @@ pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
return (PAM_AUTH_ERR);
return (PAM_CRED_ERR);
}
PAM_EXTERN int
@ -73,11 +75,25 @@ pam_sm_acct_mgmt(pam_handle_t *pamh __unused, int flags __unused,
}
PAM_EXTERN int
pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags __unused,
int argc __unused, const char *argv[] __unused)
pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags,
int argc, const char *argv[])
{
int prelim_ignore = 0, debug = 0;
int i;
return (PAM_AUTH_ERR);
for (i = 0; i < argc; i++) {
if (strcmp(argv[i], "prelim_ignore") == 0)
prelim_ignore = 1;
else if (strcmp(argv[i], "debug") == 0)
debug = 1;
else
syslog(LOG_ERR, "illegal option %s", argv[i]);
}
if (flags & PAM_PRELIM_CHECK && prelim_ignore)
return (PAM_IGNORE);
else
return (PAM_AUTHTOK_ERR);
}
PAM_EXTERN int
@ -85,7 +101,7 @@ pam_sm_open_session(pam_handle_t *pamh __unused, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
return (PAM_AUTH_ERR);
return (PAM_SESSION_ERR);
}
PAM_EXTERN int
@ -93,7 +109,7 @@ pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
return (PAM_AUTH_ERR);
return (PAM_SESSION_ERR);
}
PAM_MODULE_ENTRY("pam_deny");