Add Edgar Fuss's patch to pam_deny, to allow users to be able to change their
LDAP password with "passwd".
This commit is contained in:
parent
9a5bd26b35
commit
3b0849f66f
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: pam_deny.8,v 1.3 2005/02/26 14:54:25 thorpej Exp $
|
||||
.\" $NetBSD: pam_deny.8,v 1.4 2013/08/20 22:07:44 perseant Exp $
|
||||
.\" Copyright (c) 2001 Mark R V Murray
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
|
@ -73,6 +73,17 @@ suppress warning messages to the user.
|
|||
These messages include
|
||||
reasons why the user's
|
||||
authentication attempt was declined.
|
||||
.It Cm prelim_ignore
|
||||
for password management (
|
||||
.Dq Li password
|
||||
feature), return PAM_IGNORE
|
||||
in the preliminary phase.
|
||||
This allows the module to be used (with the
|
||||
.Dq Li required
|
||||
flag) at the end of a chain of
|
||||
.Dq Li sufficient
|
||||
modules with this service
|
||||
(where the entire chain is in fact run twice).
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr syslog 3 ,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: pam_deny.c,v 1.2 2004/12/12 08:18:44 christos Exp $ */
|
||||
/* $NetBSD: pam_deny.c,v 1.3 2013/08/20 22:07:44 perseant Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright 2001 Mark R V Murray
|
||||
|
@ -30,10 +30,12 @@
|
|||
#ifdef __FreeBSD__
|
||||
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_deny/pam_deny.c,v 1.9 2002/04/12 22:27:19 des Exp $");
|
||||
#else
|
||||
__RCSID("$NetBSD: pam_deny.c,v 1.2 2004/12/12 08:18:44 christos Exp $");
|
||||
__RCSID("$NetBSD: pam_deny.c,v 1.3 2013/08/20 22:07:44 perseant Exp $");
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
|
||||
#define PAM_SM_AUTH
|
||||
#define PAM_SM_ACCOUNT
|
||||
|
@ -61,7 +63,7 @@ pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
|
|||
int argc __unused, const char *argv[] __unused)
|
||||
{
|
||||
|
||||
return (PAM_AUTH_ERR);
|
||||
return (PAM_CRED_ERR);
|
||||
}
|
||||
|
||||
PAM_EXTERN int
|
||||
|
@ -73,11 +75,25 @@ pam_sm_acct_mgmt(pam_handle_t *pamh __unused, int flags __unused,
|
|||
}
|
||||
|
||||
PAM_EXTERN int
|
||||
pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags __unused,
|
||||
int argc __unused, const char *argv[] __unused)
|
||||
pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
int prelim_ignore = 0, debug = 0;
|
||||
int i;
|
||||
|
||||
return (PAM_AUTH_ERR);
|
||||
for (i = 0; i < argc; i++) {
|
||||
if (strcmp(argv[i], "prelim_ignore") == 0)
|
||||
prelim_ignore = 1;
|
||||
else if (strcmp(argv[i], "debug") == 0)
|
||||
debug = 1;
|
||||
else
|
||||
syslog(LOG_ERR, "illegal option %s", argv[i]);
|
||||
}
|
||||
|
||||
if (flags & PAM_PRELIM_CHECK && prelim_ignore)
|
||||
return (PAM_IGNORE);
|
||||
else
|
||||
return (PAM_AUTHTOK_ERR);
|
||||
}
|
||||
|
||||
PAM_EXTERN int
|
||||
|
@ -85,7 +101,7 @@ pam_sm_open_session(pam_handle_t *pamh __unused, int flags __unused,
|
|||
int argc __unused, const char *argv[] __unused)
|
||||
{
|
||||
|
||||
return (PAM_AUTH_ERR);
|
||||
return (PAM_SESSION_ERR);
|
||||
}
|
||||
|
||||
PAM_EXTERN int
|
||||
|
@ -93,7 +109,7 @@ pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused,
|
|||
int argc __unused, const char *argv[] __unused)
|
||||
{
|
||||
|
||||
return (PAM_AUTH_ERR);
|
||||
return (PAM_SESSION_ERR);
|
||||
}
|
||||
|
||||
PAM_MODULE_ENTRY("pam_deny");
|
||||
|
|
Loading…
Reference in New Issue