Module Name:src
Committed By: perseant
Date: Tue Aug 20 22:07:44 UTC 2013
Modified Files:
src/lib/libpam/modules/pam_deny: pam_deny.8 pam_deny.c
Log Message:
Add Edgar Fuss's patch to pam_deny, to allow users to be able to change their
LDAP password with passwd.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/lib/libpam/modules/pam_deny/pam_deny.8
cvs rdiff -u -r1.2 -r1.3 src/lib/libpam/modules/pam_deny/pam_deny.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_deny/pam_deny.8
diff -u src/lib/libpam/modules/pam_deny/pam_deny.8:1.3 src/lib/libpam/modules/pam_deny/pam_deny.8:1.4
--- src/lib/libpam/modules/pam_deny/pam_deny.8:1.3 Sat Feb 26 14:54:25 2005
+++ src/lib/libpam/modules/pam_deny/pam_deny.8 Tue Aug 20 22:07:44 2013
@@ -1,4 +1,4 @@
-.\ $NetBSD: pam_deny.8,v 1.3 2005/02/26 14:54:25 thorpej Exp $
+.\ $NetBSD: pam_deny.8,v 1.4 2013/08/20 22:07:44 perseant Exp $
.\ Copyright (c) 2001 Mark R V Murray
.\ All rights reserved.
.\
@@ -73,6 +73,17 @@ suppress warning messages to the user.
These messages include
reasons why the user's
authentication attempt was declined.
+.It Cm prelim_ignore
+for password management (
+.Dq Li password
+feature), return PAM_IGNORE
+in the preliminary phase.
+This allows the module to be used (with the
+.Dq Li required
+flag) at the end of a chain of
+.Dq Li sufficient
+modules with this service
+(where the entire chain is in fact run twice).
.El
.Sh SEE ALSO
.Xr syslog 3 ,
Index: src/lib/libpam/modules/pam_deny/pam_deny.c
diff -u src/lib/libpam/modules/pam_deny/pam_deny.c:1.2 src/lib/libpam/modules/pam_deny/pam_deny.c:1.3
--- src/lib/libpam/modules/pam_deny/pam_deny.c:1.2 Sun Dec 12 08:18:44 2004
+++ src/lib/libpam/modules/pam_deny/pam_deny.c Tue Aug 20 22:07:44 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_deny.c,v 1.2 2004/12/12 08:18:44 christos Exp $ */
+/* $NetBSD: pam_deny.c,v 1.3 2013/08/20 22:07:44 perseant Exp $ */
/*-
* Copyright 2001 Mark R V Murray
@@ -30,10 +30,12 @@
#ifdef __FreeBSD__
__FBSDID($FreeBSD: src/lib/libpam/modules/pam_deny/pam_deny.c,v 1.9 2002/04/12 22:27:19 des Exp $);
#else
-__RCSID($NetBSD: pam_deny.c,v 1.2 2004/12/12 08:18:44 christos Exp $);
+__RCSID($NetBSD: pam_deny.c,v 1.3 2013/08/20 22:07:44 perseant Exp $);
#endif
#include stddef.h
+#include string.h
+#include syslog.h
#define PAM_SM_AUTH
#define PAM_SM_ACCOUNT
@@ -61,7 +63,7 @@ pam_sm_setcred(pam_handle_t *pamh __unus
int argc __unused, const char *argv[] __unused)
{
- return (PAM_AUTH_ERR);
+ return (PAM_CRED_ERR);
}
PAM_EXTERN int
@@ -73,11 +75,25 @@ pam_sm_acct_mgmt(pam_handle_t *pamh __un
}
PAM_EXTERN int
-pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags __unused,
-int argc __unused, const char *argv[] __unused)
+pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags,
+int argc, const char *argv[])
{
+ int prelim_ignore = 0, debug = 0;
+ int i;
- return (PAM_AUTH_ERR);
+ for (i = 0; i argc; i++) {
+ if (strcmp(argv[i], prelim_ignore) == 0)
+ prelim_ignore = 1;
+ else if (strcmp(argv[i], debug) == 0)
+ debug = 1;
+ else
+ syslog(LOG_ERR, illegal option %s, argv[i]);
+ }
+
+ if (flags PAM_PRELIM_CHECK prelim_ignore)
+ return (PAM_IGNORE);
+ else
+ return (PAM_AUTHTOK_ERR);
}
PAM_EXTERN int
@@ -85,7 +101,7 @@ pam_sm_open_session(pam_handle_t *pamh _
int argc __unused, const char *argv[] __unused)
{
- return (PAM_AUTH_ERR);
+ return (PAM_SESSION_ERR);
}
PAM_EXTERN int
@@ -93,7 +109,7 @@ pam_sm_close_session(pam_handle_t *pamh
int argc __unused, const char *argv[] __unused)
{
- return (PAM_AUTH_ERR);
+ return (PAM_SESSION_ERR);
}
PAM_MODULE_ENTRY(pam_deny);