diff options
author | Sumit Bose <sbose@redhat.com> | 2009-12-16 12:53:55 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-12-18 09:46:25 -0500 |
commit | 23dc20cd69cfbb2731c36e1610536ba190bbd459 (patch) | |
tree | 106d84e5d8f6a2eef8861a07fa662666ca5ab90f /server/providers/proxy.c | |
parent | 66e4134d8be0eb42c645e9730d46bb2c7f561e81 (diff) | |
download | sssd-23dc20cd69cfbb2731c36e1610536ba190bbd459.tar.gz sssd-23dc20cd69cfbb2731c36e1610536ba190bbd459.tar.bz2 sssd-23dc20cd69cfbb2731c36e1610536ba190bbd459.zip |
Handle chauthtok with PAM_PRELIM_CHECK separately
If pam_sm_chauthtok is called with the flag PAM_PRELIM_CHECK set we
generate a separate call to the sssd to validate the old password before
asking for a new password and sending the change password request.
Diffstat (limited to 'server/providers/proxy.c')
-rw-r--r-- | server/providers/proxy.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/server/providers/proxy.c b/server/providers/proxy.c index ef52ae91..080479c4 100644 --- a/server/providers/proxy.c +++ b/server/providers/proxy.c @@ -137,6 +137,7 @@ static void proxy_pam_handler(struct be_req *req) { struct proxy_auth_ctx); break; case SSS_PAM_CHAUTHTOK: + case SSS_PAM_CHAUTHTOK_PRELIM: ctx = talloc_get_type(req->be_ctx->bet_info[BET_CHPASS].pvt_bet_data, struct proxy_auth_ctx); break; @@ -207,12 +208,22 @@ static void proxy_pam_handler(struct be_req *req) { cache_auth_data = true; } break; + case SSS_PAM_CHAUTHTOK_PRELIM: + if (pd->priv != 1) { + auth_data->authtok_size = pd->authtok_size; + auth_data->authtok = pd->authtok; + pam_status = pam_authenticate(pamh, 0); + } else { + pam_status = PAM_SUCCESS; + } + break; default: DEBUG(1, ("unknown PAM call")); pam_status=PAM_ABORT; } - DEBUG(4, ("Pam result: [%d][%s]\n", pam_status, pam_strerror(pamh, pam_status))); + DEBUG(4, ("Pam result: [%d][%s]\n", pam_status, + pam_strerror(pamh, pam_status))); if (pam_status == PAM_AUTHINFO_UNAVAIL) { be_mark_offline(req->be_ctx); |