summaryrefslogtreecommitdiff
path: root/sss_client
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-10-09 20:52:25 +0200
committerSimo Sorce <ssorce@redhat.com>2009-10-14 19:49:36 -0400
commit91f92358f790ddd2cf60b0b950d1d7fb586528f7 (patch)
treebd377ab8b83cce26179c438115abf1af4e7d3427 /sss_client
parent2ba5c5051d6c96d4360d02db30b6928665dc8319 (diff)
downloadsssd-91f92358f790ddd2cf60b0b950d1d7fb586528f7.tar.gz
sssd-91f92358f790ddd2cf60b0b950d1d7fb586528f7.tar.bz2
sssd-91f92358f790ddd2cf60b0b950d1d7fb586528f7.zip
use old password if available during password change
- if the password is reset by root we do not ask for a password during PAM_PRELIM_CHECK. But if there is one available during PAM_UPDATE_AUTHTOK we will use it, because now we are in an expired password dialog.
Diffstat (limited to 'sss_client')
-rw-r--r--sss_client/pam_sss.c17
1 files changed, 9 insertions, 8 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 4755cd32..411afd18 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -735,18 +735,19 @@ static int get_authtok_for_password_change(pam_handle_t *pamh,
return PAM_SUCCESS;
}
- if (getuid() != 0) {
- pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
- pi->pam_authtok = strdup(pi->pamstack_oldauthtok);
- if (pi->pam_authtok == NULL) {
+ if (pi->pamstack_oldauthtok == NULL) {
+ if (getuid() != 0) {
D(("no password found for chauthtok"));
return PAM_BUF_ERR;
+ } else {
+ pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
+ pi->pam_authtok = NULL;
+ pi->pam_authtok_size = 0;
}
- pi->pam_authtok_size = strlen(pi->pam_authtok);
} else {
- pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
- pi->pam_authtok = NULL;
- pi->pam_authtok_size = 0;
+ pi->pam_authtok = strdup(pi->pamstack_oldauthtok);
+ pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
+ pi->pam_authtok_size = strlen(pi->pam_authtok);
}
if (flags & FLAGS_USE_AUTHTOK) {