diff options
author | Sumit Bose <sbose@redhat.com> | 2009-10-09 20:52:25 +0200 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2009-10-14 19:49:36 -0400 |
commit | 91f92358f790ddd2cf60b0b950d1d7fb586528f7 (patch) | |
tree | bd377ab8b83cce26179c438115abf1af4e7d3427 /sss_client | |
parent | 2ba5c5051d6c96d4360d02db30b6928665dc8319 (diff) | |
download | sssd-91f92358f790ddd2cf60b0b950d1d7fb586528f7.tar.gz sssd-91f92358f790ddd2cf60b0b950d1d7fb586528f7.tar.bz2 sssd-91f92358f790ddd2cf60b0b950d1d7fb586528f7.zip |
use old password if available during password change
- if the password is reset by root we do not ask for a password during
PAM_PRELIM_CHECK. But if there is one available during PAM_UPDATE_AUTHTOK
we will use it, because now we are in an expired password dialog.
Diffstat (limited to 'sss_client')
-rw-r--r-- | sss_client/pam_sss.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c index 4755cd32..411afd18 100644 --- a/sss_client/pam_sss.c +++ b/sss_client/pam_sss.c @@ -735,18 +735,19 @@ static int get_authtok_for_password_change(pam_handle_t *pamh, return PAM_SUCCESS; } - if (getuid() != 0) { - pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; - pi->pam_authtok = strdup(pi->pamstack_oldauthtok); - if (pi->pam_authtok == NULL) { + if (pi->pamstack_oldauthtok == NULL) { + if (getuid() != 0) { D(("no password found for chauthtok")); return PAM_BUF_ERR; + } else { + pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; + pi->pam_authtok = NULL; + pi->pam_authtok_size = 0; } - pi->pam_authtok_size = strlen(pi->pam_authtok); } else { - pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; - pi->pam_authtok = NULL; - pi->pam_authtok_size = 0; + pi->pam_authtok = strdup(pi->pamstack_oldauthtok); + pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; + pi->pam_authtok_size = strlen(pi->pam_authtok); } if (flags & FLAGS_USE_AUTHTOK) { |