[Pkg-openldap-devel] [openldap] 183/281: ITS#8080 nssov: require old password unless pwdmgr
Ryan Tandy
rtandy-guest at moszumanska.debian.org
Thu Jul 9 01:42:58 UTC 2015
This is an automated email from the git hooks/post-receive script.
rtandy-guest pushed a commit to branch master
in repository openldap.
commit 44e7c30eb285d757a2f390d1482ae38afef5988f
Author: Ryan Tandy <ryan at nardis.ca>
Date: Mon Mar 16 05:58:02 2015 +0000
ITS#8080 nssov: require old password unless pwdmgr
---
contrib/slapd-modules/nssov/pam.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/contrib/slapd-modules/nssov/pam.c b/contrib/slapd-modules/nssov/pam.c
index 7e1c4d7..487e193 100644
--- a/contrib/slapd-modules/nssov/pam.c
+++ b/contrib/slapd-modules/nssov/pam.c
@@ -780,6 +780,14 @@ int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op)
}
}
+ if (!pi.ispwdmgr && BER_BVISEMPTY(&pi.pwd)) {
+ Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(), %s\n",
+ "not pwdmgr and old pwd empty", 0, 0);
+ ber_str2bv("must provide old password", 0, 0, &pi.msg);
+ rc = NSLCD_PAM_PERM_DENIED;
+ goto done;
+ }
+
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval bv;
@@ -792,7 +800,7 @@ int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op)
ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
&pi.dn);
/* supply old pwd only when end-user changing pwd */
- if (!BER_BVISEMPTY(&pi.pwd) && pi.ispwdmgr == 0)
+ if (pi.ispwdmgr == 0)
ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,
&pi.pwd);
if (!BER_BVISEMPTY(&npw))
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git
More information about the Pkg-openldap-devel
mailing list