diff options
author | Sumit Bose <sbose@redhat.com> | 2010-04-21 14:42:34 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-04-26 09:55:10 -0400 |
commit | 6f36029dd5fb1d16deb0b3f990713be7fa9f3a70 (patch) | |
tree | 8ead6125448acfade7d5ddf8fe5bf162e55917ae /src/providers | |
parent | c71083363ce1405aabc21d3f1c716af762162b11 (diff) | |
download | sssd-6f36029dd5fb1d16deb0b3f990713be7fa9f3a70.tar.gz sssd-6f36029dd5fb1d16deb0b3f990713be7fa9f3a70.tar.xz sssd-6f36029dd5fb1d16deb0b3f990713be7fa9f3a70.zip |
Display a message if a password reset by root fails
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 7 | ||||
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 8 |
2 files changed, 15 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 650ae53fb..0c08fe16e 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -722,7 +722,14 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, switch (state->pd->cmd) { case SSS_PAM_AUTHENTICATE: case SSS_PAM_CHAUTHTOK: + break; case SSS_PAM_CHAUTHTOK_PRELIM: + if (state->pd->priv == 1 && state->pd->authtok_size == 0) { + DEBUG(4, ("Password reset by root is not supported.\n")); + state->pam_status = PAM_PERM_DENIED; + state->dp_err = DP_ERR_OK; + goto done; + } break; case SSS_PAM_ACCT_MGMT: case SSS_PAM_SETCRED: diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index c78f50313..83b175dc8 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -701,6 +701,14 @@ void sdap_pam_chpass_handler(struct be_req *breq) goto done; } + if (pd->priv == 1 && pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM && + pd->authtok_size == 0) { + DEBUG(4, ("Password reset by root is not supported.\n")); + pd->pam_status = PAM_PERM_DENIED; + dp_err = DP_ERR_OK; + goto done; + } + DEBUG(2, ("starting password change request for user [%s].\n", pd->user)); pd->pam_status = PAM_SYSTEM_ERR; |