account: Allow to set plain text password

libuser has a mechanism to encrypt password

Signed-off-by: Roman Rakus <rrakus@redhat.com>

2 files changed, 65 insertions, 1 deletions

diff --git a/src/account/LMI_AccountManagementServiceProvider.c b/src/account/LMI_AccountManagementServiceProvider.c
index 1a166d7..3aac63d 100644
--- a/src/account/LMI_AccountManagementServiceProvider.c
+++ b/src/account/LMI_AccountManagementServiceProvider.c
@@ -352,6 +352,7 @@ KUint32 LMI_AccountManagementService_CreateAccount(
     const KBoolean* SystemAccount,
     const KString* Password,
     const KBoolean* DontCreateGroup,
+    const KBoolean* PasswordIsPlain,
     KRef* Account,
     KRefA* Identities,
     CMPIStatus* status)
@@ -515,7 +516,13 @@ KUint32 LMI_AccountManagementService_CreateAccount(
     /* Setup password */
     if (Password->exists && !Password->null)
       {
-        if (!lu_user_setpass(luc, lue, Password->chars, TRUE, &error))
+        bool isplain = TRUE;
+        if (PasswordIsPlain->exists && !PasswordIsPlain->null &&
+            PasswordIsPlain->value)
+          {
+            isplain = FALSE;
+          }
+        if (!lu_user_setpass(luc, lue, Password->chars, isplain, &error))
           {
             FAIL("Error setting password: %s\n", lu_strerror(error),
               OK, RET_ACC_PWD);
diff --git a/src/account/LMI_AccountProvider.c b/src/account/LMI_AccountProvider.c
index 52bc1cf..d8e279a 100644
--- a/src/account/LMI_AccountProvider.c
+++ b/src/account/LMI_AccountProvider.c
@@ -52,6 +52,9 @@
 #define CANNOT_DELETE_HOME  4097
 #define CANNOT_DELETE_USER  4098
 #define CANNOT_DELETE_GROUP 4099
+// Change password
+#define CHANGE_PASSWORD_OK   0
+#define CHANGE_PASSWORD_FAIL 1
 
 static const CMPIBroker* _cb = NULL;
 
@@ -690,6 +693,60 @@ KUint32 LMI_Account_RequestStateChange(
     return result;
 }
 
+KUint32 LMI_Account_ChangePassword(
+    const CMPIBroker* cb,
+    CMPIMethodMI* mi,
+    const CMPIContext* context,
+    const LMI_AccountRef* self,
+    const KString* Password,
+    CMPIStatus* status)
+{
+    struct lu_context *luc = NULL;
+    struct lu_error *error = NULL;
+    struct lu_ent *lue = NULL;
+    char *errmsg = NULL;
+    KUint32 result = KUINT32_INIT;
+    KUint32_Set(&result, CHANGE_PASSWORD_OK);
+
+    if(!(Password->exists && !Password->null)) {
+        asprintf(&errmsg, "Password parameter has to be set");
+        KUint32_Set(&result, CHANGE_PASSWORD_FAIL);
+        CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg);
+        goto clean;
+    }
+
+    luc = lu_start(NULL, lu_user, NULL, NULL, lu_prompt_console_quiet, NULL,
+      &error);
+    if (!luc) {
+        asprintf(&errmsg, "Error initializing: %s\n", lu_strerror(error));
+        KUint32_Set(&result, CHANGE_PASSWORD_FAIL);
+        CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg);
+        goto clean;
+    }
+
+    lue = lu_ent_new();
+
+    if (!lu_user_lookup_name(luc, self->Name.chars, lue, &error)) {
+        asprintf(&errmsg, "Non existing user: %s\n", self->Name.chars);
+        KUint32_Set(&result, CHANGE_PASSWORD_FAIL);
+        CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg);
+        goto clean;
+    }
+
+    if (!lu_user_setpass(luc, lue, Password->chars, FALSE, &error)) {
+        asprintf(&errmsg, "Cannot change password: %s\n", lu_strerror(error));
+        KUint32_Set(&result, CHANGE_PASSWORD_FAIL);
+        CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg);
+        goto clean;
+    }
+
+clean:
+    free(errmsg);
+    if(luc) lu_end(luc);
+    if(lue) lu_ent_free(lue);
+    return result;
+}
+
 
 KUint32 LMI_Account_DeleteUser(
     const CMPIBroker* cb,