From 3370cfe4beb83a31c0fd5f6e5ac6d8b1c3be9fd5 Mon Sep 17 00:00:00 2001
From: Roman Rakus <rrakus@redhat.com>
Date: Fri, 20 Sep 2013 17:25:38 +0200
Subject: account: Allow to set plain text password

libuser has a mechanism to encrypt password

Signed-off-by: Roman Rakus <rrakus@redhat.com>
---
 mof/60_LMI_Account.mof                             | 21 +++++++-
 src/account/LMI_AccountManagementServiceProvider.c |  9 +++-
 src/account/LMI_AccountProvider.c                  | 57 ++++++++++++++++++++++
 3 files changed, 84 insertions(+), 3 deletions(-)

diff --git a/mof/60_LMI_Account.mof b/mof/60_LMI_Account.mof
index ce603ec..153222e 100644
--- a/mof/60_LMI_Account.mof
+++ b/mof/60_LMI_Account.mof
@@ -18,7 +18,7 @@
  * Authors: Roman Rakus <rrakus@redhat.com>
  */
 
-[ Version("0.2.0"),
+[ Version("0.3.0"),
   Description("Class representing Linux Account"),
   Provider("cmpi:cmpiLMI_Account")
 ]
@@ -71,6 +71,18 @@ class LMI_Account: CIM_Account
           "Force the deletion of user's home directory, even if the user "
           "is not an owner.")]
       boolean Force);
+
+  [ Description (
+      "Change the user's password."),
+       ValueMap { "0", "1"},
+       Values { "Operation completed successfully",
+          "Failed"}]
+  uint32 ChangePassword(
+      [Required, IN, Description (
+          "Plaintext string to which set the password; provider will encrypt "
+          "the string using the default crypto algorithm")]
+      String Password);
+
 };
 
 [ Version("0.2.0"),
@@ -120,11 +132,16 @@ class LMI_AccountManagementService: CIM_SecurityService
              "True for creating system account" ) ]
       boolean SystemAccount,
          [IN, Description (
-             "Encryted password for new user" ) ]
+             "Password for a new user. By default has to be encrypted, but "
+             "can be plaintext if PasswordIsPlain is set to true" ) ]
       string Password,
          [IN, Description (
              "Whether to create group" ) ]
       boolean DontCreateGroup,
+         [IN, Description (
+             "If set to true, the Password is treated as plain text, "
+             "otherwise has to be ecnrypted") ]
+      boolean PasswordIsPlain,
          [IN ( false ), OUT, Description (
              "Reference to the instance of CIM_Account created "
              "when the method returns a value of 0." )]
diff --git a/src/account/LMI_AccountManagementServiceProvider.c b/src/account/LMI_AccountManagementServiceProvider.c
index 1a166d7..3aac63d 100644
--- a/src/account/LMI_AccountManagementServiceProvider.c
+++ b/src/account/LMI_AccountManagementServiceProvider.c
@@ -352,6 +352,7 @@ KUint32 LMI_AccountManagementService_CreateAccount(
     const KBoolean* SystemAccount,
     const KString* Password,
     const KBoolean* DontCreateGroup,
+    const KBoolean* PasswordIsPlain,
     KRef* Account,
     KRefA* Identities,
     CMPIStatus* status)
@@ -515,7 +516,13 @@ KUint32 LMI_AccountManagementService_CreateAccount(
     /* Setup password */
     if (Password->exists && !Password->null)
       {
-        if (!lu_user_setpass(luc, lue, Password->chars, TRUE, &error))
+        bool isplain = TRUE;
+        if (PasswordIsPlain->exists && !PasswordIsPlain->null &&
+            PasswordIsPlain->value)
+          {
+            isplain = FALSE;
+          }
+        if (!lu_user_setpass(luc, lue, Password->chars, isplain, &error))
           {
             FAIL("Error setting password: %s\n", lu_strerror(error),
               OK, RET_ACC_PWD);
diff --git a/src/account/LMI_AccountProvider.c b/src/account/LMI_AccountProvider.c
index 52bc1cf..d8e279a 100644
--- a/src/account/LMI_AccountProvider.c
+++ b/src/account/LMI_AccountProvider.c
@@ -52,6 +52,9 @@
 #define CANNOT_DELETE_HOME  4097
 #define CANNOT_DELETE_USER  4098
 #define CANNOT_DELETE_GROUP 4099
+// Change password
+#define CHANGE_PASSWORD_OK   0
+#define CHANGE_PASSWORD_FAIL 1
 
 static const CMPIBroker* _cb = NULL;
 
@@ -690,6 +693,60 @@ KUint32 LMI_Account_RequestStateChange(
     return result;
 }
 
+KUint32 LMI_Account_ChangePassword(
+    const CMPIBroker* cb,
+    CMPIMethodMI* mi,
+    const CMPIContext* context,
+    const LMI_AccountRef* self,
+    const KString* Password,
+    CMPIStatus* status)
+{
+    struct lu_context *luc = NULL;
+    struct lu_error *error = NULL;
+    struct lu_ent *lue = NULL;
+    char *errmsg = NULL;
+    KUint32 result = KUINT32_INIT;
+    KUint32_Set(&result, CHANGE_PASSWORD_OK);
+
+    if(!(Password->exists && !Password->null)) {
+        asprintf(&errmsg, "Password parameter has to be set");
+        KUint32_Set(&result, CHANGE_PASSWORD_FAIL);
+        CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg);
+        goto clean;
+    }
+
+    luc = lu_start(NULL, lu_user, NULL, NULL, lu_prompt_console_quiet, NULL,
+      &error);
+    if (!luc) {
+        asprintf(&errmsg, "Error initializing: %s\n", lu_strerror(error));
+        KUint32_Set(&result, CHANGE_PASSWORD_FAIL);
+        CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg);
+        goto clean;
+    }
+
+    lue = lu_ent_new();
+
+    if (!lu_user_lookup_name(luc, self->Name.chars, lue, &error)) {
+        asprintf(&errmsg, "Non existing user: %s\n", self->Name.chars);
+        KUint32_Set(&result, CHANGE_PASSWORD_FAIL);
+        CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg);
+        goto clean;
+    }
+
+    if (!lu_user_setpass(luc, lue, Password->chars, FALSE, &error)) {
+        asprintf(&errmsg, "Cannot change password: %s\n", lu_strerror(error));
+        KUint32_Set(&result, CHANGE_PASSWORD_FAIL);
+        CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg);
+        goto clean;
+    }
+
+clean:
+    free(errmsg);
+    if(luc) lu_end(luc);
+    if(lue) lu_ent_free(lue);
+    return result;
+}
+
 
 KUint32 LMI_Account_DeleteUser(
     const CMPIBroker* cb,
-- 
cgit