From 3370cfe4beb83a31c0fd5f6e5ac6d8b1c3be9fd5 Mon Sep 17 00:00:00 2001 From: Roman Rakus Date: Fri, 20 Sep 2013 17:25:38 +0200 Subject: account: Allow to set plain text password libuser has a mechanism to encrypt password Signed-off-by: Roman Rakus --- src/account/LMI_AccountManagementServiceProvider.c | 9 +++- src/account/LMI_AccountProvider.c | 57 ++++++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/account/LMI_AccountManagementServiceProvider.c b/src/account/LMI_AccountManagementServiceProvider.c index 1a166d7..3aac63d 100644 --- a/src/account/LMI_AccountManagementServiceProvider.c +++ b/src/account/LMI_AccountManagementServiceProvider.c @@ -352,6 +352,7 @@ KUint32 LMI_AccountManagementService_CreateAccount( const KBoolean* SystemAccount, const KString* Password, const KBoolean* DontCreateGroup, + const KBoolean* PasswordIsPlain, KRef* Account, KRefA* Identities, CMPIStatus* status) @@ -515,7 +516,13 @@ KUint32 LMI_AccountManagementService_CreateAccount( /* Setup password */ if (Password->exists && !Password->null) { - if (!lu_user_setpass(luc, lue, Password->chars, TRUE, &error)) + bool isplain = TRUE; + if (PasswordIsPlain->exists && !PasswordIsPlain->null && + PasswordIsPlain->value) + { + isplain = FALSE; + } + if (!lu_user_setpass(luc, lue, Password->chars, isplain, &error)) { FAIL("Error setting password: %s\n", lu_strerror(error), OK, RET_ACC_PWD); diff --git a/src/account/LMI_AccountProvider.c b/src/account/LMI_AccountProvider.c index 52bc1cf..d8e279a 100644 --- a/src/account/LMI_AccountProvider.c +++ b/src/account/LMI_AccountProvider.c @@ -52,6 +52,9 @@ #define CANNOT_DELETE_HOME 4097 #define CANNOT_DELETE_USER 4098 #define CANNOT_DELETE_GROUP 4099 +// Change password +#define CHANGE_PASSWORD_OK 0 +#define CHANGE_PASSWORD_FAIL 1 static const CMPIBroker* _cb = NULL; @@ -690,6 +693,60 @@ KUint32 LMI_Account_RequestStateChange( return result; } +KUint32 LMI_Account_ChangePassword( + const CMPIBroker* cb, + CMPIMethodMI* mi, + const CMPIContext* context, + const LMI_AccountRef* self, + const KString* Password, + CMPIStatus* status) +{ + struct lu_context *luc = NULL; + struct lu_error *error = NULL; + struct lu_ent *lue = NULL; + char *errmsg = NULL; + KUint32 result = KUINT32_INIT; + KUint32_Set(&result, CHANGE_PASSWORD_OK); + + if(!(Password->exists && !Password->null)) { + asprintf(&errmsg, "Password parameter has to be set"); + KUint32_Set(&result, CHANGE_PASSWORD_FAIL); + CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg); + goto clean; + } + + luc = lu_start(NULL, lu_user, NULL, NULL, lu_prompt_console_quiet, NULL, + &error); + if (!luc) { + asprintf(&errmsg, "Error initializing: %s\n", lu_strerror(error)); + KUint32_Set(&result, CHANGE_PASSWORD_FAIL); + CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg); + goto clean; + } + + lue = lu_ent_new(); + + if (!lu_user_lookup_name(luc, self->Name.chars, lue, &error)) { + asprintf(&errmsg, "Non existing user: %s\n", self->Name.chars); + KUint32_Set(&result, CHANGE_PASSWORD_FAIL); + CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg); + goto clean; + } + + if (!lu_user_setpass(luc, lue, Password->chars, FALSE, &error)) { + asprintf(&errmsg, "Cannot change password: %s\n", lu_strerror(error)); + KUint32_Set(&result, CHANGE_PASSWORD_FAIL); + CMSetStatusWithChars(_cb, status, CMPI_RC_ERR_FAILED, errmsg); + goto clean; + } + +clean: + free(errmsg); + if(luc) lu_end(luc); + if(lue) lu_ent_free(lue); + return result; +} + KUint32 LMI_Account_DeleteUser( const CMPIBroker* cb, -- cgit