mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-09 02:52:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#8080 nssov: require old password unless pwdmgr

Browse Source
This commit is contained in:
Ryan Tandy 2015-03-16 05:58:02 +00:00 committed by Howard Chu
parent 05ea78703b
commit 7e3177070a
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
contrib/slapd-modules/nssov/pam.c
View File

@ -780,6 +780,14 @@ int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op)
}
}
if (!pi.ispwdmgr && BER_BVISEMPTY(&pi.pwd)) {
Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(), %s\n",
"not pwdmgr and old pwd empty", 0, 0);
ber_str2bv("must provide old password", 0, 0, &pi.msg);
rc = NSLCD_PAM_PERM_DENIED;
goto done;
}
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval bv;
@ -792,7 +800,7 @@ int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op)
ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
&pi.dn);
/* supply old pwd only when end-user changing pwd */
if (!BER_BVISEMPTY(&pi.pwd) && pi.ispwdmgr == 0)
if (pi.ispwdmgr == 0)
ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,
&pi.pwd);
if (!BER_BVISEMPTY(&npw))