| blob | 332eb70933596482a2a33bfa556537baa139ffac |
1 $NetBSD$
3 --- pam_ldap.c.orig 2010-11-08 00:58:44.000000000 +0000
4 +++ pam_ldap.c
5 @@ -3411,7 +3411,7 @@ pam_sm_authenticate (pam_handle_t * pamh
6 int rc;
7 const char *username;
8 char *p;
9 - int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0;
10 + int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0, migrate = 0;
11 int i;
12 pam_ldap_session_t *session = NULL;
13 const char *configFile = NULL;
14 @@ -3432,6 +3432,8 @@ pam_sm_authenticate (pam_handle_t * pamh
15 ;
16 else if (!strcmp (argv[i], "debug"))
17 ;
18 + else if (!strcmp (argv[i], "migrate"))
19 + migrate = 1;
20 else
21 syslog (LOG_ERR, "illegal option %s", argv[i]);
22 }
23 @@ -3445,6 +3447,22 @@ pam_sm_authenticate (pam_handle_t * pamh
24 return rc;
26 rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p);
27 + /* start of migrate facility in "pam_ldap authentication" */
28 + if (migrate==1 && rc==PAM_SUCCESS)
29 + {
30 + /* check if specified username exists in LDAP */
31 + if (_get_user_info(session,username)==PAM_SUCCESS)
32 + {
33 + /*
34 + overwrite old LDAP userPassword with a new password
35 + obtained during pam authentication process
36 + - rootbinddn and ldap.secret must be set
37 + */
38 + rc=_update_authtok(pamh,session,username,NULL,p);
39 + return PAM_IGNORE;
40 + }
41 + }
42 + /* end of migrate facility in "pam_ldap authentication" */
43 if (rc == PAM_SUCCESS && (use_first_pass || try_first_pass))
44 {
45 rc = _do_authentication (pamh, session, username, p);
46 @@ -3721,7 +3739,7 @@ pam_sm_chauthtok (pam_handle_t * pamh, i
47 if (curpass == NULL)
48 return PAM_MAXTRIES; /* maximum tries exceeded */
49 else
50 - pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) curpass);
51 + pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) strdup(curpass));
52 }
53 else
54 {