191094Sdes/*- 2115619Sdes * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3348980Sdes * Copyright (c) 2004-2017 Dag-Erling Sm��rgrav 491094Sdes * All rights reserved. 591094Sdes * 691094Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and 799158Sdes * Network Associates Laboratories, the Security Research Division of 899158Sdes * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 999158Sdes * ("CBOSS"), as part of the DARPA CHATS research program. 1091094Sdes * 1191094Sdes * Redistribution and use in source and binary forms, with or without 1291094Sdes * modification, are permitted provided that the following conditions 1391094Sdes * are met: 1491094Sdes * 1. Redistributions of source code must retain the above copyright 1591094Sdes * notice, this list of conditions and the following disclaimer. 1691094Sdes * 2. Redistributions in binary form must reproduce the above copyright 1791094Sdes * notice, this list of conditions and the following disclaimer in the 1891094Sdes * documentation and/or other materials provided with the distribution. 1991094Sdes * 3. The name of the author may not be used to endorse or promote 2091094Sdes * products derived from this software without specific prior written 2191094Sdes * permission. 2291094Sdes * 2391094Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2491094Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2591094Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2691094Sdes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2791094Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2891094Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2991094Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3091094Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3191094Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3291094Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3391094Sdes * SUCH DAMAGE. 3491094Sdes * 35348980Sdes * $OpenPAM: pam_chauthtok.c 938 2017-04-30 21:34:42Z des $ 3691094Sdes */ 3791094Sdes 38228690Sdes#ifdef HAVE_CONFIG_H 39228690Sdes# include "config.h" 40228690Sdes#endif 41228690Sdes 4291094Sdes#include <sys/param.h> 4391094Sdes 4491094Sdes#include <security/pam_appl.h> 4591094Sdes 4691094Sdes#include "openpam_impl.h" 4791094Sdes 4891094Sdes/* 4991094Sdes * XSSO 4.2.1 5091094Sdes * XSSO 6 page 38 5191094Sdes * 5291094Sdes * Perform password related functions within the PAM framework 5391094Sdes */ 5491094Sdes 5591094Sdesint 5691094Sdespam_chauthtok(pam_handle_t *pamh, 5791094Sdes int flags) 5891094Sdes{ 59110556Sdes int r; 6091094Sdes 61107937Sdes ENTER(); 6293982Sdes if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK)) 63348980Sdes RETURNC(PAM_BAD_CONSTANT); 64110556Sdes r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, 6591684Sdes flags | PAM_PRELIM_CHECK); 66110556Sdes if (r == PAM_SUCCESS) 67110556Sdes r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, 6891684Sdes flags | PAM_UPDATE_AUTHTOK); 6991684Sdes pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); 7091684Sdes pam_set_item(pamh, PAM_AUTHTOK, NULL); 71110556Sdes RETURNC(r); 7291094Sdes} 7391100Sdes 7491100Sdes/* 7591100Sdes * Error codes: 7691100Sdes * 7791100Sdes * =openpam_dispatch 7891100Sdes * =pam_sm_chauthtok 7991100Sdes * !PAM_IGNORE 80348980Sdes * PAM_BAD_CONSTANT 8191100Sdes */ 8293982Sdes 8393982Sdes/** 8493982Sdes * The =pam_chauthtok function attempts to change the authentication token 8593982Sdes * for the user associated with the pam context specified by the =pamh 8693982Sdes * argument. 8793982Sdes * 8893982Sdes * The =flags argument is the binary or of zero or more of the following 8993982Sdes * values: 9093982Sdes * 9194670Sdes * =PAM_SILENT: 9293982Sdes * Do not emit any messages. 9394670Sdes * =PAM_CHANGE_EXPIRED_AUTHTOK: 9493982Sdes * Change only those authentication tokens that have expired. 9594670Sdes * 96348980Sdes * If any other bits are set, =pam_chauthtok will return =PAM_BAD_CONSTANT. 9793982Sdes */ 98