129088Smarkm/*- 229088Smarkm * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 329088Smarkm * Copyright (c) 2004-2011 Dag-Erling Sm��rgrav 429088Smarkm * All rights reserved. 529088Smarkm * 629088Smarkm * This software was developed for the FreeBSD Project by ThinkSec AS and 729088Smarkm * Network Associates Laboratories, the Security Research Division of 829088Smarkm * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 929088Smarkm * ("CBOSS"), as part of the DARPA CHATS research program. 1029088Smarkm * 1129088Smarkm * Redistribution and use in source and binary forms, with or without 1229088Smarkm * modification, are permitted provided that the following conditions 1329088Smarkm * are met: 1429088Smarkm * 1. Redistributions of source code must retain the above copyright 1529088Smarkm * notice, this list of conditions and the following disclaimer. 1629088Smarkm * 2. Redistributions in binary form must reproduce the above copyright 1729088Smarkm * notice, this list of conditions and the following disclaimer in the 1829088Smarkm * documentation and/or other materials provided with the distribution. 1929088Smarkm * 3. The name of the author may not be used to endorse or promote 2029088Smarkm * products derived from this software without specific prior written 2129088Smarkm * permission. 2229088Smarkm * 2329088Smarkm * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2429088Smarkm * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2529088Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2629088Smarkm * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2729088Smarkm * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2829088Smarkm * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2929088Smarkm * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3029088Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3129088Smarkm * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3229088Smarkm * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3329088Smarkm * SUCH DAMAGE. 3429088Smarkm * 3563248Speter * $Id: pam_chauthtok.c 648 2013-03-05 17:54:27Z des $ 3629181Smarkm */ 3763248Speter 3863248Speter#ifdef HAVE_CONFIG_H 3963248Speter# include "config.h" 4063248Speter#endif 4129088Smarkm 4229088Smarkm#include <sys/param.h> 4329088Smarkm 4429088Smarkm#include <security/pam_appl.h> 4529088Smarkm 4629088Smarkm#include "openpam_impl.h" 4729088Smarkm 4829088Smarkm/* 4929088Smarkm * XSSO 4.2.1 5029088Smarkm * XSSO 6 page 38 5129181Smarkm * 5229181Smarkm * Perform password related functions within the PAM framework 5329181Smarkm */ 5429181Smarkm 5529088Smarkmint 5629088Smarkmpam_chauthtok(pam_handle_t *pamh, 5729088Smarkm int flags) 5829088Smarkm{ 5929088Smarkm int r; 6029088Smarkm 6129088Smarkm ENTER(); 6229088Smarkm if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK)) 6329088Smarkm RETURNC(PAM_SYMBOL_ERR); 6429088Smarkm r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, 6529088Smarkm flags | PAM_PRELIM_CHECK); 6629088Smarkm if (r == PAM_SUCCESS) 6729088Smarkm r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, 6829088Smarkm flags | PAM_UPDATE_AUTHTOK); 6929088Smarkm pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); 7029088Smarkm pam_set_item(pamh, PAM_AUTHTOK, NULL); 7129088Smarkm RETURNC(r); 7229088Smarkm} 7329088Smarkm 7429088Smarkm/* 7529088Smarkm * Error codes: 7629088Smarkm * 7729088Smarkm * =openpam_dispatch 7829088Smarkm * =pam_sm_chauthtok 7929088Smarkm * !PAM_IGNORE 8029088Smarkm * PAM_SYMBOL_ERR 8129088Smarkm */ 8229088Smarkm 8329088Smarkm/** 8429088Smarkm * The =pam_chauthtok function attempts to change the authentication token 8529088Smarkm * for the user associated with the pam context specified by the =pamh 8629088Smarkm * argument. 8729088Smarkm * 8829088Smarkm * The =flags argument is the binary or of zero or more of the following 8929088Smarkm * values: 9029088Smarkm * 9129088Smarkm * =PAM_SILENT: 9229088Smarkm * Do not emit any messages. 9329088Smarkm * =PAM_CHANGE_EXPIRED_AUTHTOK: 9429088Smarkm * Change only those authentication tokens that have expired. 9529088Smarkm * 9629088Smarkm * If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR. 9729088Smarkm */ 9829088Smarkm