Commit 44e7c30e authored by Ryan Tandy's avatar Ryan Tandy Committed by Quanah Gibson-Mount
Browse files

ITS#8080 nssov: require old password unless pwdmgr

parent 082e1926
......@@ -780,6 +780,14 @@ int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op)
}
}
if (!pi.ispwdmgr && BER_BVISEMPTY(&pi.pwd)) {
Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(), %s\n",
"not pwdmgr and old pwd empty", 0, 0);
ber_str2bv("must provide old password", 0, 0, &pi.msg);
rc = NSLCD_PAM_PERM_DENIED;
goto done;
}
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval bv;
......@@ -792,7 +800,7 @@ int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op)
ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
&pi.dn);
/* supply old pwd only when end-user changing pwd */
if (!BER_BVISEMPTY(&pi.pwd) && pi.ispwdmgr == 0)
if (pi.ispwdmgr == 0)
ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,
&pi.pwd);
if (!BER_BVISEMPTY(&npw))
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment