diff options
author | Michael J. Chudobiak <mjc@avtechpulse.com> | 2012-10-15 15:21:27 -0400 |
---|---|---|
committer | Michael J. Chudobiak <mjc@avtechpulse.com> | 2012-10-15 15:21:27 -0400 |
commit | 1f49ac3c6234b3038366af59fd55002b330893c4 (patch) | |
tree | 7f4d0b26508840c09e851636614f26293bf19bb1 /device-functions.c | |
parent | 30b30a08e66a592d61edd324839a79d5f9ea3066 (diff) |
first attempt at password manipulation
Diffstat (limited to 'device-functions.c')
-rw-r--r-- | device-functions.c | 94 |
1 files changed, 82 insertions, 12 deletions
diff --git a/device-functions.c b/device-functions.c index f96cfef..30fac09 100644 --- a/device-functions.c +++ b/device-functions.c @@ -9,7 +9,10 @@ #include "menus.h" #include <math.h> #include <glib.h> - +#include <libuser/user.h> +#include <libuser/config.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> void idn_string(gchar** response) { @@ -4566,27 +4569,94 @@ int IO_Setup_RS232(int baud, char hardhand, gboolean update_flash) return OK; } -int change_password (gchar *old_password, gchar *new_password) -{ +// this is a conversation handler for pam, it basically sends the password when pam asks for it + +static int conversation(int num_msg, const struct pam_message **msgs, struct pam_response **resp, void *appdata_ptr) { + + struct pam_response* responses = calloc(num_msg, sizeof(struct pam_response)); + if (!responses) { + return PAM_CONV_ERR; + } + + int i; // not compiling in gnu99 mode? + for (i = 0; i < num_msg; i++) { + const struct pam_message *msg = msgs[i]; + struct pam_response* response = &(responses[i]); + switch (msg->msg_style) { + case PAM_PROMPT_ECHO_OFF: + response->resp = strdup((char*) appdata_ptr); + if (!response->resp) + return PAM_CONV_ERR; + break; + + default: + return PAM_CONV_ERR; + } + response->resp_retcode = 0; + } + + *resp = responses; + + return PAM_SUCCESS; +} + +static gboolean checkpassword(const char* username, char* password) { + struct pam_conv pam_conversation = { conversation, password }; + pam_handle_t* pamh; + + if (pam_start("passwd", username, &pam_conversation, &pamh) != PAM_SUCCESS) + return FALSE; + + if (pam_authenticate(pamh, 0) != PAM_SUCCESS) + return FALSE; + + // we only want to check the password and not actually start a session, so get out of here + + pam_end(pamh, 0); + + return TRUE; +} + +int change_password(gchar *old_password, gchar *new_password) { gboolean old_valid = TRUE; - // user = admin - // (always) + char* user = "admin"; // Skip password check if the supplied old_password is NULL. This // only happens when resetting the password to the default. - if (old_password != NULL) { - printf ("verifying old password: %s\n", old_password); //FIXME with real function - // check, and set old_valid = FALSE if the password check fails + if (old_password != NULL ) { + printf("verifying old password: %s\n", old_password); //FIXME with real function + old_valid = checkpassword(user,old_password); } if (old_valid == TRUE) { - printf ("setting new password: %s\n" ,new_password); //FIXME with real function - // is a success test required? + printf("setting new password: %s\n", new_password); //FIXME with real function + struct lu_context *ctx; + struct lu_error *error = NULL; + struct lu_ent *ent; + + ctx = lu_start(user, lu_user, NULL, NULL, lu_prompt_console_quiet, NULL, &error); + + if (ctx == NULL ) { + return password_change_error; + } + + ent = lu_ent_new(); + + if (lu_user_lookup_name(ctx, user, ent, &error) == FALSE) { + return password_change_error; // user doesn't exist + } + + if (lu_user_setpass(ctx, ent, new_password, FALSE, &error) == FALSE) { + return password_change_error; + } + + lu_end(ctx); + return OK; - } else { + } + else { return password_change_error; } } - |