Date: Wed, 19 Jul 2000 15:44:00 -0400 From: Jing.Li@fisc.com To: freebsd-questions@freebsd.org Subject: password setting problem Message-ID: <NY5ed135-581027e3@fisc.com>
next in thread | raw e-mail | index | archive | help
To anyone in this mailling list: Right now I am trying to write a c program to change user's password. So I have taken you sample program to do it. I used pam_chauthtok() to change the password. But this function always asks me the current password of this user before it allows me to enter the new password. Even when I started this program from root account, it still asks me to enter the current password. But I know if I use the unix command "passwd" as a root, I can change any user's password without knowing that user's current password. I wonder if you can show me a proper usage of PAM API, so that I can also change a user's password without knowing its current password. Below is the program I have written to change the user's password. Thank you very much for your help and waiting for your reply! Jing Li Software Developer Fischer International Naples, FL /* Modified by Jing Li for test purpose This program was contributed by Shane Watts [modifications by AGM] You need to add the following (or equivalent) to the /etc/pam.conf file. # check authorization check_user auth required /usr/lib/security/pam_unix_auth.so check_user account required /usr/lib/security/pam_unix_acct.so */ #include <security/pam_appl.h> #include <stdio.h> int check_conv( int num_msg, struct pam_message **msg, struct pam_response **response, void *appdata_ptr); struct pam_conv conv = { check_conv, NULL }; int main(int argc, char *argv[]) { pam_handle_t *pamh=NULL; int retval; const char *user="nobody"; char item[1000]; int tempchar; int i,j; if(argc == 2) { user = argv[1]; } if(argc > 2) { fprintf(stderr, "Usage: check_user [username]\n"); exit(1); } printf("calling pam_start...\n"); retval = pam_start("check_user", user, &conv, &pamh); if (retval != PAM_SUCCESS) { printf("pam_start() returns %d\n", retval); exit(1); } printf("calling pam_authenticate...\n"); retval = pam_authenticate(pamh, 0); if (retval != PAM_SUCCESS) { printf("pam_authenticate() returns %d\n", retval); exit(1); } printf("calling pam_acct_mgmt...\n"); retval = pam_acct_mgmt(pamh, 0); /* permitted access? */ if (retval != PAM_SUCCESS) { printf("pam_acct_mgmt() returns %d\n", retval); exit(1); } printf("calling pam_chauthtok...\n"); retval = pam_chauthtok(pamh,PAM_SILENT); if (retval != PAM_SUCCESS) { printf("pam_chauthtok() returns %d\n", retval); exit(1); } printf("calling pam_end...\n"); retval = pam_start("check_user", user, &conv, &pamh); if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ pamh = NULL; fprintf(stderr, "check_user: failed to release authenticator\n"); exit(1); } return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ } int check_conv( int num_msg, struct pam_message **msg, struct pam_response **response, void *appdata_ptr) { int length; struct pam_message *m; struct pam_response *r; m=*msg; r=(struct pam_response*)malloc(sizeof(struct pam_response)); r->resp=(char*)malloc(PAM_MAX_RESP_SIZE); memset(r->resp, 0, PAM_MAX_RESP_SIZE); r->resp_retcode=0; while(num_msg--) { switch (m->msg_style) { case PAM_PROMPT_ECHO_OFF: (void)fputs(m->msg, stdout); fgets(r->resp, PAM_MAX_RESP_SIZE, stdin); length=strlen(r->resp); r->resp[length-1]=0; *response=r; break; case PAM_PROMPT_ECHO_ON: (void)fputs(m->msg, stdout); fgets(r->resp,PAM_MAX_RESP_SIZE,stdin); length=strlen(r->resp); r->resp[length-1]=0; *response=r; break; case PAM_ERROR_MSG: printf("\nERROR_MSG:"); (void)fputs(m->msg, stderr); break; case PAM_TEXT_INFO: printf("\nText_INFO:"); (void)fputs(m->msg, stdout); break; default: break; } } return (PAM_SUCCESS); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NY5ed135-581027e3>