Date: Wed, 19 Jul 2000 15:44:00 -0400 From: Jing.Li@fisc.com To: freebsd-questions@freebsd.org Subject: password setting problem Message-ID: <NY5ed135-581027e3@fisc.com>
next in thread | raw e-mail | index | archive | help
To anyone in this mailling list:
Right now I am trying to write a c program to change user's password. So I
have taken you
sample program to do it. I used pam_chauthtok() to change the password. But
this function always asks
me the current password of this user before it allows me to enter the new
password. Even when I started
this program from root account, it still asks me to enter the current
password.
But I know if I use the unix command "passwd" as a root, I can change any
user's password
without knowing that user's current password. I wonder if you can show me a
proper usage of PAM API,
so that I can also change a user's password without knowing its current
password.
Below is the program I have written to change the user's password.
Thank you very much for your help and waiting for your reply!
Jing Li
Software Developer
Fischer International
Naples, FL
/*
Modified by Jing Li for test purpose
This program was contributed by Shane Watts
[modifications by AGM]
You need to add the following (or equivalent) to the /etc/pam.conf file.
# check authorization
check_user auth required /usr/lib/security/pam_unix_auth.so
check_user account required /usr/lib/security/pam_unix_acct.so
*/
#include <security/pam_appl.h>
#include <stdio.h>
int check_conv( int num_msg,
struct pam_message **msg,
struct pam_response **response,
void *appdata_ptr);
struct pam_conv conv = {
check_conv,
NULL
};
int main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
int retval;
const char *user="nobody";
char item[1000];
int tempchar;
int i,j;
if(argc == 2) {
user = argv[1];
}
if(argc > 2) {
fprintf(stderr, "Usage: check_user [username]\n");
exit(1);
}
printf("calling pam_start...\n");
retval = pam_start("check_user", user, &conv, &pamh);
if (retval != PAM_SUCCESS) {
printf("pam_start() returns %d\n", retval);
exit(1);
}
printf("calling pam_authenticate...\n");
retval = pam_authenticate(pamh, 0);
if (retval != PAM_SUCCESS) {
printf("pam_authenticate() returns %d\n", retval);
exit(1);
}
printf("calling pam_acct_mgmt...\n");
retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
if (retval != PAM_SUCCESS) {
printf("pam_acct_mgmt() returns %d\n", retval);
exit(1);
}
printf("calling pam_chauthtok...\n");
retval = pam_chauthtok(pamh,PAM_SILENT);
if (retval != PAM_SUCCESS) {
printf("pam_chauthtok() returns %d\n", retval);
exit(1);
}
printf("calling pam_end...\n");
retval = pam_start("check_user", user, &conv, &pamh);
if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
pamh = NULL;
fprintf(stderr, "check_user: failed to release authenticator\n");
exit(1);
}
return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
}
int check_conv( int num_msg,
struct pam_message **msg,
struct pam_response **response,
void *appdata_ptr)
{
int length;
struct pam_message *m;
struct pam_response *r;
m=*msg;
r=(struct pam_response*)malloc(sizeof(struct pam_response));
r->resp=(char*)malloc(PAM_MAX_RESP_SIZE);
memset(r->resp, 0, PAM_MAX_RESP_SIZE);
r->resp_retcode=0;
while(num_msg--) {
switch (m->msg_style) {
case PAM_PROMPT_ECHO_OFF:
(void)fputs(m->msg, stdout);
fgets(r->resp, PAM_MAX_RESP_SIZE, stdin);
length=strlen(r->resp);
r->resp[length-1]=0;
*response=r;
break;
case PAM_PROMPT_ECHO_ON:
(void)fputs(m->msg, stdout);
fgets(r->resp,PAM_MAX_RESP_SIZE,stdin);
length=strlen(r->resp);
r->resp[length-1]=0;
*response=r;
break;
case PAM_ERROR_MSG:
printf("\nERROR_MSG:");
(void)fputs(m->msg, stderr);
break;
case PAM_TEXT_INFO:
printf("\nText_INFO:");
(void)fputs(m->msg, stdout);
break;
default:
break;
}
}
return (PAM_SUCCESS);
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NY5ed135-581027e3>