2 * CDE - Common Desktop Environment
4 * Copyright (c) 1993-2012, The Open Group. All rights reserved.
6 * These libraries and programs are free software; you can
7 * redistribute them and/or modify them under the terms of the GNU
8 * Lesser General Public License as published by the Free Software
9 * Foundation; either version 2 of the License, or (at your option)
12 * These libraries and programs are distributed in the hope that
13 * they will be useful, but WITHOUT ANY WARRANTY; without even the
14 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
15 * PURPOSE. See the GNU Lesser General Public License for more
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with these librararies and programs; if not, write
20 * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
21 * Floor, Boston, MA 02110-1301 USA
23 /* $XConsortium: unix_chauthtok.c /main/5 1996/05/09 04:33:18 drk $ */
25 * Copyright (c) 1992-1995, by Sun Microsystems, Inc.
26 * All rights reserved.
29 #ident "@(#)unix_chauthtok.c 1.83 95/12/12 SMI"
31 #include "unix_headers.h"
35 * To change authentication token.
37 * This function handles all requests from the "passwd" command
38 * to change a user's password in all repositories specified
50 int debug = 0; /* debug option from pam.conf */
51 int authtok_aged = 0; /* flag to check if password expired */
52 unix_authtok_data *status; /* status in pam handle stating if */
56 * Only check for debug here - parse remaining options
57 * in __update_authtok();
59 for (i = 0; i < argc; i++) {
60 if (strcmp(argv[i], "debug") == 0)
64 if (flags & PAM_PRELIM_CHECK) {
65 /* do not do any prelim check at this time */
68 "unix pam_sm_chauthtok(): prelim check");
72 /* make sure PAM framework is telling us to update passwords */
73 if (!(flags & PAM_UPDATE_AUTHTOK)) {
74 syslog(LOG_ERR, "unix pam_sm_chauthtok: bad flags: %d", flags);
75 return (PAM_SYSTEM_ERR);
78 if (flags & PAM_CHANGE_EXPIRED_AUTHTOK) {
79 if (pam_get_data(pamh, UNIX_AUTHTOK_DATA, (void **)&status)
81 switch (status->age_status) {
82 case PAM_NEW_AUTHTOK_REQD:
85 "pam_sm_chauthtok: UNIX password aged");
89 /* UNIX authtok did not expire */
92 "pam_sm_chauthtok: UNIX password young");
102 * This function calls __update_authtok() to change passwords.
103 * By passing PAM_REP_DEFAULT, the repository will be determined
104 * by looking in nsswitch.conf.
106 * To obtain the domain name (passed as NULL), __update_authtok()
107 * will call: nis_local_directory();
109 return (__update_authtok(pamh, flags, PAM_REP_DEFAULT, NULL,