1 files changed, 76 insertions, 3 deletions

diff --git a/modules/pam_unix/pam_unix.c~ b/modules/pam_unix/pam_unix.c~
index 20088ec..9ef7320 100644
--- a/modules/pam_unix/pam_unix.c~
+++ b/modules/pam_unix/pam_unix.c~
@@ -6,6 +6,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include <time.h>
+#include <string.h>
 
 
 #ifndef MAXHOSTNAMELEN
@@ -47,14 +48,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 		pwd = getspnam(getlogin());
 	} else {
 		if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
-			PAM_ERROR("Authenticating with uname %s failed.", user);
+			PAM_ERROR("Authenticating with uname [%s] failed.", user);
 	                return (pam_err);
 		}
 
 	        pwd = getspnam(user);
 	}
 	
-	PAM_LOG("Authenticating user: %s", user);
+	PAM_LOG("Authenticating user: [%s]", user);
 
 	/* get password */
 
@@ -88,7 +89,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 #else
 	pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL);
 #endif
-	PAM_LOG("Got password for user %s", user);
+	PAM_LOG("Got password for user [%s]", user);
 
         if (pam_err == PAM_CONV_ERR)
                 return (pam_err);
@@ -252,8 +253,80 @@ pam_sm_chautok(pam_handle_t *pamh, int flags,
 		int argc, const char *argv[]) 
 {
 
+	/* 
+	 * NIS support will be left for future implementation.
+	 * This is standard unix passwd changing function. 
+	 */
+	struct spwd *new_pwd, *old_pwd;
+        char oldprefix[HASH_PREFIX_SIZE];
+        const char *user, *old_pass, *new_pass;
+        char *hashedpwd;
+	int pam_err;
+
+	/* identify user */
+
+	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
+		PAM_LOG("Authenticating as self.");
+		old_pwd = getspnam(getlogin());
+	} else {
+		if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
+			PAM_ERROR("Authenticating with uname [%s] failed.", user);
+	                return (pam_err);
+		}
+
+	        old_pwd = getspnam(user);
+	}
+	
+	PAM_LOG("Got user: [%s]", user);
+
+	if (pwd == NULL) {
+		PAM_ERROR("User [%s] either has a corrupted passwd entry or \
+				is not in the selected database");
+                return (PAM_AUTHTOK_RECOVERY_ERR);
+	}
+
+	/*
+	 * When looking through the LinuxPAM code, I came across this : 
+	 *
+	 * ` Various libraries at various times have had bugs related to
+	 * '+' or '-' as the first character of a user name. Don't
+	 * allow them. `
+	 *
+	 * I don't know if the problem is still around but just in case... 
+	 */
+
+	if (user == NULL || user[0] == '-' || user[0] == '+' ) { 
+		PAM_ERROR("Bad username [%s]", user);
+		return (PAM_USER_UNKNOWN);
+	}
+
+
+
+	if (flags & PAM_PRELIM_CHECK) {
+		PAM_LOG("PRELIM round");
+
+		if (getuid() == 0 ) { 
+			/* root doesn't need old passwd */
+			return (pam_set_item(pamh, PAM_OLDAUTHTOK, ""));
+		}
+
+		if ( (pwd->pw_passwd[0] == '\0' ) &&
+			( openpam_get_option(pamh, PAM_OPT_NULLOK) ) &&
+			( openpam_get_option(pamh,PAM_DISALLOW_NULL_AUTHTOK)) ) {
+			
+			/*
+			 * Something funny could happen here since we don't 
+			 * ask for a password.
+			 */
+			old_pass = "";
+		}
+
+
+
+	
 	return (PAM_SUCCESS);
 
+
 }