diff options
| author | Tomas Mraz <tm@t8m.info> | 2008-05-14 13:03:39 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2008-05-14 13:03:39 +0000 |
| commit | cf90454cdde0b0a905877dd0b02042347184729c (patch) | |
| tree | 722cd295ccf927fd68d6f360511c09177effb267 | |
| parent | 09c2e0fcf1bd5b1200c6ef268b7bdd82b4708b9d (diff) | |
| download | pam-cf90454cdde0b0a905877dd0b02042347184729c.tar.gz pam-cf90454cdde0b0a905877dd0b02042347184729c.tar.bz2 pam-cf90454cdde0b0a905877dd0b02042347184729c.zip | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2008-05-14 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok
item when password is not approved.
* modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS
is always set when UNIX_AUTHTOK is set, change order of conditions.
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_passwd.c | 4 | ||||
| -rw-r--r-- | modules/pam_unix/support.c | 4 |
3 files changed, 11 insertions, 2 deletions
@@ -8,6 +8,11 @@ * libpam/pam_modutil_getspnam.c: Likewise. * libpam/pam_modutil_private.h: Adjust values for PWD_ constants. + * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok + item when password is not approved. + * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS + is always set when UNIX_AUTHTOK is set, change order of conditions. + 2008-05-02 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.c(query_response): Add handling diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index d221220f..0a429756 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -699,6 +699,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, pass_new = NULL; } retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); + + if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) { + pam_set_item(pamh, PAM_AUTHTOK, NULL); + } } if (retval != PAM_SUCCESS) { diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index b82cad26..781d0006 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -743,11 +743,11 @@ int _unix_read_password(pam_handle_t * pamh return retval; } else if (*pass != NULL) { /* we have a password! */ return PAM_SUCCESS; - } else if (on(UNIX_USE_FIRST_PASS, ctrl)) { - return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } else if (on(UNIX_USE_AUTHTOK, ctrl) && off(UNIX__OLD_PASSWD, ctrl)) { return PAM_AUTHTOK_ERR; + } else if (on(UNIX_USE_FIRST_PASS, ctrl)) { + return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } } /* |