Relevant BUGIDs:

Purpose of commit: regression fix Commit summary: --------------- 2009-11-10 Thorsten Kukuk <kukuk@suse.de> * doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed from pam_get_authtok, add flags argument, always check return values. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/include/security/pam_ext.h: Add prototypes for pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/libpam.map: Add new pam_get_authtok_* functions.
author: Thorsten Kukuk <kukuk@thkukuk.de> 2009-11-10 15:52:20 +0000
committer: Thorsten Kukuk <kukuk@thkukuk.de> 2009-11-10 15:52:20 +0000
commit: 0674700d17431655b4be03de6119ada78164266b (patch)
tree: 6ea8c9d3346ff231f375f484fef29e521f50a424 /libpam/pam_get_authtok.c
parent: cf360646cafc2f84d7a601d9681555c4d43e713b (diff)
download: pam-0674700d17431655b4be03de6119ada78164266b.tar.gz
pam-0674700d17431655b4be03de6119ada78164266b.tar.bz2
pam-0674700d17431655b4be03de6119ada78164266b.zip
1 files changed, 77 insertions, 6 deletions
diff --git a/libpam/pam_get_authtok.c b/libpam/pam_get_authtok.c
index 9e9f8409..43e33a3c 100644
--- a/libpam/pam_get_authtok.c
+++ b/libpam/pam_get_authtok.c
@@ -43,6 +43,8 @@
 #define PROMPT2 _("Retype new %s%spassword: ")
 #define MISTYPED_PASS _("Sorry, passwords do not match.")
 
+#define PAM_GETAUTHTOK_NOVERIFY  1
+
 static const char *
 get_option (pam_handle_t *pamh, const char *option)
 {
@@ -70,13 +72,14 @@ get_option (pam_handle_t *pamh, const char *option)
 }
 
 
-int
-pam_get_authtok (pam_handle_t *pamh, int item, const char **authtok,
-		 const char *prompt)
+static int
+pam_get_authtok_internal (pam_handle_t *pamh, int item,
+			  const char **authtok, const char *prompt,
+			  unsigned int flags)
 
 {
   char *resp[2] = {NULL, NULL};
-  const void* prevauthtok;
+  const void *prevauthtok;
   const char *authtok_type = "";
   int ask_twice = 0; /* Password change, ask twice for it */
   int retval;
@@ -88,7 +91,9 @@ pam_get_authtok (pam_handle_t *pamh, int item, const char **authtok,
      which needs to be verified. */
   if (item == PAM_AUTHTOK && pamh->choice == PAM_CHAUTHTOK)
     {
-      ask_twice = 1;
+      if (!(flags & PAM_GETAUTHTOK_NOVERIFY))
+	ask_twice = 1;
+
       authtok_type = get_option (pamh, "authtok_type");
       if (authtok_type == NULL)
 	{
@@ -140,7 +145,8 @@ pam_get_authtok (pam_handle_t *pamh, int item, const char **authtok,
     retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0], "%s",
 			 PROMPT);
 
-  if (resp[0] == NULL || (ask_twice && resp[1] == NULL))
+  if (retval != PAM_SUCCESS || resp[0] == NULL ||
+      (ask_twice && resp[1] == NULL))
     {
       /* We want to abort the password change */
       pam_error (pamh, _("Password change aborted."));
@@ -168,3 +174,68 @@ pam_get_authtok (pam_handle_t *pamh, int item, const char **authtok,
 
   return pam_get_item(pamh, item, (const void **)authtok);
 }
+
+int
+pam_get_authtok (pam_handle_t *pamh, int item, const char **authtok,
+		 const char *prompt)
+{
+  return pam_get_authtok_internal (pamh, item, authtok, prompt, 0);
+}
+
+
+int
+pam_get_authtok_noverify (pam_handle_t *pamh, const char **authtok,
+			  const char *prompt)
+{
+  return pam_get_authtok_internal (pamh, PAM_AUTHTOK, authtok, prompt,
+				   PAM_GETAUTHTOK_NOVERIFY);
+}
+
+int
+pam_get_authtok_verify (pam_handle_t *pamh, const char **authtok,
+			const char *prompt)
+{
+  char *resp = NULL;
+  const char *authtok_type = "";
+  int retval;
+
+  if (authtok == NULL || pamh->choice != PAM_CHAUTHTOK)
+    return PAM_SYSTEM_ERR;
+
+  if (prompt != NULL)
+    {
+      retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,
+			   _("Retype %s"), prompt);
+    }
+  else
+    {
+      retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,
+			   PROMPT2, authtok_type,
+			   strlen (authtok_type) > 0?" ":"");
+    }
+
+  if (retval != PAM_SUCCESS || resp == NULL)
+    {
+      /* We want to abort the password change */
+      pam_set_item (pamh, PAM_AUTHTOK, NULL);
+      pam_error (pamh, _("Password change aborted."));
+      return PAM_AUTHTOK_ERR;
+    }
+
+  if (strcmp (*authtok, resp) != 0)
+    {
+      pam_set_item (pamh, PAM_AUTHTOK, NULL);
+      pam_error (pamh, MISTYPED_PASS);
+      _pam_overwrite (resp);
+      _pam_drop (resp);
+      return PAM_TRY_AGAIN;
+    }
+
+  retval = pam_set_item (pamh, PAM_AUTHTOK, resp);
+  _pam_overwrite (resp);
+  _pam_drop (resp);
+  if (retval != PAM_SUCCESS)
+    return retval;
+
+  return pam_get_item(pamh, PAM_AUTHTOK, (const void **)authtok);
+}
author	Thorsten Kukuk <kukuk@thkukuk.de>	2009-11-10 15:52:20 +0000
committer	Thorsten Kukuk <kukuk@thkukuk.de>	2009-11-10 15:52:20 +0000
commit	0674700d17431655b4be03de6119ada78164266b (patch)
tree	6ea8c9d3346ff231f375f484fef29e521f50a424 /libpam/pam_get_authtok.c
parent	cf360646cafc2f84d7a601d9681555c4d43e713b (diff)
download	pam-0674700d17431655b4be03de6119ada78164266b.tar.gz pam-0674700d17431655b4be03de6119ada78164266b.tar.bz2 pam-0674700d17431655b4be03de6119ada78164266b.zip