Relevant BUGIDs:

Purpose of commit: sanity check Commit summary: --------------- 2009-02-18 Thorsten Kukuk <kukuk@thkukuk.de> * libpam/pam_password.c (pam_chauthtok): Make sure applications don't set internal flags.
author: Thorsten Kukuk <kukuk@thkukuk.de> 2009-02-18 21:25:46 +0000
committer: Thorsten Kukuk <kukuk@thkukuk.de> 2009-02-18 21:25:46 +0000
commit: 2afda8880a7bdec2cae03ba4d210916fe7289804 (patch)
tree: ec04e1b6ea1cdaaac6fd7c379533e30df64aadcd /libpam
parent: 4e53d8d8c64e89a05c24e4a208675f28680f7aa7 (diff)
download: pam-2afda8880a7bdec2cae03ba4d210916fe7289804.tar.gz
pam-2afda8880a7bdec2cae03ba4d210916fe7289804.tar.bz2
pam-2afda8880a7bdec2cae03ba4d210916fe7289804.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/libpam/pam_password.c b/libpam/pam_password.c
index 7100979f..70917c58 100644
--- a/libpam/pam_password.c
+++ b/libpam/pam_password.c
@@ -24,6 +24,13 @@ int pam_chauthtok(pam_handle_t *pamh, int flags)
 	return PAM_SYSTEM_ERR;
     }
 
+    /* applications are not allowed to set this flags */
+    if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) {
+      pam_syslog (pamh, LOG_ERR,
+		  "PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK set by application");
+      return PAM_SYSTEM_ERR;
+    }
+
     if (pamh->former.choice == PAM_NOT_STACKED) {
 	_pam_start_timer(pamh);    /* we try to make the time for a failure
 				      independent of the time it takes to
@@ -58,4 +65,3 @@ int pam_chauthtok(pam_handle_t *pamh, int flags)
 
     return retval;
 }
-
author	Thorsten Kukuk <kukuk@thkukuk.de>	2009-02-18 21:25:46 +0000
committer	Thorsten Kukuk <kukuk@thkukuk.de>	2009-02-18 21:25:46 +0000
commit	2afda8880a7bdec2cae03ba4d210916fe7289804 (patch)
tree	ec04e1b6ea1cdaaac6fd7c379533e30df64aadcd /libpam
parent	4e53d8d8c64e89a05c24e4a208675f28680f7aa7 (diff)
download	pam-2afda8880a7bdec2cae03ba4d210916fe7289804.tar.gz pam-2afda8880a7bdec2cae03ba4d210916fe7289804.tar.bz2 pam-2afda8880a7bdec2cae03ba4d210916fe7289804.zip