diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 19:05:18 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 21:26:02 -0800 |
| commit | 2fab298d986f0dec0f655884083c78d4cd0a08ff (patch) | |
| tree | 3fb48879b8a0f0a14518fb6963febe68218e21b0 /modules/pam_cracklib/pam_cracklib.c | |
| parent | bd01c7eaabdecde8fbf697b17d70e3596aeaf83f (diff) | |
| parent | aa0448336a79d85579464f023ac87675be60abfc (diff) | |
| download | pam-2fab298d986f0dec0f655884083c78d4cd0a08ff.tar.gz pam-2fab298d986f0dec0f655884083c78d4cd0a08ff.tar.bz2 pam-2fab298d986f0dec0f655884083c78d4cd0a08ff.zip | |
merge upstream version 1.1.1
Diffstat (limited to 'modules/pam_cracklib/pam_cracklib.c')
| -rw-r--r-- | modules/pam_cracklib/pam_cracklib.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index ba64aae2..2e911261 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -545,7 +545,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, const char *pass_new) { const char *msg = NULL; - const void *user; + const char *user; int retval; if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) { @@ -556,7 +556,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, return PAM_AUTHTOK_ERR; } - retval = pam_get_item(pamh, PAM_USER, &user); + retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS || user == NULL) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh,LOG_ERR,"Can not get username"); @@ -639,9 +639,9 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, * set PAM_AUTHTOK and return */ - retval = pam_get_authtok (pamh, PAM_AUTHTOK, &newtoken, NULL); + retval = pam_get_authtok_noverify (pamh, &newtoken, NULL); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "pam_get_authtok returned error: %s", + pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s", pam_strerror (pamh, retval)); continue; } else if (newtoken == NULL) { /* user aborted password change, quit */ @@ -658,6 +658,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg); if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { + pam_set_item (pamh, PAM_AUTHTOK, NULL); retval = PAM_AUTHTOK_ERR; continue; } @@ -670,10 +671,22 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (retval != PAM_SUCCESS) { if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { + pam_set_item(pamh, PAM_AUTHTOK, NULL); retval = PAM_AUTHTOK_ERR; continue; } } + + retval = pam_get_authtok_verify (pamh, &newtoken, NULL); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s", + pam_strerror (pamh, retval)); + pam_set_item(pamh, PAM_AUTHTOK, NULL); + continue; + } else if (newtoken == NULL) { /* user aborted password change, quit */ + return PAM_AUTHTOK_ERR; + } + return PAM_SUCCESS; } |