Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2009-07-21  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Delete
        new token if it does not match strength criteria.

1 files changed, 4 insertions, 2 deletions

diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
index ba64aae2..cf383b2c 100644
--- a/modules/pam_cracklib/pam_cracklib.c
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -545,7 +545,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh,
                                   const char *pass_new)
 {
     const char *msg = NULL;
-    const void *user;
+    const char *user;
     int retval;
 
     if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
@@ -556,7 +556,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh,
         return PAM_AUTHTOK_ERR;
     }
 
-    retval = pam_get_item(pamh, PAM_USER, &user);
+    retval = pam_get_user(pamh, &user, NULL);
     if (retval != PAM_SUCCESS || user == NULL) {
 	if (ctrl & PAM_DEBUG_ARG)
 		pam_syslog(pamh,LOG_ERR,"Can not get username");
@@ -658,6 +658,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	    pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg);
 	    if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
 	      {
+		pam_set_item (pamh, PAM_AUTHTOK, NULL);
 		retval = PAM_AUTHTOK_ERR;
 		continue;
 	      }
@@ -670,6 +671,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	  if (retval != PAM_SUCCESS) {
 	    if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
 	      {
+		pam_set_item(pamh, PAM_AUTHTOK, NULL);
 		retval = PAM_AUTHTOK_ERR;
 		continue;
 	      }