diff options
| author | Tomas Mraz <tm@t8m.info> | 2004-11-10 09:44:32 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2004-11-10 09:44:32 +0000 |
| commit | d948d7defc434a8d7d1771e9e1b41ffd1c9b2954 (patch) | |
| tree | c9b10d4334155f070b318fac28deda50fe35ffc2 /modules/pam_unix | |
| parent | 3bcea393bb88f111a5b27ad6d52375e548701d26 (diff) | |
| download | pam-d948d7defc434a8d7d1771e9e1b41ffd1c9b2954.tar.gz pam-d948d7defc434a8d7d1771e9e1b41ffd1c9b2954.tar.bz2 pam-d948d7defc434a8d7d1771e9e1b41ffd1c9b2954.zip | |
Relevant BUGIDs: Redhat BZ 115309
Purpose of commit: bugfix
Commit summary:
---------------
Change the order of password change (first try local, then NIS)
Diffstat (limited to 'modules/pam_unix')
| -rw-r--r-- | modules/pam_unix/pam_unix_passwd.c | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 71695276..e3f32941 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -539,7 +539,23 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, goto done; } - if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) { + if (_unix_comesfromsource(pamh, forwho, 1, 0)) { + /* first, save old password */ + if (save_old_password(pamh, forwho, fromwhat, remember)) { + retval = PAM_AUTHTOK_ERR; + goto done; + } + if (on(UNIX_SHADOW, ctrl) || _unix_shadowed(pwd)) { + retval = _update_shadow(pamh, forwho, towhat); + if (retval != PAM_SUCCESS && SELINUX_ENABLED) + retval = _unix_run_shadow_binary(pamh, ctrl, forwho, fromwhat, towhat); + if (retval == PAM_SUCCESS) + if (!_unix_shadowed(pwd)) + retval = _update_passwd(pamh, forwho, "x"); + } else { + retval = _update_passwd(pamh, forwho, towhat); + } + } else if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) { struct timeval timeout; struct yppasswd yppwd; CLIENT *clnt; @@ -605,23 +621,6 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, #endif return retval; } - /* first, save old password */ - if (save_old_password(pamh, forwho, fromwhat, remember)) { - retval = PAM_AUTHTOK_ERR; - goto done; - } - if (_unix_comesfromsource(pamh, forwho, 1, 0)) { - if (on(UNIX_SHADOW, ctrl) || _unix_shadowed(pwd)) { - retval = _update_shadow(pamh, forwho, towhat); - if (retval != PAM_SUCCESS && SELINUX_ENABLED) - retval = _unix_run_shadow_binary(pamh, ctrl, forwho, fromwhat, towhat); - if (retval == PAM_SUCCESS) - if (!_unix_shadowed(pwd)) - retval = _update_passwd(pamh, forwho, "x"); - } else { - retval = _update_passwd(pamh, forwho, towhat); - } - } done: #ifdef USE_LCKPWDF |