From cf90454cdde0b0a905877dd0b02042347184729c Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Wed, 14 May 2008 13:03:39 +0000
Subject: Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2008-05-14  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok
        item when password is not approved.
        * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS
        is always set when UNIX_AUTHTOK is set, change order of conditions.
---
 modules/pam_unix/pam_unix_passwd.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'modules/pam_unix/pam_unix_passwd.c')

diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index d221220f..0a429756 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -699,6 +699,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 				pass_new = NULL;
 			}
 			retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);
+			
+			if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) {
+				pam_set_item(pamh, PAM_AUTHTOK, NULL);
+			}
 		}
 
 		if (retval != PAM_SUCCESS) {
-- 
cgit v1.2.3