From cf90454cdde0b0a905877dd0b02042347184729c Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Wed, 14 May 2008 13:03:39 +0000
Subject: Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2008-05-14  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok
        item when password is not approved.
        * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS
        is always set when UNIX_AUTHTOK is set, change order of conditions.
---
 modules/pam_unix/support.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/pam_unix/support.c')

diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index b82cad26..781d0006 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -743,11 +743,11 @@ int _unix_read_password(pam_handle_t * pamh
 			return retval;
 		} else if (*pass != NULL) {	/* we have a password! */
 			return PAM_SUCCESS;
-		} else if (on(UNIX_USE_FIRST_PASS, ctrl)) {
-			return PAM_AUTHTOK_RECOVERY_ERR;	  /* didn't work */
 		} else if (on(UNIX_USE_AUTHTOK, ctrl)
 			   && off(UNIX__OLD_PASSWD, ctrl)) {
 			return PAM_AUTHTOK_ERR;
+		} else if (on(UNIX_USE_FIRST_PASS, ctrl)) {
+			return PAM_AUTHTOK_RECOVERY_ERR;	  /* didn't work */
 		}
 	}
 	/*
-- 
cgit v1.2.3