From 7e09188c5dc4d0372ac7016f682cf63c686afe4a Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Wed, 6 Apr 2016 14:27:07 +0200
Subject: pam_unix: Use pam_get_authtok() instead of direct pam_prompt() calls.

We have to drop support for not_set_pass option which is not much useful
anyway. Instead we get proper support for authtok_type option.

* modules/pam_unix/pam_unix.8.xml: Removed not_set_pass option, added authtok_ty
pe
option.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace _unix_read_pas
sword()
call with equivalent pam_get_authtok() call.
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise and also drop
support for not_set_pass.
* modules/pam_unix/support.c (_unix_read_password): Remove.
* modules/pam_unix/support.h: Remove UNIX_NOT_SET_PASS add UNIX_AUTHTOK_TYPE.
---
 modules/pam_unix/support.h | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'modules/pam_unix/support.h')

diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index b767c265..b4c279c3 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -18,8 +18,6 @@
  * typed were not the same.
  */
 
-#define MISTYPED_PASS "Sorry, passwords do not match"
-
 /* type definition for the control options */
 
 typedef struct {
@@ -72,7 +70,7 @@ typedef struct {
 					   some information may be sensitive */
 #define UNIX_USE_FIRST_PASS       4
 #define UNIX_TRY_FIRST_PASS       5
-#define UNIX_NOT_SET_PASS         6	/* don't set the AUTHTOK items */
+#define UNIX_AUTHTOK_TYPE         6	/* TYPE for pam_get_authtok() */
 
 #define UNIX__PRELIM              7	/* internal */
 #define UNIX__UPDATE              8	/* internal */
@@ -116,7 +114,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
 /* UNIX_AUDIT */           {"audit",           _ALL_ON_,                 010, 0},
 /* UNIX_USE_FIRST_PASS */  {"use_first_pass",  _ALL_ON_^(060),           020, 0},
 /* UNIX_TRY_FIRST_PASS */  {"try_first_pass",  _ALL_ON_^(060),           040, 0},
-/* UNIX_NOT_SET_PASS */    {"not_set_pass",    _ALL_ON_,                0100, 0},
+/* UNIX_AUTHTOK_TYPE */    {"authtok_type=",   _ALL_ON_,                0100, 0},
 /* UNIX__PRELIM */         {NULL,              _ALL_ON_^(0600),         0200, 0},
 /* UNIX__UPDATE */         {NULL,              _ALL_ON_^(0600),         0400, 0},
 /* UNIX__NONULL */         {NULL,              _ALL_ON_,               01000, 0},
-- 
cgit v1.2.3