Fix grammar of messages printed via pam_prompt

[linux-pam] / modules / pam_unix / pam_unix_passwd.c

diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index fa2932780c4570ef390432fb597bd71374f8d557..9d0aa73323649aa23f87e97c9046c5dd6ee22f38 100644 (file)
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -106,11 +106,6 @@ extern int getrpcport(const char *host, unsigned long prognum,
    Sets it.
  */
 
-/* data tokens */
-
-#define _UNIX_OLD_AUTHTOK      "-UN*X-OLD-PASS"
-#define _UNIX_NEW_AUTHTOK      "-UN*X-NEW-PASS"
-
 #define MAX_PASSWD_TRIES       3
 
 #ifdef HAVE_NIS
@@ -565,7 +560,8 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
                        pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
                }
                _make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
-                       _("No password supplied") : _("Password unchanged"));
+                       _("No password has been supplied.") :
+                       _("The password has not been changed."));
                return PAM_AUTHTOK_ERR;
        }
        /*
@@ -582,7 +578,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
        }
        if (off(UNIX__IAMROOT, ctrl)) {
                if (strlen(pass_new) < pass_min_len)
-                 remark = _("You must choose a longer password");
+                 remark = _("You must choose a longer password.");
                D(("length check [%s]", remark));
                if (on(UNIX_REMEMBER_PASSWD, ctrl)) {
                        if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR)
@@ -612,7 +608,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 
        /* <DO NOT free() THESE> */
        const char *user;
-       const void *pass_old, *pass_new;
+       const void *item;
+       const char *pass_old, *pass_new;
        /* </DO NOT free() THESE> */
 
        D(("called."));
@@ -680,8 +677,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
                 * obtain and verify the current password (OLDAUTHTOK) for
                 * the user.
                 */
-               char *Announce;
-
                D(("prelim check"));
 
                if (_unix_blankpasswd(pamh, ctrl, user)) {
@@ -689,22 +684,12 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
                } else if (off(UNIX__IAMROOT, ctrl) ||
                           (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) {
                        /* instruct user what is happening */
-                       if (asprintf(&Announce, _("Changing password for %s."),
-                               user) < 0) {
-                               pam_syslog(pamh, LOG_CRIT,
-                                        "password - out of memory");
-                               return PAM_BUF_ERR;
+                       if (off(UNIX__QUIET, ctrl)) {
+                               retval = pam_info(pamh, _("Changing password for %s."), user);
+                               if (retval != PAM_SUCCESS)
+                                       return retval;
                        }
-
-                       lctrl = ctrl;
-                       set(UNIX__OLD_PASSWD, lctrl);
-                       retval = _unix_read_password(pamh, lctrl
-                                                    ,Announce
-                                            ,_("(current) UNIX password: ")
-                                                    ,NULL
-                                                    ,_UNIX_OLD_AUTHTOK
-                                            ,&pass_old);
-                       free(Announce);
+                       retval = pam_get_authtok(pamh, PAM_OLDAUTHTOK, &pass_old, NULL);
 
                        if (retval != PAM_SUCCESS) {
                                pam_syslog(pamh, LOG_NOTICE,
@@ -725,17 +710,12 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
                        pass_old = NULL;
                        return retval;
                }
-               retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old);
                pass_old = NULL;
-               if (retval != PAM_SUCCESS) {
-                       pam_syslog(pamh, LOG_CRIT,
-                                "failed to set PAM_OLDAUTHTOK");
-               }
                retval = _unix_verify_shadow(pamh,user, ctrl);
                if (retval == PAM_AUTHTOK_ERR) {
                        if (off(UNIX__IAMROOT, ctrl))
                                _make_remark(pamh, ctrl, PAM_ERROR_MSG,
-                                            _("You must wait longer to change your password"));
+                                            _("You must wait longer to change your password."));
                        else
                                retval = PAM_SUCCESS;
                }
@@ -760,23 +740,14 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
                 * previous call to this function].
                 */
 
-               if (off(UNIX_NOT_SET_PASS, ctrl)) {
-                       retval = pam_get_item(pamh, PAM_OLDAUTHTOK
-                                             ,&pass_old);
-               } else {
-                       retval = pam_get_data(pamh, _UNIX_OLD_AUTHTOK
-                                             ,&pass_old);
-                       if (retval == PAM_NO_MODULE_DATA) {
-                               retval = PAM_SUCCESS;
-                               pass_old = NULL;
-                       }
-               }
-               D(("pass_old [%s]", pass_old));
+               retval = pam_get_item(pamh, PAM_OLDAUTHTOK, &item);
 
                if (retval != PAM_SUCCESS) {
                        pam_syslog(pamh, LOG_NOTICE, "user not authenticated");
                        return retval;
                }
+               pass_old = item;
+               D(("pass_old [%s]", pass_old));
 
                D(("get new password now"));
 
@@ -785,7 +756,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
                if (on(UNIX_USE_AUTHTOK, lctrl)) {
                        set(UNIX_USE_FIRST_PASS, lctrl);
                }
-               retry = 0;
+               if (on(UNIX_USE_FIRST_PASS, lctrl)) {
+                       retry = MAX_PASSWD_TRIES-1;
+               }
                retval = PAM_AUTHTOK_ERR;
                while ((retval != PAM_SUCCESS) && (retry++ < MAX_PASSWD_TRIES)) {
                        /*
@@ -793,16 +766,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
                         * password -- needed for pluggable password strength checking
                         */
 
-                       retval = _unix_read_password(pamh, lctrl
-                                                    ,NULL
-                                            ,_("Enter new UNIX password: ")
-                                           ,_("Retype new UNIX password: ")
-                                                    ,_UNIX_NEW_AUTHTOK
-                                            ,&pass_new);
+                       retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass_new, NULL);
 
                        if (retval != PAM_SUCCESS) {
                                if (on(UNIX_DEBUG, ctrl)) {
-                                       pam_syslog(pamh, LOG_ALERT,
+                                       pam_syslog(pamh, LOG_ERR,
                                                 "password - new password not obtained");
                                }
                                pass_old = NULL;        /* tidy up */
@@ -822,7 +790,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
                        retval = _pam_unix_approve_pass(pamh, ctrl, pass_old,
                                                        pass_new, pass_min_len);
 
-                       if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) {
+                       if (retval != PAM_SUCCESS) {
                                pam_set_item(pamh, PAM_AUTHTOK, NULL);
                        }
                }
@@ -892,7 +860,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
                _pam_delete(tpass);
                pass_old = pass_new = NULL;
        } else {                /* something has broken with the module */
-               pam_syslog(pamh, LOG_ALERT,
+               pam_syslog(pamh, LOG_CRIT,
                         "password received unknown request");
                retval = PAM_ABORT;
        }