Sets it.
*/
-/* data tokens */
-
-#define _UNIX_OLD_AUTHTOK "-UN*X-OLD-PASS"
-#define _UNIX_NEW_AUTHTOK "-UN*X-NEW-PASS"
-
#define MAX_PASSWD_TRIES 3
#ifdef HAVE_NIS
pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
}
_make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
- _("No password supplied") : _("Password unchanged"));
+ _("No password has been supplied.") :
+ _("The password has not been changed."));
return PAM_AUTHTOK_ERR;
}
/*
}
if (off(UNIX__IAMROOT, ctrl)) {
if (strlen(pass_new) < pass_min_len)
- remark = _("You must choose a longer password");
+ remark = _("You must choose a longer password.");
D(("length check [%s]", remark));
if (on(UNIX_REMEMBER_PASSWD, ctrl)) {
if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR)
/* <DO NOT free() THESE> */
const char *user;
- const void *pass_old, *pass_new;
+ const void *item;
+ const char *pass_old, *pass_new;
/* </DO NOT free() THESE> */
D(("called."));
* obtain and verify the current password (OLDAUTHTOK) for
* the user.
*/
- char *Announce;
-
D(("prelim check"));
if (_unix_blankpasswd(pamh, ctrl, user)) {
} else if (off(UNIX__IAMROOT, ctrl) ||
(on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) {
/* instruct user what is happening */
- if (asprintf(&Announce, _("Changing password for %s."),
- user) < 0) {
- pam_syslog(pamh, LOG_CRIT,
- "password - out of memory");
- return PAM_BUF_ERR;
+ if (off(UNIX__QUIET, ctrl)) {
+ retval = pam_info(pamh, _("Changing password for %s."), user);
+ if (retval != PAM_SUCCESS)
+ return retval;
}
-
- lctrl = ctrl;
- set(UNIX__OLD_PASSWD, lctrl);
- retval = _unix_read_password(pamh, lctrl
- ,Announce
- ,_("(current) UNIX password: ")
- ,NULL
- ,_UNIX_OLD_AUTHTOK
- ,&pass_old);
- free(Announce);
+ retval = pam_get_authtok(pamh, PAM_OLDAUTHTOK, &pass_old, NULL);
if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_NOTICE,
pass_old = NULL;
return retval;
}
- retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old);
pass_old = NULL;
- if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_CRIT,
- "failed to set PAM_OLDAUTHTOK");
- }
retval = _unix_verify_shadow(pamh,user, ctrl);
if (retval == PAM_AUTHTOK_ERR) {
if (off(UNIX__IAMROOT, ctrl))
_make_remark(pamh, ctrl, PAM_ERROR_MSG,
- _("You must wait longer to change your password"));
+ _("You must wait longer to change your password."));
else
retval = PAM_SUCCESS;
}
* previous call to this function].
*/
- if (off(UNIX_NOT_SET_PASS, ctrl)) {
- retval = pam_get_item(pamh, PAM_OLDAUTHTOK
- ,&pass_old);
- } else {
- retval = pam_get_data(pamh, _UNIX_OLD_AUTHTOK
- ,&pass_old);
- if (retval == PAM_NO_MODULE_DATA) {
- retval = PAM_SUCCESS;
- pass_old = NULL;
- }
- }
- D(("pass_old [%s]", pass_old));
+ retval = pam_get_item(pamh, PAM_OLDAUTHTOK, &item);
if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_NOTICE, "user not authenticated");
return retval;
}
+ pass_old = item;
+ D(("pass_old [%s]", pass_old));
D(("get new password now"));
if (on(UNIX_USE_AUTHTOK, lctrl)) {
set(UNIX_USE_FIRST_PASS, lctrl);
}
- retry = 0;
+ if (on(UNIX_USE_FIRST_PASS, lctrl)) {
+ retry = MAX_PASSWD_TRIES-1;
+ }
retval = PAM_AUTHTOK_ERR;
while ((retval != PAM_SUCCESS) && (retry++ < MAX_PASSWD_TRIES)) {
/*
* password -- needed for pluggable password strength checking
*/
- retval = _unix_read_password(pamh, lctrl
- ,NULL
- ,_("Enter new UNIX password: ")
- ,_("Retype new UNIX password: ")
- ,_UNIX_NEW_AUTHTOK
- ,&pass_new);
+ retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass_new, NULL);
if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) {
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_ERR,
"password - new password not obtained");
}
pass_old = NULL; /* tidy up */
retval = _pam_unix_approve_pass(pamh, ctrl, pass_old,
pass_new, pass_min_len);
- if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) {
+ if (retval != PAM_SUCCESS) {
pam_set_item(pamh, PAM_AUTHTOK, NULL);
}
}
_pam_delete(tpass);
pass_old = pass_new = NULL;
} else { /* something has broken with the module */
- pam_syslog(pamh, LOG_ALERT,
+ pam_syslog(pamh, LOG_CRIT,
"password received unknown request");
retval = PAM_ABORT;
}