From 3165b29623e3498f8e75dba5413c4a662bdcec15 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 16 Apr 2008 08:21:05 +0000 Subject: [PATCH] Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2008-04-16 Tomas Mraz * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Recognize also try_first_pass and use_first_pass options. (pam_sm_chauthtok): Implement the new options. --- ChangeLog | 5 ++++- modules/pam_cracklib/pam_cracklib.c | 13 ++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f2879d69..2db1fb69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,10 +1,13 @@ 2008-04-16 Tomas Mraz * modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit. - * modules/pam_unix/unix_chkpwd.c(_audit_log): New function for audit. (main): Call _audit_log() when appropriate. + * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Recognize also + try_first_pass and use_first_pass options. + (pam_sm_chauthtok): Implement the new options. + 2008-04-08 Tomas Mraz * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index 0c39f89d..12cbcf3c 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -98,6 +98,7 @@ struct cracklib_options { int oth_credit; int min_class; int use_authtok; + int try_first_pass; char prompt_type[BUFSIZ]; const char *cracklib_dictpath; }; @@ -169,6 +170,10 @@ _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt, opt->min_class = 4 ; } else if (!strncmp(*argv,"use_authtok",11)) { opt->use_authtok = 1; + } else if (!strncmp(*argv,"use_first_pass",14)) { + opt->use_authtok = 1; + } else if (!strncmp(*argv,"try_first_pass",14)) { + opt->try_first_pass = 1; } else if (!strncmp(*argv,"dictpath=",9)) { opt->cracklib_dictpath = *argv+9; if (!*(opt->cracklib_dictpath)) { @@ -619,7 +624,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, * set PAM_AUTHTOK and return */ - if (options.use_authtok == 1) { + if (options.use_authtok == 1 || options.try_first_pass == 1) { const void *item = NULL; retval = pam_get_item(pamh, PAM_AUTHTOK, &item); @@ -630,11 +635,13 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } else if (item != NULL) { /* we have a password! */ token1 = x_strdup(item); item = NULL; + options.use_authtok = 1; /* don't ask for the password again */ } else { retval = PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } - - } else { + } + + if (options.use_authtok != 1) { /* Prepare to ask the user for the first time */ resp = NULL; retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp, -- 2.40.0