From cf90454cdde0b0a905877dd0b02042347184729c Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 14 May 2008 13:03:39 +0000 Subject: [PATCH] Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2008-05-14 Tomas Mraz * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok item when password is not approved. * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS is always set when UNIX_AUTHTOK is set, change order of conditions. --- ChangeLog | 5 +++++ modules/pam_unix/pam_unix_passwd.c | 4 ++++ modules/pam_unix/support.c | 4 ++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0546b9c7..d3268d61 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ * libpam/pam_modutil_getspnam.c: Likewise. * libpam/pam_modutil_private.h: Adjust values for PWD_ constants. + * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok + item when password is not approved. + * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS + is always set when UNIX_AUTHTOK is set, change order of conditions. + 2008-05-02 Tomas Mraz * modules/pam_selinux/pam_selinux.c(query_response): Add handling diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index d221220f..0a429756 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -699,6 +699,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, pass_new = NULL; } retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); + + if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) { + pam_set_item(pamh, PAM_AUTHTOK, NULL); + } } if (retval != PAM_SUCCESS) { diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index b82cad26..781d0006 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -743,11 +743,11 @@ int _unix_read_password(pam_handle_t * pamh return retval; } else if (*pass != NULL) { /* we have a password! */ return PAM_SUCCESS; - } else if (on(UNIX_USE_FIRST_PASS, ctrl)) { - return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } else if (on(UNIX_USE_AUTHTOK, ctrl) && off(UNIX__OLD_PASSWD, ctrl)) { return PAM_AUTHTOK_ERR; + } else if (on(UNIX_USE_FIRST_PASS, ctrl)) { + return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } } /* -- 2.40.0