pam_get_authtok(): Add authtok_type support to current password prompt.

* libpam/pam_get_authtok.c (pam_get_authtok_internal): When changing password,
use different prompt for current password allowing for authtok_type to be
displayed to the user.

1 files changed, 13 insertions, 5 deletions

diff --git a/libpam/pam_get_authtok.c b/libpam/pam_get_authtok.c
index 663f1f36..9bfbdf0f 100644
--- a/libpam/pam_get_authtok.c
+++ b/libpam/pam_get_authtok.c
@@ -38,6 +38,8 @@
 
 #define PROMPT _("Password: ")
 /* For Translators: "%s%s" could be replaced with "<service> " or "". */
+#define PROMPTCURRENT _("Current %s%spassword: ")
+/* For Translators: "%s%s" could be replaced with "<service> " or "". */
 #define PROMPT1 _("New %s%spassword: ")
 /* For Translators: "%s%s" could be replaced with "<service> " or "". */
 #define PROMPT2 _("Retype new %s%spassword: ")
@@ -89,12 +91,14 @@ pam_get_authtok_internal (pam_handle_t *pamh, int item,
 
   /* PAM_AUTHTOK in password stack returns new password,
      which needs to be verified. */
-  if (item == PAM_AUTHTOK && pamh->choice == PAM_CHAUTHTOK)
+  if (pamh->choice == PAM_CHAUTHTOK)
     {
-      chpass = 1;
-      if (!(flags & PAM_GETAUTHTOK_NOVERIFY))
-	++chpass;
-
+      if (item == PAM_AUTHTOK)
+	{
+	  chpass = 1;
+	  if (!(flags & PAM_GETAUTHTOK_NOVERIFY))
+	    ++chpass;
+	}
       authtok_type = get_option (pamh, "authtok_type");
       if (authtok_type == NULL)
 	{
@@ -144,6 +148,10 @@ pam_get_authtok_internal (pam_handle_t *pamh, int item,
 			     PROMPT2, authtok_type,
 			     strlen (authtok_type) > 0?" ":"");
     }
+  else if (item == PAM_OLDAUTHTOK)
+    retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0],
+			 PROMPTCURRENT, authtok_type,
+			 strlen (authtok_type) > 0?" ":"");
   else
     retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0], "%s",
 			 PROMPT);