diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2009-11-10 15:52:20 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2009-11-10 15:52:20 +0000 |
| commit | 0674700d17431655b4be03de6119ada78164266b (patch) | |
| tree | 6ea8c9d3346ff231f375f484fef29e521f50a424 /modules | |
| parent | cf360646cafc2f84d7a601d9681555c4d43e713b (diff) | |
Relevant BUGIDs:
Purpose of commit: regression fix
Commit summary:
---------------
2009-11-10 Thorsten Kukuk <kukuk@suse.de>
* doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify
and pam_get_authtok_verify.
* libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam.
* libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed
from pam_get_authtok, add flags argument, always check return
values.
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use
pam_get_authtok_noverify and pam_get_authtok_verify.
* libpam/include/security/pam_ext.h: Add prototypes for
pam_get_authtok_noverify and pam_get_authtok_verify.
* libpam/libpam.map: Add new pam_get_authtok_* functions.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_cracklib/pam_cracklib.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index cf383b2c..2e911261 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -639,9 +639,9 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, * set PAM_AUTHTOK and return */ - retval = pam_get_authtok (pamh, PAM_AUTHTOK, &newtoken, NULL); + retval = pam_get_authtok_noverify (pamh, &newtoken, NULL); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "pam_get_authtok returned error: %s", + pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s", pam_strerror (pamh, retval)); continue; } else if (newtoken == NULL) { /* user aborted password change, quit */ @@ -676,6 +676,17 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, continue; } } + + retval = pam_get_authtok_verify (pamh, &newtoken, NULL); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s", + pam_strerror (pamh, retval)); + pam_set_item(pamh, PAM_AUTHTOK, NULL); + continue; + } else if (newtoken == NULL) { /* user aborted password change, quit */ + return PAM_AUTHTOK_ERR; + } + return PAM_SUCCESS; } |