diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | libpam/pam_password.c | 8 |
2 files changed, 12 insertions, 1 deletions
@@ -1,3 +1,8 @@ +2009-02-18 Thorsten Kukuk <kukuk@thkukuk.de> + + * libpam/pam_password.c (pam_chauthtok): Make sure applications + don't set internal flags. + 2009-02-17 Thorsten Kukuk <kukuk@thkukuk.de> * doc/man/pam_sm_chauthtok.3.xml: Document that sufficient diff --git a/libpam/pam_password.c b/libpam/pam_password.c index 7100979f..70917c58 100644 --- a/libpam/pam_password.c +++ b/libpam/pam_password.c @@ -24,6 +24,13 @@ int pam_chauthtok(pam_handle_t *pamh, int flags) return PAM_SYSTEM_ERR; } + /* applications are not allowed to set this flags */ + if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) { + pam_syslog (pamh, LOG_ERR, + "PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK set by application"); + return PAM_SYSTEM_ERR; + } + if (pamh->former.choice == PAM_NOT_STACKED) { _pam_start_timer(pamh); /* we try to make the time for a failure independent of the time it takes to @@ -58,4 +65,3 @@ int pam_chauthtok(pam_handle_t *pamh, int flags) return retval; } - |