summaryrefslogtreecommitdiff
path: root/libpam/pam_password.c
diff options
context:
space:
mode:
Diffstat (limited to 'libpam/pam_password.c')
-rw-r--r--libpam/pam_password.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/libpam/pam_password.c b/libpam/pam_password.c
index cd57f20b..7e1e47df 100644
--- a/libpam/pam_password.c
+++ b/libpam/pam_password.c
@@ -1,7 +1,7 @@
/* pam_password.c - PAM Password Management */
/*
- * $Id: pam_password.c,v 1.5 2006/07/24 15:47:40 kukuk Exp $
+ * $Id: pam_password.c,v 1.6 2009/02/18 21:25:51 kukuk Exp $
*/
/* #define DEBUG */
@@ -24,6 +24,13 @@ int pam_chauthtok(pam_handle_t *pamh, int flags)
return PAM_SYSTEM_ERR;
}
+ /* applications are not allowed to set this flags */
+ if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) {
+ pam_syslog (pamh, LOG_ERR,
+ "PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK set by application");
+ return PAM_SYSTEM_ERR;
+ }
+
if (pamh->former.choice == PAM_NOT_STACKED) {
_pam_start_timer(pamh); /* we try to make the time for a failure
independent of the time it takes to
@@ -58,4 +65,3 @@ int pam_chauthtok(pam_handle_t *pamh, int flags)
return retval;
}
-