summaryrefslogtreecommitdiff
path: root/libpam
diff options
context:
space:
mode:
Diffstat (limited to 'libpam')
-rw-r--r--libpam/pam_password.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/libpam/pam_password.c b/libpam/pam_password.c
index 7100979f..70917c58 100644
--- a/libpam/pam_password.c
+++ b/libpam/pam_password.c
@@ -24,6 +24,13 @@ int pam_chauthtok(pam_handle_t *pamh, int flags)
return PAM_SYSTEM_ERR;
}
+ /* applications are not allowed to set this flags */
+ if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) {
+ pam_syslog (pamh, LOG_ERR,
+ "PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK set by application");
+ return PAM_SYSTEM_ERR;
+ }
+
if (pamh->former.choice == PAM_NOT_STACKED) {
_pam_start_timer(pamh); /* we try to make the time for a failure
independent of the time it takes to
@@ -58,4 +65,3 @@ int pam_chauthtok(pam_handle_t *pamh, int flags)
return retval;
}
-