summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_unix')
-rw-r--r--modules/pam_unix/pam_unix_passwd.c4
-rw-r--r--modules/pam_unix/support.c4
2 files changed, 6 insertions, 2 deletions
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index d221220f..0a429756 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -699,6 +699,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
pass_new = NULL;
}
retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);
+
+ if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) {
+ pam_set_item(pamh, PAM_AUTHTOK, NULL);
+ }
}
if (retval != PAM_SUCCESS) {
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index b82cad26..781d0006 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -743,11 +743,11 @@ int _unix_read_password(pam_handle_t * pamh
return retval;
} else if (*pass != NULL) { /* we have a password! */
return PAM_SUCCESS;
- } else if (on(UNIX_USE_FIRST_PASS, ctrl)) {
- return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */
} else if (on(UNIX_USE_AUTHTOK, ctrl)
&& off(UNIX__OLD_PASSWD, ctrl)) {
return PAM_AUTHTOK_ERR;
+ } else if (on(UNIX_USE_FIRST_PASS, ctrl)) {
+ return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */
}
}
/*
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 11:00:09 +0000