From a1131337d71a61da5b3b5e129545d3257a709480 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Thu, 11 Dec 2008 19:41:49 +0000
Subject: Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2008-12-10  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE.
        * libpam/pam_end.c (pam_end): Free authtok_type.
        * tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE
        as test case.
        * tests/tst-pam_set_item.c: Likewise.
        * libpam/pam_start.c (pam_start): Initialize xdisplay,
        xauth and authtok_type.
        * libpam/pam_get_authtok.c (pam_get_authtok): Rename "type"
        to "authtok_type".
        * modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with
        "authtok_type=".
        * doc/man/pam_get_authtok.3.xml: Document authtok_type argument.
        * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set
        type= argument as PAM_AUTHTOK_TYPE item.
        * libpam/pam_get_authtok.c (pam_get_authtok): If no type
        argument given, use PAM_AUTHTOK_TYPE item.
        * libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item.
        (pam_set_item): Store PAM_AUTHTOK_TYPE item.
        * libpam/pam_private.h: Add authtok_type to pam_handle.
        * libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New.
---
 modules/pam_cracklib/pam_cracklib.8.xml |  6 +++---
 modules/pam_cracklib/pam_cracklib.c     | 18 ++++++------------
 2 files changed, 9 insertions(+), 15 deletions(-)

(limited to 'modules/pam_cracklib')

diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
index 336da5dd..1c31e077 100644
--- a/modules/pam_cracklib/pam_cracklib.8.xml
+++ b/modules/pam_cracklib/pam_cracklib.8.xml
@@ -171,15 +171,15 @@
 
         <varlistentry>
           <term>
-            <option>type=<replaceable>XXX</replaceable></option>
+            <option>authtok_type=<replaceable>XXX</replaceable></option>
           </term>
           <listitem>
             <para>
               The default action is for the module to use the
               following prompts when requesting passwords:
               "New UNIX password: " and "Retype UNIX password: ".
-              The default word <emphasis>UNIX</emphasis> can
-              be replaced with this option.
+              The example word <emphasis>UNIX</emphasis> can
+              be replaced with this option, by default it is empty.
             </para>
           </listitem>
         </varlistentry>
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
index 398727e1..ba64aae2 100644
--- a/modules/pam_cracklib/pam_cracklib.c
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -99,11 +99,8 @@ struct cracklib_options {
 	int low_credit;
 	int oth_credit;
         int min_class;
-	int use_authtok;
-	int try_first_pass;
 	int max_repeat;
 	int reject_user;
-	char prompt_type[BUFSIZ];
         const char *cracklib_dictpath;
 };
 
@@ -116,7 +113,6 @@ struct cracklib_options {
 #define CO_UP_CREDIT    1
 #define CO_LOW_CREDIT   1
 #define CO_OTH_CREDIT   1
-#define CO_USE_AUTHTOK  0
 
 static int
 _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
@@ -133,7 +129,7 @@ _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
 	 if (!strcmp(*argv,"debug"))
 	     ctrl |= PAM_DEBUG_ARG;
 	 else if (!strncmp(*argv,"type=",5))
-	     strncpy(opt->prompt_type, *argv+5, sizeof(opt->prompt_type) - 1);
+	     pam_set_item (pamh, PAM_AUTHTOK_TYPE, *argv+5);
 	 else if (!strncmp(*argv,"retry=",6)) {
 	     opt->retry_times = strtol(*argv+6,&ep,10);
 	     if (!ep || (opt->retry_times < 1))
@@ -178,12 +174,14 @@ _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
                  opt->max_repeat = 0;
 	 } else if (!strncmp(*argv,"reject_username",15)) {
 		 opt->reject_user = 1;
+	 } else if (!strncmp(*argv,"authtok_type",12)) {
+	   /* for pam_get_authtok, ignore */;
 	 } else if (!strncmp(*argv,"use_authtok",11)) {
-		 opt->use_authtok = 1;
+           /* for pam_get_authtok, ignore */;
 	 } else if (!strncmp(*argv,"use_first_pass",14)) {
-		 opt->use_authtok = 1;
+	   /* for pam_get_authtok, ignore */;
 	 } else if (!strncmp(*argv,"try_first_pass",14)) {
-		 opt->try_first_pass = 1;
+	   /* for pam_get_authtok, ignore */;
 	 } else if (!strncmp(*argv,"dictpath=",9)) {
 	     opt->cracklib_dictpath = *argv+9;
 	     if (!*(opt->cracklib_dictpath)) {
@@ -193,7 +191,6 @@ _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
 	     pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
 	 }
      }
-     opt->prompt_type[sizeof(opt->prompt_type) - 1] = '\0';
 
      return ctrl;
 }
@@ -602,9 +599,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
     options.up_credit = CO_UP_CREDIT;
     options.low_credit = CO_LOW_CREDIT;
     options.oth_credit = CO_OTH_CREDIT;
-    options.use_authtok = CO_USE_AUTHTOK;
-    memset(options.prompt_type, 0, BUFSIZ);
-    strcpy(options.prompt_type,"UNIX");
     options.cracklib_dictpath = CRACKLIB_DICTS;
 
     ctrl = _pam_parse(pamh, &options, argc, argv);
-- 
cgit v1.2.3