- pam_sm_chauthtok() can return PAM_TRY_AGAIN.
- "sufficient" should not terminate the chain if the PAM_PRELIM_CHECK flag is set. Sponsored by: DARPA, NAI Labs git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@81 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
ffabf53a8c
commit
8ea571eeba
|
@ -111,7 +111,8 @@ openpam_dispatch(pam_handle_t *pamh,
|
||||||
continue;
|
continue;
|
||||||
if (r == PAM_SUCCESS) {
|
if (r == PAM_SUCCESS) {
|
||||||
/*
|
/*
|
||||||
* For pam_setcred(), treat "sufficient" as
|
* For pam_setcred() and pam_chauthtok() with the
|
||||||
|
* PAM_PRELIM_CHECK flag, treat "sufficient" as
|
||||||
* "optional".
|
* "optional".
|
||||||
*
|
*
|
||||||
* Note that Solaris libpam does not terminate
|
* Note that Solaris libpam does not terminate
|
||||||
|
@ -119,7 +120,9 @@ openpam_dispatch(pam_handle_t *pamh,
|
||||||
* previously failed. I'm not sure why.
|
* previously failed. I'm not sure why.
|
||||||
*/
|
*/
|
||||||
if (chain->flag == PAM_SUFFICIENT &&
|
if (chain->flag == PAM_SUFFICIENT &&
|
||||||
primitive != PAM_SM_SETCRED)
|
primitive != PAM_SM_SETCRED &&
|
||||||
|
(primitive != PAM_SM_CHAUTHTOK ||
|
||||||
|
!(flags & PAM_PRELIM_CHECK)))
|
||||||
break;
|
break;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -203,7 +206,8 @@ _openpam_check_error_code(int primitive, int r)
|
||||||
r == PAM_AUTHTOK_ERR ||
|
r == PAM_AUTHTOK_ERR ||
|
||||||
r == PAM_AUTHTOK_RECOVERY_ERR ||
|
r == PAM_AUTHTOK_RECOVERY_ERR ||
|
||||||
r == PAM_AUTHTOK_LOCK_BUSY ||
|
r == PAM_AUTHTOK_LOCK_BUSY ||
|
||||||
r == PAM_AUTHTOK_DISABLE_AGING)
|
r == PAM_AUTHTOK_DISABLE_AGING ||
|
||||||
|
r == PAM_TRY_AGAIN)
|
||||||
return;
|
return;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
@ -51,8 +51,18 @@ int
|
||||||
pam_chauthtok(pam_handle_t *pamh,
|
pam_chauthtok(pam_handle_t *pamh,
|
||||||
int flags)
|
int flags)
|
||||||
{
|
{
|
||||||
|
int pam_err;
|
||||||
|
|
||||||
return (openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags));
|
if (flags & PAM_PRELIM_CHECK || flags & PAM_UPDATE_AUTHTOK)
|
||||||
|
return (PAM_SYMBOL_ERR);
|
||||||
|
pam_err = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
|
||||||
|
flags | PAM_PRELIM_CHECK);
|
||||||
|
if (pam_err == PAM_SUCCESS)
|
||||||
|
pam_err = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
|
||||||
|
flags | PAM_UPDATE_AUTHTOK);
|
||||||
|
pam_set_item(pamh, PAM_OLDAUTHTOK, NULL);
|
||||||
|
pam_set_item(pamh, PAM_AUTHTOK, NULL);
|
||||||
|
return (pam_err);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -61,4 +71,5 @@ pam_chauthtok(pam_handle_t *pamh,
|
||||||
* =openpam_dispatch
|
* =openpam_dispatch
|
||||||
* =pam_sm_chauthtok
|
* =pam_sm_chauthtok
|
||||||
* !PAM_IGNORE
|
* !PAM_IGNORE
|
||||||
|
* PAM_SYMBOL_ERR
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in New Issue