pam/pam-1.0.1-cracklib-try-first-pass.patch

diff -up Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c.try-first-pass Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c
--- Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c.try-first-pass	2008-03-05 21:21:38.000000000 +0100
+++ Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c	2008-09-05 21:35:18.000000000 +0200
@@ -98,6 +98,7 @@ struct cracklib_options {
 	int oth_credit;
         int min_class;
 	int use_authtok;
+	int try_first_pass;
 	char prompt_type[BUFSIZ];
         const char *cracklib_dictpath;
 };
@@ -169,6 +170,10 @@ _pam_parse (pam_handle_t *pamh, struct c
                      opt->min_class = 4 ;
 	 } else if (!strncmp(*argv,"use_authtok",11)) {
 		 opt->use_authtok = 1;
+	 } else if (!strncmp(*argv,"use_first_pass",14)) {
+		 opt->use_authtok = 1;
+	 } else if (!strncmp(*argv,"try_first_pass",14)) {
+		 opt->try_first_pass = 1;
 	 } else if (!strncmp(*argv,"dictpath=",9)) {
 	     opt->cracklib_dictpath = *argv+9;
 	     if (!*(opt->cracklib_dictpath)) {
@@ -619,7 +624,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
          * set PAM_AUTHTOK and return
          */
 
-	if (options.use_authtok == 1) {
+	if (options.use_authtok == 1 || options.try_first_pass == 1) {
 	    const void *item = NULL;
 
 	    retval = pam_get_item(pamh, PAM_AUTHTOK, &item);
@@ -630,11 +635,13 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
 	    } else if (item != NULL) {      /* we have a password! */
 		token1 = x_strdup(item);
 		item = NULL;
+		options.use_authtok = 1;    /* don't ask for the password again */
 	    } else {
 		retval = PAM_AUTHTOK_RECOVERY_ERR;         /* didn't work */
 	    }
-
-	} else {
+	}
+	
+	if (options.use_authtok != 1) {
             /* Prepare to ask the user for the first time */
             resp = NULL;
 	    retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,
- pam_loginuid: uids are unsigned (#460241) - new minor upstream release - use external db4 - drop tests for not pulling in libpthread (as NPTL should be safe) 2008-09-08 11:01:44 +00:00			`diff -up Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c.try-first-pass Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c`
			`--- Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c.try-first-pass 2008-03-05 21:21:38.000000000 +0100`
			`+++ Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c 2008-09-05 21:35:18.000000000 +0200`
			`@@ -98,6 +98,7 @@ struct cracklib_options {`
- added try_first_pass option to pam_cracklib - use try_first_pass for pam_unix and pam_cracklib in system-auth (#182350) 2006-02-24 10:46:47 +00:00			`int oth_credit;`
- pam_loginuid: uids are unsigned (#460241) - new minor upstream release - use external db4 - drop tests for not pulling in libpthread (as NPTL should be safe) 2008-09-08 11:01:44 +00:00			`int min_class;`
- added try_first_pass option to pam_cracklib - use try_first_pass for pam_unix and pam_cracklib in system-auth (#182350) 2006-02-24 10:46:47 +00:00			`int use_authtok;`
			`+ int try_first_pass;`
			`char prompt_type[BUFSIZ];`
- pam_loginuid: uids are unsigned (#460241) - new minor upstream release - use external db4 - drop tests for not pulling in libpthread (as NPTL should be safe) 2008-09-08 11:01:44 +00:00			`const char *cracklib_dictpath;`
- added try_first_pass option to pam_cracklib - use try_first_pass for pam_unix and pam_cracklib in system-auth (#182350) 2006-02-24 10:46:47 +00:00			`};`
- pam_loginuid: uids are unsigned (#460241) - new minor upstream release - use external db4 - drop tests for not pulling in libpthread (as NPTL should be safe) 2008-09-08 11:01:44 +00:00			`@@ -169,6 +170,10 @@ _pam_parse (pam_handle_t *pamh, struct c`
			`opt->min_class = 4 ;`
- added try_first_pass option to pam_cracklib - use try_first_pass for pam_unix and pam_cracklib in system-auth (#182350) 2006-02-24 10:46:47 +00:00			`} else if (!strncmp(*argv,"use_authtok",11)) {`
			`opt->use_authtok = 1;`
			`+ } else if (!strncmp(*argv,"use_first_pass",14)) {`
			`+ opt->use_authtok = 1;`
			`+ } else if (!strncmp(*argv,"try_first_pass",14)) {`
			`+ opt->try_first_pass = 1;`
			`} else if (!strncmp(*argv,"dictpath=",9)) {`
- pam_loginuid: uids are unsigned (#460241) - new minor upstream release - use external db4 - drop tests for not pulling in libpthread (as NPTL should be safe) 2008-09-08 11:01:44 +00:00			`opt->cracklib_dictpath = *argv+9;`
			`if (!*(opt->cracklib_dictpath)) {`
			`@@ -619,7 +624,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand`
- added try_first_pass option to pam_cracklib - use try_first_pass for pam_unix and pam_cracklib in system-auth (#182350) 2006-02-24 10:46:47 +00:00			`* set PAM_AUTHTOK and return`
			`*/`

			`- if (options.use_authtok == 1) {`
			`+ if (options.use_authtok == 1 \|\| options.try_first_pass == 1) {`
			`const void *item = NULL;`

			`retval = pam_get_item(pamh, PAM_AUTHTOK, &item);`
- pam_loginuid: uids are unsigned (#460241) - new minor upstream release - use external db4 - drop tests for not pulling in libpthread (as NPTL should be safe) 2008-09-08 11:01:44 +00:00			`@@ -630,11 +635,13 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand`
- added try_first_pass option to pam_cracklib - use try_first_pass for pam_unix and pam_cracklib in system-auth (#182350) 2006-02-24 10:46:47 +00:00			`} else if (item != NULL) { /* we have a password! */`
			`token1 = x_strdup(item);`
			`item = NULL;`
			`+ options.use_authtok = 1; /* don't ask for the password again */`
			`} else {`
			`retval = PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */`
			`}`
			`-`
			`- } else {`
			`+ }`
			`+`
			`+ if (options.use_authtok != 1) {`
			`/* Prepare to ask the user for the first time */`
			`resp = NULL;`
			`retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,`