- fix wrong prompt when pam_get_authtok is used for new password
This commit is contained in:
Tomáš Mráz
parent
68bf40d031
commit
3f424c65d3
78
pam-1.1.1-authtok-prompt.patch
Normal file
78
pam-1.1.1-authtok-prompt.patch
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
Index: libpam/pam_get_authtok.c
|
||||||
|
===================================================================
|
||||||
|
RCS file: /cvsroot/pam/Linux-PAM/libpam/pam_get_authtok.c,v
|
||||||
|
retrieving revision 1.3
|
||||||
|
diff -u -p -r1.3 pam_get_authtok.c
|
||||||
|
--- libpam/pam_get_authtok.c 10 Nov 2009 15:52:20 -0000 1.3
|
||||||
|
+++ libpam/pam_get_authtok.c 22 Jan 2010 17:31:40 -0000
|
||||||
|
@@ -81,7 +81,7 @@ pam_get_authtok_internal (pam_handle_t *
|
||||||
|
char *resp[2] = {NULL, NULL};
|
||||||
|
const void *prevauthtok;
|
||||||
|
const char *authtok_type = "";
|
||||||
|
- int ask_twice = 0; /* Password change, ask twice for it */
|
||||||
|
+ int chpass = 0; /* Password change, ask twice for it */
|
||||||
|
int retval;
|
||||||
|
|
||||||
|
if (authtok == NULL)
|
||||||
|
@@ -91,8 +91,9 @@ pam_get_authtok_internal (pam_handle_t *
|
||||||
|
which needs to be verified. */
|
||||||
|
if (item == PAM_AUTHTOK && pamh->choice == PAM_CHAUTHTOK)
|
||||||
|
{
|
||||||
|
+ chpass = 1;
|
||||||
|
if (!(flags & PAM_GETAUTHTOK_NOVERIFY))
|
||||||
|
- ask_twice = 1;
|
||||||
|
+ ++chpass;
|
||||||
|
|
||||||
|
authtok_type = get_option (pamh, "authtok_type");
|
||||||
|
if (authtok_type == NULL)
|
||||||
|
@@ -110,11 +111,11 @@ pam_get_authtok_internal (pam_handle_t *
|
||||||
|
return PAM_SUCCESS;
|
||||||
|
}
|
||||||
|
else if (get_option (pamh, "use_first_pass") ||
|
||||||
|
- (ask_twice && get_option (pamh, "use_authtok")))
|
||||||
|
+ (chpass && get_option (pamh, "use_authtok")))
|
||||||
|
{
|
||||||
|
if (prevauthtok == NULL)
|
||||||
|
{
|
||||||
|
- if (ask_twice)
|
||||||
|
+ if (chpass)
|
||||||
|
return PAM_AUTHTOK_ERR;
|
||||||
|
else
|
||||||
|
return PAM_AUTH_ERR;
|
||||||
|
@@ -127,16 +128,16 @@ pam_get_authtok_internal (pam_handle_t *
|
||||||
|
{
|
||||||
|
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0],
|
||||||
|
"%s", prompt);
|
||||||
|
- if (retval == PAM_SUCCESS && ask_twice && resp[0] != NULL)
|
||||||
|
+ if (retval == PAM_SUCCESS && chpass > 1 && resp[0] != NULL)
|
||||||
|
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[1],
|
||||||
|
_("Retype %s"), prompt);
|
||||||
|
}
|
||||||
|
- else if (ask_twice)
|
||||||
|
+ else if (chpass)
|
||||||
|
{
|
||||||
|
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0],
|
||||||
|
PROMPT1, authtok_type,
|
||||||
|
strlen (authtok_type) > 0?" ":"");
|
||||||
|
- if (retval == PAM_SUCCESS && ask_twice && resp[0] != NULL)
|
||||||
|
+ if (retval == PAM_SUCCESS && chpass > 1 && resp[0] != NULL)
|
||||||
|
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[1],
|
||||||
|
PROMPT2, authtok_type,
|
||||||
|
strlen (authtok_type) > 0?" ":"");
|
||||||
|
@@ -146,14 +147,14 @@ pam_get_authtok_internal (pam_handle_t *
|
||||||
|
PROMPT);
|
||||||
|
|
||||||
|
if (retval != PAM_SUCCESS || resp[0] == NULL ||
|
||||||
|
- (ask_twice && resp[1] == NULL))
|
||||||
|
+ (chpass > 1 && resp[1] == NULL))
|
||||||
|
{
|
||||||
|
/* We want to abort the password change */
|
||||||
|
pam_error (pamh, _("Password change aborted."));
|
||||||
|
return PAM_AUTHTOK_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (ask_twice && strcmp (resp[0], resp[1]) != 0)
|
||||||
|
+ if (chpass > 1 && strcmp (resp[0], resp[1]) != 0)
|
||||||
|
{
|
||||||
|
pam_error (pamh, MISTYPED_PASS);
|
||||||
|
_pam_overwrite (resp[0]);
|
||||||
7
pam.spec
7
pam.spec
@ -3,7 +3,7 @@
|
|||||||
Summary: An extensible library which provides authentication for applications
|
Summary: An extensible library which provides authentication for applications
|
||||||
Name: pam
|
Name: pam
|
||||||
Version: 1.1.1
|
Version: 1.1.1
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
||||||
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
||||||
License: BSD and GPLv2+
|
License: BSD and GPLv2+
|
||||||
@ -26,6 +26,7 @@ Patch2: pam-1.0.91-std-noclose.patch
|
|||||||
Patch4: pam-1.1.0-console-nochmod.patch
|
Patch4: pam-1.1.0-console-nochmod.patch
|
||||||
Patch5: pam-1.1.0-notally.patch
|
Patch5: pam-1.1.0-notally.patch
|
||||||
Patch7: pam-1.1.0-console-fixes.patch
|
Patch7: pam-1.1.0-console-fixes.patch
|
||||||
|
Patch8: pam-1.1.1-authtok-prompt.patch
|
||||||
|
|
||||||
%define _sbindir /sbin
|
%define _sbindir /sbin
|
||||||
%define _moduledir /%{_lib}/security
|
%define _moduledir /%{_lib}/security
|
||||||
@ -91,6 +92,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
|
|||||||
%patch4 -p1 -b .nochmod
|
%patch4 -p1 -b .nochmod
|
||||||
%patch5 -p1 -b .notally
|
%patch5 -p1 -b .notally
|
||||||
%patch7 -p1 -b .console-fixes
|
%patch7 -p1 -b .console-fixes
|
||||||
|
%patch8 -p0 -b .prompt
|
||||||
|
|
||||||
libtoolize -f
|
libtoolize -f
|
||||||
autoreconf
|
autoreconf
|
||||||
@ -331,6 +333,9 @@ fi
|
|||||||
%doc doc/adg/*.txt doc/adg/html
|
%doc doc/adg/*.txt doc/adg/html
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 22 2010 Tomas Mraz <tmraz@redhat.com> 1.1.1-3
|
||||||
|
- fix wrong prompt when pam_get_authtok is used for new password
|
||||||
|
|
||||||
* Mon Jan 18 2010 Tomas Mraz <tmraz@redhat.com> 1.1.1-2
|
* Mon Jan 18 2010 Tomas Mraz <tmraz@redhat.com> 1.1.1-2
|
||||||
- fix build with disabled audit and SELinux (#556211, #556212)
|
- fix build with disabled audit and SELinux (#556211, #556212)
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user