rpms/pam
7
0
Fork 0
Code Issues Pull Requests Releases Activity

do not drop PAM_OLDAUTHTOK if mismatched - can be used by further modules

Browse Source
This commit is contained in:
Tomas Mraz 2016-04-06 14:37:35 +02:00
parent ef5646f9ed
commit 492bcabc07
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pam-1.2.1-unix-get-authtok.patch
View File

@ -138,11 +138,8 @@ index fa29327..49dd831 100644
if (retval != PAM_SUCCESS) { if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_NOTICE, pam_syslog(pamh, LOG_NOTICE,
@@ -723,14 +712,10 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) @@ -725,12 +714,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
if (retval != PAM_SUCCESS) {
D(("Authentication failed"));
pass_old = NULL; pass_old = NULL;
+ pam_set_item(pamh, PAM_OLDAUTHTOK, NULL);
return retval; return retval;
} }
- retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old); - retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old);
@ -154,7 +151,7 @@ index fa29327..49dd831 100644
retval = _unix_verify_shadow(pamh,user, ctrl); retval = _unix_verify_shadow(pamh,user, ctrl);
if (retval == PAM_AUTHTOK_ERR) { if (retval == PAM_AUTHTOK_ERR) {
if (off(UNIX__IAMROOT, ctrl)) if (off(UNIX__IAMROOT, ctrl))
@@ -760,23 +745,14 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) @@ -760,23 +744,14 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
* previous call to this function]. * previous call to this function].
*/ */
@ -181,7 +178,7 @@ index fa29327..49dd831 100644
D(("get new password now")); D(("get new password now"));
@@ -785,7 +761,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) @@ -785,7 +760,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
if (on(UNIX_USE_AUTHTOK, lctrl)) { if (on(UNIX_USE_AUTHTOK, lctrl)) {
set(UNIX_USE_FIRST_PASS, lctrl); set(UNIX_USE_FIRST_PASS, lctrl);
} }
@ -192,7 +189,7 @@ index fa29327..49dd831 100644
retval = PAM_AUTHTOK_ERR; retval = PAM_AUTHTOK_ERR;
while ((retval != PAM_SUCCESS) && (retry++ < MAX_PASSWD_TRIES)) { while ((retval != PAM_SUCCESS) && (retry++ < MAX_PASSWD_TRIES)) {
/* /*
@@ -793,12 +771,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) @@ -793,12 +770,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
* password -- needed for pluggable password strength checking * password -- needed for pluggable password strength checking
*/ */
@ -206,7 +203,7 @@ index fa29327..49dd831 100644
if (retval != PAM_SUCCESS) { if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) { if (on(UNIX_DEBUG, ctrl)) {
@@ -822,7 +795,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) @@ -822,7 +794,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, retval = _pam_unix_approve_pass(pamh, ctrl, pass_old,
pass_new, pass_min_len); pass_new, pass_min_len);

5
pam.spec
View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.2.1 Version: 1.2.1
Release: 6%{?dist} Release: 7%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ # The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway. # - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -373,6 +373,9 @@ fi
%doc doc/adg/*.txt doc/adg/html %doc doc/adg/*.txt doc/adg/html
%changelog %changelog
* Wed Apr 6 2016 Tomáš Mráz <tmraz@redhat.com> 1.2.1-7
- do not drop PAM_OLDAUTHTOK if mismatched - can be used by further modules
* Mon Apr 4 2016 Tomáš Mráz <tmraz@redhat.com> 1.2.1-6 * Mon Apr 4 2016 Tomáš Mráz <tmraz@redhat.com> 1.2.1-6
- pam_unix: use pam_get_authtok() and improve prompting - pam_unix: use pam_get_authtok() and improve prompting