Changeset 158 in openpam for trunk


Ignore:
Timestamp:
Jun 12, 2002, 6:07:05 PM (17 years ago)
Author:
Dag-Erling Smørgrav
Message:

Don't treat PAM_NEW_AUTHTOK_REQD as an error.
Try to emulate Solaris more closely.

Sponsored by: DARPA, NAI Labs

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/openpam_dispatch.c

    r157 r158  
    3232 * SUCH DAMAGE.
    3333 *
    34  * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#15 $
     34 * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#16 $
    3535 */
    3636
     
    110110                if (r == PAM_IGNORE)
    111111                        continue;
    112                 if (r == PAM_SUCCESS) {
     112                if (r == PAM_SUCCESS || r == PAM_NEW_AUTHTOK_REQD) {
    113113                        /*
    114114                         * For pam_setcred() and pam_chauthtok() with the
    115115                         * PAM_PRELIM_CHECK flag, treat "sufficient" as
    116116                         * "optional".
    117                          *
    118                          * Note that Solaris libpam does not terminate
    119                          * the chain here if a required module has
    120                          * previously failed.  I'm not sure why.
    121117                         */
    122                         if (chain->flag == PAM_SUFFICIENT &&
     118                        if (chain->flag == PAM_SUFFICIENT && !fail &&
    123119                            primitive != PAM_SM_SETCRED &&
    124                             (primitive != PAM_SM_CHAUTHTOK ||
    125                                 !(flags & PAM_PRELIM_CHECK)))
     120                            !(primitive == PAM_SM_CHAUTHTOK &&
     121                                (flags & PAM_PRELIM_CHECK)))
    126122                                break;
    127123                        continue;
     
    154150        }
    155151
    156         if (!fail)
     152        if (!fail && err != PAM_NEW_AUTHTOK_REQD)
    157153                err = PAM_SUCCESS;
    158154        openpam_log(PAM_LOG_DEBUG, "returning: %s", pam_strerror(pamh, err));
Note: See TracChangeset for help on using the changeset viewer.