Changeset 81 in openpam


Ignore:
Timestamp:
Feb 23, 2002, 6:06:45 PM (16 years ago)
Author:
Dag-Erling Smørgrav
Message:
  • pam_sm_chauthtok() can return PAM_TRY_AGAIN.
  • "sufficient" should not terminate the chain if the PAM_PRELIM_CHECK flag is set.

Sponsored by: DARPA, NAI Labs

Location:
trunk/lib
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/openpam_dispatch.c

    r63 r81  
    112112                if (r == PAM_SUCCESS) {
    113113                        /*
    114                          * For pam_setcred(), treat "sufficient" as
     114                         * For pam_setcred() and pam_chauthtok() with the
     115                         * PAM_PRELIM_CHECK flag, treat "sufficient" as
    115116                         * "optional".
    116117                         *
     
    120121                         */
    121122                        if (chain->flag == PAM_SUFFICIENT &&
    122                             primitive != PAM_SM_SETCRED)
     123                            primitive != PAM_SM_SETCRED &&
     124                            (primitive != PAM_SM_CHAUTHTOK ||
     125                                !(flags & PAM_PRELIM_CHECK)))
    123126                                break;
    124127                        continue;
     
    204207                    r == PAM_AUTHTOK_RECOVERY_ERR ||
    205208                    r == PAM_AUTHTOK_LOCK_BUSY ||
    206                     r == PAM_AUTHTOK_DISABLE_AGING)
     209                    r == PAM_AUTHTOK_DISABLE_AGING ||
     210                    r == PAM_TRY_AGAIN)
    207211                        return;
    208212                break;
  • trunk/lib/pam_chauthtok.c

    r63 r81  
    5252        int flags)
    5353{
     54        int pam_err;
    5455
    55         return (openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags));
     56        if (flags & PAM_PRELIM_CHECK || flags & PAM_UPDATE_AUTHTOK)
     57                return (PAM_SYMBOL_ERR);
     58        pam_err = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
     59            flags | PAM_PRELIM_CHECK);
     60        if (pam_err == PAM_SUCCESS)
     61                pam_err = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
     62                    flags | PAM_UPDATE_AUTHTOK);
     63        pam_set_item(pamh, PAM_OLDAUTHTOK, NULL);
     64        pam_set_item(pamh, PAM_AUTHTOK, NULL);
     65        return (pam_err);
    5666}
    5767
     
    6272 *      =pam_sm_chauthtok
    6373 *      !PAM_IGNORE
     74 *      PAM_SYMBOL_ERR
    6475 */
Note: See TracChangeset for help on using the changeset viewer.