Changeset 81 in openpam for trunk/lib/openpam_dispatch.c


Ignore:
Timestamp:
Feb 23, 2002, 6:06:45 PM (18 years ago)
Author:
Dag-Erling Smørgrav
Message:
  • pam_sm_chauthtok() can return PAM_TRY_AGAIN.
  • "sufficient" should not terminate the chain if the PAM_PRELIM_CHECK flag is set.

Sponsored by: DARPA, NAI Labs

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/openpam_dispatch.c

    r63 r81  
    112112                if (r == PAM_SUCCESS) {
    113113                        /*
    114                          * For pam_setcred(), treat "sufficient" as
     114                         * For pam_setcred() and pam_chauthtok() with the
     115                         * PAM_PRELIM_CHECK flag, treat "sufficient" as
    115116                         * "optional".
    116117                         *
     
    120121                         */
    121122                        if (chain->flag == PAM_SUFFICIENT &&
    122                             primitive != PAM_SM_SETCRED)
     123                            primitive != PAM_SM_SETCRED &&
     124                            (primitive != PAM_SM_CHAUTHTOK ||
     125                                !(flags & PAM_PRELIM_CHECK)))
    123126                                break;
    124127                        continue;
     
    204207                    r == PAM_AUTHTOK_RECOVERY_ERR ||
    205208                    r == PAM_AUTHTOK_LOCK_BUSY ||
    206                     r == PAM_AUTHTOK_DISABLE_AGING)
     209                    r == PAM_AUTHTOK_DISABLE_AGING ||
     210                    r == PAM_TRY_AGAIN)
    207211                        return;
    208212                break;
Note: See TracChangeset for help on using the changeset viewer.