|
 |
f2fdff |
diff --git a/libpam/pam_get_authtok.c b/libpam/pam_get_authtok.c
|
|
|
f2fdff |
index 800c6e5..3cdec5e 100644
|
|
|
f2fdff |
--- a/libpam/pam_get_authtok.c
|
|
|
f2fdff |
+++ b/libpam/pam_get_authtok.c
|
|
|
f2fdff |
@@ -140,6 +140,8 @@ pam_get_authtok_internal (pam_handle_t *pamh, int item,
|
|
|
f2fdff |
}
|
|
|
f2fdff |
else if (chpass)
|
|
|
f2fdff |
{
|
|
|
f2fdff |
+ pamh->authtok_verified = 0;
|
|
|
f2fdff |
+
|
|
|
f2fdff |
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0],
|
|
|
f2fdff |
PROMPT1, authtok_type,
|
|
|
f2fdff |
strlen (authtok_type) > 0?" ":"");
|
|
|
f2fdff |
@@ -184,6 +186,9 @@ pam_get_authtok_internal (pam_handle_t *pamh, int item,
|
|
|
f2fdff |
if (retval != PAM_SUCCESS)
|
|
|
f2fdff |
return retval;
|
|
|
f2fdff |
|
|
|
f2fdff |
+ if (chpass > 1)
|
|
|
f2fdff |
+ pamh->authtok_verified = 1;
|
|
|
f2fdff |
+
|
|
|
f2fdff |
return pam_get_item(pamh, item, (const void **)authtok);
|
|
|
f2fdff |
}
|
|
|
f2fdff |
|
|
|
f2fdff |
@@ -214,6 +219,9 @@ pam_get_authtok_verify (pam_handle_t *pamh, const char **authtok,
|
|
|
f2fdff |
if (authtok == NULL || pamh->choice != PAM_CHAUTHTOK)
|
|
|
f2fdff |
return PAM_SYSTEM_ERR;
|
|
|
f2fdff |
|
|
|
f2fdff |
+ if (pamh->authtok_verified)
|
|
|
f2fdff |
+ return pam_get_item (pamh, PAM_AUTHTOK, (const void **)authtok);
|
|
|
f2fdff |
+
|
|
|
f2fdff |
if (prompt != NULL)
|
|
|
f2fdff |
{
|
|
|
f2fdff |
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,
|
|
|
f2fdff |
@@ -239,6 +247,7 @@ pam_get_authtok_verify (pam_handle_t *pamh, const char **authtok,
|
|
|
f2fdff |
|
|
|
f2fdff |
if (strcmp (*authtok, resp) != 0)
|
|
|
f2fdff |
{
|
|
|
f2fdff |
+ pamh->authtok_verified = 0;
|
|
|
f2fdff |
pam_set_item (pamh, PAM_AUTHTOK, NULL);
|
|
|
f2fdff |
pam_error (pamh, MISTYPED_PASS);
|
|
|
f2fdff |
_pam_overwrite (resp);
|
|
|
f2fdff |
@@ -252,5 +261,7 @@ pam_get_authtok_verify (pam_handle_t *pamh, const char **authtok,
|
|
|
f2fdff |
if (retval != PAM_SUCCESS)
|
|
|
f2fdff |
return retval;
|
|
|
f2fdff |
|
|
|
f2fdff |
+ pamh->authtok_verified = 1;
|
|
|
f2fdff |
+
|
|
|
f2fdff |
return pam_get_item(pamh, PAM_AUTHTOK, (const void **)authtok);
|
|
|
f2fdff |
}
|
|
|
f2fdff |
diff --git a/libpam/pam_private.h b/libpam/pam_private.h
|
|
|
f2fdff |
index 7ff9f75..58a26f5 100644
|
|
|
f2fdff |
--- a/libpam/pam_private.h
|
|
|
f2fdff |
+++ b/libpam/pam_private.h
|
|
|
f2fdff |
@@ -172,6 +172,7 @@ struct pam_handle {
|
|
|
f2fdff |
#ifdef HAVE_LIBAUDIT
|
|
|
f2fdff |
int audit_state; /* keep track of reported audit messages */
|
|
|
f2fdff |
#endif
|
|
|
f2fdff |
+ int authtok_verified;
|
|
|
f2fdff |
};
|
|
|
f2fdff |
|
|
|
f2fdff |
/* Values for select arg to _pam_dispatch() */
|
|
|
f2fdff |
diff --git a/libpam/pam_start.c b/libpam/pam_start.c
|
|
|
f2fdff |
index 328416d..e27c64b 100644
|
|
|
f2fdff |
--- a/libpam/pam_start.c
|
|
|
f2fdff |
+++ b/libpam/pam_start.c
|
|
|
f2fdff |
@@ -94,6 +94,7 @@ int pam_start (
|
|
|
f2fdff |
#endif
|
|
|
f2fdff |
(*pamh)->xdisplay = NULL;
|
|
|
f2fdff |
(*pamh)->authtok_type = NULL;
|
|
|
f2fdff |
+ (*pamh)->authtok_verified = 0;
|
|
|
f2fdff |
memset (&((*pamh)->xauth), 0, sizeof ((*pamh)->xauth));
|
|
|
f2fdff |
|
|
|
f2fdff |
if (((*pamh)->pam_conversation = (struct pam_conv *)
|