rpms/pam/devel pam-1.1.1-authtok-prompt.patch, NONE, 1.1 pam.spec, 1.208, 1.209

Tomáš Mráz tmraz at fedoraproject.org
Fri Jan 22 17:49:54 UTC 2010 

Author: tmraz

Update of /cvs/pkgs/rpms/pam/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16063

Modified Files:
	pam.spec 
Added Files:
	pam-1.1.1-authtok-prompt.patch 
Log Message:
* Fri Jan 22 2010 Tomas Mraz <tmraz at redhat.com> 1.1.1-3
- fix wrong prompt when pam_get_authtok is used for new password


pam-1.1.1-authtok-prompt.patch:
 pam_get_authtok.c |   19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

--- NEW FILE pam-1.1.1-authtok-prompt.patch ---
Index: libpam/pam_get_authtok.c
===================================================================
RCS file: /cvsroot/pam/Linux-PAM/libpam/pam_get_authtok.c,v
retrieving revision 1.3
diff -u -p -r1.3 pam_get_authtok.c
--- libpam/pam_get_authtok.c	10 Nov 2009 15:52:20 -0000	1.3
+++ libpam/pam_get_authtok.c	22 Jan 2010 17:31:40 -0000
@@ -81,7 +81,7 @@ pam_get_authtok_internal (pam_handle_t *
   char *resp[2] = {NULL, NULL};
   const void *prevauthtok;
   const char *authtok_type = "";
-  int ask_twice = 0; /* Password change, ask twice for it */
+  int chpass = 0; /* Password change, ask twice for it */
   int retval;
 
   if (authtok == NULL)
@@ -91,8 +91,9 @@ pam_get_authtok_internal (pam_handle_t *
      which needs to be verified. */
   if (item == PAM_AUTHTOK && pamh->choice == PAM_CHAUTHTOK)
     {
+      chpass = 1;
       if (!(flags & PAM_GETAUTHTOK_NOVERIFY))
-	ask_twice = 1;
+	++chpass;
 
       authtok_type = get_option (pamh, "authtok_type");
       if (authtok_type == NULL)
@@ -110,11 +111,11 @@ pam_get_authtok_internal (pam_handle_t *
       return PAM_SUCCESS;
     }
   else if (get_option (pamh, "use_first_pass") ||
-	   (ask_twice && get_option (pamh, "use_authtok")))
+	   (chpass && get_option (pamh, "use_authtok")))
     {
       if (prevauthtok == NULL)
 	{
-	  if (ask_twice)
+	  if (chpass)
 	    return PAM_AUTHTOK_ERR;
 	  else
 	    return PAM_AUTH_ERR;
@@ -127,16 +128,16 @@ pam_get_authtok_internal (pam_handle_t *
     {
       retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0],
 			   "%s", prompt);
-      if (retval == PAM_SUCCESS && ask_twice && resp[0] != NULL)
+      if (retval == PAM_SUCCESS && chpass > 1 && resp[0] != NULL)
 	retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[1],
 			     _("Retype %s"), prompt);
     }
-  else if (ask_twice)
+  else if (chpass)
     {
       retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0],
 			   PROMPT1, authtok_type,
 			   strlen (authtok_type) > 0?" ":"");
-      if (retval == PAM_SUCCESS && ask_twice && resp[0] != NULL)
+      if (retval == PAM_SUCCESS && chpass > 1 && resp[0] != NULL)
 	retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[1],
 			     PROMPT2, authtok_type,
 			     strlen (authtok_type) > 0?" ":"");
@@ -146,14 +147,14 @@ pam_get_authtok_internal (pam_handle_t *
 			 PROMPT);
 
   if (retval != PAM_SUCCESS || resp[0] == NULL ||
-      (ask_twice && resp[1] == NULL))
+      (chpass > 1 && resp[1] == NULL))
     {
       /* We want to abort the password change */
       pam_error (pamh, _("Password change aborted."));
       return PAM_AUTHTOK_ERR;
     }
 
-  if (ask_twice && strcmp (resp[0], resp[1]) != 0)
+  if (chpass > 1 && strcmp (resp[0], resp[1]) != 0)
     {
       pam_error (pamh, MISTYPED_PASS);
       _pam_overwrite (resp[0]);


Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/pam.spec,v
retrieving revision 1.208
retrieving revision 1.209
diff -u -p -r1.208 -r1.209
--- pam.spec	18 Jan 2010 09:09:31 -0000	1.208
+++ pam.spec	22 Jan 2010 17:49:54 -0000	1.209
@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.1.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 License: BSD and GPLv2+
@@ -26,6 +26,7 @@ Patch2:  pam-1.0.91-std-noclose.patch
 Patch4:  pam-1.1.0-console-nochmod.patch
 Patch5:  pam-1.1.0-notally.patch
 Patch7:  pam-1.1.0-console-fixes.patch
+Patch8:  pam-1.1.1-authtok-prompt.patch
 
 %define _sbindir /sbin
 %define _moduledir /%{_lib}/security
@@ -91,6 +92,7 @@ mv pam-redhat-%{pam_redhat_version}/* mo
 %patch4 -p1 -b .nochmod
 %patch5 -p1 -b .notally
 %patch7 -p1 -b .console-fixes
+%patch8 -p0 -b .prompt
 
 libtoolize -f
 autoreconf
@@ -331,6 +333,9 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Fri Jan 22 2010 Tomas Mraz <tmraz at redhat.com> 1.1.1-3
+- fix wrong prompt when pam_get_authtok is used for new password
+
 * Mon Jan 18 2010 Tomas Mraz <tmraz at redhat.com> 1.1.1-2
 - fix build with disabled audit and SELinux (#556211, #556212)

More information about the scm-commits mailing list