Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/security/pam_mod_misc.h3
-rw-r--r--modules/pam_unix/pam_unix.c11
2 files changed, 10 insertions, 4 deletions
diff --git a/include/security/pam_mod_misc.h b/include/security/pam_mod_misc.h
index 829dece..418fb1b 100644
--- a/include/security/pam_mod_misc.h
+++ b/include/security/pam_mod_misc.h
@@ -19,6 +19,9 @@
#define PAM_OPT_AUTH_AS_SELF "auth_as_self"
#define PAM_OPT_ECHO_PASS "echo_pass"
#define PAM_OPT_DEBUG "debug"
+#define PAM_OPT_PRELIM_CHECK "prelim_check"
+#define PAM_OPT_UPDATE_AUTHTOK "update_authtok"
+#define PAM_OPT_MD5 "md5"
#define PAM_LOG(...) \
diff --git a/modules/pam_unix/pam_unix.c b/modules/pam_unix/pam_unix.c
index ad066e0..97e7145 100644
--- a/modules/pam_unix/pam_unix.c
+++ b/modules/pam_unix/pam_unix.c
@@ -270,7 +270,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
- if (flags & PAM_PRELIM_CHECK) {
+ if ( openpam_get_option(pamh,PAM_OPT_PRELIM_CHECK) ) {
PAM_LOG("Doing preliminary actions.");
if (getuid() == 0 ) {
/* root doesn't need old passwd */
@@ -278,8 +278,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
}
if ( (old_pwd->pw_passwd[0] == '\0' ) &&
- ( openpam_get_option(pamh, PAM_OPT_NULLOK) ) &&
- !(flags & PAM_DISALLOW_NULL_AUTHTOK) ) {
+ ( openpam_get_option(pamh, PAM_OPT_NULLOK) ) ) {
+// !(flags & PAM_DISALLOW_NULL_AUTHTOK) ) {
/*
* Something funny could happen here since we don't
* ask for a password.
@@ -303,7 +303,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
if (strcmp(hashedpwd, old_pwd->pw_passwd) != 0)
return (PAM_PERM_DENIED);
- } else if ( flags & PAM_UPDATE_AUTHTOK ) {
+ } else if ( openpam_get_option(pamh, PAM_OPT_UPDATE_AUTHTOK ) ) {
PAM_LOG("Doing actual update.");
pam_err= pam_get_authtok(pamh, PAM_OLDAUTHTOK ,&old_pass, NULL);
@@ -343,6 +343,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
makesalt(salt);
/* Update shadow/passwd entries for Linux */
+ if ( openpam_get_option (pamh, PAM_OPT_MD5) )
+ PAM_ERROR("MD5 not supported yet. Using standar crypt...");
+
pam_err = update_shadow( pamh ,user,crypt(new_pass, salt));
if ( pam_err != PAM_SUCCESS)
return (pam_err);