CVS commit: src/lib/libpam/modules/pam_unix

Wed, 18 Nov 2009 09:06:27 -0800 

Module Name:    src
Committed By:   drochner
Date:           Wed Nov 18 17:06:23 UTC 2009

Modified Files:
        src/lib/libpam/modules/pam_unix: pam_unix.c

Log Message:
if changing the password, don't clear PAM_AUTHTOK at the beginning -- this
sabotages external password strength checkers


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/lib/libpam/modules/pam_unix/pam_unix.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/lib/libpam/modules/pam_unix/pam_unix.c
diff -u src/lib/libpam/modules/pam_unix/pam_unix.c:1.13 src/lib/libpam/modules/pam_unix/pam_unix.c:1.14
--- src/lib/libpam/modules/pam_unix/pam_unix.c:1.13	Sun Jun 14 23:23:54 2009
+++ src/lib/libpam/modules/pam_unix/pam_unix.c	Wed Nov 18 17:06:23 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_unix.c,v 1.13 2009/06/14 23:23:54 tonnerre Exp $	*/
+/*	$NetBSD: pam_unix.c,v 1.14 2009/11/18 17:06:23 drochner Exp $	*/
 
 /*-
  * Copyright 1998 Juniper Networks, Inc.
@@ -40,7 +40,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.49 2004/02/10 10:13:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_unix.c,v 1.13 2009/06/14 23:23:54 tonnerre Exp $");
+__RCSID("$NetBSD: pam_unix.c,v 1.14 2009/11/18 17:06:23 drochner Exp $");
 #endif
 
 
@@ -557,7 +557,6 @@
 
 		/* Get the new password. */
 		for (tries = 0;;) {
-			pam_set_item(pamh, PAM_AUTHTOK, NULL);
 			retval = pam_get_authtok(pamh, PAM_AUTHTOK, &new_pass,
 			    NULL);
 			if (retval == PAM_TRY_AGAIN) {
@@ -576,12 +575,12 @@
 			}
 			if (min_pw_len > 0 && strlen(new_pass) < (size_t)min_pw_len) {
 				pam_error(pamh, "Password is too short.");
-				continue;
+				goto retry;
 			}
 			if (strlen(new_pass) <= 5 && ++tries < 2) {
 				pam_error(pamh,
 				    "Please enter a longer password.");
-				continue;
+				goto retry;
 			}
 			for (p = new_pass; *p && islower((unsigned char)*p); ++p);
 			if (!*p && ++tries < 2) {
@@ -590,10 +589,12 @@
 				    "password.\nUnusual capitalization, "
 				    "control characters or digits are "
 				    "suggested.");
-				continue;
+				goto retry;
 			}
 			/* Password is OK. */
 			break;
+retry:
+			pam_set_item(pamh, PAM_AUTHTOK, NULL);
 		}
 		pw_getpwconf(option, sizeof(option), pwd, 
 #ifdef YP

Reply via email to