diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2013-01-06 14:24:08 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2013-01-06 14:24:08 +0000 |
| commit | 28aeaa463cbb9ae0fe556eca0b8e26d95d0b316d (patch) | |
| tree | 2732535a480c236c9bffda762789742420213554 | |
| parent | ba18be76bbfa68035c0ae1202331d275f318a397 (diff) | |
do not recheck the user password in first password phase if it was stored in the authentication phase
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1904 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | pam/pam.c | 14 |
1 files changed, 5 insertions, 9 deletions
@@ -710,9 +710,12 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, username = ""; } else if ((ctx->oldpassword != NULL) && (*ctx->oldpassword != '\0')) + { /* we already have an old password stored (from a previous - authentication phase) so we'll use that */ - oldpassword = ctx->oldpassword; + authentication phase) so we'll use that and don't re-check */ + rc = pam_set_item(pamh, PAM_OLDAUTHTOK, ctx->oldpassword); + return remap_pam_rc(rc, &cfg); + } else { /* prompt the user for a password if needed */ @@ -739,13 +742,6 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, pam_strerror(pamh, resp.res), username); else if (cfg.debug) pam_syslog(pamh, LOG_DEBUG, "authentication succeeded"); - /* store password (needed if oldpassword was retreived from context) */ - if (resp.res == PAM_SUCCESS) - { - rc = pam_set_item(pamh, PAM_OLDAUTHTOK, oldpassword); - if (rc != PAM_SUCCESS) - return remap_pam_rc(rc, &cfg); - } /* remap error code */ return remap_pam_rc(resp.res, &cfg); } |