diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2018-05-17 15:32:16 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2018-05-17 15:32:16 +0200 |
commit | bddd1dfe5a13e39e04ed1593cba4263dfd528fad (patch) | |
tree | 42dfa5af953ae6eaf541d2087b96afa833fc9b9a | |
parent | ed713df246388d37fe29d96295d762af7cc667fb (diff) | |
download | libpwquality-git-bddd1dfe5a13e39e04ed1593cba4263dfd528fad.tar.gz |
pam_pwquality: Abort the retry loop when user cancels prompt
The retry loop must be aborted for any pam_get_authtok() error
except for PAM_TRY_AGAIN.
Fixes: #7
-rw-r--r-- | src/pam_pwquality.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/pam_pwquality.c b/src/pam_pwquality.c index dd72380..9c9849d 100644 --- a/src/pam_pwquality.c +++ b/src/pam_pwquality.c @@ -209,11 +209,12 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, */ retval = pam_get_authtok_noverify(pamh, &newtoken, NULL); - if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s", - pam_strerror(pamh, retval)); - continue; - } else if (newtoken == NULL) { /* user aborted password change, quit */ + if (retval != PAM_SUCCESS || newtoken == NULL) { + if (retval == PAM_AUTHTOK_ERR || newtoken == NULL) + pam_syslog(pamh, LOG_INFO, "user aborted password change"); + else + pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s", + pam_strerror(pamh, retval)); pwquality_free_settings(options.pwq); return PAM_AUTHTOK_ERR; } @@ -248,12 +249,15 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, } retval = pam_get_authtok_verify(pamh, &newtoken, NULL); - if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s", - pam_strerror(pamh, retval)); + if (retval != PAM_SUCCESS || newtoken == NULL) { pam_set_item(pamh, PAM_AUTHTOK, NULL); - continue; - } else if (newtoken == NULL) { /* user aborted password change, quit */ + if (retval == PAM_TRY_AGAIN) + continue; + if (retval == PAM_AUTHTOK_ERR || newtoken == NULL) + pam_syslog(pamh, LOG_INFO, "user aborted password change"); + else + pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s", + pam_strerror(pamh, retval)); pwquality_free_settings(options.pwq); return PAM_AUTHTOK_ERR; } @@ -270,7 +274,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (options.retry_times > 1) return PAM_MAXTRIES; else - return retval; + return PAM_AUTHTOK_ERR; } else { pwquality_free_settings(options.pwq); if (ctrl & PAM_DEBUG_ARG) |