Correctly invoke PAM to change authentication token

3 files changed, 6 insertions, 3 deletions

diff --git a/src/session-child.c b/src/session-child.c
index bf70aa7f..aee68d2e 100644
--- a/src/session-child.c
+++ b/src/session-child.c
@@ -336,7 +336,7 @@ session_child_run (int argc, char **argv)
         if (authentication_result == PAM_SUCCESS)
             authentication_result = pam_acct_mgmt (pam_handle, 0);
         if (authentication_result == PAM_NEW_AUTHTOK_REQD)
-            authentication_result = pam_chauthtok (pam_handle, 0);
+            authentication_result = pam_chauthtok (pam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
     }
     else
         authentication_result = PAM_SUCCESS;
diff --git a/tests/scripts/login-new-authtok.conf b/tests/scripts/login-new-authtok.conf
index 36843128..fcbb4647 100644
--- a/tests/scripts/login-new-authtok.conf
+++ b/tests/scripts/login-new-authtok.conf
@@ -24,7 +24,7 @@ user-session=default
 
 # Log into account that requires as password change
 #?*GREETER-X-0 AUTHENTICATE USERNAME=new-authtok
-#?GREETER-X-0 SHOW-PROMPT TEXT="Enter new password:"
+#?GREETER-X-0 SHOW-PROMPT TEXT="Enter new password \(expired\):"
 #?*GREETER-X-0 RESPOND TEXT="New password"
 #?GREETER-X-0 AUTHENTICATION-COMPLETE USERNAME=new-authtok AUTHENTICATED=TRUE
 #?*GREETER-X-0 START-SESSION
diff --git a/tests/src/libsystem.c b/tests/src/libsystem.c
index 7a15dbad..f6f2d317 100644
--- a/tests/src/libsystem.c
+++ b/tests/src/libsystem.c
@@ -1194,7 +1194,10 @@ pam_chauthtok (pam_handle_t *pamh, int flags)
     msg = malloc (sizeof (struct pam_message *) * 1);
     msg[0] = malloc (sizeof (struct pam_message));
     msg[0]->msg_style = PAM_PROMPT_ECHO_OFF;
-    msg[0]->msg = "Enter new password:";
+    if ((flags & PAM_CHANGE_EXPIRED_AUTHTOK) != 0)
+        msg[0]->msg = "Enter new password (expired):";
+    else
+        msg[0]->msg = "Enter new password:";
     result = pamh->conversation.conv (1, (const struct pam_message **) msg, &resp, pamh->conversation.appdata_ptr);
     free (msg[0]);
     free (msg);