- rel 0.7

[packages/pam.git] / pam-cracklib-try-first-pass.patch

--- Linux-PAM-0.99.3.0/modules/pam_cracklib/pam_cracklib.c.try-first-pass       2006-01-08 10:49:05.000000000 +0100
+++ Linux-PAM-0.99.3.0/modules/pam_cracklib/pam_cracklib.c      2006-02-24 10:42:53.000000000 +0100
@@ -93,6 +93,7 @@
        int low_credit;
        int oth_credit;
        int use_authtok;
+       int try_first_pass;
        char prompt_type[BUFSIZ];
         char cracklib_dictpath[PATH_MAX];
 };
@@ -158,6 +159,10 @@
                 opt->oth_credit = 0;
         } else if (!strncmp(*argv,"use_authtok",11)) {
                 opt->use_authtok = 1;
+        } else if (!strncmp(*argv,"use_first_pass",14)) {
+                opt->use_authtok = 1;
+        } else if (!strncmp(*argv,"try_first_pass",14)) {
+                opt->try_first_pass = 1;
         } else if (!strncmp(*argv,"dictpath=",9)) {
             strncpy(opt->cracklib_dictpath, *argv+9,
                     sizeof(opt->cracklib_dictpath) - 1);
@@ -559,7 +564,7 @@
          * set PAM_AUTHTOK and return
          */
 
-       if (options.use_authtok == 1) {
+       if (options.use_authtok == 1 || options.try_first_pass == 1) {
            const void *item = NULL;
 
            retval = pam_get_item(pamh, PAM_AUTHTOK, &item);
@@ -570,11 +575,13 @@
            } else if (item != NULL) {      /* we have a password! */
                token1 = x_strdup(item);
                item = NULL;
+               options.use_authtok = 1;    /* don't ask for the password again */
            } else {
                retval = PAM_AUTHTOK_RECOVERY_ERR;         /* didn't work */
            }
-
-       } else {
+       }
+       
+       if (options.use_authtok != 1) {
             /* Prepare to ask the user for the first time */
             resp = NULL;
            retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,