[Pam-developers] Re: Do not prompt for password in pam_get_authtok_verify if the password was verified before
On Tue, Aug 06, 2019 at 02:10:58PM +0200, Tomas Mraz wrote:
[...]
@@ -214,6 +219,9 @@ pam_get_authtok_verify (pam_handle_t *pamh, const
char **authtok,
if (authtok == NULL || pamh->choice != PAM_CHAUTHTOK)
return PAM_SYSTEM_ERR;
+ if (pamh->authtok_verified)
+ return pam_get_item (pamh, PAM_AUTHTOK, (const void **)authtok);
+
if (prompt != NULL)
{
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,
OK, we check pamh->authtok_verified early in this function, so ...
@@ -239,6 +247,7 @@ pam_get_authtok_verify (pam_handle_t *pamh, const
char **authtok,
if (strcmp (*authtok, resp) != 0)
{
+ pamh->authtok_verified = 0;
pam_set_item (pamh, PAM_AUTHTOK, NULL);
pam_error (pamh, MISTYPED_PASS);
_pam_overwrite (resp);
... here pamh->authtok_verified is expected to be zero.
Why it is reset again?
--
ldv
Attachments:
- signature.asc (application/pgp-signature — 801 bytes)