- (djm) Don't loop forever when changing password via PAM. Patch

from Solar Designer <solar@openwall.com>

ChangeLog

@@ -3,6 +3,8 @@
    VanDevender <stevev@darkwing.uoregon.edu>
  - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
    from Solar Designer <solar@openwall.com>
+ - (djm) Don't loop forever when changing password via PAM. Patch
+   from Solar Designer <solar@openwall.com>
 
 20010320
  - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
@@ -4651,4 +4653,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.995 2001/03/21 01:16:24 djm Exp $
+$Id: ChangeLog,v 1.996 2001/03/21 02:01:35 djm Exp $

auth-pam.c

@@ -33,7 +33,7 @@
 #include "canohost.h"
 #include "readpass.h"
 
-RCSID("$Id: auth-pam.c,v 1.32 2001/03/21 01:16:25 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.33 2001/03/21 02:01:35 djm Exp $");
 
 #define NEW_AUTHTOK_MSG \
 	"Warning: Your password has expired, please change it now"
@@ -326,14 +326,10 @@ void do_pam_chauthtok(void)
 
 	if (password_change_required) {
 		pamstate = OTHER;
-		/* XXX: should we really loop forever? */
+		pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
-		do {
+		if (pam_retval != PAM_SUCCESS)
-			pam_retval = pam_chauthtok(__pamh, 
+			fatal("PAM pam_chauthtok failed[%d]: %.200s",
-			    PAM_CHANGE_EXPIRED_AUTHTOK);
+			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
-			if (pam_retval != PAM_SUCCESS)
-				log("PAM pam_chauthtok failed[%d]: %.200s",
-				    pam_retval, PAM_STRERROR(__pamh, pam_retval));
-		} while (pam_retval != PAM_SUCCESS);
 	}
 }