Attachment #222960 for bug #238041




	int	capture_stdout;
	int	capture_stderr;
	int	expose_authtok;
	int	use_first_pass;
};

static int


	for (i = 0; i < *argc; ++i) {
		if (strcmp((*argv)[i], "debug") == 0 ||
		    strcmp((*argv)[i], "no_warn") == 0 ||
		    strcmp((*argv)[i], "try_first_pass") == 0 ||
		    strcmp((*argv)[i], "use_first_pass") == 0) {
			/* passthrough to library */
		} else if (strcmp((*argv)[i], "capture_stdout") == 0) {
			options->capture_stdout = 1;
		} else if (strcmp((*argv)[i], "capture_stderr") == 0) {

			options->return_prog_exit_status = 1;
		} else if (strcmp((*argv)[i], "expose_authtok") == 0) {
			options->expose_authtok = 1;
		} else if (strcmp((*argv)[i], "use_first_pass") == 0) {
			options->use_first_pass = 1;
		} else {
			if (strcmp((*argv)[i], "--") == 0) {
				(*argc)--;

			openpam_log(PAM_LOG_ERROR, "%s: fcntl(): %m", func);
			OUT(PAM_SYSTEM_ERR);
		}
		rc = pam_get_authtok(pamh, PAM_AUTHTOK, &authtok, NULL);
		    strcmp(func, "pam_sm_setcred") == 0) {
			/* don't prompt, only expose existing token */
			rc = pam_get_item(pamh, PAM_AUTHTOK, &item);
			authtok = item;
		} else {
			rc = pam_get_authtok(pamh, PAM_AUTHTOK, &authtok, NULL);
		}
		if (rc == PAM_SUCCESS) {
			/* We include the trailing null terminator. */
			authtok_size = strlen(authtok) + 1;

Return to bug 238041

Lines 110-116 struct pe_opts { Link Here

(-)b/lib/libpam/modules/pam_exec/pam_exec.c (-13 / +5 lines)
110	int capture_stdout;	110	int capture_stdout;
111	int capture_stderr;	111	int capture_stderr;
112	int expose_authtok;	112	int expose_authtok;
113	int use_first_pass;
114	};	113	};
115		114
116	static int	115	static int
Lines 130-137 parse_options(const char func, int argc, const char **argv[], Link Here
130		129
131	for (i = 0; i < *argc; ++i) {	130	for (i = 0; i < *argc; ++i) {
132	if (strcmp((*argv)[i], "debug") == 0 \|\|	131	if (strcmp((*argv)[i], "debug") == 0 \|\|
133	strcmp((*argv)[i], "no_warn") == 0) {	132	strcmp((*argv)[i], "no_warn") == 0 \|\|
134	/* ignore */	133	strcmp((*argv)[i], "try_first_pass") == 0 \|\|
		134	strcmp((*argv)[i], "use_first_pass") == 0) {
		135	/* passthrough to library */
135	} else if (strcmp((*argv)[i], "capture_stdout") == 0) {	136	} else if (strcmp((*argv)[i], "capture_stdout") == 0) {
136	options->capture_stdout = 1;	137	options->capture_stdout = 1;
137	} else if (strcmp((*argv)[i], "capture_stderr") == 0) {	138	} else if (strcmp((*argv)[i], "capture_stderr") == 0) {
Lines 140-147 parse_options(const char func, int argc, const char **argv[], Link Here
140	options->return_prog_exit_status = 1;	141	options->return_prog_exit_status = 1;
141	} else if (strcmp((*argv)[i], "expose_authtok") == 0) {	142	} else if (strcmp((*argv)[i], "expose_authtok") == 0) {
142	options->expose_authtok = 1;	143	options->expose_authtok = 1;
143	} else if (strcmp((*argv)[i], "use_first_pass") == 0) {
144	options->use_first_pass = 1;
145	} else {	144	} else {
146	if (strcmp((*argv)[i], "--") == 0) {	145	if (strcmp((*argv)[i], "--") == 0) {
147	(*argc)--;	146	(*argc)--;
Lines 256-269 _pam_exec(pam_handle_t *pamh, Link Here
256	openpam_log(PAM_LOG_ERROR, "%s: fcntl(): %m", func);	255	openpam_log(PAM_LOG_ERROR, "%s: fcntl(): %m", func);
257	OUT(PAM_SYSTEM_ERR);	256	OUT(PAM_SYSTEM_ERR);
258	}	257	}
259	if (options->use_first_pass \|\|	258	rc = pam_get_authtok(pamh, PAM_AUTHTOK, &authtok, NULL);
260	strcmp(func, "pam_sm_setcred") == 0) {
261	/* don't prompt, only expose existing token */
262	rc = pam_get_item(pamh, PAM_AUTHTOK, &item);
263	authtok = item;
264	} else {
265	rc = pam_get_authtok(pamh, PAM_AUTHTOK, &authtok, NULL);
266	}
267	if (rc == PAM_SUCCESS) {	259	if (rc == PAM_SUCCESS) {
268	/* We include the trailing null terminator. */	260	/* We include the trailing null terminator. */
269	authtok_size = strlen(authtok) + 1;	261	authtok_size = strlen(authtok) + 1;