pam_fscrypt: warn user if OLDAUTHTOK not given in chauthtok

If someone runs 'passwd USER' as root, the user is assigned a new login passphrase without their fscrypt login protector being updated. Detect this case and show a warning message using pam_info(). Fixes https://github.com/google/fscrypt/issues/273
author: Eric Biggers <ebiggers@google.com> 2021-12-21 20:38:03 -0600
committer: Eric Biggers <ebiggers@google.com> 2021-12-21 21:55:01 -0600
commit: b7399903540c95e89f0ee427fed1de07301fbd93 (patch)
tree: 2aa1240435ff91f25b0f05923e80cb8b299ef337 /pam/pam.c
parent: ce477ef12ac46c4df0152d43dae5d6e58772b120 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/pam/pam.c b/pam/pam.c
index 1479dfa..1d6aefe 100644
--- a/pam/pam.c
+++ b/pam/pam.c
@@ -20,6 +20,7 @@
 #include "pam.h"
 
 #include <security/pam_appl.h>
+#include <security/pam_ext.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -107,3 +108,7 @@ void freeSecret(pam_handle_t* pamh, char* data, int error_status) {
   munlock(data, size);
   free(data);
 }
+
+void infoMessage(pam_handle_t* pamh, const char* message) {
+  pam_info(pamh, "%s", message);
+}
author	Eric Biggers <ebiggers@google.com>	2021-12-21 20:38:03 -0600
committer	Eric Biggers <ebiggers@google.com>	2021-12-21 21:55:01 -0600
commit	b7399903540c95e89f0ee427fed1de07301fbd93 (patch)
tree	2aa1240435ff91f25b0f05923e80cb8b299ef337 /pam/pam.c
parent	ce477ef12ac46c4df0152d43dae5d6e58772b120 (diff)