From b7399903540c95e89f0ee427fed1de07301fbd93 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Tue, 21 Dec 2021 20:38:03 -0600
Subject: pam_fscrypt: warn user if OLDAUTHTOK not given in chauthtok

If someone runs 'passwd USER' as root, the user is assigned a new login
passphrase without their fscrypt login protector being updated.  Detect
this case and show a warning message using pam_info().

Fixes https://github.com/google/fscrypt/issues/273
---
 pam/pam.h | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'pam/pam.h')

diff --git a/pam/pam.h b/pam/pam.h
index 54bb193..3cb609a 100644
--- a/pam/pam.h
+++ b/pam/pam.h
@@ -41,4 +41,7 @@ void *copyIntoSecret(void *data);
 // CleaupFunc that Zeros wipes a C string and unlocks and frees its memory.
 void freeSecret(pam_handle_t *pamh, char *data, int error_status);
 
+// Sends a message to the application using pam_info().
+void infoMessage(pam_handle_t *pamh, const char *message);
+
 #endif  // FSCRYPT_PAM_H
-- 
cgit v1.2.3