From nobody@FreeBSD.org  Thu Jan 20 09:46:32 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 077E016A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 20 Jan 2005 09:46:32 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E6AF643D2D
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 20 Jan 2005 09:46:31 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j0K9kVPY093453
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 20 Jan 2005 09:46:31 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j0K9kVMh093452;
	Thu, 20 Jan 2005 09:46:31 GMT
	(envelope-from nobody)
Message-Id: <200501200946.j0K9kVMh093452@www.freebsd.org>
Date: Thu, 20 Jan 2005 09:46:31 GMT
From: Rob Mason <rob@bsdbox.homeunix.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: passwd does not indicate a successful change - causes problems with Samba password sync
X-Send-Pr-Version: www-2.3

>Number:         76494
>Category:       bin
>Synopsis:       [patch] passwd(1) does not indicate a successful change - causes problems with Samba password sync
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 20 09:50:21 GMT 2005
>Closed-Date:    Fri Jun 15 11:36:17 GMT 2007
>Last-Modified:  Fri Jun 15 11:36:17 GMT 2007
>Originator:     Rob Mason
>Release:        5-STABLE
>Organization:
>Environment:
FreeBSD huygens.bsdbox 5.3-STABLE FreeBSD 5.3-STABLE #1: Fri Dec  3 17:57:39 GMT 2004     masonr@huygens.bsdbox:/usr/obj/usr/src/sys/BSDBOX  i386
>Description:
The passwd command on 4-STABLE output the text "passwd: done" when a password was changed.  This feature is used by the Samba-3 port to indicate a successful change in the 'passwd chat' config option.  5-STABLE does not indicate that the password change is successful
>How-To-Repeat:
Run passwd on 4-STABLE and compare the output to passwd on 5-STABLE
>Fix:
Apply the following patch:

*** 157,164 ****
--- 157,165 ----
        /* set new password */
        pam_err = pam_chauthtok(pamh, 0);
        pam_check("pam_chauthtok");

   end:
+       if (pam_err == PAM_SUCCESS) fprintf(stderr, "Password Changed\n");
        pam_end(pamh, pam_err);
        exit(pam_err == PAM_SUCCESS ? 0 : 1);
  }
>Release-Note:
>Audit-Trail:

From: Ceri Davies <ceri@submonkey.net>
To: Rob Mason <rob@bsdbox.homeunix.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/76494: passwd does not indicate a successful change - causes problems with Samba password sync
Date: Thu, 20 Jan 2005 10:17:50 +0000

 On Thu, Jan 20, 2005 at 09:46:31AM +0000, Rob Mason wrote:
 
 > The passwd command on 4-STABLE output the text "passwd: done" when a
 > password was changed.  This feature is used by the Samba-3 port to
 > indicate a successful change in the 'passwd chat' config option.
 > 5-STABLE does not indicate that the password change is successful
 
 What's wrong with a return status?
 
 > Apply the following patch:
 > 
 > *** 157,164 ****
 > --- 157,165 ----
 >         /* set new password */
 >         pam_err = pam_chauthtok(pamh, 0);
 >         pam_check("pam_chauthtok");
 > 
 >    end:
 > +       if (pam_err == PAM_SUCCESS) fprintf(stderr, "Password Changed\n");
 >         pam_end(pamh, pam_err);
 >         exit(pam_err == PAM_SUCCESS ? 0 : 1);
 >   }
 
 It also strikes me that this is not the same as the 4.X output; why?
 
 Ceri

From: Rob Mason <masonr@bsdbox.homeunix.com>
To: Ceri Davies <ceri@submonkey.net>
Cc:  
Subject: Re: misc/76494: passwd does not indicate a successful change - causes problems with Samba password sync
Date: Thu, 20 Jan 2005 14:48:51 +0000

 On Thu, Jan 20, 2005 at 10:17:50AM +0000, Ceri Davies wrote:
 > On Thu, Jan 20, 2005 at 09:46:31AM +0000, Rob Mason wrote:
 > 
 > > The passwd command on 4-STABLE output the text "passwd: done" when a
 > > password was changed.  This feature is used by the Samba-3 port to
 > > indicate a successful change in the 'passwd chat' config option.
 > > 5-STABLE does not indicate that the password change is successful
 > 
 > What's wrong with a return status?
 
 Nothing from a functional point of view - however, this is not how the
 4-STABLE passwd command behaved.  I believe that other programs (like
 Samba) that are dependent upon core system utilities will break.  This
 will be a major source of frustration for many admins.  Perhaps I should
 have filed this PR under 'advocacy'?
 
 > 
 > > Apply the following patch:
 > > 
 > > *** 157,164 ****
 > > --- 157,165 ----
 > >         /* set new password */
 > >         pam_err = pam_chauthtok(pamh, 0);
 > >         pam_check("pam_chauthtok");
 > > 
 > >    end:
 > > +       if (pam_err == PAM_SUCCESS) fprintf(stderr, "Password Changed\n");
 > >         pam_end(pamh, pam_err);
 > >         exit(pam_err == PAM_SUCCESS ? 0 : 1);
 > >   }
 > 
 > It also strikes me that this is not the same as the 4.X output; why?
 
 Apologies - my mistake.  This is the incorrect output for 4-STABLE.
 
 > 
 > Ceri

From: Ceri Davies <ceri@submonkey.net>
To: Rob Mason <masonr@bsdbox.homeunix.com>
Cc:  
Subject: Re: misc/76494: passwd does not indicate a successful change - causes problems with Samba password sync
Date: Thu, 20 Jan 2005 15:05:45 +0000

 On Thu, Jan 20, 2005 at 02:48:51PM +0000, Rob Mason wrote:
 > On Thu, Jan 20, 2005 at 10:17:50AM +0000, Ceri Davies wrote:
 > > On Thu, Jan 20, 2005 at 09:46:31AM +0000, Rob Mason wrote:
 > > 
 > > > The passwd command on 4-STABLE output the text "passwd: done" when a
 > > > password was changed.  This feature is used by the Samba-3 port to
 > > > indicate a successful change in the 'passwd chat' config option.
 > > > 5-STABLE does not indicate that the password change is successful
 > > 
 > > What's wrong with a return status?
 > 
 > Nothing from a functional point of view - however, this is not how the
 > 4-STABLE passwd command behaved.  I believe that other programs (like
 > Samba) that are dependent upon core system utilities will break.  This
 > will be a major source of frustration for many admins.  Perhaps I should
 > have filed this PR under 'advocacy'?
 
 No, it's good where it is; it was just a question.
 
 > > > Apply the following patch:
 > > > 
 > > > *** 157,164 ****
 > > > --- 157,165 ----
 > > >         /* set new password */
 > > >         pam_err = pam_chauthtok(pamh, 0);
 > > >         pam_check("pam_chauthtok");
 > > > 
 > > >    end:
 > > > +       if (pam_err == PAM_SUCCESS) fprintf(stderr, "Password Changed\n");
 > > >         pam_end(pamh, pam_err);
 > > >         exit(pam_err == PAM_SUCCESS ? 0 : 1);
 > > >   }
 > > 
 > > It also strikes me that this is not the same as the 4.X output; why?
 > 
 > Apologies - my mistake.  This is the incorrect output for 4-STABLE.
 
 OK, cool.
 
 Ceri
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Fri Jun 15 11:35:21 UTC 2007 
State-Changed-Why:  
By now, it would violate POLA to change this behavior.  But thanks for 
reporting. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=76494 
>Unformatted:
