Correctly invoke PAM to change authentication token

3 files changed, 6 insertions, 3 deletions

diff --git a/src/session-child.c b/src/session-child.c
index fdf9a22b..3019df3a 100644
--- a/src/session-child.c
+++ b/src/session-child.c
@@ -296,7 +296,7 @@ session_child_run (int argc, char **argv)
 if (authentication_result == PAM_SUCCESS)
 authentication_result = pam_acct_mgmt (pam_handle, 0);
 if (authentication_result == PAM_NEW_AUTHTOK_REQD)
- authentication_result = pam_chauthtok (pam_handle, 0);
+ authentication_result = pam_chauthtok (pam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
 }
 else
 authentication_result = PAM_SUCCESS;
diff --git a/tests/scripts/login-new-authtok.conf b/tests/scripts/login-new-authtok.conf
index 0b20b4ac..cd0f665e 100644
--- a/tests/scripts/login-new-authtok.conf
+++ b/tests/scripts/login-new-authtok.conf
@@ -24,7 +24,7 @@ user-session=default
 
 # Log into account that requires as password change
 #?*GREETER-X-0 AUTHENTICATE USERNAME=new-authtok
-#?GREETER-X-0 SHOW-PROMPT TEXT="Enter new password:"
+#?GREETER-X-0 SHOW-PROMPT TEXT="Enter new password \(expired\):"
 #?*GREETER-X-0 RESPOND TEXT="New password"
 #?GREETER-X-0 AUTHENTICATION-COMPLETE USERNAME=new-authtok AUTHENTICATED=TRUE
 #?*GREETER-X-0 START-SESSION
diff --git a/tests/src/libsystem.c b/tests/src/libsystem.c
index 46646415..7a8a8950 100644
--- a/tests/src/libsystem.c
+++ b/tests/src/libsystem.c
@@ -1194,7 +1194,10 @@ pam_chauthtok (pam_handle_t *pamh, int flags)
 msg = malloc (sizeof (struct pam_message *) * 1);
 msg[0] = malloc (sizeof (struct pam_message));
 msg[0]->msg_style = PAM_PROMPT_ECHO_OFF;
- msg[0]->msg = "Enter new password:";
+ if ((flags & PAM_CHANGE_EXPIRED_AUTHTOK) != 0)
+ msg[0]->msg = "Enter new password (expired):";
+ else
+ msg[0]->msg = "Enter new password:";
 result = pamh->conversation.conv (1, (const struct pam_message **) msg, &resp, pamh->conversation.appdata_ptr);
 free (msg[0]);
 free (msg);