From owner-svn-src-all@FreeBSD.ORG Fri Apr 27 21:40:52 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9C27E106566C; Fri, 27 Apr 2012 21:40:52 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 6D1198FC08; Fri, 27 Apr 2012 21:40:52 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q3RLeqLj026037; Fri, 27 Apr 2012 21:40:52 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q3RLeqC9026034; Fri, 27 Apr 2012 21:40:52 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201204272140.q3RLeqC9026034@svn.freebsd.org> From: Dag-Erling Smorgrav Date: Fri, 27 Apr 2012 21:40:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r234741 - stable/8/lib/libpam/modules/pam_unix X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2012 21:40:52 -0000 Author: des Date: Fri Apr 27 21:40:51 2012 New Revision: 234741 URL: http://svn.freebsd.org/changeset/base/234741 Log: MFH r203377, r215680, r227044, r227105: mainly, respect passwordtime. PR: 93310, 93473 Modified: stable/8/lib/libpam/modules/pam_unix/pam_unix.8 stable/8/lib/libpam/modules/pam_unix/pam_unix.c Modified: stable/8/lib/libpam/modules/pam_unix/pam_unix.8 ============================================================================== --- stable/8/lib/libpam/modules/pam_unix/pam_unix.8 Fri Apr 27 20:23:24 2012 (r234740) +++ stable/8/lib/libpam/modules/pam_unix/pam_unix.8 Fri Apr 27 21:40:51 2012 (r234741) @@ -188,3 +188,9 @@ password database. .Xr pam 8 , .Xr pw 8 , .Xr yp 8 +.Sh BUGS +The +.Nm +module ignores the +.Dv PAM_CHANGE_EXPIRED_AUTHTOK +flag. Modified: stable/8/lib/libpam/modules/pam_unix/pam_unix.c ============================================================================== --- stable/8/lib/libpam/modules/pam_unix/pam_unix.c Fri Apr 27 20:23:24 2012 (r234740) +++ stable/8/lib/libpam/modules/pam_unix/pam_unix.c Fri Apr 27 21:40:51 2012 (r234741) @@ -50,6 +50,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -80,8 +81,6 @@ static char password_hash[] = PASSWORD_ #define PAM_OPT_LOCAL_PASS "local_pass" #define PAM_OPT_NIS_PASS "nis_pass" -char *tempname = NULL; - /* * authentication management */ @@ -271,10 +270,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int const void *yp_domain, *yp_server; #endif char salt[SALTSIZE + 1]; - login_cap_t * lc; + login_cap_t *lc; struct passwd *pwd, *old_pwd; const char *user, *old_pass, *new_pass; char *encrypted; + time_t passwordtime; int pfd, tfd, retval; if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) @@ -377,11 +377,17 @@ pam_sm_chauthtok(pam_handle_t *pamh, int if ((old_pwd = pw_dup(pwd)) == NULL) return (PAM_BUF_ERR); - pwd->pw_change = 0; lc = login_getclass(pwd->pw_class); if (login_setcryptfmt(lc, password_hash, NULL) == NULL) openpam_log(PAM_LOG_ERROR, "can't set password cipher, relying on default"); + + /* set password expiry date */ + pwd->pw_change = 0; + passwordtime = login_getcaptime(lc, "passwordtime", 0, 0); + if (passwordtime > 0) + pwd->pw_change = time(NULL) + passwordtime; + login_close(lc); makesalt(salt); pwd->pw_passwd = crypt(new_pass, salt);