From owner-freebsd-bugs@FreeBSD.ORG Fri Feb 17 11:20:14 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63EAC16A420 for ; Fri, 17 Feb 2006 11:20:14 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4313043D72 for ; Fri, 17 Feb 2006 11:20:06 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k1HBK6Xc012196 for ; Fri, 17 Feb 2006 11:20:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k1HBK6hk012195; Fri, 17 Feb 2006 11:20:06 GMT (envelope-from gnats) Resent-Date: Fri, 17 Feb 2006 11:20:06 GMT Resent-Message-Id: <200602171120.k1HBK6hk012195@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Björn König Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 680BB16A422 for ; Fri, 17 Feb 2006 11:19:03 +0000 (GMT) (envelope-from bkoenig@cs.tu-berlin.de) Received: from efacilitas.de (smtp.efacilitas.de [85.10.196.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E4BA43D6D for ; Fri, 17 Feb 2006 11:18:57 +0000 (GMT) (envelope-from bkoenig@cs.tu-berlin.de) Received: from eurystheus.local (port-212-202-169-72.dynamic.qsc.de [212.202.169.72]) by efacilitas.de (Postfix) with ESMTP id D14154CBD5 for ; Fri, 17 Feb 2006 12:28:28 +0100 (CET) Received: from hoppel.local (eurystheus.local [192.168.1.67]) by eurystheus.local (Postfix) with SMTP id E8FE65285D for ; Fri, 17 Feb 2006 12:17:13 +0100 (CET) Received: by hoppel.local (sSMTP sendmail emulation); Fri, 17 Feb 2006 12:17:13 +0100 Message-Id: <20060217111713.E8FE65285D@eurystheus.local> Date: Fri, 17 Feb 2006 12:17:13 +0100 From: "Björn König" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: bin/93473: Let pam_unix(8) use "passwordtime" from login.conf(5) to set next password expiry date X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Björn König List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2006 11:20:14 -0000 >Number: 93473 >Category: bin >Synopsis: Let pam_unix(8) use "passwordtime" from login.conf(5) to set next password expiry date >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Feb 17 11:20:03 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Björn König >Release: >Organization: >Environment: >Description: login.conf(5) describes a non-implemented feature that allows you to set a password expiry date that will be applied every time a user of the login class changes his password. The patch below add this functionality to pam_unix(8) and updates login.conf(5) accordingly. In fact these lines are stolen from src/release/picobsd/tinyware/passwd/local_passwd.c >How-To-Repeat: >Fix: --- passwordtime.diff begins here --- --- src/lib/libpam/modules/pam_unix/pam_unix.c.orig Fri Feb 17 11:28:12 2006 +++ src/lib/libpam/modules/pam_unix/pam_unix.c Fri Feb 17 11:30:27 2006 @@ -371,11 +371,21 @@ if ((old_pwd = pw_dup(pwd)) == NULL) return (PAM_BUF_ERR); - pwd->pw_change = 0; lc = login_getclass(pwd->pw_class); if (login_setcryptfmt(lc, password_hash, NULL) == NULL) openpam_log(PAM_LOG_ERROR, "can't set password cipher, relying on default"); + + /* set password expiry date */ + pwd->pw_change = 0; + if (lc != NULL) { + time_t period; + period = login_getcaptime(lc, "passwordtime", 0, 0); + if (period > (time_t)0) { + pwd->pw_change = time(NULL) + period; + } + } + login_close(lc); makesalt(salt); pwd->pw_passwd = crypt(new_pass, salt); --- src/lib/libutil/login.conf.5.orig Sun Feb 27 23:24:24 2005 +++ src/lib/libutil/login.conf.5 Fri Feb 17 11:38:04 2006 @@ -253,6 +253,9 @@ NIS server should probably use "des". .It "passwd_prompt string The password prompt presented by .Xr login 1 +.It "passwordtime time Used by +.Xr pam_unix 8 +to set next password expiry date. .It "times.allow list List of time periods during which logins are allowed. .It "times.deny list List of time periods during which logins are @@ -388,9 +391,6 @@ .Xr passwd 1 will warn the user if an all lower case password is entered. .It "monthtime time Maximum login time per month. -.It "passwordtime time Used by -.Xr passwd 1 -to set next password expiry date. .It "refreshtime time New time allowed on account refresh. .It "refreshperiod str How often account time is refreshed. .It "sessiontime time Maximum login time per session. --- passwordtime.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: