Date: Fri, 27 Apr 2012 21:40:52 +0000 (UTC) From: Dag-Erling Smorgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r234741 - stable/8/lib/libpam/modules/pam_unix Message-ID: <201204272140.q3RLeqC9026034@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Fri Apr 27 21:40:51 2012 New Revision: 234741 URL: http://svn.freebsd.org/changeset/base/234741 Log: MFH r203377, r215680, r227044, r227105: mainly, respect passwordtime. PR: 93310, 93473 Modified: stable/8/lib/libpam/modules/pam_unix/pam_unix.8 stable/8/lib/libpam/modules/pam_unix/pam_unix.c Modified: stable/8/lib/libpam/modules/pam_unix/pam_unix.8 ============================================================================== --- stable/8/lib/libpam/modules/pam_unix/pam_unix.8 Fri Apr 27 20:23:24 2012 (r234740) +++ stable/8/lib/libpam/modules/pam_unix/pam_unix.8 Fri Apr 27 21:40:51 2012 (r234741) @@ -188,3 +188,9 @@ password database. .Xr pam 8 , .Xr pw 8 , .Xr yp 8 +.Sh BUGS +The +.Nm +module ignores the +.Dv PAM_CHANGE_EXPIRED_AUTHTOK +flag. Modified: stable/8/lib/libpam/modules/pam_unix/pam_unix.c ============================================================================== --- stable/8/lib/libpam/modules/pam_unix/pam_unix.c Fri Apr 27 20:23:24 2012 (r234740) +++ stable/8/lib/libpam/modules/pam_unix/pam_unix.c Fri Apr 27 21:40:51 2012 (r234741) @@ -50,6 +50,7 @@ __FBSDID("$FreeBSD$"); #include <string.h> #include <stdio.h> #include <syslog.h> +#include <time.h> #include <unistd.h> #include <libutil.h> @@ -80,8 +81,6 @@ static char password_hash[] = PASSWORD_ #define PAM_OPT_LOCAL_PASS "local_pass" #define PAM_OPT_NIS_PASS "nis_pass" -char *tempname = NULL; - /* * authentication management */ @@ -271,10 +270,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int const void *yp_domain, *yp_server; #endif char salt[SALTSIZE + 1]; - login_cap_t * lc; + login_cap_t *lc; struct passwd *pwd, *old_pwd; const char *user, *old_pass, *new_pass; char *encrypted; + time_t passwordtime; int pfd, tfd, retval; if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) @@ -377,11 +377,17 @@ pam_sm_chauthtok(pam_handle_t *pamh, int if ((old_pwd = pw_dup(pwd)) == NULL) return (PAM_BUF_ERR); - pwd->pw_change = 0; lc = login_getclass(pwd->pw_class); if (login_setcryptfmt(lc, password_hash, NULL) == NULL) openpam_log(PAM_LOG_ERROR, "can't set password cipher, relying on default"); + + /* set password expiry date */ + pwd->pw_change = 0; + passwordtime = login_getcaptime(lc, "passwordtime", 0, 0); + if (passwordtime > 0) + pwd->pw_change = time(NULL) + passwordtime; + login_close(lc); makesalt(salt); pwd->pw_passwd = crypt(new_pass, salt);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201204272140.q3RLeqC9026034>