svn commit: r234741 - stable/8/lib/libpam/modules/pam_unix

Fri, 27 Apr 2012 14:41:30 -0700 

Author: des
Date: Fri Apr 27 21:40:51 2012
New Revision: 234741
URL: http://svn.freebsd.org/changeset/base/234741

Log:
  MFH r203377, r215680, r227044, r227105: mainly, respect passwordtime.
  
  PR:           93310, 93473

Modified:
  stable/8/lib/libpam/modules/pam_unix/pam_unix.8
  stable/8/lib/libpam/modules/pam_unix/pam_unix.c

Modified: stable/8/lib/libpam/modules/pam_unix/pam_unix.8
==============================================================================
--- stable/8/lib/libpam/modules/pam_unix/pam_unix.8     Fri Apr 27 20:23:24 
2012        (r234740)
+++ stable/8/lib/libpam/modules/pam_unix/pam_unix.8     Fri Apr 27 21:40:51 
2012        (r234741)
@@ -188,3 +188,9 @@ password database.
 .Xr pam 8 ,
 .Xr pw 8 ,
 .Xr yp 8
+.Sh BUGS
+The
+.Nm
+module ignores the
+.Dv PAM_CHANGE_EXPIRED_AUTHTOK
+flag.

Modified: stable/8/lib/libpam/modules/pam_unix/pam_unix.c
==============================================================================
--- stable/8/lib/libpam/modules/pam_unix/pam_unix.c     Fri Apr 27 20:23:24 
2012        (r234740)
+++ stable/8/lib/libpam/modules/pam_unix/pam_unix.c     Fri Apr 27 21:40:51 
2012        (r234741)
@@ -50,6 +50,7 @@ __FBSDID("$FreeBSD$");
 #include <string.h>
 #include <stdio.h>
 #include <syslog.h>
+#include <time.h>
 #include <unistd.h>
 
 #include <libutil.h>
@@ -80,8 +81,6 @@ static char password_hash[] =         PASSWORD_
 #define PAM_OPT_LOCAL_PASS     "local_pass"
 #define PAM_OPT_NIS_PASS       "nis_pass"
 
-char *tempname = NULL;
-
 /*
  * authentication management
  */
@@ -271,10 +270,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
        const void *yp_domain, *yp_server;
 #endif
        char salt[SALTSIZE + 1];
-       login_cap_t * lc;
+       login_cap_t *lc;
        struct passwd *pwd, *old_pwd;
        const char *user, *old_pass, *new_pass;
        char *encrypted;
+       time_t passwordtime;
        int pfd, tfd, retval;
 
        if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF))
@@ -377,11 +377,17 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
                if ((old_pwd = pw_dup(pwd)) == NULL)
                        return (PAM_BUF_ERR);
 
-               pwd->pw_change = 0;
                lc = login_getclass(pwd->pw_class);
                if (login_setcryptfmt(lc, password_hash, NULL) == NULL)
                        openpam_log(PAM_LOG_ERROR,
                            "can't set password cipher, relying on default");
+               
+               /* set password expiry date */
+               pwd->pw_change = 0;
+               passwordtime = login_getcaptime(lc, "passwordtime", 0, 0);
+               if (passwordtime > 0)
+                       pwd->pw_change = time(NULL) + passwordtime;
+               
                login_close(lc);
                makesalt(salt);
                pwd->pw_passwd = crypt(new_pass, salt);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to