svn commit: r203377 - head/lib/libpam/modules/pam_unix
Dag-Erling Smorgrav
des at FreeBSD.org
Tue Feb 2 13:47:19 UTC 2010
Author: des
Date: Tue Feb 2 13:47:18 2010
New Revision: 203377
URL: http://svn.freebsd.org/changeset/base/203377
Log:
Respect passwordtime from login.conf if set.
PR: bin/93473
Submitted by: Björn König <bkoenig at cs.tu-berlin.de>
MFC after: 1 week
Modified:
head/lib/libpam/modules/pam_unix/pam_unix.c
Modified: head/lib/libpam/modules/pam_unix/pam_unix.c
==============================================================================
--- head/lib/libpam/modules/pam_unix/pam_unix.c Tue Feb 2 11:09:28 2010 (r203376)
+++ head/lib/libpam/modules/pam_unix/pam_unix.c Tue Feb 2 13:47:18 2010 (r203377)
@@ -271,10 +271,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
const void *yp_domain, *yp_server;
#endif
char salt[SALTSIZE + 1];
- login_cap_t * lc;
+ login_cap_t *lc;
struct passwd *pwd, *old_pwd;
const char *user, *old_pass, *new_pass;
char *encrypted;
+ time_t passwordtime;
int pfd, tfd, retval;
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF))
@@ -377,11 +378,17 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
if ((old_pwd = pw_dup(pwd)) == NULL)
return (PAM_BUF_ERR);
- pwd->pw_change = 0;
lc = login_getclass(pwd->pw_class);
if (login_setcryptfmt(lc, password_hash, NULL) == NULL)
openpam_log(PAM_LOG_ERROR,
"can't set password cipher, relying on default");
+
+ /* set password expiry date */
+ pwd->pw_change = 0;
+ passwordtime = login_getcaptime(lc, "passwordtime", 0, 0);
+ if (passwordtime > 0)
+ pwd->pw_change = time(NULL) + passwordtime;
+
login_close(lc);
makesalt(salt);
pwd->pw_passwd = crypt(new_pass, salt);
More information about the svn-src-head
mailing list