svn commit: r234741 - stable/8/lib/libpam/modules/pam_unix

Dag-Erling Smorgrav des at FreeBSD.org
Fri Apr 27 21:40:52 UTC 2012 

Author: des
Date: Fri Apr 27 21:40:51 2012
New Revision: 234741
URL: http://svn.freebsd.org/changeset/base/234741

Log:
  MFH r203377, r215680, r227044, r227105: mainly, respect passwordtime.
  
  PR:		93310, 93473

Modified:
  stable/8/lib/libpam/modules/pam_unix/pam_unix.8
  stable/8/lib/libpam/modules/pam_unix/pam_unix.c

Modified: stable/8/lib/libpam/modules/pam_unix/pam_unix.8
==============================================================================
--- stable/8/lib/libpam/modules/pam_unix/pam_unix.8	Fri Apr 27 20:23:24 2012	(r234740)
+++ stable/8/lib/libpam/modules/pam_unix/pam_unix.8	Fri Apr 27 21:40:51 2012	(r234741)
@@ -188,3 +188,9 @@ password database.
 .Xr pam 8 ,
 .Xr pw 8 ,
 .Xr yp 8
+.Sh BUGS
+The
+.Nm
+module ignores the
+.Dv PAM_CHANGE_EXPIRED_AUTHTOK
+flag.

Modified: stable/8/lib/libpam/modules/pam_unix/pam_unix.c
==============================================================================
--- stable/8/lib/libpam/modules/pam_unix/pam_unix.c	Fri Apr 27 20:23:24 2012	(r234740)
+++ stable/8/lib/libpam/modules/pam_unix/pam_unix.c	Fri Apr 27 21:40:51 2012	(r234741)
@@ -50,6 +50,7 @@ __FBSDID("$FreeBSD$");
 #include <string.h>
 #include <stdio.h>
 #include <syslog.h>
+#include <time.h>
 #include <unistd.h>
 
 #include <libutil.h>
@@ -80,8 +81,6 @@ static char password_hash[] =		PASSWORD_
 #define PAM_OPT_LOCAL_PASS	"local_pass"
 #define PAM_OPT_NIS_PASS	"nis_pass"
 
-char *tempname = NULL;
-
 /*
  * authentication management
  */
@@ -271,10 +270,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
 	const void *yp_domain, *yp_server;
 #endif
 	char salt[SALTSIZE + 1];
-	login_cap_t * lc;
+	login_cap_t *lc;
 	struct passwd *pwd, *old_pwd;
 	const char *user, *old_pass, *new_pass;
 	char *encrypted;
+	time_t passwordtime;
 	int pfd, tfd, retval;
 
 	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF))
@@ -377,11 +377,17 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
 		if ((old_pwd = pw_dup(pwd)) == NULL)
 			return (PAM_BUF_ERR);
 
-		pwd->pw_change = 0;
 		lc = login_getclass(pwd->pw_class);
 		if (login_setcryptfmt(lc, password_hash, NULL) == NULL)
 			openpam_log(PAM_LOG_ERROR,
 			    "can't set password cipher, relying on default");
+		
+		/* set password expiry date */
+		pwd->pw_change = 0;
+		passwordtime = login_getcaptime(lc, "passwordtime", 0, 0);
+		if (passwordtime > 0)
+			pwd->pw_change = time(NULL) + passwordtime;
+		
 		login_close(lc);
 		makesalt(salt);
 		pwd->pw_passwd = crypt(new_pass, salt);

More information about the svn-src-stable-8 mailing list