diff options
| author | des <des@FreeBSD.org> | 2010-02-02 13:47:18 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2010-02-02 13:47:18 +0000 |
| commit | 154cd7f25107cd51cbd996d057926f0ac7c1b753 (patch) | |
| tree | 4828f1c9e68dd3c67b389c0692a87bb0c1d9b4e5 | |
| parent | b5b6d6b0e0e8523be005d532c4327061249c2a84 (diff) | |
| download | FreeBSD-src-154cd7f25107cd51cbd996d057926f0ac7c1b753.zip FreeBSD-src-154cd7f25107cd51cbd996d057926f0ac7c1b753.tar.gz | |
Respect passwordtime from login.conf if set.
PR: bin/93473
Submitted by: Björn König <bkoenig@cs.tu-berlin.de>
MFC after: 1 week
| -rw-r--r-- | lib/libpam/modules/pam_unix/pam_unix.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c index ce309a7..fdfce3e 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.c +++ b/lib/libpam/modules/pam_unix/pam_unix.c @@ -271,10 +271,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, const void *yp_domain, *yp_server; #endif char salt[SALTSIZE + 1]; - login_cap_t * lc; + login_cap_t *lc; struct passwd *pwd, *old_pwd; const char *user, *old_pass, *new_pass; char *encrypted; + time_t passwordtime; int pfd, tfd, retval; if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) @@ -377,11 +378,17 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, if ((old_pwd = pw_dup(pwd)) == NULL) return (PAM_BUF_ERR); - pwd->pw_change = 0; lc = login_getclass(pwd->pw_class); if (login_setcryptfmt(lc, password_hash, NULL) == NULL) openpam_log(PAM_LOG_ERROR, "can't set password cipher, relying on default"); + + /* set password expiry date */ + pwd->pw_change = 0; + passwordtime = login_getcaptime(lc, "passwordtime", 0, 0); + if (passwordtime > 0) + pwd->pw_change = time(NULL) + passwordtime; + login_close(lc); makesalt(salt); pwd->pw_passwd = crypt(new_pass, salt); |
