From 154cd7f25107cd51cbd996d057926f0ac7c1b753 Mon Sep 17 00:00:00 2001 From: des Date: Tue, 2 Feb 2010 13:47:18 +0000 Subject: Respect passwordtime from login.conf if set. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR: bin/93473 Submitted by: Björn König MFC after: 1 week --- lib/libpam/modules/pam_unix/pam_unix.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'lib/libpam/modules') diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c index ce309a7..fdfce3e 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.c +++ b/lib/libpam/modules/pam_unix/pam_unix.c @@ -271,10 +271,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, const void *yp_domain, *yp_server; #endif char salt[SALTSIZE + 1]; - login_cap_t * lc; + login_cap_t *lc; struct passwd *pwd, *old_pwd; const char *user, *old_pass, *new_pass; char *encrypted; + time_t passwordtime; int pfd, tfd, retval; if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) @@ -377,11 +378,17 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, if ((old_pwd = pw_dup(pwd)) == NULL) return (PAM_BUF_ERR); - pwd->pw_change = 0; lc = login_getclass(pwd->pw_class); if (login_setcryptfmt(lc, password_hash, NULL) == NULL) openpam_log(PAM_LOG_ERROR, "can't set password cipher, relying on default"); + + /* set password expiry date */ + pwd->pw_change = 0; + passwordtime = login_getcaptime(lc, "passwordtime", 0, 0); + if (passwordtime > 0) + pwd->pw_change = time(NULL) + passwordtime; + login_close(lc); makesalt(salt); pwd->pw_passwd = crypt(new_pass, salt); -- cgit v1.1