aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_unix/pam_unix_acct.c
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2019-10-31 12:26:31 +0100
committerTomáš Mráz <t8m@users.noreply.github.com>2020-02-18 11:14:27 +0100
commitf5adefa106e28c92dd73dbabac12bad667ef7b8f (patch)
tree3193ef03dfdb94021de12695b5a6d7be1a69c6f7 /modules/pam_unix/pam_unix_acct.c
parentf07a873240de53e07897d4ef9d1d3fd0c28fe7bb (diff)
downloadpam-f5adefa106e28c92dd73dbabac12bad667ef7b8f.tar.gz
pam-f5adefa106e28c92dd73dbabac12bad667ef7b8f.tar.bz2
pam-f5adefa106e28c92dd73dbabac12bad667ef7b8f.zip
pam_unix: add nullresetok option to allow reset blank passwords
Adding nullresetok to auth phase of pam_unix module will allow users with blank password to authenticate in order to immediatelly change their password even if nullok is not set. This allows to have blank password authentication disabled but still allows administrator to create new user accounts with expired blank password that must be change on the first login.
Diffstat (limited to 'modules/pam_unix/pam_unix_acct.c')
-rw-r--r--modules/pam_unix/pam_unix_acct.c26
1 files changed, 1 insertions, 25 deletions
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 36f68eff..0c5dff96 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -192,8 +192,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
const void *void_uname;
const char *uname;
int retval, daysleft;
- struct spwd *spent;
- struct passwd *pwent;
char buf[256];
D(("called."));
@@ -210,29 +208,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
return PAM_USER_UNKNOWN;
}
- retval = get_account_info(pamh, uname, &pwent, &spent);
- if (retval == PAM_USER_UNKNOWN) {
- pam_syslog(pamh, LOG_ERR,
- "could not identify user (from getpwnam(%s))",
- uname);
- return retval;
- }
-
- if (retval == PAM_SUCCESS && spent == NULL)
- return PAM_SUCCESS;
-
- if (retval == PAM_UNIX_RUN_HELPER) {
- retval = _unix_run_verify_binary(pamh, ctrl, uname, &daysleft);
- if (retval == PAM_AUTHINFO_UNAVAIL &&
- on(UNIX_BROKEN_SHADOW, ctrl))
- return PAM_SUCCESS;
- } else if (retval != PAM_SUCCESS) {
- if (on(UNIX_BROKEN_SHADOW,ctrl))
- return PAM_SUCCESS;
- else
- return retval;
- } else
- retval = check_shadow_expiry(pamh, spent, &daysleft);
+ retval = _unix_verify_user(pamh, ctrl, uname, &daysleft);
if (on(UNIX_NO_PASS_EXPIRY, ctrl)) {
const void *pretval = NULL;
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-08 06:39:44 +0000