diff options
| author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2023-12-13 00:46:06 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2023-12-12 23:46:06 +0000 |
| commit | 297f0b554e497e95c891fd6a77f7ac5591649f26 (patch) | |
| tree | 91c4fc6e8e0332ba97673f176d6432da8efd3467 /modules/pam_unix/passverify.c | |
| parent | 9ebc14085a3ba253598cfaa0d3f0d76ea5ee8ccb (diff) | |
| download | pam-297f0b554e497e95c891fd6a77f7ac5591649f26.tar.gz pam-297f0b554e497e95c891fd6a77f7ac5591649f26.tar.bz2 pam-297f0b554e497e95c891fd6a77f7ac5591649f26.zip | |
pam_unix: sp_min and sp_warn must be at least 1
If sp_min or sp_warn are set to 0 or empty (-1), then their respective
features are disabled according to shadow(5).
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Diffstat (limited to 'modules/pam_unix/passverify.c')
| -rw-r--r-- | modules/pam_unix/passverify.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 7993737c..9d365dc9 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -337,7 +337,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, D(("need a new password 2")); return PAM_NEW_AUTHTOK_REQD; } - if (spent->sp_warn >= 0) { + if (spent->sp_warn > 0) { long warn = spent->sp_warn > spent->sp_max ? -1 : spent->sp_max - spent->sp_warn; if (passed >= warn) { @@ -346,7 +346,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, } } } - if (spent->sp_min >= 0 && passed < spent->sp_min) { + if (spent->sp_min > 0 && passed < spent->sp_min) { /* * The last password change was too recent. This error will be ignored * if no password change is attempted. |