diff options
| author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2023-12-13 00:37:29 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2023-12-12 23:46:06 +0000 |
| commit | 9ebc14085a3ba253598cfaa0d3f0d76ea5ee8ccb (patch) | |
| tree | acfe8c987c138dc4248ef30b1686ef7ab9634b7c /modules/pam_unix/passverify.c | |
| parent | 51a06bc8cc2278c6e81c9c08a9381c9eb0d2de96 (diff) | |
| download | pam-9ebc14085a3ba253598cfaa0d3f0d76ea5ee8ccb.tar.gz pam-9ebc14085a3ba253598cfaa0d3f0d76ea5ee8ccb.tar.bz2 pam-9ebc14085a3ba253598cfaa0d3f0d76ea5ee8ccb.zip | |
pam_unix: allow disabled password aging
According to shadow(5) manual page, an empty sp_lstchg field implies
that password aging is disabled.
This indeed is in sync with shadow's isexpired function.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Diffstat (limited to 'modules/pam_unix/passverify.c')
| -rw-r--r-- | modules/pam_unix/passverify.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index a842b70d..7993737c 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -311,6 +311,11 @@ PAMH_ARG_DECL(int check_shadow_expiry, *daysleft = 0; return PAM_NEW_AUTHTOK_REQD; } + if (spent->sp_lstchg < 0) { + D(("password aging disabled")); + *daysleft = 0; + return PAM_SUCCESS; + } if (curdays < spent->sp_lstchg) { pam_syslog(pamh, LOG_DEBUG, "account %s has password changed in future", |