diff options
| author | Steve Langasek <vorlon@debian.org> | 2010-07-29 20:16:39 -0700 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 21:32:38 -0800 |
| commit | 655c7a8843261079fecf0b6e15de77972a0eb708 (patch) | |
| tree | 167aeb717538bdc9f685a652009038d586530779 /modules/pam_unix/passverify.c | |
| parent | 6ce511785e4b9751ef184236c2cf8f63bc25f512 (diff) | |
| parent | 8645d4f5131d25692dfd78d3e1c46b03f33febf3 (diff) | |
| download | pam-655c7a8843261079fecf0b6e15de77972a0eb708.tar.gz pam-655c7a8843261079fecf0b6e15de77972a0eb708.tar.bz2 pam-655c7a8843261079fecf0b6e15de77972a0eb708.zip | |
merge from trunk
Diffstat (limited to 'modules/pam_unix/passverify.c')
| -rw-r--r-- | modules/pam_unix/passverify.c | 39 |
1 files changed, 25 insertions, 14 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 8cf95c33..d175dfa5 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -274,7 +274,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, } if ((curdays - spent->sp_lstchg < spent->sp_min) && (spent->sp_min != -1)) { - /* + /* * The last password change was too recent. This error will be ignored * if no password change is attempted. */ @@ -403,11 +403,11 @@ PAMH_ARG_DECL(char * create_password_hash, return crypted; } -#ifdef HAVE_CRYPT_GENSALT_RN +#ifdef HAVE_CRYPT_GENSALT_R if (on(UNIX_BLOWFISH_PASS, ctrl)) { char entropy[17]; crypt_make_salt(entropy, sizeof(entropy) - 1); - sp = crypt_gensalt_rn(algoid, rounds, + sp = crypt_gensalt_r (algoid, rounds, entropy, sizeof(entropy), salt, sizeof(salt)); } else { @@ -420,7 +420,7 @@ PAMH_ARG_DECL(char * create_password_hash, /* For now be conservative so the resulting hashes * are not too long. 8 bytes of salt prevents dictionary * attacks well enough. */ -#ifdef HAVE_CRYPT_GENSALT_RN +#ifdef HAVE_CRYPT_GENSALT_R } #endif sp = crypt(password, salt); @@ -684,7 +684,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, D(("fflush or fsync error writing entries to old passwords file: %m")); err = 1; } - + if (fclose(pwfile)) { D(("fclose error writing entries to old passwords file: %m")); err = 1; @@ -804,7 +804,7 @@ PAMH_ARG_DECL(int unix_update_passwd, D(("fflush or fsync error writing entries to password file: %m")); err = 1; } - + if (fclose(pwfile)) { D(("fclose error writing entries to password file: %m")); err = 1; @@ -839,19 +839,16 @@ done: PAMH_ARG_DECL(int unix_update_shadow, const char *forwho, char *towhat) { - struct spwd *spwdent = NULL, *stmpent = NULL; + struct spwd spwdent, *stmpent = NULL; struct stat st; FILE *pwfile, *opwfile; - int err = 1; + int err = 0; int oldmask; + int wroteentry = 0; #ifdef WITH_SELINUX security_context_t prev_context=NULL; #endif - spwdent = getspnam(forwho); - if (spwdent == NULL) { - return PAM_USER_UNKNOWN; - } oldmask = umask(077); #ifdef WITH_SELINUX @@ -912,7 +909,7 @@ PAMH_ARG_DECL(int unix_update_shadow, if (!strcmp(stmpent->sp_namp, forwho)) { stmpent->sp_pwdp = towhat; stmpent->sp_lstchg = time(NULL) / (60 * 60 * 24); - err = 0; + wroteentry = 1; D(("Set password %s for %s", stmpent->sp_pwdp, forwho)); } @@ -924,13 +921,27 @@ PAMH_ARG_DECL(int unix_update_shadow, stmpent = fgetspent(opwfile); } + fclose(opwfile); + if (!wroteentry && !err) { + spwdent.sp_namp = forwho; + spwdent.sp_pwdp = towhat; + spwdent.sp_lstchg = time(NULL) / (60 * 60 * 24); + spwdent.sp_min = spwdent.sp_max = spwdent.sp_warn = spwdent.sp_inact = + spwdent.sp_expire = -1; + spwdent.sp_flag = (unsigned long)-1l; + if (putspent(&spwdent, pwfile)) { + D(("error writing entry to shadow file: %m")); + err = 1; + } + } + if (fflush(pwfile) || fsync(fileno(pwfile))) { D(("fflush or fsync error writing entries to shadow file: %m")); err = 1; } - + if (fclose(pwfile)) { D(("fclose error writing entries to shadow file: %m")); err = 1; |