From a92c17bccef85519917b91e4c181154559ecec96 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Fri, 26 Jun 2009 09:55:25 +0000
Subject: Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

Fix blowfish support

009-06-25  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Rename crypt_gensalt_rn to crypt_gensalt_r
        * modules/pam_unix/passverify.c: Likewise.
---
 modules/pam_unix/passverify.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'modules/pam_unix/passverify.c')

diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 8cf95c33..489e8560 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -274,7 +274,7 @@ PAMH_ARG_DECL(int check_shadow_expiry,
 	}
 	if ((curdays - spent->sp_lstchg < spent->sp_min)
 	    && (spent->sp_min != -1)) {
-		/* 
+		/*
 		 * The last password change was too recent. This error will be ignored
 		 * if no password change is attempted.
 		 */
@@ -403,11 +403,11 @@ PAMH_ARG_DECL(char * create_password_hash,
 		return crypted;
 	}
 
-#ifdef HAVE_CRYPT_GENSALT_RN
+#ifdef HAVE_CRYPT_GENSALT_R
 	if (on(UNIX_BLOWFISH_PASS, ctrl)) {
 		char entropy[17];
 		crypt_make_salt(entropy, sizeof(entropy) - 1);
-		sp = crypt_gensalt_rn(algoid, rounds,
+		sp = crypt_gensalt_r (algoid, rounds,
 				      entropy, sizeof(entropy),
 				      salt, sizeof(salt));
 	} else {
@@ -420,7 +420,7 @@ PAMH_ARG_DECL(char * create_password_hash,
 		/* For now be conservative so the resulting hashes
 		 * are not too long. 8 bytes of salt prevents dictionary
 		 * attacks well enough. */
-#ifdef HAVE_CRYPT_GENSALT_RN
+#ifdef HAVE_CRYPT_GENSALT_R
 	}
 #endif
 	sp = crypt(password, salt);
@@ -684,7 +684,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
 	D(("fflush or fsync error writing entries to old passwords file: %m"));
 	err = 1;
     }
-    
+
     if (fclose(pwfile)) {
 	D(("fclose error writing entries to old passwords file: %m"));
 	err = 1;
@@ -804,7 +804,7 @@ PAMH_ARG_DECL(int unix_update_passwd,
 	D(("fflush or fsync error writing entries to password file: %m"));
 	err = 1;
     }
-    
+
     if (fclose(pwfile)) {
 	D(("fclose error writing entries to password file: %m"));
 	err = 1;
@@ -930,7 +930,7 @@ PAMH_ARG_DECL(int unix_update_shadow,
 	D(("fflush or fsync error writing entries to shadow file: %m"));
 	err = 1;
     }
-    
+
     if (fclose(pwfile)) {
 	D(("fclose error writing entries to shadow file: %m"));
 	err = 1;
-- 
cgit v1.2.3


From 17c4c04115c7de3f5884ebdc562b0912bbd1b736 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Tue, 8 Dec 2009 09:15:51 +0000
Subject: Relevant BUGIDs: rhbz#545053

Purpose of commit: new feature

Commit summary:
---------------
2009-12-08  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow
        entry if not present in the file.
---
 ChangeLog                     |  3 +++
 modules/pam_unix/passverify.c | 25 ++++++++++++++++++-------
 2 files changed, 21 insertions(+), 7 deletions(-)

(limited to 'modules/pam_unix/passverify.c')

diff --git a/ChangeLog b/ChangeLog
index eeed6fb0..547b2d58 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2009-12-08  Tomas Mraz  <t8m@centrum.cz>
 
+	* modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow
+	entry if not present in the file.
+
 	* modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Remove
 	unused function and variable.
 
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 489e8560..d175dfa5 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -839,19 +839,16 @@ done:
 PAMH_ARG_DECL(int unix_update_shadow,
 	const char *forwho, char *towhat)
 {
-    struct spwd *spwdent = NULL, *stmpent = NULL;
+    struct spwd spwdent, *stmpent = NULL;
     struct stat st;
     FILE *pwfile, *opwfile;
-    int err = 1;
+    int err = 0;
     int oldmask;
+    int wroteentry = 0;
 #ifdef WITH_SELINUX
     security_context_t prev_context=NULL;
 #endif
 
-    spwdent = getspnam(forwho);
-    if (spwdent == NULL) {
-	return PAM_USER_UNKNOWN;
-    }
     oldmask = umask(077);
 
 #ifdef WITH_SELINUX
@@ -912,7 +909,7 @@ PAMH_ARG_DECL(int unix_update_shadow,
 	if (!strcmp(stmpent->sp_namp, forwho)) {
 	    stmpent->sp_pwdp = towhat;
 	    stmpent->sp_lstchg = time(NULL) / (60 * 60 * 24);
-	    err = 0;
+	    wroteentry = 1;
 	    D(("Set password %s for %s", stmpent->sp_pwdp, forwho));
 	}
 
@@ -924,8 +921,22 @@ PAMH_ARG_DECL(int unix_update_shadow,
 
 	stmpent = fgetspent(opwfile);
     }
+
     fclose(opwfile);
 
+    if (!wroteentry && !err) {
+	spwdent.sp_namp = forwho;
+	spwdent.sp_pwdp = towhat;
+	spwdent.sp_lstchg = time(NULL) / (60 * 60 * 24);
+	spwdent.sp_min = spwdent.sp_max = spwdent.sp_warn = spwdent.sp_inact =
+	    spwdent.sp_expire = -1;
+	spwdent.sp_flag = (unsigned long)-1l;
+	if (putspent(&spwdent, pwfile)) {
+	    D(("error writing entry to shadow file: %m"));
+	    err = 1;
+	}
+    }
+
     if (fflush(pwfile) || fsync(fileno(pwfile))) {
 	D(("fflush or fsync error writing entries to shadow file: %m"));
 	err = 1;
-- 
cgit v1.2.3