From aab76bad2fa0f6bb7dafff402b6dae0ceb9dc48c Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 4 Aug 2010 13:54:02 +0000 Subject: Relevant BUGIDs: 2730965 Purpose of commit: workaround Commit summary: --------------- 2010-08-04 Thorsten Kukuk * modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request password change if time is not yet set (1.1.1970). Bug #2730965. --- modules/pam_unix/passverify.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'modules/pam_unix/passverify.c') diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index d175dfa5..ec63a431 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -909,6 +909,9 @@ PAMH_ARG_DECL(int unix_update_shadow, if (!strcmp(stmpent->sp_namp, forwho)) { stmpent->sp_pwdp = towhat; stmpent->sp_lstchg = time(NULL) / (60 * 60 * 24); + if (stmpent->sp_lstchg == 0) + stmpent->sp_lstchg = -1; /* Don't request passwort change + only because time isn't set yet. */ wroteentry = 1; D(("Set password %s for %s", stmpent->sp_pwdp, forwho)); } @@ -928,6 +931,9 @@ PAMH_ARG_DECL(int unix_update_shadow, spwdent.sp_namp = forwho; spwdent.sp_pwdp = towhat; spwdent.sp_lstchg = time(NULL) / (60 * 60 * 24); + if (spwdent.sp_lstchg == 0) + spwdent.sp_lstchg = -1; /* Don't request passwort change + only because time isn't set yet. */ spwdent.sp_min = spwdent.sp_max = spwdent.sp_warn = spwdent.sp_inact = spwdent.sp_expire = -1; spwdent.sp_flag = (unsigned long)-1l; -- cgit v1.2.3 From fa5018db9a332f9cb1d941b57816be02ef05baa9 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 9 Aug 2010 14:16:25 +0000 Subject: Relevant BUGIDs: 2923437 Purpose of commit: bugfix Commit summary: --------------- 2010-08-09 Thorsten Kukuk * modules/pam_unix/passverify.c (check_shadow_expiry): Correct check for expired date. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove check for password length. Bug #2923437. --- ChangeLog | 8 ++++++++ modules/pam_unix/pam_unix_passwd.c | 3 --- modules/pam_unix/passverify.c | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/ChangeLog b/ChangeLog index e30ba3e5..68388c87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2010-08-09 Thorsten Kukuk + + * modules/pam_unix/passverify.c (check_shadow_expiry): Correct + check for expired date. + + * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove + check for password length. Bug #2923437. + 2010-08-04 Thorsten Kukuk * modules/pam_tally2/pam_tally2.c (get_tally): Create file diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 1d70a7c2..f137570a 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -488,9 +488,6 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh } } if (off(UNIX__IAMROOT, ctrl)) { - if (strlen(pass_new) < 6) - remark = _("You must choose a longer password"); - D(("length check [%s]", remark)); if (on(UNIX_REMEMBER_PASSWD, ctrl)) { if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR) remark = _("Password has been already used. Choose another."); diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index ec63a431..5199a690 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -240,7 +240,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, *daysleft = -1; curdays = (long int)(time(NULL) / (60 * 60 * 24)); D(("today is %d, last change %d", curdays, spent->sp_lstchg)); - if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)) { + if ((curdays >= spent->sp_expire) && (spent->sp_expire != -1)) { D(("account expired")); return PAM_ACCT_EXPIRED; } -- cgit v1.2.3