From 128ded83a0d1d3b5a85b4c20a6c35d9481e23ce5 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Fri, 24 Sep 2004 09:18:21 +0000
Subject: Relevant BUGIDs:

Purpose of commit:

Commit summary:
---------------

bugfix: Fix lot of compiler warnings
new feature: add broken_shadow option to pam_unix (patch from Linux
             distributions)
---
 modules/pam_unix/README          | 2 ++
 modules/pam_unix/pam_unix_acct.c | 4 ++++
 modules/pam_unix/support.h       | 5 ++++-
 3 files changed, 10 insertions(+), 1 deletion(-)

(limited to 'modules/pam_unix')

diff --git a/modules/pam_unix/README b/modules/pam_unix/README
index d6b1f395..afeee3da 100644
--- a/modules/pam_unix/README
+++ b/modules/pam_unix/README
@@ -31,5 +31,7 @@ The following options are recognized:
 	nis		-	use NIS RPC for setting new password
 	remember=X	-	remember X old passwords, they are kept in
 				/etc/security/opasswd in MD5 crypted form
+	broken_shadow	-	ignore errors reading shadow information for
+				users in the account management module
 
 	invalid arguments are logged to syslog.
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 178b6037..58ba93c1 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -128,6 +128,10 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 		return PAM_SUCCESS;
 	}
 
+	if (!spent)
+		if (on(UNIX_BROKEN_SHADOW,ctrl))
+			return PAM_SUCCESS;
+
 	if (!spent)
 		return PAM_AUTHINFO_UNAVAIL;	/* Couldn't get username from shadow */
 
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index 3127e6b0..d9212c28 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -81,8 +81,10 @@ typedef struct {
 #define UNIX_LIKE_AUTH           19	/* need to auth for setcred to work */
 #define UNIX_REMEMBER_PASSWD     20	/* Remember N previous passwords */
 #define UNIX_NOREAP              21     /* don't reap child process */
+#define UNIX_BROKEN_SHADOW       22     /* ignore errors reading password aging
+					 * information during acct management */
 /* -------------- */
-#define UNIX_CTRLS_              22	/* number of ctrl arguments defined */
+#define UNIX_CTRLS_              23	/* number of ctrl arguments defined */
 
 
 static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
@@ -112,6 +114,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
 /* UNIX_LIKE_AUTH */       {"likeauth",        _ALL_ON_,            01000000},
 /* UNIX_REMEMBER_PASSWD */ {"remember=",       _ALL_ON_,            02000000},
 /* UNIX_NOREAP */          {"noreap",          _ALL_ON_,            04000000},
+/* UNIX_BROKEN_SHADOW */   {"broken_shadow",   _ALL_ON_,           010000000},
 };
 
 #define UNIX_DEFAULTS  (unix_args[UNIX__NONULL].flag)
-- 
cgit v1.2.3