3530f6ba5c
* Numerous bug fixes for most of the PAM modules, including several string length checks and fixes (update recommended!). * fix for legacy behavior of pam_setcred and pam_close_session in the case that pam_authenticate and pam_open_session hadn't been called * pam_unix: - don't zero out password strings during password changing function * pam_wheel: - feature: can use the module to provide wheel access to non-root accounts. * pam_limits: - added '%' domain for maxlogins limiting, now '*' and @group have the old meaning (every) and '%' the new one (all) - handle negative priority limits (which can apply to the superuser too). * pam_userdb: - require that all of typed password matches that in database * pam_access: - added the 'fieldsep=' argument, made a PAM_RHOST of "" equivalent to NULL Incidentally, cups-1.1.18 will once again do PAM authentication using pam_unix.so if built against PAM-0.77.
81 lines
2.2 KiB
Text
81 lines
2.2 KiB
Text
$NetBSD: patch-aq,v 1.4 2002/12/23 21:23:59 jlam Exp $
|
|
|
|
--- modules/pam_unix/pam_unix_passwd.c.orig Tue Jul 9 00:44:18 2002
|
|
+++ modules/pam_unix/pam_unix_passwd.c
|
|
@@ -47,7 +47,10 @@
|
|
#include <sys/types.h>
|
|
#include <pwd.h>
|
|
#include <syslog.h>
|
|
+#include <sys/param.h>
|
|
+#ifdef HAVE_SHADOW_H
|
|
#include <shadow.h>
|
|
+#endif
|
|
#include <time.h> /* for time() */
|
|
#include <fcntl.h>
|
|
#include <ctype.h>
|
|
@@ -77,7 +80,7 @@
|
|
#include "md5.h"
|
|
#include "support.h"
|
|
|
|
-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
|
|
+#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
|
|
extern int getrpcport(const char *host, unsigned long prognum,
|
|
unsigned long versnum, unsigned int proto);
|
|
#endif /* GNU libc 2.1 */
|
|
@@ -346,6 +349,7 @@ static int save_old_password(const char
|
|
static int _update_passwd(pam_handle_t *pamh,
|
|
const char *forwho, const char *towhat)
|
|
{
|
|
+#ifdef HAVE_SHADOW_H
|
|
struct passwd *tmpent = NULL;
|
|
FILE *pwfile, *opwfile;
|
|
int err = 1;
|
|
@@ -401,10 +405,14 @@ static int _update_passwd(pam_handle_t *
|
|
unlink(PW_TMPFILE);
|
|
return PAM_AUTHTOK_ERR;
|
|
}
|
|
+#else
|
|
+ return PAM_AUTHTOK_ERR;
|
|
+#endif
|
|
}
|
|
|
|
static int _update_shadow(const char *forwho, char *towhat)
|
|
{
|
|
+#ifdef HAVE_GETSPNAM
|
|
struct spwd *spwdent = NULL, *stmpent = NULL;
|
|
FILE *pwfile, *opwfile;
|
|
int err = 1;
|
|
@@ -461,6 +469,9 @@ static int _update_shadow(const char *fo
|
|
unlink(SH_TMPFILE);
|
|
return PAM_AUTHTOK_ERR;
|
|
}
|
|
+#else
|
|
+ return PAM_AUTHTOK_ERR;
|
|
+#endif
|
|
}
|
|
|
|
static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
|
|
@@ -569,6 +580,7 @@ static int _unix_verify_shadow(const cha
|
|
if (pwd == NULL)
|
|
return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */
|
|
|
|
+#ifdef HAVE_GETSPNAM
|
|
if (strcmp(pwd->pw_passwd, "x") == 0) {
|
|
/* ...and shadow password file entry for this user, if shadowing
|
|
is enabled */
|
|
@@ -619,6 +631,15 @@ static int _unix_verify_shadow(const cha
|
|
}
|
|
}
|
|
return retval;
|
|
+#else
|
|
+ if (strcmp(pwd->pw_passwd, "x") == 0)
|
|
+ return PAM_AUTHINFO_UNAVAIL;
|
|
+
|
|
+ if (off(UNIX__IAMROOT, ctrl)) {
|
|
+ if (time(NULL) > pwd->pw_expire)
|
|
+ return PAM_ACCT_EXPIRED;
|
|
+ }
|
|
+#endif
|
|
}
|
|
|
|
static int _pam_unix_approve_pass(pam_handle_t * pamh
|