$NetBSD: patch-aq,v 1.4 2002/12/23 21:23:59 jlam Exp $ --- modules/pam_unix/pam_unix_passwd.c.orig Tue Jul 9 00:44:18 2002 +++ modules/pam_unix/pam_unix_passwd.c @@ -47,7 +47,10 @@ #include #include #include +#include +#ifdef HAVE_SHADOW_H #include +#endif #include /* for time() */ #include #include @@ -77,7 +80,7 @@ #include "md5.h" #include "support.h" -#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) +#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) extern int getrpcport(const char *host, unsigned long prognum, unsigned long versnum, unsigned int proto); #endif /* GNU libc 2.1 */ @@ -346,6 +349,7 @@ static int save_old_password(const char static int _update_passwd(pam_handle_t *pamh, const char *forwho, const char *towhat) { +#ifdef HAVE_SHADOW_H struct passwd *tmpent = NULL; FILE *pwfile, *opwfile; int err = 1; @@ -401,10 +405,14 @@ static int _update_passwd(pam_handle_t * unlink(PW_TMPFILE); return PAM_AUTHTOK_ERR; } +#else + return PAM_AUTHTOK_ERR; +#endif } static int _update_shadow(const char *forwho, char *towhat) { +#ifdef HAVE_GETSPNAM struct spwd *spwdent = NULL, *stmpent = NULL; FILE *pwfile, *opwfile; int err = 1; @@ -461,6 +469,9 @@ static int _update_shadow(const char *fo unlink(SH_TMPFILE); return PAM_AUTHTOK_ERR; } +#else + return PAM_AUTHTOK_ERR; +#endif } static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, @@ -569,6 +580,7 @@ static int _unix_verify_shadow(const cha if (pwd == NULL) return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */ +#ifdef HAVE_GETSPNAM if (strcmp(pwd->pw_passwd, "x") == 0) { /* ...and shadow password file entry for this user, if shadowing is enabled */ @@ -619,6 +631,15 @@ static int _unix_verify_shadow(const cha } } return retval; +#else + if (strcmp(pwd->pw_passwd, "x") == 0) + return PAM_AUTHINFO_UNAVAIL; + + if (off(UNIX__IAMROOT, ctrl)) { + if (time(NULL) > pwd->pw_expire) + return PAM_ACCT_EXPIRED; + } +#endif } static int _pam_unix_approve_pass(pam_handle_t * pamh