security/PAM/patches/patch-ao


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

$NetBSD: patch-ao,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $

--- modules/pam_unix/pam_unix_passwd.c.orig	Sat Oct 21 13:10:07 2000
+++ modules/pam_unix/pam_unix_passwd.c
@@ -52,7 +52,10 @@
 #include <errno.h>
 #include <pwd.h>
 #include <syslog.h>
+#include <sys/param.h>
+#ifndef BSD
 #include <shadow.h>
+#endif
 #include <time.h>		/* for time() */
 #include <fcntl.h>
 #include <ctype.h>
@@ -83,7 +86,7 @@
 #include "md5.h"
 #include "support.h"
 
-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
+#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
 extern int getrpcport(const char *host, unsigned long prognum,
 		      unsigned long versnum, unsigned int proto);
 #endif				/* GNU libc 2.1 */
@@ -334,6 +337,9 @@
 
 static int _update_passwd(const char *forwho, char *towhat)
 {
+#ifdef BSD
+	return PAM_AUTHTOK_ERR;
+#else
 	struct passwd *tmpent = NULL;
 	FILE *pwfile, *opwfile;
 	int retval = 0;
@@ -376,10 +382,14 @@
 		unlink(PW_TMPFILE);
 
 	return retval;
+#endif
 }
 
 static int _update_shadow(const char *forwho, char *towhat)
 {
+#ifdef BSD
+	return PAM_AUTHTOK_ERR;
+#else
 	struct spwd *spwdent = NULL, *stmpent = NULL;
 	FILE *pwfile, *opwfile;
 	int retval = 0;
@@ -428,6 +438,7 @@
 		unlink(SH_TMPFILE);
 
 	return retval;
+#endif
 }
 
 static int _do_setpass(const char *forwho, char *fromwhat, char *towhat,
@@ -535,15 +546,18 @@
 		return PAM_AUTHINFO_UNAVAIL;	/* We don't need to do the rest... */
 
 	if (strcmp(pwd->pw_passwd, "x") == 0) {
+#ifndef BSD
 		/* ...and shadow password file entry for this user, if shadowing
 		   is enabled */
 		setspent();
 		spwdent = getspnam(user);
 		endspent();
+#endif
 
 		if (spwdent == NULL)
 			return PAM_AUTHINFO_UNAVAIL;
 	} else {
+#ifndef BSD
 		if (strcmp(pwd->pw_passwd,"*NP*") == 0) { /* NIS+ */                 
 			uid_t save_uid;
 
@@ -556,8 +570,15 @@
 				return PAM_AUTHINFO_UNAVAIL;
 		} else
 			spwdent = NULL;
+#endif
 	}
 
+#ifdef BSD
+	if (off(UNIX__IAMROOT, ctrl)) {
+		if (time(NULL) > pwd->pw_expire)
+			retval = PAM_ACCT_EXPIRED;
+	}
+#else
 	if (spwdent != NULL) {
 		/* We have the user's information, now let's check if their account
 		   has expired (60 * 60 * 24 = number of seconds in a day) */
@@ -583,6 +604,7 @@
 				retval = PAM_ACCT_EXPIRED;
 		}
 	}
+#endif
 	return retval;
 }