security/PAM/patches/patch-aq


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

$NetBSD: patch-aq,v 1.4 2002/12/23 21:23:59 jlam Exp $

--- modules/pam_unix/pam_unix_passwd.c.orig	Tue Jul  9 00:44:18 2002
+++ modules/pam_unix/pam_unix_passwd.c
@@ -47,7 +47,10 @@
 #include <sys/types.h>
 #include <pwd.h>
 #include <syslog.h>
+#include <sys/param.h>
+#ifdef HAVE_SHADOW_H
 #include <shadow.h>
+#endif
 #include <time.h>		/* for time() */
 #include <fcntl.h>
 #include <ctype.h>
@@ -77,7 +80,7 @@
 #include "md5.h"
 #include "support.h"
 
-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
+#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
 extern int getrpcport(const char *host, unsigned long prognum,
 		      unsigned long versnum, unsigned int proto);
 #endif				/* GNU libc 2.1 */
@@ -346,6 +349,7 @@ static int save_old_password(const char 
 static int _update_passwd(pam_handle_t *pamh,
 			  const char *forwho, const char *towhat)
 {
+#ifdef HAVE_SHADOW_H
     struct passwd *tmpent = NULL;
     FILE *pwfile, *opwfile;
     int err = 1;
@@ -401,10 +405,14 @@ static int _update_passwd(pam_handle_t *
 	unlink(PW_TMPFILE);
 	return PAM_AUTHTOK_ERR;
     }
+#else
+    return PAM_AUTHTOK_ERR;
+#endif
 }
 
 static int _update_shadow(const char *forwho, char *towhat)
 {
+#ifdef HAVE_GETSPNAM
     struct spwd *spwdent = NULL, *stmpent = NULL;
     FILE *pwfile, *opwfile;
     int err = 1;
@@ -461,6 +469,9 @@ static int _update_shadow(const char *fo
 	unlink(SH_TMPFILE);
 	return PAM_AUTHTOK_ERR;
     }
+#else
+    return PAM_AUTHTOK_ERR;
+#endif
 }
 
 static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
@@ -569,6 +580,7 @@ static int _unix_verify_shadow(const cha
 	if (pwd == NULL)
 		return PAM_AUTHINFO_UNAVAIL;	/* We don't need to do the rest... */
 
+#ifdef HAVE_GETSPNAM
 	if (strcmp(pwd->pw_passwd, "x") == 0) {
 		/* ...and shadow password file entry for this user, if shadowing
 		   is enabled */
@@ -619,6 +631,15 @@ static int _unix_verify_shadow(const cha
 		}
 	}
 	return retval;
+#else
+	if (strcmp(pwd->pw_passwd, "x") == 0)
+		return PAM_AUTHINFO_UNAVAIL;
+
+	if (off(UNIX__IAMROOT, ctrl)) {
+		if (time(NULL) > pwd->pw_expire)
+			return PAM_ACCT_EXPIRED;
+	}
+#endif
 }
 
 static int _pam_unix_approve_pass(pam_handle_t * pamh