diff options
| author | Tomas Mraz <tm@t8m.info> | 2004-12-03 09:43:10 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2004-12-03 09:43:10 +0000 |
| commit | db740a48d4eb978a56f6871d8879eb432a1f3375 (patch) | |
| tree | fad99cc48a879980642f62b4e4438a1142bafc78 | |
| parent | 057f97683708a55269cc57394edac8a657c8eaff (diff) | |
Relevant BUGIDs: Red Hat bz 139539
Purpose of commit: bugfix
Commit summary:
---------------
Rearrange conditions in pam_unix_acct to make it more reliable with large
values of expiration times.
| -rw-r--r-- | modules/pam_unix/pam_unix_acct.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 01925eaf..02e07ba6 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -146,18 +146,6 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, D(("account expired")); return PAM_ACCT_EXPIRED; } - if ((curdays > (spent->sp_lstchg + spent->sp_max + spent->sp_inact)) - && (spent->sp_max != -1) && (spent->sp_inact != -1) - && (spent->sp_lstchg != 0)) { - _log_err(LOG_NOTICE, pamh - ,"account %s has expired (failed to change password)" - ,uname); - _make_remark(pamh, ctrl, PAM_ERROR_MSG, - "Your account has expired; please contact your system administrator"); - D(("account expired 2")); - return PAM_ACCT_EXPIRED; - } - D(("when was the last change")); if (spent->sp_lstchg == 0) { _log_err(LOG_NOTICE, pamh ,"expired password for user %s (root enforced)" @@ -167,7 +155,25 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, D(("need a new password")); return PAM_NEW_AUTHTOK_REQD; } - if (((spent->sp_lstchg + spent->sp_max) < curdays) && (spent->sp_max != -1)) { + if (curdays < spent->sp_lstchg) { + _log_err(LOG_DEBUG, pamh + ,"account %s has password changed in future" + ,uname); + return PAM_SUCCESS; + } + if ((curdays - spent->sp_lstchg > spent->sp_max) + && (curdays - spent->sp_lstchg > spent->sp_inact) + && (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact) + && (spent->sp_max != -1) && (spent->sp_inact != -1)) { + _log_err(LOG_NOTICE, pamh + ,"account %s has expired (failed to change password)" + ,uname); + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + "Your account has expired; please contact your system administrator"); + D(("account expired 2")); + return PAM_ACCT_EXPIRED; + } + if ((curdays - spent->sp_lstchg > spent->sp_max) && (spent->sp_max != -1)) { _log_err(LOG_DEBUG, pamh ,"expired password for user %s (password aged)" ,uname); @@ -176,7 +182,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, D(("need a new password 2")); return PAM_NEW_AUTHTOK_REQD; } - if ((curdays > (spent->sp_lstchg + spent->sp_max - spent->sp_warn)) + if ((curdays - spent->sp_lstchg > spent->sp_max - spent->sp_warn) && (spent->sp_max != -1) && (spent->sp_warn != -1)) { daysleft = (spent->sp_lstchg + spent->sp_max) - curdays; _log_err(LOG_DEBUG, pamh |