summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomas Mraz <tmraz@fedoraproject.org>2018-11-26 12:50:14 +0100
committerTomas Mraz <tmraz@fedoraproject.org>2018-11-26 12:50:14 +0100
commit619f19d378529defa5864941caf8c4233aef46f5 (patch)
tree77183b6e21b2d96e9b845dc415f6f9c0b9a5ec3d
parent16bd523f85ede9fa9115f80e826f2d803d7e61d4 (diff)
Revert part of the commit 4da9febc
pam_unix: Do not return a hard failure on invalid or disabled salt as in some cases the failure actually is not interesting and can broke things such as password-less sudo. * modules/pam_unix/passverify.c (check_shadow_expiry): Revert checking of disabled or invalid salt.
-rw-r--r--modules/pam_unix/passverify.c9
1 files changed, 0 insertions, 9 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 39e2bfac..eb2444bb 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -261,19 +261,10 @@ PAMH_ARG_DECL(int check_shadow_expiry,
spent->sp_namp);
return PAM_SUCCESS;
}
-#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE
- if (((curdays - spent->sp_lstchg > spent->sp_max)
- && (curdays - spent->sp_lstchg > spent->sp_inact)
- && (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact)
- && (spent->sp_max != -1) && (spent->sp_inact != -1))
- || (crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_DISABLED)
- || (crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_INVALID)) {
-#else
if ((curdays - spent->sp_lstchg > spent->sp_max)
&& (curdays - spent->sp_lstchg > spent->sp_inact)
&& (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact)
&& (spent->sp_max != -1) && (spent->sp_inact != -1)) {
-#endif
*daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays);
D(("authtok expired"));
return PAM_AUTHTOK_EXPIRED;