summaryrefslogtreecommitdiff
path: root/debian/patches-applied
diff options
context:
space:
mode:
authorKees Cook <kees@debian.org>2009-04-17 11:55:29 -0700
committerSteve Langasek <vorlon@debian.org>2019-01-08 19:41:19 -0800
commit1dffe6218377aad741e8cd0172811603cead6ad0 (patch)
treec6023bf75f99a56d68111c6c79ff095b059c4bbe /debian/patches-applied
parent694bb8e6d5535a4a1dfed48e983a9c92b0a13df7 (diff)
Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes
for MINDAYS-Field regression (closes: #514437).
Diffstat (limited to 'debian/patches-applied')
-rw-r--r--debian/patches-applied/pam_1.0.4_mindays36
-rw-r--r--debian/patches-applied/series1
2 files changed, 37 insertions, 0 deletions
diff --git a/debian/patches-applied/pam_1.0.4_mindays b/debian/patches-applied/pam_1.0.4_mindays
new file mode 100644
index 00000000..0f766e91
--- /dev/null
+++ b/debian/patches-applied/pam_1.0.4_mindays
@@ -0,0 +1,36 @@
+Index: debian-pkg-pam/modules/pam_unix/pam_unix_acct.c
+===================================================================
+--- debian-pkg-pam.orig/modules/pam_unix/pam_unix_acct.c 2009-04-17 11:30:15.000000000 -0700
++++ debian-pkg-pam/modules/pam_unix/pam_unix_acct.c 2009-04-17 11:31:25.000000000 -0700
+@@ -250,6 +250,9 @@
+ _make_remark(pamh, ctrl, PAM_ERROR_MSG,
+ _("Your account has expired; please contact your system administrator"));
+ break;
++ case PAM_AUTHTOK_ERR:
++ retval = PAM_SUCCESS;
++ /* fallthrough */
+ case PAM_SUCCESS:
+ if (daysleft >= 0) {
+ pam_syslog(pamh, LOG_DEBUG,
+Index: debian-pkg-pam/modules/pam_unix/passverify.c
+===================================================================
+--- debian-pkg-pam.orig/modules/pam_unix/passverify.c 2009-04-17 11:30:07.000000000 -0700
++++ debian-pkg-pam/modules/pam_unix/passverify.c 2009-04-17 11:30:59.000000000 -0700
+@@ -301,8 +301,16 @@
+ *daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays);
+ D(("warn before expiry"));
+ }
++ if ((curdays - spent->sp_lstchg < spent->sp_min)
++ && (spent->sp_min != -1)) {
++ /*
++ * The last password change was too recent. This error will be ignored
++ * if no password change is attempted.
++ */
++ D(("password change too recent"));
++ return PAM_AUTHTOK_ERR;
++ }
+ return PAM_SUCCESS;
+-
+ }
+
+ /* passwd/salt conversion macros */
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index a1e163ed..652ce5a9 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -22,3 +22,4 @@ pam.d-manpage-section
pam_unix-chkpwd-wait
autoconf.patch
dont_freeze_password_chain -p0
+pam_1.0.4_mindays